Confidentiality policy
INTRODUCTION
Within the framework of its activity, VETERNITY (hereafter “Veternity”), may process information concerning you. Our company would like to remind you of its commitment to respect the trust you place in it and to apply the regulations in force in France and in the European Union regarding the protection of personal data. Any mention of the term “Veternity” refers to the Veternity entity that acts as a controller or processor of your information.
This Privacy Policy informs you of the conditions under which our Company, as data controller, collects and uses your personal data.
The purpose of this policy is to present the rules relating to the protection of personal data, in its capacity as data controller and processor, which Veternity undertakes to respect. These rules come in application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
WHY WE PROCESS YOUR DATA
We only use your personal data in the cases provided for by the regulations in force:
– to fulfil a contract we have with you, and/or
– to comply with a legal obligation, and/or
-your consent to the use of your data, and/or
– the existence of a legitimate interest in using your data. Legitimate interest is a set of business or professional reasons that justify Veternity’s use of your data.
For each processing, we collect and use only the data that is relevant and necessary for the purpose.
The length of time we keep your personal data depends on the purpose for which it is used.
Below, we detail the purposes for which we use your personal data. We are required by law to establish a “lawful basis for processing”, i.e. to inform you of the purposes for which we are permitted to use your data.
PURPOSE OF PROCESSING | LEGAL BASIS | RETENTION PERIOD |
Communicate with you about the execution of your order for a service or product (progress, delivery etc). | Fulfilment of the contract
We use your personal data for the purpose of fulfilling our contractual obligations with respect to your orders and deliveries. |
5 years from the end of the commercial relationship for the management of litigation. |
Contacting you to ask you to leave a comment on a product or service or to give us feedback after your order or service has been processed. | Legitimate interest
We use your personal data to improve our services. |
3 years from the end of the commercial relationship. |
Sending you information about products or services | Legitimate interest and consent
We use your personal information to provide you with this information. Where required by law, i.e. in the context of electronic marketing, we will ask for your prior consent. |
3 years from the end of the business relationship and until withdrawal of consent where this is the legal basis used. |
Manage your membership to our services. | Enforcement of contract | 3 years from the end of the commercial relationship |
Answer any request concerning customer service | Enforcement of contract | 3 years from the end of the commercial relationship |
Managing litigation (e.g. in relation to court proceedings or insurance). | Legitimate interest (to establish proof of a right or contract). | 3 years from the last contact in the case of disputes outside legal proceedings.
Or, 5 years after the closure of the file in the case of legal proceedings. Or, 10 years from the date of compensation, in case of an investigation of an insurance case. |
To process your requests for access, rectification, deletion, opposition, limitation, portability. In particular, we may ask you in some cases to prove your identity. We may be required to disclose this information to the competent authorities in the event of controls or disputes. | Legal obligation
We use your personal data to process your requests in accordance with legal obligations and deadlines and to inform you about the resolution of your requests. |
1 year from the date of your request |
To help us evaluate, develop, and improve the products and services we offer. For example, calls to our call centres may be recorded for quality control or training purposes. | Legitimate interest
We use your personal data to enable us to provide you with the best quality of service. |
30 days |
We may be required, within the framework of legal investigations, to transmit your personal data to the forces of law and order (police and/or gendarmerie). | Legal obligation | 1 year from the date of application |
The prevention of and fight against fraud, including the management of the consequences of fraud. | Legitimate interest | 1 year if the alert is not considered relevant.
