1. Inicial
  2. Política de Privacidade

Política de Privacidade

CONFIDENTIALITY AND DATA PROTECTION POLICY

Preamble

GREEN POWER TECHNOLOGIE attaches the utmost importance to the protection of its Users’ personal data and complies with the regulations in force, in particular Law No. 78-17 of 6 January 1978 relating to information, files and freedoms, the Law of 21 June 2014 for confidence in the Digital Economy, the Data Protection Law of 6 August 2004 and the General Data Protection Regulation of 27 April 2016 (GDPR: No. 2016-679) imposing the following obligations in particular:

  • Lawfulness of processing: Data processing must be based on at least one legal basis provided for by the GDPR (consent, purpose limitation, minimisation of data collected, retention limitation, right to be forgotten) ;
  • Transparency: Data subjects must be provided with clear, precise and comprehensible information on how their data is processed;
  • Integrity and confidentiality: Data must be processed in such a way as to ensure its security and confidentiality;
  • Accountability: Green Power Technologie must be able to demonstrate its compliance with the GDPR.

Article 1: Scope of application

This Privacy and Data Protection Policy applies without restriction to GREEN POWER TECHNOLOGIE, a simplified joint stock company with a share capital of 5,000,000 euros, registered in the LAVAL Trade and Companies Register under number 515 402 097, whose registered office is located at Parc d’activité sur, Zone Écoparc, LA GRAVELLE (53410), VAT number: 515402097 and to all of its current and future subsidiaries, hereinafter collectively referred to as ‘GREEN POWER TECHNOLOGIE’.

As a company operating internationally, GREEN POWER TECHNOLOGIE may transfer personal data outside the European Union (EU) and the European Economic Area (EEA). Green Power undertakes to ensure that such transfers are carried out in accordance with the requirements of the GDPR, to inform data subjects of any transfer of their personal data outside the EU and to provide them with the information they need to exercise their rights.

This Privacy and Data Protection Policy governs the processing of all personal data collected and processed by GREEN POWER TECHNOLOGIE, regardless of the means of collection (website, mobile applications, paper forms, etc.), and concerning all natural persons whose data are processed by GREEN POWER TECHNOLOGIE, hereinafter referred to as the ‘User’.

Article 2 : Purposes of the Data Collected

GREEN POWER TECHNOLOGIE may process all or part of the following data for the purposes described below:

2.1. Browsing and services

In order to enable browsing on the GREEN POWER TECHNOLOGIE Websites and the management and traceability of services ordered, the following data may be processed:

Identification data :

  • Surname, first name, title ;
  • Postal address (for invoicing and delivery) ;
  • Telephone number ;
  • E-mail address;
  • Customer ID/user account;

Data relating to connection to and use of the Site:

  • IP address ;
  • Browsing data (pages visited, date and time of connection, duration of visit, links clicked, etc.);
  • Browser type and operating system;
  • Session identifiers (cookies and similar technologies, subject to the user’s consent);

Data relating to orders:

  • Order history ;
  • Details of products/services ordered (references, quantities, prices);
  • Payment information (type of payment, transaction data, without storing sensitive bank data);
  • Delivery tracking;
  • Invoicing;
  • Complaints and after-sales service.

2.2 Security and fraud prevention

In order to prevent and combat computer fraud (spamming, hacking, etc.), the following data may be processed:

Technical data  :

  • IP address ;
  • Computer equipment used for browsing (type of device, operating system, browser);
  • Connection identifiers (hashed password, session identifiers);
  • Connection and activity logs;
  • Geolocation data (if necessary and with the user’s consent).

Behavioural data :

  • Analysis of suspicious behaviour (multiple connection attempts, unusual activities).

2.3 Improving the GREEN POWER TECHNOLOGIE websites:

To improve browsing on GREEN POWER TECHNOLOGIE websites, the following may be processed:

Usage data :

  • Browsing data (pages visited, bounce rate, time spent on pages, etc.);
  • Site performance data (page loading times, errors encountered);
  • A/B tests and audience analysis (with anonymised data).

GREEN POWER TECHNOLOGIE shall keep the data thus collected for a period of 2 years, covering the period of limitation of the applicable contractual civil liability.

Article 3: Recipient of personal data

The personal data collected by GREEN POWER TECHNOLOGIE shall be transmitted in accordance with the methods described in this Confidentiality and Data Protection Policy.

3.1 Transmission to manufacturers

In order to ensure the proper execution of orders, the delivery of products and the management of commercial relations, in particular the possible granting of rebates according to the volume of business, certain personal data and commercial information may be transmitted to GREEN POWER TECHNOLOGIE’s manufacturers.

For the delivery of products:

  • Identification data (surname, first name, delivery address, telephone number, e-mail address);
  • Details of the order (product references, quantities, order date);
  • Any other information strictly necessary for delivery.

