NEGDIS PRIVACY POLICY

This privacy policy is applicable to the website www.nedgis.com and the interactions between Nedgis and its users, including when they visit the website or purchase lightings.

Identity of the Data Controller

The information collected about you will be subject to processing by the company Nedgis, a société par actions simplifiée (simplified share company), registered with the Commercial Register of Paris under No. 804 984 144, with its registered office at 37, rue Notre Dame de Nazareth, 75003 Paris.

You can send questions relating to data protection at the following email address: [email protected] .

Purposes of Processing

Nedgis processes your personal data: - so that you can order on our website www.nedgis.com,
- to process and deliver your orders and provider customer support,
- so that you can navigate on our site and on our social network pages,
- to allow you to submit comments on Nedgis services via the provider TrustPilot,
- to provide you with the www. Nedgis.com site newsletter,
- to provide personalized advertising, according to your consumer habits, on other sites or communication devices,
- to make statistics on your use of the site and on marketing performances,
- to prevent and fight fraud and ensure safety on our site and services,
- to conduct audits and enable the transfer of assets,
- to meet our legal obligations and handle litigations.

Legal bases for processing

Purposes Legal Bases
User account creation Processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract
Handle user request Depending on the purpose of the request, the legal basis will be legitimate interest, performance of a contract or in order to take steps prior to entering into a contract, or legal obligation
Newsletter and marketing communications Processing is based on consent provided by the client
User identification data related to the user comments Legal obligation to retain user data
Accounting management Legal obligation
Preservation of evidence in case of litigation or claim Nedgis’ legitimate interest
Statistics and marketing performance Consent to cookies and consent to statistical and advertising performance processing
Advertising for the benefit of Nedgis on third party sites, including targeted advertising Nedgis’ legitimate interest, subject to user consent to cookies
Ensure the security of the website, prevent and fight against fraud Processing is based on Nedgis’ legitimate interest, and on the legal obligation to protect personal data
Performing security audits or audits for the purpose of transferring assets of the company Nedgis’ legitimate interest
Litigations Legitimate interest

Personal Data Collected

The personal data collected on Nedgis site are as follows:

Account creation data : on a mandatory basis, name, surname, E-mail address and password : on an optional basis, birth date;

Browsing data: statistical data on website navigation, IP address, timestamp and date of account creation, language, technical data related to the device and browser, cookies

Payment details (credit card) for the order ;

Purchase details : number, date, type of products, price, phone number and address of delivery

Personal Rights of the User

In accordance with the French Data Protection Law of January 6, 1978, as amended and European Regulation 2016/679 dated April 27, 2016, you have the following rights over all of your data:

The right to have personal data updated,

The right to have personal data erased,

The right of access to personal data,

The right to request personal data portability,

The right to withdraw consent to the use of contact information for sending offers and promotions by e-mail,

The right to withdraw consent to the use of tracers and cookies,

The right to decide on the fate of your personal data after your death, including whether or not to communicate your data to a third party designated by you.

You can, subject to providing a valid identity document, exercise the rights listed above by contacting Nedgis:

By e-mail at: [email protected]

By post at: 37 Rue Notre Dame de Nazareth - 75003 PARIS - France

You also have the right, in the event of infringement of your personal data, to file a claim with the French Data Protection Authority (La Commission Nationale Informatique et Libertés (CNIL)) at the following postal address: 3 Place de Fontenoy, 75007 PARIS.

Retention Period

Your personal data recorded in respect of your Nedgis account are available on the website and shall be retained for a period of five (5) years from the date of the last interaction with Nedgis, except if you exercise your right to erase personal data to the extent permitted by law.

Nedgis also retains personal data relating to the financial transaction carried out, and in particular for a period of 10 (ten) years for legal obligations (accounting), and for a further 10 (ten) years in a secure intermediate archive in order to constitute evidence in the event of a dispute with regard to the applicable regulations, on the basis of legitimate interest.

