II. The Processing of the User's Personal Data by Alerti
A. The legal grounds for the Processing by Alerti
In accordance with the Legislation on Personal Data, the Processing which is covered by this Confidentiality Policy has a specific legal basis.
1. The Processing necessary for performing your contractual dealings with Alerti
The User must accept these GC before he/she can use the Alerti Website.
These documents formalise a contractual relationship between the User and Alerti which serves as the legal basis for Alerti at the very least, collecting and Processing the Personal Data of its Employees.
These Personal Data are required to perform a certain number of Processings connected to the performance of the contractual relationship with the User, the purposes of which are detailed in paragraph IV, B. of this Confidentiality Policy.
2. The Processing required for a legal obligation which Alerti is subject to
The Processing by Alerti may also be required under a legal obligation, such as the decree n°2011-219 February 5, 2011 concerning the conservation and disclosure of data enabling any person who contributed to the creation of online Content to be identified.
B. The purposes of Processing the User’s Personal Data by Alerti
The User’s Personal Data are necessary for Alerti to enable the User to access the Alerti Website and the Services and to use and improve them and to permit Alerti :
- To perform the operations relating to its commercial dealings with the User, i.e. concerning invoicing, accounting, following-up of the “customer relationship” with a User, such as satisfaction surveys, managing complaints, the use of the Alerti website etc.
- Selecting Users to perform studies, surveys and product tests as well as loyalty, prospection and promotion actions
- Personalise its communication for Users notably using information emails, according to their use of the Alerti Website.
- Perform inspection operations i.e. the management of technical inspection operations (notably includes technical operations such as normalisation, enrichment and de-duplication).
- Promotional commercial actions.
- Compiling commercial statistics; marketing analysis and tools (notably classification, scoring, score, etc.).
- The organisation of competitions, lotteries and any promotional action to the exclusion of gambling and gaming which requires the approval of the Online Gaming Regulation Authority.
- Management of requests to exercise rights designated in paragraph VIII below.
- The management of unpaids and litigation.
- The management of the Users’ comments on the Alerti Website and/or on the Internet pages published by the Controllers, such as social media pages.
- The fight against fraud.
-
C. The collection of the User’s Personal Data on the Alerti Website
Alerti collects, when the account is created and then as it is completed, the following Personal Data which the User either enters or communicates when browsing and which are conserved on an active base, throughout the period of the User’s Subscription to the Services from the User’s last connection to the Alerti website and for a period of three (3) years:
- Email address
- Surname, first name, telephone
- Postal address
- Company name
- Identifier used on the Alerti website
- the connection data (date, time, IP address, pages consulted) for the User whilst browsing on the Alerti website.
-
The above Personal Data also are kept in Intermediate Archiving for an additional period of two (2) years in accordance with the prescription period.
- Invoices for the Subscriptions taken out by the User
- the amount of the transactions performed as well as the date and time of these transactions.
-
The above Personal Data are also are conserved in Intermediate Archiving for an additional period which can be up to ten (10) years in accordance with the Controller’s tax and accounting obligations.
Only the Personal Data which is designated on the Alerti website as compulsory are essential for using the Alerti website and the Services.
D. Recipients or categories of recipients of the User’s Personal Data
Amazon
- Country : USA
- Nature of data transferred : Surname, first name, email address, address, telephone
- Purpose of the planned transfer : Hosting the database
- Level of protection offered by the country or exception stipulated by the Legislation on Personal Data : Privacy Shield
Mailgun
- Country : USA
- Nature of data transferred : email address
- Purpose of the planned transfer : Sending alerts
- Level of protection offered by the country or exception stipulated by the Legislation on Personal Data : Privacy Shield
Intercom
- Country : USA
- Nature of data transferred : Surname, first name, email address
- Purpose of the planned transfer : Analysis of the functionalities used to improve the Service and personalise communication
- Level of protection offered by the country or exception stipulated by the Legislation on Personal Data : Privacy Shield
Zendesk
- Country : USA
- Nature of data transferred : Surname, first name, email address
- Purpose of the planned transfer : Support and chat Service with Users
- Level of protection offered by the country or exception stipulated by the Legislation on Personal Data : Privacy Shield
-
E. Security of Internet transactions
In accordance with the General Conditions of Sale, the Alerti website uses the technology of the PayPal and the CIC (Crédit Industriel et Commercial) companies in order to guarantee the security of banking transactions by User.
Thus when a payment is made on the Alerti website, the User’s bank account details are transmitted in an encrypted form to CIC and PayPal, and unknown to Alerti.
Alerti does not collect either the complete number of the User’s bank card or its cryptogram.
If the User wishes to exercise the rights identified in paragraph VII above such as Specific Rights relating to the details of the bank card and the transaction performed, the User should contact PayPal and CIC directly. Alerti can provide the User with their contact details and the methods of contacting them.
F. The security of the User’s password
Alerti takes full precautions to ensure that the User’s password and, if necessary, the password of its Employees is stored securely.
However the security of this password also depends on its composition.
The User is therefore reminded that in order for the User’s password to be valid it must be composed of a minimum of eight (8) characters.
Mnemomic techniques exist to create complex passwords such as :
- Only conserving the first letters of a phrase ; for example the phrase "A password is remembered ! " corresponds to the password [email protected]!
- By adding a capital letter if the word is a name (e.g. : word)
- by using punctuation signs (e.g. : !)
- By expressing numbers using figures 0 to 9 (ex : One →1)