Data privacy and cookie policy

I. PREAMBLE

This privacy policy describes how IRoise Partners SAS ("IRZ") collects, uses, shares and secures the personal data that users provide via our website https://www.iroise-partners.com/ (the "Website").

It provides a set of principles and guidelines for the protection of personal data collected by IRZ in the course of its activities.

This policy complies with Directive 2002/58/EC on privacy and electronic communications ("ePrivacy"), Regulation 2016/679 on data protection ("GDPR") and Law no. 2018/493 of 20 June 2018, promulgated on 21 June 2018, amending the Law of 6 January 1978 (known as the "French Data Protection Law").

It may be amended or supplemented at any time by IRZ, in particular in order to comply with any changes in legislation, regulations, case law or technology.



II. PROTECTION OF PERSONAL DATA

2.1. Designation of a data controller

The data controller is IRoise Partners SAS, registered with the Paris Trade and Companies Register under number 912 440 476 and having its registered office at 55, avenue Marceau - 75116 Paris.

The Data Protection Officer is: Christophe Bourges

He can be contacted at the following e-mail address: contact@iroise-partners.com


2.2. Personal data collected and cookies

IRZ does not intend to collect personal data from users with the exception of data collected using cookies (functional cookies and audience measurement cookies).

A cookie is the equivalent of a small text file stored on the user's device. A cookie can be used for authentication, a session and to store specific user information, such as site preferences. The purpose of a cookie is not to identify you personally. However, it may contain certain personal data.

IRZ intends to limit the use of said cookies to what is strictly necessary for the proper functioning and day-to-day administration of the Website.

In the present case, the Matomo Analytics solution, configured to fall within the scope of the exemption from the collection of users’ consent is deployed, and the two categories of cookies selected are as follows:
 
  • Functional: These cookies are used to ensure that the site functions correctly. These cookies are mandatory;
     
  • Audience measurement: IRZ uses these analytical cookies to optimise the experience on the Website for users. These cookies are optional. Version dated - 29 November 2023


2.3. Non-processing of sensitive data

In accordance with Article 9 of the GDPR, IRZ refrains from collecting and processing personal data of a sensitive nature on the Website.


2.4. Purposes and legal basis of the processing

Any personal data that may be collected is processed as part of the user's visit to the Website and is collected automatically from the user, in particular via cookies.

IRZ uses personal data for the following purposes and on the following legal basis:
 
  • to provide relevant Website content and to measure or understand the effectiveness of the Website (your consent, although not compulsory - where information is collected by optional cookies that IRZ uses - or IRZ's legitimate interests in providing relevant content and advertising and in understanding and improving the Website):
     
    • All users have the option of opposing the registration of a cookie by configuring their browser so that it warns them before a cookie is installed, or even to refuse all installation of cookies and to refuse to accept them.
       
    • Users can refuse cookies as easily as accept them;
       
  • use data analysis to improve the Website, products/services, marketing and prospect/customer relations (IRZ's legitimate interests in improving and understanding the same); and
     
  • to comply with the legal obligations to which IRZ is subject and to cooperate with the regulatory authorities and the authorities responsible for applying the law or regulations.


2.5. Retention period for personal data

IRZ does not intend to collect personal data from users. In any event, IRZ would only retain the user's personal data for as long as necessary to fulfill the purposes for which it collected it, including to meet legal, regulatory, accounting or other requirements, as well as its legitimate interest in retaining such personal information in its files.

With regard to cookies :
 
  • their lifespan is limited to a period that allows a relevant comparison of audiences over time and is not automatically extended for new visits. This period is currently limited to 13 months;
     
  • the information collected via cookies is kept for a maximum of 25 months; and
     
  • the user's choice to accept or refuse cookies is kept for a period of 6 months.


In certain circumstances, IRZ may anonymise users' personal data so that it can no longer be associated with them, in which case IRZ may use this information (including for statistical purposes) for an unlimited period of time.

