PRIVACY POLICY
GENERAL TERMS
I. Definitions
What is personal data?
Personal data is any information relating to an identified or identifiable natural person, in particular, for example, referring to their name, a username, an email address, IP address or to several specific elements that are part of their identity.
What is the processing of personal data?
The processing of personal data consists of any operation applied to personal data, whether carried out using automated processes or not. This includes the collection, recording, organisation, storage, modification or use of personal data.
What is a data controller?
It is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and methods for the processing of personal data.
What is consent?
It is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
What is a recipient?
This is a person authorised to obtain the communication of personal data recorded in a file or its processing in accordance with their functions.
What is a subcontractor?
This is the natural or legal person, public authority, department or other body which processes personal data on behalf of the Data Controller.
II. Object and purpose of the Privacy Policy
The Privacy Policy of the www.speechi.com website (hereinafter referred to as “the Site”) is intended to inform you of the procedures for processing your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the French Data Protection Act.
SCOPE
The Privacy Policy applies to the following persons (the “Users”):
- You are an Internet user and visit the Site. You are wondering what data is collected and processed during your visit and in particular with respect to the “cookies” section (consult the Cookie Policy below for this purpose); and/or
- You are an Internet user and visit the Site. You subscribe to the Site’s blog and you would like to know how your data is processed in this context; and/or
- You are a customer and you have purchased one of our products on the Site. You have provided certain personal data to make this purchase, and you would like to know how it is processed in this context.
IDENTITY OF THE DATA CONTROLLER
The person responsible for the processing of the personal data of the Site’s users is as follows:
WOUARF SAS
Whose head office is located at 12 rue de Weppes, 59800 Lille RCS N°449 742 667
In its capacity as data controller, WOUARF consolidates the personal data collected from Users of the Site. It is responsible for implementing appropriate measures to guarantee that personal data is processed in compliance with the GDPR.
SUPERVISORY AUTHORITY
I.The competent authority
The French supervisory authority competent in matters of personal data and responsible for monitoring the application of the GDPR for the protection of Users with regard to the processing of their personal data, is the following:
The Commission Nationale de l’Informatique et des Libertés – (“CNIL”)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
II. Complaint to the CNIL
Each User has the right to make a complaint to the CNIL regarding the manner in which their personal data is processed by the Data Controller: https://www.cnil.fr/fr/agir
THE PROCESSING OF THE PERSONAL DATA COLLECTED ABOUT YOU
I. Categories of personal data collected
The categories of personal data that may be collected are as follows:
| CATEGORIES OF PERSONAL DATA | DESCRIPTION OF THE CATEGORY |
|---|---|
| Customer Identity / Data | This concerns the data provided when you create a customer account on the Site, in particular:
Last name, First name, Email address, Telephone number |
| Order data | This concerns data relating to product purchases on the Site:
Identity (see above) |
| Data on payment method | Credit card number, expiry date of the credit card, visual cryptogram, surname and first name of the credit card holder, type of credit card |
| Automatic login/Site visit data | This concerns data relating to web browsing:
Timestamp, IP address, cookies, browsers used, computers and technical connection elements, computer configuration, internet access point |
| Data necessary for carrying out loyalty and prospecting actions | This concerns data collected specifically when a user completes the contact form. Identity (see above) |
This personal data may be collected directly on the Site by creating an “account” via a terminal, by purchasing a product offered on the Site, or by simply visiting the Site.
II. The purposes, legal bases for the processing of personal data and the respective retention periods
| Category of personal data | Purpose | Legal Basis | Retention period |
|---|---|---|---|
| Customer Identity / Data |
|
|
For the entire duration of the commercial relationship and for a maximum of three years from the end of the commercial relationship. For all invoicing data, the retention period is ten (10) years for accounting obligations |
| Order data |
|
|
5 years under legal obligations |
| Data on payment method |
|
|
There is no retention of this data: It is collected during the transaction and deleted upon payment of the purchase. |
| Automatic login/Site visit data |
|
|
For the duration of the identification and visit of the site.
