Privacy Policy

DATA PROTECTION DECLARATION

Preamble
Privacy and security are of the utmost importance to Certishopping and we make every effort to ensure that our technical and organizational measures in place respect your rights relating to data protection. This Privacy Policy describes our rules regarding the management, processing and storage of personal data submitted in connection with our services. The term "personal data" refers to information relating to an identified or identifiable natural person.

1. Utilisation du site :

It is generally possible to use our website without providing any personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is, as far as possible, always on a voluntary basis. The legal basis for processing in the context of consent is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). Assessors have the option of requesting an assessment link via the certificate pages made available by Certishoppping if they have never received an assessment link from their provider and if the request is justified in accordance with the communication rules. Assessors can also lodge a complaint or ask a question about a rating. The transaction must be based on an invoice or other relevant documents. Submission of the invoice or other relevant documents and the data involved is voluntary and necessary to verify the transaction and eligibility to provide a rating. Information that is not relevant to the proof of transaction may be blacked out by the assessor. After verification, the documents provided will be destroyed. This data will not be passed on to third parties without the appraiser's explicit consent. Please note that data transmission over the Internet (e.g. e-mail communication) may be subject to security breaches. Complete protection of data against access by third parties is not possible. The use by third parties of the contact details published in the imprint for the purpose of sending unsolicited advertising and information is expressly prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, e.g. in the form of spam mail.

2. Use of IP address, browser settings and geolocation

When you visit the Certishoppping website, we record your computer's IP address and browser settings. The IP address is a numerical identifier of the computer used to access the website. Browser settings may include information on the type of browser you are using, the browser language and the time zone. We collect this information so that we can trace the computer used in the event of abuse or unlawful acts in connection with access to or use of our site or services. We also use the IP address to determine your approximate location (at city level) so that we know which conditions apply to your use of our website or services. The legal basis is art. 6 par. 1 sentence 1 lit. b GDPR. The information stored in the log files does not allow any direct inference to your person - in particular, we store IP addresses only in an abbreviated, anonymized form. Log files are stored for 30 days and archived after subsequent anonymization.

3. Newsletters and notification e-mails

a.Certishoppping Clients
We collect data from our customers who wish to receive our newsletter or notifications regarding their account, e.g. invoice receipt. If you no longer wish to receive these offers, you can log in to your customer area and change the settings, or contact us at compliance@certishoppping.com.

b. Our customers' end customers
Our customers are responsible for ensuring compliance with applicable data protection laws (RGPD). The company is also solely responsible for:

  • How end-users are contacted and informed about the possibility of leaving notes and star ratings, as well as obtaining the necessary approval consent.
  • Assessment of compliance with the legal framework for advertising (including the type of advertising) of the company's products and/or services, in particular with regard to competition and advertising laws.
  • Assessing requirements under competition, data protection and other applicable laws, and obtaining the necessary consent from end-users.
    Certishoppping accepts no liability for damages resulting from breach of the above obligations.
  • 4. Types and purpose of data processing

    The type of personal data and the purpose of personal data processing by the processor are defined by the main contract established with our customer. This includes the following categories of activities:
    a. Collection of reviews
    b. Review moderation
    c. Marketing services (including SEO optimization) and reputation management (including the provision of page certificates, seals and awards)
    d. Data collection; analysis and processing of data collected as part of the service For more information on the categories used, please ask our customer / service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons. Please make a request to: info@certishopping.com

    5. Categories of people affected

    The categories of affected persons are defined by Certishoppping's T&Cs with our customers and may include the following categories:
    a. Customer
    b. Interested party
    c. End customer
    d. Employees who have been contacted on behalf of our customers to submit opinions
    e. Interested parties, end customers or employees of our customers, who provide data to submit reviews
    For more information on the categories used, please ask our customer / service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons.

