Legal information

Definitions

Customer: Any professional or natural person capable within the meaning of articles 1123 et seq. of the French Civil Code, or legal entity, who visits the Site which is the subject of these General Terms and Conditions.

Services: https://www.iagona.com provides Customers with :

Content: All the elements making up the information on the Site, in particular text – images – videos.

Customer Information: Hereinafter referred to as “Information (s)” which corresponds to all personal data that may be held by IAGONA for the management of your account, the management of customer relations and for analysis and statistical purposes.

User: Internet user connecting to and using the aforementioned site.

Personal information: “Information which enables, in any form whatsoever, directly or indirectly, the identification of the natural persons to whom it applies” (article 4 of law no. 78-17 of 6 January 1978).

The terms “personal data”, “data subject”, “processor” and “sensitive data” have the meaning defined by the General Data Protection Regulation (GDPR: no. 2016-679).

 

1. Presentation of the website

Pursuant to Article 6 of Law No. 2004-575 of 21 June 2004 on confidence in the digital economy, users of the https://www.iagona.com website are informed of the identity of the various parties involved in its creation and monitoring:

Owner: SASU IAGONA Share capital of €1,899,453.46 VAT number: FR 90 344 076 971 – 229 Bureaux de la Colline 92210 Saint-Cloud, France

Publication manager: IAGONA – contact@iagona.com
The person responsible for publication is an individual or a legal entity.
Webmaster: IAGONA – contact@iagona.com
Host: IKOULA 175-177 rue d’Aguesseau – 92100 Boulogne Billancourt – France
Data protection delegate: IAGONA – dpo@iagona.com

 

2. General conditions of use of the site and the services offered

The Site constitutes an intellectual work protected by the provisions of the French Intellectual Property Code and applicable international regulations.

The Customer may not in any way reuse, transfer or exploit for his own account all or part of the elements or works on the Site.

Use of the https://www.iagona.com website implies full acceptance of the general conditions of use described below. These conditions of use may be amended or supplemented at any time, and users of the https://www.iagona.com website are therefore advised to consult them regularly.

This website is normally accessible to users at all times. However, IAGONA may decide to interrupt the site for technical maintenance purposes, in which case IAGONA will endeavour to inform users of the dates and times of the intervention in advance.
The https://www.iagona.com website is updated regularly by the publication manager, IAGONA. Similarly, the legal notices may be modified at any time: they are nevertheless binding on the user, who is invited to refer to them as often as possible in order to review them.

 

3. Description of services provided

The purpose of the https://www.iagona.com website is to provide information concerning all of the company’s activities.
IAGONA endeavours to provide information on the https://www.iagona.com website that is as accurate as possible. However, it may not be held liable for any omissions, inaccuracies or failure to update such information, whether due to its own fault or to the fault of third-party partners supplying such information.

All information provided on the https://www.iagona.com website is given for information purposes only and is subject to change. Furthermore, the information provided on the https://www.iagona.com website is not exhaustive. It is given subject to modifications having been made since it was put on line.

 

4. Contractual limitations on technical data

The website uses JavaScript technology.

The website cannot be held responsible for any material damage linked to the use of the site. In addition, users of the site undertake to access the site using recent, virus-free equipment and with an up-to-date, latest-generation browser.

The https://www.iagona.com website is hosted by a service provider in the European Union in accordance with the provisions of the General Data Protection Regulation (RGPD: no. 2016-679).

The aim is to provide a service that ensures the highest level of accessibility. The host ensures the continuity of its service 24 hours a day, every day of the year. However, it reserves the right to interrupt the hosting service for the shortest possible period of time, in particular for maintenance purposes, to improve its infrastructures, in the event of infrastructure failure or if the Services generate traffic deemed to be abnormal.

IAGONA and the host may not be held responsible in the event of malfunction of the Internet network, telephone lines or computer and telephone equipment, in particular due to network congestion preventing access to the server.

 

5. Intellectual property and counterfeiting

IAGONA is the owner of the intellectual property rights and holds the rights to use all the elements accessible on the website, in particular the texts, images, graphics, logos, videos, icons and sounds.
Any reproduction, representation, modification, publication, adaptation of all or part of the elements of the site, whatever the means or process used, is prohibited, except with the prior written authorisation of IAGONA.