When IRZ no longer needs personal information for the purposes for which it was collected, IRZ will securely destroy it in accordance with applicable laws and regulations. Version dated - 29 November 2023


2.6.Security measures for data storage

IRZ implements a variety of security measures to safeguard the security of personal data. This information is kept in reinforced security conditions for a period strictly necessary for the proper management of IRZ's relations with users, while complying with legal and regulatory constraints. Furthermore, in the event of a security incident affecting personal data (destruction, loss, alteration or disclosure), IRZ undertakes to comply with the obligation to notify personal data breaches, in particular to the CNIL where applicable.


2.7. How personal data is transferred

IRZ has recourse to its authorised service providers to facilitate the collection and processing of data communicated by its customers, prospective customers or its staff. These service providers may be located outside the European Union.

Where the processing of personal data involves a transfer outside the European Union, IRZ ensures that this is carried out in countries listed by the European Commission as providing sufficient protection for the data and/or supported by appropriate safeguards and based on standard contractual clauses, in accordance with models published by the European Commission and/or having obtained recognised certification.

By way of exception, personal data may be communicated at the request of an administrative authority (ACPR, AMF, tax authorities, CNIL), and/or judicial authority upon simple request or if required by law, or in the event of a request from an external service provider involved in IRZ's internal control system.


2.8. Right of s users

When collecting and processing personal data, IRZ undertakes to comply with the provisions of Article 5 of the GDPR :
 
  • the personal data of each user is processed lawfully, fairly and transparently;
  • personal data is collected for specified purposes and may not be further processed in a way incompatible with those purposes. The processing of such data is limited to that which is necessary for the purposes for which it is processed;
  • personal data that are inaccurate are either deleted or immediately rectified;
  • personal data is kept for no longer than is necessary for the purposes for which it is processed; and
  • personal data is processed in such a way as to guarantee appropriate security.


2.9. Exercising your rights concerning data processing

In accordance with the provisions of the RGPD, users have the following rights concerning their personal data:
 
  • right of access: communication of personal data processed by IRZ ;
  • right to rectify, complete or update: updating of personal data or rectification of personal data processed by IRZ ;
  • right to object: deletion of personal data ;
  • right to restrict processing: limiting (i.e. suspending) the processing of personal data; Version dated - 29 November 2023
  • withdraw consent: withdraw consent for the processing of personal data subject to consent;
  • right to portability: to recover personal data in order to dispose of it or transfer it to a new organisation.


In order to exercise one or more of these rights, users may send a request by post to the address given above in section 2.1 or come to the site with proof of identity. They may be accompanied by a person of their choice. It is possible to request a copy of the data.

IRZ undertakes to respond to requests within a period not exceeding 1 month from receipt of the request. If the request cannot be met immediately, a dated and signed acknowledgement of receipt will be given to the applicant. If the request is incomplete (e.g. the identity document is missing), the Data Protection Officer is entitled to ask for additional information. The deadline is then suspended until the relevant information has been provided.

Any document collecting personal data must include a GDPR information notice. Whenever IRZ collects personal data, the medium used (form, questionnaire, etc.) includes information on the purpose of the processing and on the processes and rights mentioned above.

Examples of how to include information are available on the CNIL website.

If the user considers that IRZ is not complying with its obligations with regard to the personal information provided, he or she may submit a complaint or request to the competent authority. In France, the competent data protection authority is the CNIL (https://www.cnil.fr, 3 Pl. de Fontenoy, 75007 Paris).



III. COOKIES

As indicated above, cookies may be placed on the user's terminal when browsing the Website.

Cookies are useful, even essential, for browsing the internet because they enable website publishers to :
 
  • improve the performance of their site; and
  • to offer Internet users a better browsing experience.


Users of the IRZ Website are informed above of the purpose of any cookies and all the means available to the visitor to oppose the use of cookies.

IRZ recalls that the Matomo Analytics solution is deployed on the Website. This solution has been identified by the CNIL as falling within the scope of the exemption from the collection of user consent.

IRZ uses and will always ensure that it uses a cookie management model that is compatible with the GDPR and the French Data Protection Law.