    6. Type of personal data

    The type of personal data is defined by the Certishoppping GCU with our customers and may include the following data:
    a. Personal data (name, title, title/university degree, date of birth)
    b. Contact details (e-mail address, telephone number, address)
    c. Contract data (contract details, services, customer number)
    d. Employment data
    e. Photos
    f. Videos
    g. Electronic communication data (IP address, web pages viewed, details of device used, operating system and browser)
    h. Details (height, hair color, etc.)
    For more information on the personal data transmitted, please ask our customer / your service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons. Please make a request compliance@certishoppping.com

    7. Data retention and deletion

    Personal data that is mentioned in a notice is masked by the Certishoppping moderation team in accordance with the Certishoppping publication rules. Following this change, personal data can only be viewed by system administrators and the head of the Certishoppping moderation team and will be deleted from Certishoppping systems at the time the main customer contract is terminated by Certishoppping.
    Personal data provided by the data subject as part of the customer dialogue will be deleted by Certishoppping from Certishoppping systems at the time the account for the main customer contract is terminated.
    Personal data submitted by data subjects to the processor as part of a complaint or evaluation link request will be erased by Certishoppping at the end of the case and Certishoppping will delete this data from the Certishoppping systems.
    After termination of the customer's main contract, Certishoppping is obliged to pass on to the customer all personal data, documents and processing results created as part of the contractual relationship, as well as to comply with data protection and data security in accordance with the customer's instructions. This applies to all data storage at Certishoppping. This does not apply to data generated in connection with a third-party service ordered by the customer (such as the Google feed); these are deleted in accordance with the guidelines of the third-party service provider. Even data that has become the property of Certishoppping under the customer's main contract will not be deleted after the end of the main contract, but retained in accordance with current data protection regulations.

    8. Children's information

    Our Website is not intended for children. If you become aware that a child under the age of 13 has provided us with personal information, please contact us.

    9. Data controller and transfer of personal data outside the EU

    We use external companies to maintain the technical operation of the website and our services. These companies are personal data processors for which we are the data protection officer. By accepting this Policy, you agree that we may also process data for which you are the data protection officer by the same processor.
    We have data processing agreements with these processors and they declare that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions to process data in accordance with the Policy and for the purposes of the Website.
    The Processors have taken reasonable technical and organizational measures to ensure that information is not destroyed, lost, damaged, disclosed, used or unlawfully used by any unauthorized person in violation of data protection laws.
    At your request - and possibly for a fee at the hourly rate applicable to the request processor at the time - the processor must provide you with information that sufficiently demonstrates that the above technical and organizational security measures have been taken.
    Some of these third-party processors and service providers are located outside the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of such data, for example if the processor is part of the EU-US Privacy Shield.

    9. Data controller and transfer of personal data outside the EU

    We use external companies to maintain the technical operation of the website and our services. These companies are personal data processors for which we are the data protection officer. By accepting this Policy, you agree that we may also process data for which you are the data protection officer by the same processor.
    We have data processing agreements with these processors and they declare that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions to process data in accordance with the Policy and for the purposes of the Website.
    The Processors have taken reasonable technical and organizational measures to ensure that information is not destroyed, lost, damaged, disclosed, used or unlawfully used by any unauthorized person in violation of data protection laws.
    At your request - and possibly for a fee at the hourly rate applicable to the request processor at the time - the processor must provide you with information that sufficiently demonstrates that the above technical and organizational security measures have been taken.
    Some of these third-party processors and service providers are located outside the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of such data, for example if the processor is part of the EU-US Privacy Shield.

    10. Data protection officer

    According to the RGPD, Certishoppping confirms that a Data Protection Officer is in place to monitor compliance with data protection and data security rules involving the Data Protection Officer. The Data Protection Officer is currently:
    Imene Abbes
    32 Bd de Strasbourg
    75010 Paris
    T: +33 (0) 9 74 59 54 73 │ P: +33 (0) 6 14 92 53 42
    compliance@certishoppping.com
    We have data processing agreements with these processors and they declare that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions to process data in accordance with the Policy and for the purposes of the Website.
    Processors have taken reasonable technical and organizational measures to ensure that information is not destroyed, lost, damaged, disclosed, used or used unlawfully by any unauthorized person in violation of data protection laws.
    At your request - and possibly for a fee at the hourly rate applicable to the request processor at the time - the processor must provide you with information that sufficiently demonstrates that the above technical and organizational security measures have been taken.
    Some of these third-party processors and service providers are located outside the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of such data, for example if the processor is part of the EU-US Privacy Shield.