Any unauthorised use of the site or of any of the elements it contains will be considered as constituting an infringement and will be prosecuted in accordance with the provisions of articles L.335-2 et seq. of the French Intellectual Property Code.

 

6. Limitation of liability

IAGONA acts as the publisher of the site. IAGONA is responsible for the quality and accuracy of the Content it publishes.

IAGONA may not be held liable for any direct or indirect damage caused to the user’s equipment when accessing the https://www.iagona.com website, and resulting either from the use of equipment that does not meet the specifications indicated in point 4, or from the appearance of a bug or incompatibility.

IAGONA may also not be held liable for indirect damage (such as loss of business or loss of opportunity) resulting from use of the https://www.iagona.com website.

Interactive areas (possibility to ask questions in the contact area) are available to users. IAGONA reserves the right to delete, without prior notice, any content posted in this area that contravenes legislation applicable in France, in particular provisions relating to data protection. Where applicable, IAGONA also reserves the right to hold the user civilly and/or criminally liable, particularly in the event of messages of a racist, insulting, defamatory or pornographic nature, regardless of the medium used (text, photographs, etc.).

 

7. Management of personal data

The Customer is informed of the regulations concerning marketing communications, the law of 21 June 2014 for confidence in the Digital Economy, the Data Protection Act of 06 August 2004 and the General Data Protection Regulation (RGPD: n° 2016-679).

7.1 Persons responsible for collecting personal data

For Personal Data collected as part of the creation of the User’s personal account and browsing on the Site, the person responsible for processing Personal Data is the User’s legal representative, who can be contacted at dpo@iagona.com.

As the party responsible for processing the data it collects, IAGONA undertakes to comply with the legal provisions in force. In particular, it is the Client’s responsibility to establish the purposes of its data processing, to provide its prospects and clients, once their consent has been collected, with complete information on the processing of their personal data and to maintain a register of processing in accordance with reality.
Whenever IAGONA processes Personal Data, IAGONA takes all reasonable measures to ensure the accuracy and relevance of the Personal Data with regard to the purposes for which it is processed.

 

7.2 Purpose of data collected

IAGONA may process all or part of the data :

  • to enable browsing on the Website, and the management and traceability of services ordered by the user: connection and Website use data, invoicing, order history, etc.
  • to prevent and combat computer fraud (spamming, hacking, etc.): computer equipment used for browsing, IP address, encrypted password.
  • to improve browsing on the Site: connection and usage data
  • to conduct optional satisfaction surveys on https://www.iagona.com: by email address
  • to carry out communication campaigns (sms, email): by telephone and/or by email address.

IAGONA does not sell your personal data, which is therefore only used if necessary or for statistical and analysis purposes.

 

7.3 Form data

Iagona’s Data Protection Officer is responsible for processing the form and can be contacted at the following email address dpo@iagona.com.
The last name, first name, company, e-mail address and telephone number fields on this form are mandatory for computer processing intended to improve the services offered by Iagona.

Please note that Iagona

  • will not collect or use the personal data collected beyond what is necessary for service improvement purposes;
  • will not sell or rent the personal data collected;
  • will not use or share the personal data collected for advertising or commercial purposes with third parties;

Under the French Data Protection Act of 6 January 1978, as amended, you have the right to access and rectify information concerning you.
If you wish to exercise this right and obtain the information concerning you, please contact our DPO department at the following address: dpo@iagona.com.

 

7.4 Right of access, rectification and opposition

In accordance with current European regulations, Users of https://www.iagona.com have the following rights:

  • right of access (article 15 RGPD) and rectification (article 16 RGPD), updating, completeness of Users’ data, right to block or erase Users’ personal data (article 17 RGPD), when they are inaccurate, incomplete, equivocal, out of date, or whose collection, use, communication or storage is prohibited
  • the right to withdraw consent at any time (article 13-2c GDPR)
  • the right to limit the processing of Users’ data (article 18 GDPR)
  • the right to object to the processing of Users’ data (Article 21 GDPR)
  • the right to portability of data provided by Users, where such data is subject to automated processing based on their consent or on a contract (Article 20 GDPR)
  • the right to define the fate of Users’ data after their death and to choose to whom IAGONA should communicate (or not) their data to a third party that they have previously designated.

The data subject’s right is detailed in article 10 of the present legal notice of the Iagona website.

