1. Preamble and purpose
In the context of the management of the website accessible at https://www.sfa-enviro.com/ (the “Site”), SFA enviro, the data controller (“we”, “us”, “our”) processes personal data of the users of the Site (the “Data Subjects”).
We undertake to process the personal data of the Data Subjects in accordance with the applicable regulations, and in particular Regulation No. 2016/679 (EU) of 27 April 2016 known as the General Data Protection Regulation (“GDPR”), the French Data Protection Act of 6 January 1978 in its updated version (“LIL”) (together, the “Applicable Regulations”).
Terms beginning with a capital letter are either defined herein or have the meaning given to them by the Applicable Regulations, and in particular the GDPR, such as, in particular, the terms “Personal Data”, “Processing”, “Data Subjects”, “Controller”, “Subprocessor”, “Recipient” or “Data Breach”.
3. Treatment characteristics
The Processes that we implement from Data Subjects’ Data are presented in the following tables.
|Purpose of the Processing||Management of contacts by and with Concerned Persons|
|Legal basis of the processing||Legitimate interest / Pre-contractual measures|
|Category of Personal Data|
|Duration of treatment|
In accordance with Article R.10-13 of the French Post and Electronic Communications Code, which stipulates that connection data must be kept for a period of one year from the date of recording.
|Purpose of the Processing||Management and follow-up of prospects and their requests for quotes|
|Legal basis of the processing||Pre-contractual measures|
|Category of Personal Data|
|Duration of treatment||3 years from their collection or last contact with the prospect/customer.3.3 Dépôt de cookies|
For more information on the treatment of your data in the context of the deposit of cookies and other tracers, please refer to our Cookies Policy
|Purpose of the Processing|
|Legal basis of the processing||Legitimate interest|
|Category of Personal Data||All of the above-mentioned Data as soon as they are necessary for the management of the dispute.|
|Duration of treatment||Retention until all avenues of appeal have been exhausted (contentious).|
4. Recipients of personal data
We may disclose the Personal Data of Data Subjects to Authorized Recipients who are subject to an appropriate obligation of confidentiality, which may be internal or external as appropriate:
5. Rights of the persons concerned
In accordance with the applicable Regulations, Data Subjects have the following rights with respect to their personal data:
If the Data Subject wishes to exercise any of the above rights, he or she may contact us via our form on the contact page.
The Data Subject’s request must be made exclusively by the Data Subject (unless a mandate is given to a third party in due form) and must be as clear and exhaustive as possible to enable us to respond as quickly as possible, within one to three months depending on its level of complexity.
We may ask the Data Subject to complete his or her request if it is not sufficiently precise, if the right he or she wishes to exercise is not easily identifiable, or if he or she is unable to establish his or her identity, in which case we may ask him or her to provide additional information, including proof of identity, which will be deleted as soon as possible after verification of his or her identity.
In addition, we will not be obliged to respond to the Data Subject’s request if it is manifestly unfounded or excessive, and in particular if the request is repetitive or too complex to process and would have the purpose or effect of destabilising our activities.
We implement appropriate technical and organizational security measures to preserve the confidentiality and security of the Personal Data we process and to prevent its unauthorized destruction, loss, alteration or disclosure.
As an example, the following measures have been put in place and are documented in a safety assurance plan:
Where we use subcontractors, i.e. service providers to whom we have delegated all or part of a Processing operation and who process the Personal Data of Data Subjects in accordance with our instructions, we undertake to require them to provide security guarantees equivalent to those we implement to protect their Personal Data and reserve the right to audit them to ensure compliance with their obligations.
In the event of a Data Breach, we undertake to notify the CNIL in the manner prescribed by the applicable Regulations and, if the said Breach poses a high risk to the Data Subjects, to notify them and to provide them with the necessary information and recommendations, if appropriate.
7. Updating of this policy
We may modify, supplement or update this policy at any time to take into account legal, regulatory and/or jurisprudential developments, changes in the characteristics of the Processing or the implementation of a new Processing.
Concerned Individuals may direct any questions or complaints regarding this policy, or make recommendations or comments regarding this policy, in writing to us at the following address
– By mail : 41Bis Avenue Bosquet – 75007 PARIS
– By email via our form on the contact page
Data Subjects may also ask any question to the CNIL or lodge a complaint with the latter.
Please fill in the following form to upload documents.