For the management of commercial relations and the possible granting of statuses or discounts:

  • Sales achieved with the customer concerned;
  • The volume of orders placed;
  • The history of commercial relations.

We undertake to ensure that our manufacturers comply with confidentiality obligations at least as strict as those stipulated in this Confidentiality and Data Protection Policy; contractual agreements govern these data transfers in order to guarantee their protection.

3.2. No transfer to third parties for commercial purposes

With the exception of the above-mentioned transfers to manufacturers and cases where the law obliges us to do so (for example, in the event of a court order), your personal data will not be transferred, rented, sold, exchanged or shared with third parties for commercial, advertising or direct marketing purposes without your prior and explicit consent.

3.3. Sensitive data

GREEN POWER TECHNOLOGIE does not collect any data considered ‘sensitive’ within the meaning of Article 9 of the GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person).

Article 4 : Non-Disclosure and Transfer of Personal Data

No personal information of the User shall be published without his/her knowledge, nor exchanged, transferred, assigned or sold on any medium whatsoever to third parties, except in the cases expressly provided for by law or with his/her prior and informed consent.

GREEN POWER TECHNOLOGIE shall not process, host or transfer the Information collected from its Customers to a country located outside the European Union or recognised as ‘non-adequate’ by the European Commission without first informing the Customer and ensuring that appropriate safeguards are put in place.

Only in the event of a merger-acquisition operation or sale of GREEN POWER TECHNOLOGIE and its assets, involving the transfer of personal data, would it be possible for this information to be passed on to the eventual purchaser. In this case, the latter would in turn be bound by the same obligations of security, confidentiality and information towards Users, in accordance with the regulations in force.

Article 5 : Data Security and Confidentiality

GREEN POWER TECHNOLOGIE implements appropriate technical and organisational measures to ensure the security and confidentiality of Users’ personal data, and in particular to prevent it from being distorted, damaged or accessed by unauthorised third parties. These measures include standard devices such as firewalls, data anonymisation and encryption, and password management. The User is aware, however, that no method of transmission over the Internet and no method of electronic storage is totally infallible. Consequently, despite all the efforts made by GREEN POWER TECHNOLOGIE, absolute security cannot be guaranteed.

Article 6: Users’ rights

In accordance with current European regulations, Users have the following rights:

  • Right of access (Article 15 RGPD), rectification (Article 16 RGPD), updating and completeness of data ;
  • Right to block or delete data (article 17 RGPD) if it is inaccurate, incomplete, equivocal, out of date, or the collection, use, communication or storage of which is prohibited;
  • Right to withdraw consent at any time (article 13-2c RGPD);
  • Right to limit data processing (Article 18 GDPR);
  • Right to object to the processing of data (Article 21 GDPR);
  • Right to the portability of data provided, where such data is subject to automated processing based on consent or a contract (Article 20 GDPR);
  • Right to define the fate of data after death and to choose to whom GREEN POWER TECHNOLOGIE shall communicate (or not) these data to a previously designated third party.

Article 7 : Notification of Violations of Personal Data

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, GREEN POWER TECHNOLOGIE undertakes to notify the competent supervisory authority of such breach as soon as possible and, if possible, no later than 72 hours after becoming aware of it, in accordance with Article 33 of the GDPR.

GREEN POWER TECHNOLOGIE also undertakes to inform the Users concerned by this breach, as soon as possible, when this breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 of the RGPD. This notification will contain at least the following information:

  • The nature of the breach ;
  • The categories and approximate number of data subjects;
  • The categories and approximate number of personal data records concerned;
  • The likely consequences of the breach;
  • The measures taken or proposed to remedy the breach, including, where appropriate, measures to mitigate any negative consequences.

Article 8 : Responsable du Traitement et modalités d’exercice de ses droits

Any person whose personal data is processed by GREEN POWER TECHNOLOGIE may, at any time, request the deletion of their personal data in the following cases:

  • If the data is no longer necessary for the purposes for which it was collected or processed;
  • If the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • If the data subject objects to the processing of his/her personal data and there are no compelling legitimate grounds for the processing, or objects to the processing for canvassing purposes.

These rights may be exercised by contacting the person responsible for processing the Personal Data collected (hereinafter referred to as the ‘DPO’).  The duties of the DPO are as follows:

  • To inform and advise management and employees of their data protection obligations;
  • Monitor the company’s compliance with the GDPR;
  • Cooperate with the supervisory authority (CNIL in France) in the event of a request;
  • Providing a point of contact for data subjects and responding to their requests.

To this end, it has the following resources:

  • Direct access to senior management;
  • The necessary human resources;
  • Access to all the information required to perform his/her duties.