As soon as IAGONA becomes aware of the death of a User and in the absence of instructions from the User, IAGONA undertakes to destroy the User’s data, unless its retention is necessary for evidential purposes or to comply with a legal obligation.

If the User wishes to know how IAGONA uses his/her Personal Data, ask to rectify them or oppose their processing, the User may contact IAGONA in writing at the following address:

IAGONA – 229 Bureaux de la Colline 92210 Saint-Cloud.

In this case, the User must indicate the Personal Data that he/she would like IAGONA to correct, update or delete, identifying him/herself precisely with a copy of an identity document (identity card or passport).

Requests for the deletion of Personal Data will be subject to the obligations imposed on IAGONA by law, in particular with regard to the conservation or archiving of documents. Finally, Users of https://www.iagona.com may lodge a complaint with the supervisory authorities, in particular the CNIL (https://www.cnil.fr/fr/plaintes).

 

7.5 Non-disclosure of personal data

IAGONA will not process, host or transfer the Information collected on its Clients to a country located outside the European Union or recognised as “non-adequate” by the European Commission without informing the client in advance. However, IAGONA remains free to choose its technical and commercial subcontractors on condition that they present sufficient guarantees with regard to the requirements of the General Data Protection Regulation (RGPD: n° 2016-679).

IAGONA undertakes to take all necessary precautions to preserve the security of the Information and in particular that it is not communicated to unauthorised persons. However, if an incident affecting the integrity or confidentiality of the Customer’s Information is brought to the attention of IAGONA, the latter must inform the Customer as soon as possible and communicate the corrective measures taken. Furthermore, https://www.iagona.com does not collect any “sensitive data”.

The User’s Personal Data may be processed by IAGONA subsidiaries and subcontractors (service providers), exclusively in order to achieve the purposes of this policy.

Within the limits of their respective responsibilities and for the purposes set out above, the main people likely to have access to https://www.iagona.com User data are our customer service agents.

 

7.6 Incident notification

Despite our best efforts, no method of transmission over the Internet and no method of electronic storage is completely secure. Consequently, we cannot guarantee absolute security.
If we become aware of a breach of security, we will notify the users concerned so that they can take appropriate action. Our incident notification procedures take account of our legal obligations, whether at national or European level. We are committed to keeping our customers fully informed of all matters relating to the security of their account and to providing them with all the information necessary to help them comply with their own regulatory reporting obligations.

No personal information of the user of the https://www.iagona.com site is published without the user’s knowledge, exchanged, transferred, assigned or sold on any medium whatsoever to third parties. Only the assumption of the repurchase of IAGONA and its rights would allow the transmission of the aforementioned information to the possible purchaser who would be in turn held of the same obligation of conservation and modification of the data with respect to the user of the https://www.iagona.com site.

 

8. Security

To ensure the security and confidentiality of Personal Data and Personal Health Data, https://www.iagona.com uses networks protected by standard devices such as firewalls, pseudonymisation, encryption and passwords.

When processing Personal Data, IAGONA takes all reasonable measures to protect it against loss, misuse, unauthorised access, disclosure, alteration or destruction.

 

9. Hypertext links, cookies and internet tags

The https://www.iagona.com website contains a number of hypertext links to other sites, set up with the authorisation of IAGONA. However, IAGONA is not in a position to check the content of sites visited in this way, and consequently accepts no liability in this respect.

Unless you decide to deactivate cookies, you accept that the site may use them. You may deactivate these Cookies at any time and free of charge using the deactivation options offered to you and described below, bearing in mind that this may reduce or prevent access to all or part of the Services offered by the Site.

 

9.1 “COOKIES

An updated version of the Cookie article is available here, corresponding to the CNIL’s recommendations following the 2020 consultations.

What the law says: https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi

A “Cookie” is a small information file sent to the User’s browser and stored on the User’s terminal (e.g. computer, smartphone) (hereinafter referred to as “Cookies”). This file includes information such as the User’s domain name, the User’s Internet service provider, the User’s operating system and the date and time of access. Cookies are in no way likely to damage the User’s terminal.

IAGONA is likely to process the User’s information concerning his/her visit to the Site, such as the pages consulted and searches carried out. This information enables IAGONA to improve the content of the Website and the User’s browsing experience.

