Effective Date: 09.09.2024

1. Introduction

At CONENCY, we prioritize your privacy and are dedicated to safeguarding your personal information. In compliance with the General Data Protection Regulation (GDPR), effective from May 25, 2018, and the amended French Data Protection Act (Loi Informatique et Libertés) of January 6, 1978, we are committed to protecting your privacy and ensuring that your personal data is managed responsibly and securely.
This Privacy Policy outlines how we collect, use, disclose, and protect your personal information while you interact with our website and platform. We aim to provide you with clear and comprehensive information about our data practices to ensure transparency and trust.

2. Identity and Contact Details

Data Controller: CONENCY
Address: 1 Place du Verseau, 38130 Echirolles
Contact Information: Contact us

3. Personal Data We Collect

When you use the CONENCY website and platform, we may collect the following types of personal data:
– Contact Information: Name, email address, telephone number
– Service-Related Information: Quotations, invoices
– Additional Information: Any other information related to the services provided by CONENCY

4. Purpose of Processing

We use your personal data for the following purposes:
– To transmit user requests for quotations to professionals
– To publish appraisals or reviews of professionals
– To verify the identity of users when posting reviews or appraisals
– To assist in dispute resolution between users and professionals
– To comply with legal obligations regarding data retention
– To communicate with professionals regarding CONENCY services

5. Legal Basis for Processing

We process your personal data based on:
– Consent: Your explicit consent, which can be withdrawn at any time
– Contractual Necessity: The need to fulfill our contractual obligations
– Legal Obligation: Compliance with legal obligations
– Legitimate Interests: Our legitimate interests in providing and improving our services

6. Data Retention

Your personal data will be retained for a maximum of five (5) years from the last interaction, unless otherwise required by law. You may request the deletion of your data at any time, subject to legal retention requirements.

7. Data Subject Rights

Under GDPR, you have the following rights:
– Right to Withdraw Consent: You can withdraw your consent at any time by contacting us.
– Right of Access, Rectification, Deletion, and Portability: You can access, correct, delete, or request the portability of your personal data. You may also restrict or object to processing.
– Right to Lodge a Complaint: You can lodge a complaint with your local data protection authority, such as the CNIL in France, if you believe your data rights have been violated.

8. Data Storage and Transfers

We are committed to protecting your personal data and strive to ensure that it is stored and processed primarily within the European Union (EU). Due to the nature of our internet-based platform, your data may be automatically replicated or backed up on servers located outside the EU as part of standard operational processes.

To ensure compliance with the General Data Protection Regulation (GDPR), we take the following measures:
Data Processing Agreements: We have agreements with our service providers that include data protection clauses to ensure the security and confidentiality of your personal data.
Standard Contractual Clauses (SCCs): When necessary, we use SCCs to provide adequate protection for data transferred outside the EU.
Despite these measures, please note that automatic data replication to servers outside the EU is an inherent part of internet-based services. We are not responsible for this automatic replication but remain committed to protecting your data in accordance with GDPR requirements.

9. Data Protection Measures

We implement industry-standard technical and organizational measures, including encryption and access control, to protect your personal data from unauthorized access, alteration, or destruction.

10. Data Security and Breach Notification

In the event of a data breach that compromises your personal data, we will notify you and the relevant supervisory authorities within 72 hours, as required by GDPR.

11. Cookie Policy

– Consent for Non-Essential Cookies: You must provide explicit consent for non-essential cookies (e.g., tracking and marketing cookies). You can manage your cookie preferences through the settings available on every page of our site.
– Disabling Cookies: You can disable cookies through your browser settings or use the [Google Analytics opt-out tool](https://tools.google.com/dlpage/gaoptout/). For more information on cookie management, please visit the [CNIL website](https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).

12. Third-Party Services

We use third-party services, such as Google Analytics, to collect anonymous data on website usage for performance and improvement purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us.