Please read this privacy policy carefully to understand how your personal data is collected, processed and stored when you use the Demleen website, accessible at www.demleen.com.
All personal data collected on this website is processed under the responsibility of DEMLEEN, a simplified joint-stock company (SASU) with a share capital of €1,000, registered with the Trade and Companies Register of Saint-Mandé under number 911783736, with its registered office at 5 AVENUE DU GENERAL DE GAULLE, 94160 ST MANDE, France.
All personal data collected on this website is processed under the responsibility of DEMLEEN, a simplified joint-stock company (SASU) with a share capital of €1,000, registered with the Trade and Companies Register of Saint-Mandé under number 911783736, with its registered office at 5 AVENUE DU GENERAL DE GAULLE, 94160 ST MANDE, France. Within the meaning of the applicable personal data regulations, DEMLEEN is therefore the data controller.
This privacy policy describes:
1. How DEMLEEN uses your personal data
2. How DEMLEEN shares your personal data
3. How DEMLEEN protects your personal data
4. Where DEMLEEN hosts and transfers your personal data
5. How you can exercise your rights regarding your personal data
6. Updates to the privacy policy
7. How to contact us
DEMLEEN may use your personal data for the following purposes:
1. To send you our newsletter if you have subscribed to it
2. To respond to your contact request submitted via our website
Most of the processing listed above is necessary for the performance of the contract entered into with DEMLEEN when you use our website.
However, the processing of your personal data for the purpose of sending you our newsletter is based solely on your consent, which you may withdraw at any time. If you do not consent to receiving the newsletter, please note that this will not prevent you from creating your customer account and placing orders on our website.
Within DEMLEEN, and depending on each processing purpose, personal data concerning you is collected, processed and stored by authorized DEMLEEN staff only within the scope of their respective responsibilities, in particular by the customer service, marketing and IT departments.
We do not share personal data with other companies, organizations or individuals, unless one of the following circumstances applies:
1. Sharing with prior consent: after obtaining your consent, DEMLEEN will share the information you have authorized with the specific third parties or categories of third parties indicated when collecting your consent.
2. Sharing with our service providers: DEMLEEN may disclose your information to companies that provide services for us or on our behalf. These service providers include companies offering IT services such as our hosting provider or email service provider, product delivery services, or marketing activities carried out on our behalf. These service providers may use your information only for the purpose of providing services on behalf of DEMLEEN.
3. Compliance with legal obligations: DEMLEEN may share your information as required by laws and regulations, to resolve legal disputes, or as required by judicial or administrative authorities under the law.
DEMLEEN ensures the legality of any sharing of personal data by entering into data processing agreements with the companies with which your personal data is shared, requiring them to comply with this privacy policy and to take appropriate security and confidentiality measures when processing personal data.
DEMLEEN places great importance on the security of your personal data and has adopted industry-standard practices to protect your personal data and prevent unauthorized access, disclosure, use, alteration, damage or loss of such information.
We have also taken appropriate precautions through our hosting provider to preserve the security and confidentiality of data, and in particular to prevent it from being distorted, damaged or disclosed to unauthorized persons.
DEMLEEN also adopts the following organizational measures:
1. We adopt reasonable and feasible measures to ensure that the personal data collected is minimal and relevant in relation to the purposes for which it is processed.
2. We retain your personal data only for the period strictly necessary for the purposes of processing, unless retention is required or permitted by law. For example, we retain data related to the execution of your orders for the period required by law for accounting record retention purposes, i.e. up to 10 years from the relevant financial year.
3. We implement access control mechanisms to ensure that only authorized personnel can access your personal data.
In the event of a personal data breach, DEMLEEN will comply with applicable legal and regulatory requirements regarding notification of personal data breaches to the competent supervisory authorities and/or the individuals concerned.
Your personal data is hosted within the infrastructure of our hosting provider, OVH, located in France.
Where such transfers exist, we ensure that they are carried out in accordance with applicable regulations to ensure an adequate level of data protection, either through an adequacy decision of the European Commission or through legal instruments such as data transfer agreements incorporating the European Commission’s Standard Contractual Clauses.
For any request regarding recipients and data transfers carried out outside the European Union, please contact us at the addresses indicated in the “How to contact us” section below.
You have the right of access, rectification, erasure, restriction, and objection regarding the processing of your personal data, as well as the right to define directives regarding the fate of your data after your death and the right to data portability.
You may contact us at any time at the addresses indicated in the “How to contact us” section below to exercise your rights under applicable regulations. You must specify which right you wish to exercise and provide all necessary details to enable us to respond to your request.
These rights are exercised under the conditions set out in the applicable regulations.
- The right of access means that you may ask us at any time whether we process personal data concerning you and, if so, to inform you of the personal data concerned and the characteristics of the processing carried out.
- The right to rectification means that you may request correction of your personal data when it is inaccurate. You may also request that incomplete personal data be completed where relevant in relation to the purpose of the processing.
- The right to erasure means that you may request deletion of your personal data, in particular when:
(i) Their retention is no longer necessary in relation to the purposes for which they were collected;
(ii) Your personal data is processed based on your consent, you wish to withdraw that consent, and there is no other legal basis justifying the processing;
(iii) You have objected to the processing of your personal data and wish them to be erased accordingly;
(iv) Your personal data has been unlawfully processed;
(v) Your personal data must be erased to comply with a legal obligation under European Union or French law.
- The right to restriction means that you may request restriction of the processing of your personal data:
(i) When you contest the accuracy of your personal data for a period allowing us to verify its accuracy;
(ii) When, following unlawful processing, you prefer restriction of processing to complete erasure of your personal data;
(iii) When we no longer need your personal data for processing purposes but it is still necessary for you for the establishment, exercise or defense of legal claims;
(iv) When you have objected to the processing of your personal data and request restriction while we verify whether the legitimate grounds you invoke justify the processing.
Restriction of processing means that your personal data will then only be stored. We will no longer carry out any other operations on the personal data concerned.
- The right to object means that you may object to the processing of your personal data when such processing is based on the legitimate interests pursued by DEMLEEN. The right to object applies provided you justify a legitimate reason related to your particular situation. We will then cease the processing unless there are compelling legitimate grounds to continue in accordance with applicable regulations.
- The right to define directives regarding the fate of your data after your death allows you to give instructions regarding the retention, deletion and disclosure of your personal data after your death.
- The right to data portability means that you may request, under the conditions set out by applicable regulations, to receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to you or directly to a third party of your choice where legally and technically feasible.
Where we process your personal data on the basis of your consent, you may withdraw your consent at any time by contacting us at the addresses indicated in the “How to contact us” section or by clicking on the unsubscribe link included in each of our communications.
However, withdrawal of consent does not affect the validity of processing carried out prior to such withdrawal.
DEMLEEN reserves the right at any time to modify or update, in whole or in part, this privacy policy due to changes in applicable personal data protection regulations or changes in data processing activities.
Any substantial modification of the privacy policy will be notified to you by email if you have provided a valid email address and will be published on the website. We recommend that you regularly review this privacy policy to remain fully informed of our commitments regarding the security and protection of your personal data.
If you have any questions, comments or suggestions, please contact us by visiting the contact us page or by sending them to contact@demleen.com.
Or by postal mail at 5 AVENUE DU GENERAL DE GAULLE, 94160 ST MANDE, France.
If you are not satisfied with DEMLEEN’s response to a request to exercise your rights in accordance with Article V above, or if you wish to report a breach of applicable data protection regulations, you have the right to lodge a complaint with the CNIL by mail (CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07) or via its website (www.cnil.fr), or with the data protection authority in the country where you habitually reside or work.