As Cookies facilitate browsing and/or the provision of services offered by the Site, the User may configure his/her browser to allow him/her to decide whether or not to accept them so that Cookies are stored in the terminal or, on the contrary, that they are rejected, either systematically or depending on the sender. Users may also configure their browser software so that they are offered the option of accepting or rejecting Cookies from time to time, before a Cookie is likely to be recorded in their terminal. IAGONA informs the User that, in this case, it is possible that not all of the functions of their browser software will be available.

If the User refuses the storage of Cookies in his/her terminal or browser, or if the User deletes those stored there, the User is informed that his/her browsing and experience on the Site may be limited. This may also be the case when IAGONA or one of its service providers is unable to recognise, for technical compatibility purposes, the type of browser used by the terminal, the language and display settings or the country from which the terminal appears to be connected to the Internet.

Where applicable, IAGONA declines all responsibility for the consequences linked to the degraded operation of the Site and any services offered by https://www.iagona.com, (no jumping to the line) resulting from :

the refusal of Cookies by the User
the impossibility for IAGONA to record or consult the Cookies necessary for their operation due to the User’s choice.

For the management of Cookies and User choices, the configuration of each browser is different. This is described in the browser’s help menu, which will indicate how the User can modify his/her wishes with regard to Cookies.

At any time, the User may choose to express and modify his/her wishes with regard to Cookies. IAGONA may also use the services of external service providers to help it collect and process the information described in this section.

Lastly, by clicking on the icons dedicated to the Twitter, Youtube and Linkedin social networks appearing on the https://www.iagona.com Website or its mobile version and if the User has accepted the deposit of cookies by continuing to browse the IAGONA Website or mobile application, Twitter, Youtube, Linkedin, La FrenchTech and PlanetHoster may also deposit cookies on your terminals (computer, tablet, mobile phone).

These types of Cookies are only deposited on your terminals if you give your consent, by continuing your browsing on the Website or the mobile version of IAGONA. However, the User may revoke his/her consent to IAGONA depositing this type of cookie at any time.

 

9.2 HTML TAGS

https://www.iagona.com may occasionally employ Internet tags (also known as “tags”, action tags, single-pixel GIFs, clear GIFs, invisible GIFs and one-to-one GIFs) and deploy them via a specialist web analysis partner that may be located (and therefore store the corresponding information, including the User’s IP address) in a foreign country.

These beacons are placed both in the online advertisements enabling Internet users to access the Site, and on the various pages of the Site.
This technology enables IAGONA to evaluate visitors’ responses to the Site and the effectiveness of its actions (for example, the number of times a page is opened and the information consulted), as well as the use of this Site by the User.

The external service provider may collect information on visitors to the Website and other websites using these tags, compile reports on Website activity for IAGONA, and provide other services relating to the use of the Website and the Internet.

 

10. Rights of the data subject

Section 1 – Transparency and procedures
(Article 12 – RGPD) – Transparency of information and communications and arrangements for exercising the data subject’s rights
Section 2 – Information and access to personal data
(Article 13 – GDPR) – Information to be provided when personal data are collected from the data subject
(Article 14 – GDPR) – Information to be provided where personal data have not been obtained from the data subject
(Article 15 – GDPR) – Data subject’s right of access
(Section 3 – Rectification and erasure
(Article 16 – RGPD) – Right of rectification
(Article 17 – GDPR) – Right to erasure (“right to be forgotten”)
(Article 18 – GDPR) – Right to restriction of processing
(Article 19 – GDPR) – Duty of notification regarding rectification or erasure of personal data or restriction of processing
(Article 20 – GDPR) – Right to data portability
Section 4 – Right to object and automated individual decision-making
(Article 21 – GDPR) – Right to object
(Article 22 – GDPR) – Automated individual decision-making, including profiling
Section 5 – Limitations
(Article 23 – GDPR) – Limitations

 

________________________________________

Section 1 – Transparency and terms and conditions

________________________________________

Article 12 – Transparency of information and communications and arrangements for exercising the rights of the data subject
1. The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and to make any communication under Articles 15 to 22 and Article 34 concerning the processing to the data subject in a concise, transparent, comprehensible and easily accessible manner, in clear and simple language, in particular for any information specifically intended for a child. Information shall be provided in writing or by other means including, where appropriate, electronic means. Where the data subject so requests, information may be provided orally, provided that the identity of the data subject is established by other means.
2. The controller shall facilitate the exercise of the rights conferred on the data subject under Articles 15 to 22. In the cases referred to in Article 11(2), the controller shall not refuse to comply with the data subject’s request to exercise his rights under Articles 15 to 22, unless the controller demonstrates that he is unable to identify the data subject.

