Confidentiality Policy for Smicers
At SMICE, the protection of your personal data is a priority.
When you use the site https://smice.com/ (the "Site") and the SMICE application (referred to together with the Site as the "Application") and as part of the management of our contractual relationships with our customers, we collect personal data about you.
The purpose of this policy is to inform you of the terms by which we process this data in accordance with Regulation (EU) 2016/679 of April 27, 2016 (the "GDPR") and Law No. 78-17 of January 6, 1978 (together the "Applicable Regulations").
1. Who is the data controller?
The data controller is the company QCM SMICE, a simplified joint stock company registered with the RCS of Nanterre under number 483 620 381, whose head office is located at 58 rue de Nanterre 92600 Asnières-sur-Seine.
2. What data do we collect?
- Identification data (surname, first name, email address, postal address, telephone number)
- Connection data (connection logs, encrypted passwords)
- Browsing data (IP address, pages viewed, date and time of connection, browser used, operating system, user ID, MAID)
- Data related to the mission carried out
- Economic and financial data (RIB)
- Any information you wish to send us as part of your contact request
3. Legal basis, purposes, and data retention periods
| Goals | Legal bases | Shelf life |
|---|---|---|
| Provide services via your account | Execution of contract | Duration of account; logs: 1 year; inactive 2 years → deletion; evidentiary archiving 5 years |
| Create customer/prospect file | Legitimate interest | Customers: duration of contractual relationship; prospects: 3 years from last contact |
| Send newsletters and promotional messages | Legitimate interest (customers) / Consent (prospects) | 3 years from last contact or until consent is withdrawn |
| Respond to information requests | Legitimate interest | 3 years from last contact |
| Process applications for tests and missions | Execution of contractual measures | Duration of test; if refused: 3 months; evidentiary archiving 5 years |
| Manage requests to exercise rights | Legitimate interest | Duration of identity verification then deleted; right to object to prospecting: 3 years |
4. Who are the recipients of your data?
- The staff of our company
- Our subcontractors: hosting provider, newsletter sending provider, electronic messaging provider and chat provider
- Our partner for managing gift vouchers (acts as independent data controller — consult their own policy)
- Public and private organizations, exclusively to meet our legal obligations
5. Is your data transferred outside the European Union?
Your data is retained on servers of Online (FREE), located in France. Transfers outside the EU are secured by:
- Adequacy decision by the European Commission (Article 45 GDPR)
- Standard contractual clauses approved by the European Commission (Article 46 GDPR)
- Binding corporate rules or approved certification mechanism
- Other appropriate guarantees described in Chapter V of the GDPR
6. What are your rights over your data?
- Right to information (Articles 13 and 14 GDPR)
- Right of access (Article 15 GDPR)
- Right of rectification (Article 16 GDPR)
- Right to limitation (Article 18 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to lodge a complaint with a supervisory authority (CNIL in France) (Article 77 GDPR)
- Right to define guidelines relating to data after death
- Right to withdraw consent at any time (Article 7 GDPR)
- Right to portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
7. Contact point to exercise your rights
- Email: contact@smice.com
- Address: 58 rue de Nanterre 92600 Asnières-sur-Seine
8. Changes
This policy may be modified at any time to comply with regulatory, jurisprudential, editorial or technical developments. You will be informed of any significant changes.
Entry into force: November 1, 2023