5 years from the closure of the fraud file for persons registered on a list of proven fraudsters. In case of legal proceedings, 5 years after the closure of the case. |
We keep the data collected by our video surveillance | Legitimate interest | 30 days |
To draw up legal documents, for instance invoices, credit notes and declarations following a purchase by you | Legal obligation
We use your personal data to draw up any document needing any information required by the law, including your last name, first name, and postal address |
10 years from the accounting year ( current year) |
If you have any questions about this document, you can contact us by e-mail at donnees-personnelles@esthima.fr
PERSON RESPONSIBLE FOR THE PROCESSING
The person responsible for the processing mentioned in this document is Veternity, a public limited company with a capital of €8,494,560 registered in the LILLE METROPOLE Trade and Companies Register under number 393 015 490, whose registered office is located at Le Wellice, 50 rue de la vague 59650 Villeneuve d’Ascq, and whose legal representative is Mr David Buisset.
WHERE THE COMPANY ACTS AS A DATA CONTROLLER
Pursuant to Article 5 of the GDPR, Veternity guarantees that personal data is :
– processed lawfully, fairly and transparently;
– collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
– adequate, relevant and limited to what is necessary for the purposes for which they are processed
– accurate and, where necessary, kept up to date;
– kept for no longer than is necessary for the purposes for which they are processed;
– processed in such a way as to ensure appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organisational measures adapted to the risks.
WHEN THE COMPANY ACTS AS A SUBCONTRACTOR
Pursuant to Article 28 of the GDPR, Veternity guarantees that :
– the purposes of the processing are described in the contract signed between Veternity and its client.
– the processing carried out on its client’s personal data is carried out solely for the purposes determined and on its instructions under the conditions set out in the contract.
– the deletion of personal data is undertaken at the end of the contract and under the conditions set out in the contract unless the applicable law requires such retention.
RECIPIENTS / SUBCONTRACTORS
The sole recipient of the data used in the context of Veternity’s services is the publisher (hereinafter the “Publisher”) of the software (hereinafter the “Software”) present on the Veternity website in order to execute the services.
The Publisher may, in the context of certain services, be a subcontractor within the meaning of the laws and regulations applicable to the protection of personal data. As it stands, the Software is installed and used on our Sites or accessible online/remotely and the data collected and processed by means of the Software is stored on Veternity’s database management server or by the Publisher and its subsequent subcontractors.
The Software update services consist of the provision of versions and do not involve any intervention by the Editor in relation to personal data for which Veternity is the controller.
Services for which the Publisher may act as a subcontractor within the meaning of the laws and regulations applicable to the protection of personal data:
In the context of the provision of the services indicated below, insofar as they are requested by Veternity and provided by the Publisher, the Publisher may be required, on behalf of Veternity, to access, transport or store personal data provided by Veternity, depending on the services concerned as noted in the corresponding Order Form and in the documents exchanged by the parties defining the scope of the services requested.
In the context of remote maintenance: the execution of these services may require the Publisher’s personnel in charge of carrying out maintenance operations to access the elements of the Software concerned by the anomaly being processed for the sole purpose of carrying out any tests and making any modifications necessary to correct the anomaly. Under no circumstances will the Editor’s personnel access personal data managed by the Software elements for any other purpose.
In addition, the Publisher is a subcontractor in the following cases:
– In the event of a request for data migration services,
– In case of implementation of interoperability services on the data,
– In case of recovery actions or technical intervention on data; when these services require the supply by Veternity to the Publisher of elements from Veternity’s databases, Veternity’s data files, or Veternity’s database management server that it uses in conjunction with the Software.
COLLECTED DATA
The data collected by Veternity for the purpose of carrying out the services covered by the cremation agreement concluded with the client-owner is processed within the limits of what is necessary for the proper execution of the services.
Depending on the service offer chosen, this data is used to ensure the proper execution of the service, to deal with your pet’s remains, to transport the remains to the cremation site, to organise the ceremony, to manage the return of your pet’s ashes, to process special requests, to invoice, etc.)
Veternity collects and processes the following categories of data
– identification data (name, first name of the owner or contact, name of the veterinarian),
– contact data (postal address of the owner, email, telephone, address where the body should be collected),
– data related to your pet (name, breed, date of death, etc.).