3. The controller shall provide the data subject with information on the measures taken in response to a request made pursuant to Articles 15 to 22 as soon as possible and in any event within one month of receipt of the request. If necessary, this period may be extended by two months, taking into account the complexity and number of requests. The controller shall inform the data subject of this extension and the reasons for the postponement within one month of receipt of the request. Where the data subject submits his/her request in electronic form, the information shall be provided electronically where possible, unless the data subject requests otherwise.
4. If the controller does not comply with the request made by the data subject, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for its failure to act and of the possibility of lodging a complaint with a supervisory authority and of seeking judicial remedy.

5. No payment shall be required for providing information under Articles 13 and 14 and for making any communication and taking any action under Articles 15 to 22 and Article 34. Where a data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the controller may:
(a) require the payment of reasonable charges which take into account the administrative costs incurred in providing the information, making the communications or taking the measures requested; or
b) refuse to comply with such requests.
It shall be for the data controller to demonstrate that the request is manifestly unfounded or excessive.
6. Without prejudice to Article 11, where the controller has reasonable doubts as to the identity of the natural person making the request referred to in Articles 15 to 21, it may request that additional information necessary to confirm the identity of the data subject be supplied.

7. The information to be given to data subjects pursuant to Articles 13 and 14 may be provided together with standardised icons in order to provide a clear, easily visible, comprehensible and clearly legible overview of the intended processing. Where icons are provided electronically, they shall be machine-readable.
8. The Commission shall be empowered to adopt delegated acts in accordance with Article 92 for the purpose of determining the information to be presented in the form of icons and the procedures governing the provision of standardised icons.

________________________________________

Section 2 – Information on and access to personal data

________________________________________

Article 13 – Information to be provided when personal data are collected from the data subject
1. When personal data relating to a data subject are collected from that person, the controller shall provide him, at the time when the data in question are obtained, with all the following information:
(a) the identity and contact details of the controller and, where appropriate, of the controller’s representative
b) where applicable, the contact details of the Data Protection Officer;
c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
d) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party;
e) the recipients or categories of recipients of the personal data, if any; and
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or to an international organisation, and the existence or absence of an adequacy decision issued by the Commission or, in the case of transfers referred to in Article 46 or 47 or in the second subparagraph of Article 49(1), the reference to the appropriate or adequate safeguards and the means of obtaining a copy thereof or the place where they have been made available;
2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject, at the time the personal data are obtained, with the following further information which is necessary to ensure fair and transparent processing:
a) how long the personal data will be kept or, where this is not possible, the criteria used to determine this period;
b) the existence of the right to request from the controller access to, rectification or erasure of personal data, or a restriction on the processing relating to the data subject, or the right to object to the processing and the right to data portability;
c) where processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent carried out prior to withdrawal of consent;
d) the right to lodge a complaint with a supervisory authority;
e) information on whether the requirement to provide personal data is of a regulatory or contractual nature or whether it is a condition for the conclusion of a contract and whether the data subject is obliged to provide the personal data, as well as on the possible consequences of failure to provide such data;
f) the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4), and, at least in such cases, useful information concerning the underlying logic and the significance and expected consequences of such processing for the data subject.

3. Where the controller intends to further process personal data for a purpose other than that for which the personal data were collected, it shall provide the data subject in advance with information about that other purpose and any other relevant information referred to in paragraph 2.
4. Paragraphs 1, 2 and 3 shall not apply where, and insofar as, the data subject already has such information.

