From Acte4.art – update of October 1st, 2022 – Translated by Google
ACTE4.ART takes all necessary precautions to preserve the security and confidentiality of the personal data it is required to process, as data controller or as subcontractor of the personal data of its customers. ACTE4.ART uses personal data: – when it has obtained authorization to do so, – in the context of drafting or performing a contract.
Data processing by ACTE4.ART as Data Controller
As data controller ACTE4.ART complies with the local regulations applicable to the protection of personal data and in particular the provisions of the law “Informatique et Libertés” of January 6, 1978 as amended and the General Regulations on Data Protection (EU Regulation 2016/679) or “GDPR”.
Data processing by ACTE4.ART as a Subcontractor
Similarly, as a subcontractor for its clients, ACTE4.ART has completed all the necessary formalities, in particular with regard to European regulation 2016/679 of April 27, 2016 relating to the protection of natural persons with regard to the Processing of Personal Data (General Data Protection Regulation, often referred to as GDPR). ACTE4.ART strives to fulfill its duties and respect the rights of individuals each time it processes personal data.
What are ACTE4.ART’s commitments in terms of personal data protection?
ACTE4.ART undertakes to guarantee an optimal level of protection of the personal data of its customers, prospects, users of its website, and any other person whose personal data it processes. ACTE4.ART undertakes to comply with the regulations applicable to all the processing of personal data that it implements. More specifically, ACTE4.ART undertakes in particular to respect the following principles:
– Your personal data is processed in a lawful, fair and transparent manner (lawfulness, fairness, transparency).
– Your personal data is collected for specified, explicit and legitimate purposes, and is not further processed in a way incompatible with these purposes (limitation of purposes).
– Your personal data is stored in an adequate, relevant manner and is limited to what is necessary in relation to the purposes for which it is processed (data minimization).
– Your personal data is accurate, kept up to date and all reasonable measures are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy).
ACTE4.ART implements the appropriate technical and organizational measures to guarantee a level of security adapted to the inherent risk of its processing operations, meet regulatory requirements and protect the rights and data of the people concerned when designing processing operations. . Moreover, ACTE4.ART contractually imposes the same level of personal data protection on its subcontractors (service providers, suppliers, etc.). Finally, ACTE4.ART undertakes to respect any other principle required with regard to the applicable regulations on the protection of personal data, and more specifically concerning the rights conferred on the persons concerned, the retention periods of personal data. ACTE4.ART does not intend to voluntarily collect information from children. We do not target children with our services.
What is the data that may be collected by ACTE4.ART used for?
1- Means of collecting your data
In the context of our relations with our customers, we may collect your personal data by various means and in particular within the framework of our contractual and pre-contractual relations. You can also communicate your personal data to us on our website, when you fill out the various forms, or when you submit an application, or when you establish any contact with ACTE4.ART or when you transmit your personal data to us in any other way.
2- Processing purposes and legal bases
Your data is mainly used for the purpose of providing specific services or services: acquisition of works of art, prospecting, animation, commercial information, satisfaction surveys, recruitment. In addition to the cases where your consent has been obtained (in particular to send you personalized offers), the processing of your data for the various purposes mentioned above is in particular necessary:
– to ensure the performance of the service contract, – to comply with a legal obligation,
– for the purposes of the legitimate interests pursued by ACTE4.ART (in particular to improve customer service).
How long are your data kept?
ACTE4.ART undertakes to keep your personal data for a period not exceeding that necessary for the purposes for which they are processed, increased by an archiving period of 5 years, unless a longer storage period is authorized. or imposed by a legal or regulatory provision; These storage periods are defined according to the processing purposes implemented by ACTE4.ART and take into account in particular the applicable legal provisions imposing a precise storage period for certain categories of data, any applicable limitation periods as well as the recommendations of the CNIL concerning certain categories of data processing.
Who is likely to access your personal data?
Access to personal data will be strictly limited to employees of the data controller, authorized to process them by reason of their functions. The information collected may be communicated to third parties linked to the company by contract and located in the territory of the EU and outside the territory of the EU, for the performance of subcontracted tasks, in particular the use of accommodations, or for communication activity, without your permission being required. In case of hiring sub-processors, these sub-processors are required to comply with the obligations of the GDPR. It is up to the initial subcontractor to ensure that the subsequent subcontractor presents the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European regulation on the protection Datas. We remind you that in this context, ACTE4.ART asks its service providers to put in place strict confidentiality and protection measures for this data.
How to exercise your rights?
The data subject may exercise their rights:
1. Right to information – meaning you need to know if your personal data is being processed; what data is collected, where it comes from and why and by whom it is processed.
2. Right of access – meaning you have the right to request access to your data and to obtain a copy of your collected personal data.
3. Right of rectification – you have the right to request the rectification or erasure of your personal data which is inaccurate or incomplete.
4. Right to erasure – in certain circumstances you can request that your personal data be erased from our records.
5. Right to restrict processing – under certain conditions you have the right to restrict the processing of your personal data.
6. Right to object to processing – in some cases you have the right to object to the processing of your personal data, for example in the case of direct marketing.
7. Right to object to automated Processing – you have the right to object to automated Processing, including profiling; and not be subject to a decision based solely on automated processing. You can exercise this right whenever there is a result of profiling that produces legal effects concerning you or significantly affecting you.
8. Right to data portability – you have the right to obtain your personal data in a machine-readable format or, if feasible, as a direct transfer from one processor to another.
9. Right to Complain – in the event that we deny your request under your access rights, we will provide you with a reason why this is not possible. If you are not satisfied with the way your request has been processed, you can file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).
10. Right to withdraw your consent – you have the right to withdraw any consent given for the processing of your personal data. In addition, any person who is a minor at the time of the collection of their personal data can obtain their erasure as soon as possible. You can exercise your rights by contacting the data controller: the legal representative of the company ACTE4.ART, at the postal address of ACTE4.ART : BP 41669, 98713 PAPEETE, POLYNESIE FRANCAISE or by email at the following address: email@example.com, attaching valid proof of your identity.
In order to constantly improve the quality of the services offered on the site and their adequacy with your expectations, ACTE4.ART may use “cookies”, text files used to identify your terminal when you connect to one of our services. The deposit of cookies or tracers in your terminal (computer, tablet, smartphone, etc.) allows ACTE4.ART to collect information and personal data. Depending on your choice of configuration of your terminal, cookies allow in particular: – to use the main functionalities of the ACTE4.ART site,
– to order a work of art on ACTE4.ART,
– to establish statistics (location data). .
You can delete cookies stored on your computer through your computer settings. For more information on cookies, you can consult the CNIL website www.cnil.fr.
ACTE4.ART takes all organizational and technical measures to protect personal data. For data protection, ACTE4.ART has selected the Infomaniak host to guarantee the security of the infrastructure and information systems. ACTE4.ART staff who have access to personal data are limited: these are the people who need this information to carry out their tasks. We use secure protocols for communication and data transfer (such as HTTPS). We monitor our systems for possible vulnerabilities and attacks. Our computer systems are protected (Firewall, antivirus) and updated regularly (security updates, system, software, etc.).
Regular maintenance operations are in place to anticipate possible problems. We make every effort to comply with the rules of the art in terms of security. However, considering on the one hand that these rules are constantly changing and on the other hand that security breaches can occur unexpectedly, we cannot guarantee users against unauthorized access to data. However, we undertake to inform the competent authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything reasonably possible to prevent security breaches and to assist authorities in the event of a breach.
Our contact details
BP 41669 PAPEETE – 98713 TAHITI – Polynésie française
+689 87 78 37 03