The DPO performs his duties in complete independence and may not receive instructions concerning the performance of his tasks. The DPO’s mission is for an indefinite period.

As part of its commitment to the protection of personal data, GREEN POWER TECHNOLOGIE has appointed a Data Protection Officer (DPO) in accordance with the General Data Protection Regulation (GDPR). The DPO is Mr Hugo SOURDRILLE, Regional Manager Africa. To contact him:

  • By post: GREEN POWER TECHNOLOGIE – DPO, Hugo SOURDRILLE, Parc activité La Gravelle Sud, Zone Écoparc, 53410 LA GRAVELLE ;
  • By e-mail: hugo.sourdrille@greenpower-technologie.com

To exercise their rights, Users may send their request by e-mail following the model provided in the appendix to this Confidentiality and Data Protection Policy.

Once the request has been received, the Data Protection Officer will check its validity with regard to the aforementioned criteria, proceed to delete the data concerned as soon as possible and inform the person concerned in writing.

Requests for the deletion of Personal Data shall be subject to the legal obligations imposed on GREEN POWER TECHNOLOGIE, in particular as regards the retention or archiving of documents.

Users may also lodge a complaint with the supervisory authorities, in particular the CNIL (https://www.cnil.fr/fr/plaintes).

Article 9 : Intellectual Property

It is hereby specified that GREEN POWER TECHNOLOGIE is the exclusive owner of all intellectual property rights relating to :

  • The content of the Websites and Applications: This includes, without limitation, the texts, graphics, logos, icons, images, photographs, videos, sounds, music, data, software, source codes and any other element making up the GREEN POWER TECHNOLOGIE websites;
  • Trademarks and Logos: All trademarks, logos, trade names, distinctive signs and domain names used by GREEN POWER TECHNOLOGIE are registered trademarks or are in the process of being registered and are protected by French and international laws relating to intellectual property;
  • Patents and know-how: GREEN POWER TECHNOLOGIE holds patents, patent applications and significant and confidential know-how, which are protected by the applicable laws;
  • Creations and Innovations: All creations, inventions, innovations, developments and improvements made by GREEN POWER TECHNOLOGIE, whether patentable or not, are protected by intellectual property rights, in particular copyright, patent law, trademark law and trade secrets.

9.1. Rights granted to Users

Subject to compliance with these general terms and conditions and this Privacy and Data Protection Policy, GREEN POWER TECHNOLOGIE grants Users a non-exclusive, personal, non-transferable and revocable right to access and use the Websites, solely for the purposes of information and use of the services offered.

9.2 Restrictions

Any reproduction, representation, modification, distribution, adaptation, translation, broadcasting, publication, commercial or non-commercial exploitation of all or part of the elements protected by the intellectual property rights of GREEN POWER TECHNOLOGIE, on any medium whatsoever and by any process whatsoever, without the prior written authorisation of GREEN POWER TECHNOLOGIE, is strictly prohibited and constitutes an infringement punishable by the laws in force. In particular, it is forbidden

  • Copy, reproduce, extract or re-use all or part of the databases and other content of the Websites;
  • Use the trademarks, logos and other distinctive signs of GREEN POWER TECHNOLOGIE without prior authorisation;
  • Attempt to reconstitute the source codes or access the technologies used by GREEN POWER TECHNOLOGIE;
  • Create derivative works from elements protected by GREEN POWER TECHNOLOGIE’s intellectual property rights.

9.3. Sanctions

Any unauthorised use of items protected by GREEN POWER TECHNOLOGIE’s intellectual property rights may give rise to legal proceedings, both civil and criminal, with a view to putting a stop to the acts of infringement and obtaining compensation for the loss suffered.

Article 10. Force majeure

Neither of the parties may be held liable in the event of a breach of one of its contractual obligations where this breach is caused by a case of force majeure corresponding to an impediment beyond the control of the parties, which could not reasonably have been foreseen and which renders the performance of the obligations impossible or so exorbitant that it is reasonable in the circumstances to consider it impossible.

It is expressly agreed that, in addition to those usually accepted by case law, the following are considered to be cases of force majeure: exceptional bad weather, natural disasters such as earthquakes, floods, fires, lightning; strikes, lock-outs or other trade union actions; explosions, attacks, wars, military operations, civil unrest, riots, embargoes imposed as part of economic sanctions programmes.

The party affected by the case of force majeure undertakes to inform the other party in writing as soon as possible of the occurrence of the case of force majeure.

The occurrence of a case of force majeure may suspend all or part of the performance of this Confidentiality and Data Protection Policy.

Generally speaking, the parties undertake to implement, as far as possible, all necessary and reasonable means to put an end to the disruptions that have had the effect of interrupting.

Personal data deletion form

PERSONAL DATA DELETION REQUEST FORM