________________________________________

Article 14 – Information to be provided where the personal data have not been obtained from the data subject
1. Where the personal data have not been obtained from the data subject, the controller shall provide the data subject with all the following information:
a) the identity and contact details of the controller and, where applicable, of the representative of the controller;
b) where applicable, the contact details of the Data Protection Officer;
c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
d) the categories of personal data concerned;
e) where applicable, the recipients or categories of recipients of the personal data;
(f) where applicable, the fact that the controller intends to transfer personal data to a recipient in a third country or to an international organisation, and the existence or absence of an adequacy decision by the Commission or, in the case of transfers referred to in Article 46 or 47 or in the second subparagraph of Article 49(1), the reference to the appropriate or adequate safeguards and the means of obtaining a copy of them or the place where they have been made available;
2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
(a) the period for which the personal data will be kept or, where this is not possible, the criteria used to determine that period;
b) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party;
c) the existence of the right to request from the controller access to personal data, their rectification or erasure, or a restriction on the processing relating to the data subject, as well as the right to object to the processing and the right to data portability;
d) where processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent carried out prior to withdrawal of consent;
e) the right to lodge a complaint with a supervisory authority;
f) the source from which the personal data originate and, where appropriate, a statement as to whether or not they originate from publicly available sources;
(g) the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4), and, at least in such cases, relevant information concerning the underlying logic and the significance and expected consequences of such processing for the data subject.
3. The controller shall provide the information referred to in paragraphs 1 and 2:
(a) within a reasonable time after obtaining the personal data, but not exceeding one month, having regard to the specific circumstances in which the personal data are processed;
b) if the personal data are to be used for the purposes of communication with the data subject, no later than the time when the data are first communicated to the data subject; or
c) if it is intended to communicate the information to another recipient, at the latest when the personal data is first communicated.
4. Where it is intended to further process personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject in advance with information about that other purpose and any other relevant information referred to in paragraph 2.
5. Paragraphs 1 to 4 shall not apply where and insofar as:
(a) the data subject already has such information;
(b) the provision of such information proves impossible or would require a disproportionate effort, in particular for processing for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes subject to the conditions and safeguards referred to in Article 89(1), or insofar as the obligation referred to in paragraph 1 of this Article is likely to make impossible or seriously compromise the achievement of the purposes of such processing. In such cases, the controller shall take appropriate steps to protect the rights and freedoms and legitimate interests of the data subject, including by making the information publicly available;
(c) obtaining or communicating the information is expressly provided for by Union law or by the law of the Member State to which the controller is subject and which provides for appropriate measures to protect the data subject’s legitimate interests; or
(d) the personal data must be kept confidential by virtue of an obligation of professional secrecy governed by Union law or the law of the Member States, including a statutory obligation of professional secrecy.

________________________________________

Article 15 – Data subject’s right of access
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data relating to him are being processed and, where such data are being processed, access to such personal data and the following information:
a) the purposes of the processing
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients established in third countries or international organisations;
d) where possible, the period for which the personal data is to be stored or, where this is not possible, the criteria used to determine this period;
e) the existence of the right to request from the controller the rectification or erasure of personal data, or a restriction on the processing of personal data relating to the data subject, or the right to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
(h) the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) and, at least in such cases, relevant information concerning the underlying logic and the significance and expected consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards, pursuant to Article 46, with respect to such transfer.
3. The controller shall provide a copy of the personal data being processed. The controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject. Where the data subject submits his or her request electronically, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.
4. The right to obtain a copy referred to in paragraph 3 shall be without prejudice to the rights and freedoms of others.

________________________________________

Section 3 – Rectification and deletion

________________________________________

Article 16 – Right of rectification
The data subject shall have the right to obtain from the controller, as soon as possible, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by providing an additional declaration.

________________________________________

Article 17 – Right to erasure (“right to be forgotten”)
1. The data subject shall have the right to obtain from the controller the erasure, as soon as possible, of personal data relating to him or her and the controller shall have an obligation to erase such personal data as soon as possible, where one of the following grounds applies:
a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) the data subject withdraws the consent on which the processing is based, in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing; 
c) the data subject objects to the processing pursuant to Article 21(1) and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data has been processed unlawfully;
e) the personal data must be erased in order to comply with a legal obligation laid down by Union law or by the law of the Member State to which the controller is subject;
(f) the personal data have been collected in connection with the provision of information society services as referred to in Article 8(1).
2. Where the controller has made the personal data public and is required to erase them pursuant to paragraph 1, the controller shall, having regard to available technology and the costs of implementation, take reasonable steps, including technical steps, to inform the controllers processing those personal data that the data subject has requested the erasure by those controllers of any link to, or any copy or reproduction of, those personal data.
3. Paragraphs 1 and 2 shall not apply insofar as such processing is necessary:
a) for the exercise of the right to freedom of expression and information;
(b) to comply with a legal obligation to process which is laid down by Union law or by the law of the Member State to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the field of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3);
(d) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to make impossible or seriously compromise the achievement of the purposes of such processing; or
e) for the establishment, exercise or defence of legal claims.

