Data protection policy

This policy describes how ZIWIG handles and protects the personal data of visitors to ZIWIG’s corporate website, accessible at www.ziwig.com (the “Site”).

The processing of personal data is carried out in compliance with the General Data Protection Regulation or GDPR (EU Regulation 2016/679), the French Data Protection Act n°78-17 as amended or LIL, and the applicable provisions of the Public Health Code (hereinafter the Applicable Legislation).

Personal data is, in the sense of the Applicable Legislation, any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or to one or more factors specific to the identity of that natural person.

The GDPR and LIL do not apply to processing of data anonymized in such a way that the data subject is not or no longer identifiable, including processing for statistical or research purposes.

This Policy may be modified, completed or updated in order to comply with any legal, regulatory, jurisprudential or technical evolution. However, the User’s Personal Data will not be treated with a lower level of protection than that provided by the Policy in force at the time of its collection, except in the case of an imperative legal requirement to the contrary, which would be retroactive. The User will be informed of any update of the Policy.

Identity and contact details of the data controller

Legal reminder: The data controller is, in the sense of the Applicable Legislation, the person who determines the means and the purposes of the processing.The subcontractor is a person processing personal data on behalf of the controller. He acts under the authority of the controller and on his instructions.

The person responsible for the processing of the Data described in this Policy is ZIWIG, a simplified joint stock company, registered by the Lyon Trade and Companies Register with the number 848 079 075 and whose registered office is located at 19 rue Riboud, 69003 Lyon.

ZIWIG takes appropriate measures to ensure the protection and confidentiality of the Personal Data it holds or processes in accordance with the provisions of the Applicable Legislation.

Cookies

A cookie is a text file deposited and then read on the User’s hard drive when consulting a website or a mobile application, regardless of the type of terminal used: computer, smartphone, digital tablet. It can contain several data such as the name of the server that deposited it, an identifier in the form of a unique number, an expiration date… A server accesses it to read and record this information.

Cookies play several roles. They facilitate navigation, store the User’s preferences, make the interaction between the User and the website faster and easier. Some cookies are essential to the proper use of a website, e.g. by allowing the authentication of the User or the personalization of the User interface.

They can also allow websites to target Internet users with their advertising or marketing campaigns based, for example, on their place of residence or their shopping or browsing habits. Some cookies are tied to the site you are viewing, others depend on external sites that manage content on the page you are viewing (third-party cookies). For example, a website can use the services of a statistics company that will use its own cookies to count visitors.

ZIWIG does not use any advertising cookies and only :

• cookies that are essential to the functioning of the Site, which you cannot refuse;  

• audience measurement cookies (Google Analytics), which you can refuse.

Audience measurement cookies collect browsing data (time stamp, IP address and browsing equipment used) and make it possible to generate non-nominative Website audience statistics.  

Cookies that are not essential to the functioning of the Site will only be stored if the User accepts them.

Cookies have a lifespan of 13 months.

Processing of personal data

Management of User’s information/support requests

Categories of data processed: User’s email address, subject of the request, date and number of the request, response given, date of response, history of User’s requests, statistics

Purposes: to respond to the request; to constitute an anonymous document base (response models); to carry out anonymous statistics of the activity of response to requests for information.  

Legal basis for processing: Legitimate interest of ZIWIG to provide information/support and legitimate interest of Users to receive a response./p>

Retention period: Two years from the last contact with the User

Recipients of the data: ZIWIG employees in charge of responses

Transfer: no transfer of data to a country outside the European Union

Other treatments

Realization of statistics

ZIWIG may compile non-personally identifiable statistics from the Data collected in order to improve the use of the Site.

Legal basis for processing: ZIWIG’s legitimate interest in producing statistical data on its activity in order to communicate about its tool and improve its services.

User Rights

Whenever ZIWIG processes Personal Data, ZIWIG takes all reasonable steps to ensure that the Personal Data is accurate and relevant to the purposes for which ZIWIG processes it.

In accordance with the Applicable Legislation, ZIWIG Users have the following rights:

• right of access (article 15 GDPR) and right to rectification (article 16 GDPR)

• right to erasure (“right to be forgotten”) (Article 17 of the GDPR) under certain conditions

• right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Article 13-2c GDPR)

• right to restriction to processing of User’s data(Article 18 GDPR)

• right to object to processing of Users’ data (Article 21 GDPR)

• right to portability of the data provided by the Users, where the processing is carried out by automated means and based on consent or on a contract (article 20 GDPR)

• right to determine what happens to their data after their death and to choose to whom ZIWIG should disclose (or not) their data to a third party that the User has previously designated

If the User wishes to exercise his/her rights, it may contact ZIWIG by writing to the following address ZIWIG – 19 rue Riboud, 69003 LYON or by email at ziwig-privacy@ziwig.com. In this case, the User must indicate the Personal Data that he or she would like ZIWIG to correct, update or delete, identifying himself or herself accurately with a copy of an identity document (ID card or passport) or other evidence of identity.

Requests for deletion of Personal Data will be subject to the obligations imposed on ZIWIG by law, including retention or archiving of Data.

ZIWIG Users may file a complaint with the supervisory authorities, such as the CNIL
 

(https://www.cnil.fr/fr/plaintes).

Data security and hosting

ZIWIG implements all technical and organizational measures to ensure the security of personal data processing and the confidentiality of Personal Data.

In this respect, ZIWIG takes all necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent them from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to (physical protection of the premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, data encryption, etc.).

In addition, in order to comply with the provisions of the Public Health Code concerning personal health data, ZIWIG uses Amazon Web Services as a Health Data Host (known as “HDS”) benefiting from the certification validated by the minister in charge of health.

The Data is hosted on the territory of the European Union.