DATA PROTECTION POLICY – AXXES Last update: 03.12.2020
- who is the data controller?. 1
- which personnel data do we process?. 1
- what are the purposes of personal data processing?. 1
- what are the legal basis for the processing of your personal data?. 2
- who are the recipients of your personal data? 2
- what is the storing period of your personal data?. 2
- what are your rights in relation with your personal data?. 3
- how to contact our data protection office (dpo)? 4
- what about cookies?. 4
- what are security measures implemented? 4
- about modification to this policy?. 4
1. who is the data controller?
The data controller is AXXES, a French private limited company, registered with the trade and company registry of Lyon under number 482 930 385, having its registered office located at 15 rue des Cuirassiers, 69003 Lyon (France).
2. which personnel data do we process?
We collect and process the following of your personal data:
- Identification data (e.g. last name, first name, email, postal address, phone number);
- Connection and location data (e.g. IP address, connection logs, geolocation);
- Commercial data (e.g. communications with the customer service, data required to provide the subscribed services or to manage the customer relationship, data required for to perform satisfaction poll, data required for statistical analysis);
- Invoicing data (e.g. means and payments history, transaction data, invoices);
- Behaviour data (e.g. subscribed or contemplated services, behaviour on websites and tools (viewed pages, connection time, number of views));
- Job application data (e.g. résumé, cover letter);
- Data relating to personal and/or professional life (e.g. registration to events, testimonies of employees)
Only personal data strictly required to achieve the purposes mentioned below are collected.
3. what are the purposes of personal data processing?
Your personal data are processed for the following purposes:
- The management of our relationship with you, and in particular the customer relationship management;
- the provision or supply of ordered or subscribed services;
- operations relating to event management or marketing campaign performance;
- the improvement of your profil knowledge and the analysis of your behaviour;
- the download of files;
- the customisation of our services according to your profile and the enhancement of your experience;
- invoicing management;
- traffic measurement and analysis, statistical analysis;
- the production of statistical data and anonymous information relating to road users’ behaviour and traffic data/situation;
- satisfaction poll relating to our services;
- improvement and optimisation of our services and website quality;
- the management of people rights and enquiries;
- Information on products you transport;
- The management of hiring operations.
4. what are the legal basis for the processing of your personal data?
Your personal data are collected and processed pursuant to the following legal basis:
- Your consent;
- The performance of an agreement;
- For the purposes of legitimate interests;
- To comply with our legal and regulatory obligations.
5. who are the recipients of your personal data?
The recipients of your personal data are the followings, depending on the processing performed:
- internal services of AXXES;
- Providers acting on behalf of AXXES for the purposes above-mentioned;
- Toll Charger companies of road networks on which the services are provided or to which they pertain;
- Commercial partners of AXXES for the purposes above-mentioned, provided that geolocation data transmitted are always anonymous.
Personal data are not transferred outside of the European Union. Should personal data be transferred outside of European Union, we commit that such transfers shall comply with the applicable laws and regulations or to a law or regulation providing an equivalent or sufficient level of protection of your personal data.
6. what is the storing period of your personal data?
Your personal data are stored for the period strictly required to achieve the purposes for which they have been collected and processed.
- the customer account accessible through the customer space is stored three (3) years from the last connection;
- your credit card data, when requested, are stored for the period required to perform the transaction;
- connection data, web browsing, and website traffic data are stored for one (1) year.
- Mobile Application connection data will not be retained beyond the time strictly necessary to achieve the purpose for which it was collected
- The connection, geolocation and traffic data collected during the Use of a mobile Application are stored on the Terminal with which the User uses the Application, for a period of two (2) months.
Nevertheless, personal data is retained for a longer period of time in the form of archiving when legal and regulatory obligations require us to do so, or if this is necessary in view of the applicable statute of limitations, to assert our rights, when it is not possible to prove this by other means .
Once your Personal Data is no longer required for the purposes or for archiving purposes to meet our legal obligations or for the purposes of the applicable prescription, we will ensure that it is completely destroyed or anonymized.
Translated with www.DeepL.com/Translator (free version)
7. what are your rights in relation with your personal data?
Your rights in relation with your personal data are the followings:
- right of access; you have the right to be informed in a concise, transparent, intelligible and easily accessible manner on how your Personal Data is processed.
- right to enquire about your personal data; you also have the right to obtain confirmation that Personal Data concerning you is being processed and, if necessary, to access such Personal Data.
- right to rectification; you have the right to obtain the rectification of inaccurate Personal Data concerning you. You also have the right to complete the incomplete Personal Data concerning you, by providing an additional declaration.
- right to erasure – provided that such right shall not hinder the performance of the agreement or the compliance with our legal or regulatory obligations;
- right to restrict one or several processing of your personal data;
- right to change or withdraw, at any time, consents to the processing of your personal data when such processing are based only on your consent;
- right to object to the processing of your personal data;
- right to portability of your personal data.
You also have the right to define general or specific directives regarding how your personal data shall be handled or your rights exercised in case of death.
To ensure that all information we have concerning you are always accurate, we recommend you to regularly update your personal data.
You can exercise your rights concerning your personal data by contacting us:
- By email à firstname.lastname@example.org ; or
- By post mail at : Axxès SAS, Attn: DPO, 15 rue des Cuirassiers, 69487 Lyon Cedex 03 (France).
You can also register for free on the tele prospecting objection list named Bloctel and managed by Opposetel company according to a public service delegation.
In case you are not satisfied in relation with your personal data, you have the right to register a complaint toward the competent authority:
Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
75334 PARIS CEDEX 07
Phone: +33 (0) 1 53 73 22 22
8. how to contact our data protection office (dpo)?
You may contact our DPO:
- by email: email@example.com ; or
- by post mail: Axxès SAS, attn: DPO, 15 rue des Cuirassiers, 69487 Lyon Cedex 03 (France).
9. what about cookies?
Cookies and other tracking devices may be installed and/or read on your terminal/webbrowser when visiting our websites/application.
Cookies setup by AXXES enables the customization of the website/application content, the website/application traffic analysis, the production of use statistics, the improvement of your experience on our websites/application. Some information is shared with AXXES partners. The user has the ability to accept or decline the cookies set by AXXES. AXXES may place one or more cookies on the hard drive of the user’s computer/terminal by modifying this access in the settings. Any deactivation will result in the user’s refusal to accept the cookies in question. These cookies can be deleted at any time by the Internet customer. (To learn more about cookies: http://www.cnil.fr/vos-libertes/vos-traces/les-cookies or https://www.fr/fr/site-web-cookies-et-autres-traceurs.)
In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of thirteen (13) months after their first deposit in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.
10. what are security measures implemented?
As the data controller, we take all useful measures to maintain the security and confidentiality of data and in particular, to prevent any alteration or unauthorised access. For this purpose, we implement all technical and organisational measures to provide a security level adapted to risks. In addition, we make sure our subcontractors comply with all applicable rules concerning personal data protection.
11. about modification to this policy?
This policy is intended to evolve and may change. In case of minor modifications, the updated policy shall be uploaded online to a dedicated page. In case of major modifications (e.g. purposes, exercise of rights), you will be informed.
Last update date : 03/12/2020