________________________________________

Article 18 – Right to restrict processing
1. The data subject shall have the right to obtain from the controller the restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and demands instead that its use be restricted;
c) the controller no longer needs the personal data for the purposes of processing, but the data are still necessary for the data subject to establish, exercise or defend legal claims;
(d) the data subject has objected to the processing pursuant to Article 21(1) during the verification as to whether the legitimate grounds pursued by the controller override those of the data subject.

2. Where processing has been restricted pursuant to paragraph 1, such personal data may, with the exception of storage, be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on important Union or Member State public interest grounds.
3. A data subject who has obtained the restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

________________________________________

Article 19 – Obligation to notify rectification or erasure of personal data or restriction of processing
The controller shall notify each recipient to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18, unless such communication proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information about such recipients if he or she so requests.

________________________________________
Article 20 – Right to data portability
1. Data subjects shall have the right to receive personal data relating to them which they have supplied to a controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another controller without any obstacle from the controller to whom the personal data have been communicated, where:
(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
b) the processing is carried out using automated processes.
2. Where the data subject exercises his right to data portability pursuant to paragraph 1, he shall have the right to obtain that the personal data be transmitted directly from one controller to another, where technically possible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The right referred to in paragraph 1 shall not affect the rights and freedoms of third parties.

________________________________________

Section 4 – Right to object and automated individual decision-making

________________________________________

Article 21 – Right to object
1. The data subject shall have the right to object at any time, on grounds relating to his particular situation, to processing of personal data concerning him based on Article 6(1)(e) or (f), including profiling based on those provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests and rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
2. Where personal data is processed for canvassing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such canvassing purposes, including profiling insofar as it is linked to such canvassing.
3. Where the data subject objects to the processing for canvassing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of Information Society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his right to object by means of automated procedures using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her, unless the processing is necessary for the performance of a task carried out in the public interest.

________________________________________

Article 22
Automated individual decision, including profiling
1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way.
2. Paragraph 1 shall not apply where the decision:
(a) is necessary for the conclusion or performance of a contract between the data subject and a controller;
(b) is authorised by Union law or by the law of the Member State to which the controller is subject and which also lays down appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject; or
(c) is based on the explicit consent of the data subject.
3. In the cases referred to in paragraph 2(a) and (c), the controller shall implement appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right of the data subject to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

4. The decisions referred to in paragraph 2 may not be based on the special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies and appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject are in place.

________________________________________

Section 5 – Limitations

________________________________________

Article 23 – Limitations
1. Union law or the law of the Member State to which the controller or the processor is subject may, by means of legislative measures, restrict the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, and in Article 5 insofar as the provisions of the law in question correspond to the rights and obligations provided for in Articles 12 to 22, where such restriction respects the essence of fundamental rights and freedoms and constitutes a necessary and proportionate measure within a democratic society to safeguard:
(a) national security
(b) national defence
(c) public security
(d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including protection against and prevention of threats to public security;
(e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation matters, public health and social security;
(f) the protection of the independence of justice and judicial proceedings;
(g) the prevention, detection, investigation and prosecution of breaches of professional ethics in the regulated professions;
h) a monitoring, inspection or regulatory task connected, even occasionally, with the exercise of public authority, in the cases referred to in points a) to e) and g);
i) the protection of the data subject or of the rights and freedoms of others;
j) the enforcement of civil law claims.
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions relating at least to
a) the purposes of the processing or categories of processing;
b) the categories of personal data;
c) the scope of the restrictions introduced;
d) safeguards to prevent misuse or unlawful access or transfer;
e) determination of the controller or categories of controller;
f) the applicable retention periods and safeguards, taking into account the nature, scope and purposes of the processing or categories of processing;

(g) the risks to the rights and freedoms of data subjects; and
(h) the right of data subjects to be informed of the restriction, unless this would undermine the purpose of the restriction.

 

11. Applicable law and jurisdiction

Any dispute relating to the use of the https://www.iagona.com website is subject to French law.
Except in cases where the law does not allow it, exclusive jurisdiction is given to the competent courts of Paris.

    Would you like to be contacted for a demonstration?