    11. Use of cookies

    To make your visit to our website more attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files which are stored on your data medium and which, via your browser, store certain settings and data for exchange with our system.
    Some of the cookies we use are deleted at the end of your browsing session, i.e. when you close your browser. Other cookies remain on your device and enable us to recognize your browser the next time you visit.
    Cookies do not contain any personal data and therefore cannot be directly attributed to a user. Please note that some cookies are set automatically as soon as you access our website. You can set your browser to notify you when cookies are set, to allow cookies only in individual cases, or to exclude the acceptance of cookies in certain cases or in general. If you do not accept cookies, this may limit the functionality of our website.
    Below you will find information about the cookies we use and how to configure your browser.

    11.1 Necessary cookies

    These cookies are essential for the proper operation of our website. These include, for example, cookies enabling you to log in to the customer area or add something to your shopping cart. The legal basis is Article 6(1)(b) of the GDPR.

    11.2 Analysis/performance cookies

    These cookies enable us to collect anonymized data on the behavior of users of our website. They are then examined by us, for example, to improve the functionality of the website and provide you with interesting offers. The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and ongoing optimization of our website.

    11.3 Functional cookies

    These cookies are used for certain functionalities of our website, for example to offer a better flow of navigation on our website, to show you personalized and relevant information. The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and ongoing optimization of our website.
    Cookie settings can be adjusted individually in different browsers.
    Each browser (e.g. Internet Explorer™, Chrome™, Firefox™, Safari™ or Opera™) differs in the way it handles cookie settings. A description in each browser's help menu explains how you can change your cookie settings.

    11.4. Google DoubleClick cookie

    As part of the Google Analytics application (see below), this website also uses the DoubleClick cookie, which enables your browser to be recognized when you visit other websites. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, the IP address will be truncated before being transmitted to member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will use this information for the purpose of compiling reports on website activity and providing other services relating to website usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You may refuse the use of cookies by Google by selecting the appropriate settings on the Google website. Users can also deactivate the use of cookies by third-party suppliers by accessing the Network Advertising Initiative deactivation page. You may also refuse the installation of cookies by selecting the appropriate settings on your browser; however, please note that if you do so, you may not be able to use the full functionality of this website.

    11.5 Google Tag Manager

    We also use Google Tag Manager to manage usage-based advertising services. The Tag Manager tool is a cookie-free domain that does not store any personal data. The tool triggers other tags that may record data (see above). If you have made a deactivation at domain or cookie level, this will apply to all tracking tags implemented with Google Tag Manager.

    11.6 Storage of personal data

    We save all the data you send us when you request a demo (even if you cancel) and if you wish to subscribe to our services and/or use our services. You may, for example, provide us with your name, address, e-mail address and telephone number when you purchase and/or use our services or buy our products. If you subscribe to our services, subscribe to our newsletter, purchase and/or use our services or use our customer service or technical support, you may be asked to complete a form requesting you to disclose personal information such as your name, address, e-mail address and telephone number. This information will be stored in our database.

    11.7. Facebook Retargeting

    Our website uses social plugins from the facebook.com social network, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, United States. The plugins are marked with a Facebook logo or the addition "Facebook Social Plugin". If you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly by Facebook to your browser and incorporated into the website. By integrating plugins, Facebook receives information that you have accessed the corresponding page on our site. If you are logged in to Facebook, Facebook can attribute the visit to your Facebook account. If you interact with the plugins, for example, press the "Like" button or leave a comment, the corresponding information is transmitted directly from your browser to Facebook where it will be saved. To learn more about the purpose and scope of data collection and further processing and use of data by Facebook, as well as your related rights and settings options for protecting your privacy, please refer to Facebook's privacy policy. If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. We have no influence on the extent of the data that Facebook collects using this plugin and inform our users accordingly to the best of our knowledge. The purpose and scope of data collection and subsequent processing and use of data by Facebook, as well as rights and privacy settings, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