This data is processed by Veternity’s internal services and its subcontractors (on-site telephone reception, customer relations, logistics, IT, accounting, etc.). It is kept during the provision of the service and is then archived in accordance with the processing purposes specified above.
An API, or application programming interface, is a set of definitions and protocols that facilitate the creation and integration of software applications. The REST API uses a standard (RFC 7519) JSON Web Token (JWT) that allows application users to securely access data without having to reveal a username and password.
Data collected :
– civil status of owner
– family name of owner
– first name of owner
– address of owner
– postal code of owner
– hometown of owner
– phone number of owner
– email address of owner
– day of appointment of cremation for the owner
– type of collection for the body
– comments on the method of collection of the body
– country of owner
– service chosen by owner
– additional sales
– product reference
– how to return the product
– Esthima ID number of the clinic drawing up the convention
– name of the clinic
– address of the clinic
– postal code of the clinic
– city of the clinic
– email address of the clinic
– phone number of the clinic
– name of veterinarian drawing up the convention
– first name of veterinarian drawing up the convention
– INC number on the convention
– general terms of use accepted or not
– information on the pet
– name of the pet
– weight of the pet
– gender of the pet
– age of the pet
– cause of death of the pet
– date of death of the pet
– ID number of the pet , chip or tatoo number
– breed ID of the pet to identify the species
– name of breed
– country of the pet
The data collected is stored on computer equipment located in France or in the European Union. Appropriate technical measures adapted to the level of sensitivity and risk are put in place to prevent the loss, deletion, misuse or alteration of this data. The data collected is not likely to be processed outside the European Union and is not transmitted to third parties for commercial prospecting.
We undertake to ensure the security and confidentiality of your personal data by implementing appropriate technical and organisational measures to prevent their loss, accidental destruction, misuse and unauthorised access.
RIGHTS OF INDIVIDUALS
In accordance with the provisions in force, you have the right to access, rectify, portability, delete and oppose the use of your data. These rights may be exercised by sending an e-mail to donnees-personnelles@esthima.fr, indicating “personal data protection” in the subject line, specifying the purpose of your request and your contact details.
You may also formulate guidelines relating to the conservation, deletion and communication of your personal data after your death in accordance with Article 40-1 of Law 78-17 of 6 January 1978. These directives may be general or specific.
When the Company detects a personal data breach likely to generate a high risk for your rights and freedoms, you will be informed of this breach as soon as possible.
Finally, you have the right to withdraw your consent at any time in cases where consent is the legal basis for processing.
In order to be processed, any request to exercise your rights must be accompanied by a copy of both sides of a proof of identity (national identity card, passport or valid residence permit issued by the French state). A reply will be sent within a maximum of one month of receipt of your request.
In some cases, due to the complexity of the request or the number of requests received by Veternity, this period may be extended by 2 months.
If you are not satisfied with Veternity’s response to your request concerning your personal data, you may submit a written complaint to the Commission Nationale Informatique et Libertés (CNIL).
RETENTION
Personal data is kept for no longer than is necessary for the purposes for which it was collected, and in accordance with the time limits set out in the article “Why we process your personal data”. It may, however, be used subsequently for statistical purposes: in this case, it will be anonymised, i.e. the information retained will not allow the person to be identified, even indirectly. For example, we may only retain the type of service provided during the year. It may also be kept in our archives for as long as is necessary to meet our legal, accounting and tax obligations and in particular to prevent any unlawful behaviour after your account has been deleted.
CONTRACTUAL POLICY
Veternity has taken into account the new mandatory contractual obligations in application of Article 28 of the RGPD in all the contracts affected.
Thus, specific contractual clauses on data protection and in compliance with the applicable regulations have been introduced in particular in :
– customer contracts (GTC/UG);
– contracts between Veternity and its own subcontractors.
MORE ABOUT COOKIES
To find out more about our commitments on the use of your browsing information, we invite you to consult the information integrated in our consent management platform accessible here.
[/vc_text_element]