PRIVACY POLICY

GENERAL TERMS

I. Definitions

What is personal data?
Personal data is any information relating to an identified or identifiable natural person, in particular, for example, referring to their name, a username, an email address, IP address or to several specific elements that are part of their identity.

What is the processing of personal data?
The processing of personal data consists of any operation applied to personal data, whether carried out using automated processes or not. This includes the collection, recording, organisation, storage, modification or use of personal data.

What is a data controller?
It is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and methods for the processing of personal data.

What is consent?
It is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

What is a recipient?
This is a person authorised to obtain the communication of personal data recorded in a file or its processing in accordance with their functions.

What is a subcontractor?
This is the natural or legal person, public authority, department or other body which processes personal data on behalf of the Data Controller.

II. Object and purpose of the Privacy Policy

The Privacy Policy of the www.speechi.com website (hereinafter referred to as “the Site”) is intended to inform you of the procedures for processing your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the French Data Protection Act.

SCOPE

The Privacy Policy applies to the following persons (the “Users”):

  • You are an Internet user and visit the Site. You are wondering what data is collected and processed during your visit and in particular with respect to the “cookies” section (consult the Cookie Policy below for this purpose); and/or
  • You are an Internet user and visit the Site. You subscribe to the Site’s blog and you would like to know how your data is processed in this context; and/or
  • You are a customer and you have purchased one of our products on the Site. You have provided certain personal data to make this purchase, and you would like to know how it is processed in this context.

IDENTITY OF THE DATA CONTROLLER

The person responsible for the processing of the personal data of the Site’s users is as follows:

WOUARF SAS
Whose head office is located at 12 rue de Weppes, 59800 Lille RCS N°449 742 667

In its capacity as data controller, WOUARF consolidates the personal data collected from Users of the Site. It is responsible for implementing appropriate measures to guarantee that personal data is processed in compliance with the GDPR.

SUPERVISORY AUTHORITY

I.The competent authority

The French supervisory authority competent in matters of personal data and responsible for monitoring the application of the GDPR for the protection of Users with regard to the processing of their personal data, is the following:

The Commission Nationale de l’Informatique et des Libertés – (“CNIL”)

3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

II. Complaint to the CNIL

Each User has the right to make a complaint to the CNIL regarding the manner in which their personal data is processed by the Data Controller: https://www.cnil.fr/fr/agir

THE PROCESSING OF THE PERSONAL DATA COLLECTED ABOUT YOU

I. Categories of personal data collected

The categories of personal data that may be collected are as follows:

CATEGORIES OF PERSONAL DATA DESCRIPTION OF THE CATEGORY
Customer Identity / Data

This concerns the data provided when you create a customer account on the Site, in particular:

Last name, First name, Email address, Telephone number
Address
Organisation (if applicable)
VAT number (if applicable)
Business sector
Username email and password

Order data

This concerns data relating to product purchases on the Site:

Identity (see above)
Transaction number
Purchase details
Amount of purchases
Data relating to the payment of invoices (payments, unpaid bills, discounts)
Product returns
Delivery address
Date of order and of delivery

Data on payment method Credit card number, expiry date of the credit card, visual cryptogram, surname and first name of the credit card holder, type of credit card
Automatic login/Site visit data

This concerns data relating to web browsing:

Timestamp, IP address, cookies, browsers used, computers and technical connection elements, computer configuration, internet access point

Data necessary for carrying out loyalty and prospecting actions This concerns data collected specifically when a user completes the contact form.
Identity (see above)

This personal data may be collected directly on the Site by creating an “account” via a terminal, by purchasing a product offered on the Site, or by simply visiting the Site.

II. The purposes, legal bases for the processing of personal data and the respective retention periods

Category of personal data Purpose Legal Basis Retention period
Customer Identity / Data
  • Data necessary for the management of the account and orders with the management of payment, invoicing and delivery.
  • Aid in the proper functioning of the services of the Site
  • Article 6) b) of the GDPR:
    Necessary for the execution of the contract
  • Article 6) f) of the GDPR:
    In accordance with our legitimate interest
For the entire duration of the commercial relationship and for a maximum of three years from the end of the commercial relationship.
For all invoicing data, the retention period is ten (10) years for accounting obligations
Order data
  • Compliance with the obligation of pre-contractual information;
  • Execution of the sales contract;
  • Order confirmation
  • Article 6) c) Necessary for compliance with a legal obligation
  • Article 6) b) of the GDPR:
    Necessary for the execution of the contract and pre-contractual obligations
  • Article 6) b) of the GDPR:
    Necessary for the execution of the contract and pre-contractual obligations
5 years under legal obligations
Data on payment method
  • Execution of the sales contract
  • Article 6) b) of the GDPR:
    Necessary for the execution of the contract
There is no retention of this data:
It is collected during the transaction and deleted upon payment of the purchase.
Automatic login/Site visit data
  • Identification of access to our Site and the number of connections
  • Determination of cookies to be used
  • Article 6) f) of the GDPR:
    In accordance with our legitimate interest
  • Article 6) a) of the GDPR:
    Consent (for cookies)

For the duration of the identification and visit of the site.