Cookies are kept for a maximum of 13 months if they are necessary for the operation of the Site. Otherwise, they are kept for a maximum of 6 months. |
| Data necessary for carrying out loyalty and prospecting actions |
|
|
Until the User requests to no longer receive prospecting emails Until the User unsubscribes from the blog Or within a maximum period of three (3) years after the end of the business relationship in the case of an actual customer, or after the last contact or the last collection in the case of a prospect. |
III. Special condition relating to the personal data of minors.
The User must have the legal capacity to order products offered on the Site. We do not collect personal data relating to minors.
IV. Recipients and transfer of personal data
Do we transmit your personal data to recipients external to the Data Controller?
As part of our activity, we are required to transmit your personal data to our delivery service providers as well as to the installers to ensure the delivery and proper installation of the products ordered.
In addition, it is likely that we will transmit your personal data to our network of reseller partners.
We also use Customer Relationship Management (CRM) software, Zoho One, which may collect and process your personal data. To find out more about this, you can consult their privacy policy below: https://www.zoho.com/privacy.html?zredirect=f
Also, our site is hosted at Amazon Web Services (AWS). The latter is also required to process your personal data. To find out more about this, you can consult their privacy policy below: https://aws.amazon.com/privacy/?nc1=f_pr
For the Speechi Shop part, we use PrestaShop which is hosted on one of our AWS servers in Germany.
Do we transmit your personal data internally within the Data Controller?
We are required to transmit your personal data to our authorised personnel, namely:
- Marketing and E-commerce Department
- Sales department
- Logistics department
- Support department
- Installation service
- Development department
- HR and accounting department
- Customer support
Do we transmit your personal data outside the European Union?
We use tools that may transmit your personal data outside the European Union, namely:
- Our Zoho One CRM software.
- Google services (for emails etc.): https://support.google.com/a/answer/60762?hl=fr?hl=fr#zippy=%2Coù-mes-données-sont-elles-stockées-par-google
- Microsoft Office suite: https://privacy.microsoft.com/fr-fr/privacystatement
In any event, if the level of protection of the country importing personal data is not adequate within the meaning of the CNIL or in the absence of an adequacy decision from the European Commission, the Data Controller will have put in place appropriate safeguards with the data importer, such as standard contractual clauses validated by the European Commission.
V. Security implemented in the processing of your personal data
The data controller commits to take all the necessary measures to ensure the security and confidentiality of your personal data when processing it.
To do this, the personal data collected about you is stored on the Zoho One tool. Data is encrypted using AES encryption. A backup of our database hosted on AWS servers is also run every 15 days. The data stored on Prestashop (see below) is also retrieved daily.
YOUR RIGHTS OVER THE PERSONAL DATA COLLECTED ABOUT YOU
I. Your guaranteed rights
Since the processing of personal data is a fundamental human right, you are the holder of numerous rights guaranteed in particular by the GDPR.
In accordance with the latter, you benefit in particular from the following rights:
| Right of access | Each User has the right to be aware of all the personal data concerning them. Upon request, you can obtain a copy of your personal data being processed. |
| Right of rectification | Each User has the right to rectify their personal data if it is found to be inaccurate or incomplete. |
| Right to erasure or “Right to be forgotten” | Each User has the right to request the deletion of all their personal data. |
| Right to limit processing | Each User has the right to limit the processing of their personal data in the following cases:
a) you dispute the accuracy of your personal data for a period that enables us to verify the accuracy of the data; |
| Right to portability | Each User has the right to receive their personal data in a structured, commonly used and machine-readable format. Also, you have the right to transmit your personal data to another Data Controller without our obstructing it. You have the right to ask us to transfer your personal data to another Data Controller if technically feasible. |
| Right to object | Each User has the right to oppose the processing of their personal data for legitimate reasons without having to provide justification and can thus refuse that their data be used for commercial prospecting purposes. |
| Right of complaint | In order to guarantee their rights, each User has the right to lodge a complaint with the CNIL, the competent supervisory authority for personal data. |
II. Procedures for exercising your Rights
Each User may exercise their rights by contacting the Data Controller directly by one of the following means:
- Electronically by writing to the following address: dpo@speechi.com info@speechi.com
- By post by writing to the following address: 12 rue de Weppes 59800 Lille FRANCE
We undertake to respond to you quickly and within a maximum period of one month. We will make our best efforts to meet your requests regarding the processing of your personal data.