Nedgis also keeps all correspondence exchanged in the context of customer service for a period of 10 (ten) years.

Security of Data

Nedgis implements technical and organizational measures to ensure the security and confidentiality of your personal data, in order to prevent any loss of integrity, confidentiality or availability. Your banking data is exclusively held by Paybox, a personal data processor, which is certified as compliant with the PCI/DSS standards for banking.

Data Recipients

a) Recipients within Nedgis
Access to client’s personal data is strictly limited to the employees and agents of Nedgis, who are so authorized by virtue of their duties and subject to compliance with applicable regulations on personal data protection, i.e., (i) the marketing department for newsletters, (ii) the customer support, (iii) the financial service and (iv) the technical support, and the company management, including in the event of litigation. (v)

b) Subcontractors:
Collected data are communicated to following categories of recipients:
The lighting suppliers,
The carriers as follows : Colissimo, Chronopost, Geodis-Calberson, You2you, Yper, Stuart
The customer review management provider : TrustPilot
The online statistic tools : Google Analytics
Online personalized advertising solutions: Facebook, Criteo, Pinterest and Google,
The IT developments services provider,
The management platform for consents to the placing and reading of cookies.
The hosting services providers :
SoYourStart and the company OVH, whose servers are located within the European Union
Amazon S3, a US provider, in compliance with the transfer standard clauses provided by the European commission
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__French_Translation.pdf
https://aws.amazon.com/fr/blogs/security/customer-update-aws-and-the-eu-us-privacy-shield/

Nedgis shall provide the list of its providers upon request sent at the following address: [email protected] .

Data transfer

The data recipients listed above in the article 8, which are established outside of the European Union, in a country not recognized by the European Union as providing an adequate level of data protection, and/or which transfer data outside of the European Union in a country not recognized by the European Union as providing an adequate level of data protection, for the need of the services provided to Nedgis, are subject to standard contractual clauses provided by the European commission, or to Binding Corporate Rules, and shall take additional data protection measures, if applicable, in order to comply with European Essential Guarantees for data protection.

The recipients and additional measures they take are listed as follows:
Google : https://policies.google.com/privacy/frameworks?hl=fr-CA (Contractual Clauses)
https://policies.google.com/terms/information-requests
Amazon : https://aws.amazon.com/fr/privacy/
https://aws.amazon.com/fr/compliance/gdpr-center/ (Standard Contractual Clauses)
Paypal : https://www.paypal.com/fr/webapps/mpp/ua/privacy-full#7 (Binding Corporate Rules)

Cookies

Cookies are text files that are placed on your terminal equipment (computer, mobile) then read by the editor of a website, or by its providers, when a user visits a site using a web browser.

The list of cookies placed on Nedgis website, their period of retention and the cookies senders can be viewed by using the cookies button, located in the left hand side of the site footer. The cookies button is the following : Privacy settings.

You can consent or withdraw your consent at any time here, by clicking on the following cookies button, Privacy settings, displayed on the left hand side of the site footer.

Cookies have the following purposes:

Cookies necessary for the technical functioning of the site (functional cookies): it includes for example technical authentication cookies, session identification, and/or shopping cart, language, device resolution, operating system). If you remove these cookies, the site will not work properly. Your consent is not required to implement those cookies, according to the applicable regulation.

Audience measurement cookies ( analytics cookies): these cookies require your consent, in order to better understand your use of the site, its audience, and marketing performance;

Advertising cookies: these cookies require your consent, in order to establish a user profile for distributing advertising that matches your interests, and in order to market Nedgis services on other sites and evaluate their performance on Nedgis site. Those cookies are sent by our partners : Facebook, Criteo and Google,

At last, we use pixels, which are very little images within emails that we send to you, in order to check if you have opened them, and if applicable, if you have interacted with content (click on a link for example).

This privacy policy many be updated by reference to its date and version number. Any updates shall be notified on Nedgis website.

Version 2.0 dated 15/11/2022