Data protection policy

As part of managing an information request and/or partnership request, COFIDIS, acting as the data controller, collects the following information from you: your last name, first name, website concerned by the request, job title, professional email address, and professional telephone number.

This data is necessary to present our offers, process your partnership request, and manage the integration process. Without this information, we will not be able to process your request. It will enable us to present our offers, provide access to our documentation, and manage the integration of our services.

Purpose of Data Collection

This information is collected for the purpose of negotiating, executing, and managing the partnership agreement. Your data will be processed to facilitate contact with our sales teams, provide access to documentation, and manage the technical integration of our services.

Collection and Recipients of Data

The information collected consists of data that you have provided directly or that has been provided by the representative of the partner organization for which you work.

The data is intended for authorized personnel responsible for partnerships within COFIDIS, our IT hosting provider, and, where applicable, authorized internal and Group personnel responsible for audit, control, and operational risk management.

Data Retention Period

Your information is retained for the entire duration of the contractual relationship with the partner and until the expiry of all statutory limitation periods relating to the conclusion and performance of the contract, or as necessary to comply with any legal obligations imposed on COFIDIS regarding the processing of such data.

To enable the deletion of data after the applicable legal retention periods have expired, the partner undertakes to inform COFIDIS whenever an employee leaves the organization.

Your Rights

As an employee, manager, or executive of the partner organization, you have:

  • The right of access to all personal data concerning you that is processed by our services.
  • The right to rectification of inaccurate or incomplete data.
  • The right to data portability. You may request to receive, in a machine-readable format, the data you have provided to us (data declared by you and data generated through your activity) where the processing is necessary for the performance of a contract or based on your consent. You may also request that we transmit this data directly to another data controller.
  • The right to object to processing. You may object to the processing of your personal data unless we are required to process it within the framework of our contractual relationship, for potential legal proceedings, or where there are compelling legitimate grounds for continuing such processing.
  • The right to erasure ("right to be forgotten"). Data concerning employees, managers, and executives of our partners is retained for the duration of the partnership plus the applicable limitation periods associated with customer contracts entered into under that partnership. However, you may request the deletion of certain data if one of the following conditions applies:
    • The data is no longer necessary for the purposes for which it was collected;
    • Your data has been processed unlawfully;
    • You object to the processing and there are no overriding legitimate grounds for retaining the data.

We will review your request and respond accordingly, unless we are legally required to retain the data or need to keep it for potential legal proceedings.

  • The right to restriction of processing. When you request the rectification or deletion of your data, or object to its processing, you may request that processing be restricted during the review period by the relevant departments (maximum one month). You may also request restriction if we retain your data solely for potential legal proceedings. In such cases, your data may only be processed with your consent, except where necessary for legal proceedings.
  • The right to define instructions regarding the handling of your personal data after your death.

For more information about your rights, please visit the CNIL website:
www.cnil.fr/fr/comprendre-vos-droits

These requests may be submitted by email to:
service_consommateur@cofidis.fr

COFIDIS has appointed a Data Protection Officer (DPO), who can be contacted at:
dpocofidis1@cofidis.fr

If you disagree with the response provided and are not satisfied with it, you may lodge a complaint with the CNIL at the following address:

CNIL
3 Place de Fontenoy
75007 Paris
France