    11.8. Use of Google Analytics as a web analysis tool

    This website uses Google Analytics, a web analysis service provided by Google Inc (www.google.fr). This analysis tool uses cookies to analyze the use of the website. The information generated by the cookies about the use of this website is generally transferred to a server in the United States and stored there.No adequacy decision covering the United States has been made by the European Commission within the meaning of Article 45 (1) of the GDPR. Google Inc. is, however, certified under the EU-US Privacy Shield, which means that transmission is permitted under Article 46 (2) (f) RGPD (European Commission Implementing Decision (EU) 2016/1250 of July 12, 2016 ). Due to the activation of IP anonymization on this website, Google Analytics truncates the IP address prior to transmission in the member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
    You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) being transmitted to Google, and this data being processed by Google, by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.
    As an alternative to the browser plug-in, you can click on this link to prevent the collection of data on this website by Google Analytics in the future. An opt-out cookie will then be installed on your device. If you delete your cookies, you will need to click on the link again.

    11.9. Sending a contact request

    Your personal data is collected if you provide it voluntarily when contacting us or registering for our services. We use your data exclusively to be able to offer you the desired information or services, i.e. only the information and data absolutely necessary to respond to your request or process the contractual relationship will be stored and processed. The legal basis is art. 6 par. 1 lit. b GDPR. Data collected by us when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request for the fulfilment of contractual or legal obligations.

    11.10. Zendesk Live Chat tool

    If you use the live chat tool to contact us, the data you have voluntarily entered there (name, e-mail address, message) will be stored at our service provider Zendesk. and processed exclusively by us for the purpose of responding to your request, and then deleted. ZendeskInc. is self-certified under the EU-U.S. Data Protection Shield. For further information, please visit https://www.zendesk.fr/company/customers-partners/privacy-policy/. Zendesk will not use the data entered for any other purpose.

    12. Changes to this Privacy Policy

    We reserve the right to change this privacy policy. If we make material changes to this policy, we will post those changes on our website or otherwise notify you so that you have a reasonable opportunity to review the changes before they take effect.

    13. Subsequent disclosures

    In addition, we will disclose your personal information to the following parties and under the following conditions:
    a. Third parties, i.e. commissioned suppliers, consultants and providers of other services in order to enable them to provide services from/on our behalf
    b. Certishoppping subsidiaries and other Certishoppping Group companies
    c. To ensure compliance with applicable laws and to respond to lawsuits and legal actions (including but not limited to subpoenas or court orders) or requests from public and governmental authorities.
    d. To cooperate on investigations or complaints with regulators and government agencies, including the Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF)
    e. Third parties in connection with the enforcement of our General Terms of Use.
    f. Third parties protecting our business or that of our employees.
    g. Third parties allowing us to benefit from any recourse and limit damages that could impact us.
    h. Third parties to investigate, prevent or take action against alleged or actual inappropriate acts, such as: fraud and abuse on our website.
    i. Third parties in the event of restructuring, merger, acquisition, sale, joint venture, transfer or other sale of any or all shares in our business or assets. (including in connection with bankruptcy or similar litigation).

    14. Temps de stockage

    In principle, we retain personal data only for as long as is necessary to fulfill the contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
    For evidence, we must retain contractual information for three years from the end of the year in which the business relationship ends with you. Any claims become time-barred after the statutory limitation period at the earliest at that point.
    Even after that, we sometimes have to back up your data for accounting purposes. We are obliged to do so due to legal documentation obligations that may arise from the German Commercial Code, Tax Code, Banking Act, Money Laundering Act and Securities Trading Act. Document retention periods range from two to ten years.

    15. Right of revocation and objection

    In accordance with Article 7 (2) of the GDPR, you have the right to revoke a consent once it has been given to us at any time. As a result, we will not continue processing data based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
    Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons which arise from your particular situation and which, in your opinion, speak in favor of your legitimate interests. If there is a contradiction with the processing of data for the purposes of direct advertising, you have a general right of objection, which is also implemented without the indication of reasons on our part.
    If you wish to exercise your right of revocation or objection, simply send an informal message to the contact details mentioned above.

    En cliquant sur « Autoriser tous les cookies », vous acceptez le stockage de cookies sur votre appareil pour améliorer la navigation sur le site, analyser son utilisation et contribuer à nos efforts de marketing. View more
    Cookies settings
    Accept
    Decline
    Privacy & Cookie policy
    Privacy & Cookies policy
    Cookie name Active
    Save settings
    Cookies settings
    en_USEnglish