Cookies are kept for a maximum of 13 months if they are necessary for the operation of the Site. Otherwise, they are kept for a maximum of 6 months.

Data necessary for carrying out loyalty and prospecting actions
  • Conduct commercial and marketing operations and in particular loyalty or promotions.
  • Management of the customer relationship with respect to requests for information or complaints that a User may send via the Site, its customer service or the networks.
  • Article 6) a) of the GDPR: Consent
  • Article 6) f) of the GDPR: in accordance with our legitimate interest in promoting news and new offers on the Site
Until the User requests to no longer receive prospecting emails
Until the User unsubscribes from the blog
Or within a maximum period of three (3) years after the end of the business relationship in the case of an actual customer, or after the last contact or the last collection in the case of a prospect.

III. Special condition relating to the personal data of minors.

The User must have the legal capacity to order products offered on the Site. We do not collect personal data relating to minors.

IV. Recipients and transfer of personal data

Do we transmit your personal data to recipients external to the Data Controller?

As part of our activity, we are required to transmit your personal data to our delivery service providers as well as to the installers to ensure the delivery and proper installation of the products ordered.

In addition, it is likely that we will transmit your personal data to our network of reseller partners.
We also use Customer Relationship Management (CRM) software, Zoho One, which may collect and process your personal data. To find out more about this, you can consult their privacy policy below: https://www.zoho.com/privacy.html?zredirect=f

Also, our site is hosted at Amazon Web Services (AWS). The latter is also required to process your personal data. To find out more about this, you can consult their privacy policy below: https://aws.amazon.com/privacy/?nc1=f_pr

For the Speechi Shop part, we use PrestaShop which is hosted on one of our AWS servers in Germany.

Do we transmit your personal data internally within the Data Controller?

We are required to transmit your personal data to our authorised personnel, namely:

  • Marketing and E-commerce Department
  • Sales department
  • Logistics department
  • Support department
  • Installation service
  • Development department
  • HR and accounting department
  • Customer support

Do we transmit your personal data outside the European Union?

We use tools that may transmit your personal data outside the European Union, namely:

In any event, if the level of protection of the country importing personal data is not adequate within the meaning of the CNIL or in the absence of an adequacy decision from the European Commission, the Data Controller will have put in place appropriate safeguards with the data importer, such as standard contractual clauses validated by the European Commission.

V. Security implemented in the processing of your personal data

The data controller commits to take all the necessary measures to ensure the security and confidentiality of your personal data when processing it.
To do this, the personal data collected about you is stored on the Zoho One tool. Data is encrypted using AES encryption. A backup of our database hosted on AWS servers is also run every 15 days. The data stored on Prestashop (see below) is also retrieved daily.

YOUR RIGHTS OVER THE PERSONAL DATA COLLECTED ABOUT YOU

I. Your guaranteed rights

Since the processing of personal data is a fundamental human right, you are the holder of numerous rights guaranteed in particular by the GDPR.

In accordance with the latter, you benefit in particular from the following rights:

Right of access Each User has the right to be aware of all the personal data concerning them. Upon request, you can obtain a copy of your personal data being processed.
Right of rectification Each User has the right to rectify their personal data if it is found to be inaccurate or incomplete.
Right to erasure or “Right to be forgotten” Each User has the right to request the deletion of all their personal data.
Right to limit processing

Each User has the right to limit the processing of their personal data in the following cases:

a) you dispute the accuracy of your personal data for a period that enables us to verify the accuracy of the data;
b) the processing of your personal data is unlawful. You oppose its erasure and instead demand the limitation of its use;
c) we no longer need the personal data for the purposes of processing but it is still necessary for you to establish, exercise or defend your legal rights;
d) you exercise your right of opposition during a period to verify whether the legitimate reasons pursued by the Data Controller prevail over yours.

Right to portability Each User has the right to receive their personal data in a structured, commonly used and machine-readable format. Also, you have the right to transmit your personal data to another Data Controller without our obstructing it. You have the right to ask us to transfer your personal data to another Data Controller if technically feasible.
Right to object Each User has the right to oppose the processing of their personal data for legitimate reasons without having to provide justification and can thus refuse that their data be used for commercial prospecting purposes.
Right of complaint In order to guarantee their rights, each User has the right to lodge a complaint with the CNIL, the competent supervisory authority for personal data.

II. Procedures for exercising your Rights

Each User may exercise their rights by contacting the Data Controller directly by one of the following means:

  • Electronically by writing to the following address: dpo@speechi.com info@speechi.com
  • By post by writing to the following address: 12 rue de Weppes 59800 Lille FRANCE

We undertake to respond to you quickly and within a maximum period of one month. We will make our best efforts to meet your requests regarding the processing of your personal data.