Data protection

DATA PROTECTION DECLARATION

Preamble
Confidentiality and security are of the utmost importance to Certishopping and we make every effort to ensure that our technical and organizational measures in place respect your data protection rights. This Privacy Policy describes our rules regarding the management, processing and storage of personal data submitted in connection with our services. The term “personal data” means information relating to an identified or identifiable natural person.

1. Use of the site:

The use of our website is generally possible without providing personal data. Insofar as personal data (eg name, address or e-mail addresses) is collected on our website, this is, as far as possible, always on a voluntary basis. The legal basis for processing in the context of consent is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). Reviewers have the possibility to request a review link via the certificate pages made available by Certishoppping if they have never received a review link from their provider and if the request is justified in accordance with the communication rules. Reviewers also have the option to file a complaint or ask a question about a rating. The transaction must be based on an invoice or other significant documents. The submission of the invoice or other significant documents as well as the data involved is voluntary and necessary to verify the transaction and the eligibility to provide a rating. Information that is not relevant to the proof of transaction may be blacked out by the appraiser. After verification, the documents provided will be destroyed. This data will not be passed on to third parties without the express consent of the evaluator. We draw your attention to the fact that data transmission on the Internet (eg when communicating by e-mail) can have security gaps. Complete data protection against access by third parties is not possible. The use by third parties of the contact details published in the context of the legal notice for the purpose of sending unsolicited advertising and information is expressly prohibited. The operators of these pages expressly reserve the right to take legal action in the event of the sending of unsolicited advertising information, for example in the form of spam emails.

2. Use of IP address, browser settings and geolocation

When you visit the Certishoppping site, we save your computer's IP address and browser settings. The IP address is a numerical identifier of the computer used to access the website. Browser settings may include information about the type of browser you use, browser language and time zone. We collect this information so that we can trace the computer used in the event of abuse or illicit acts in connection with the access or use of our site or our services. We also use the IP address to determine your approximate location (at the city level) so that we know what terms apply to your use of our website or services. The legal basis is Art. 6 par. 1 sentence 1 lit b GDPR. The information stored in the log files does not allow any direct inference to your person – in particular, we only store IP addresses in an abbreviated, anonymized form. Log files are stored for 30 days and archived after subsequent anonymization.

3. Newsletters and notification emails

has. Certishoppping customers
We collect data from our customers who wish to receive our newsletter or receive notifications regarding their account, e.g. receipt of the invoice. If you no longer wish to use these offers, you can log into your customer area and modify the settings or contact us at: compliance@certishoppping.com.

b. End customers of our customers
Our customers are responsible for ensuring compliance with applicable data protection laws (GDPR). The company is also solely responsible for:

  • How end users are contacted and informed about their ability to leave ratings and star ratings as well as obtain their necessary approval consent
  • The assessment of compliance with the legal framework for advertising (including the type of advertising) of the company's products and/or services, in particular within the framework of competition and advertising laws.
  • Assessing requirements under competition, data protection and other applicable laws and obtaining necessary consent from end users.
    certishoppping accepts no liability for damages resulting from breach of the obligations described above.
  • 4. Types and purpose of data processing

    The type of personal data and the purpose of the processing of personal data by the processor are defined by the main contract established with our client. This includes the following categories of activities:
    a. Collection of reviews
    b. Moderation of reviews
    c. Marketing services (including SEO optimization) and reputation management (including provision of certificates, seals and rewards pages)
    d. Data gathering ; analysis and processing of data collected as part of the service For more information on the categories used, please ask our customer / service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons. Please make a request to: compliance@business.certishopping.com

    5. Categories of affected persons

    The categories of persons affected are defined by Certishoppping's T&Cs with our customers and may include the following categories:
    a. service
    b. Interested person
    c. Final customer
    d. Employees who have been contacted on behalf of our customers to submit reviews
    e. Interested parties, end customers or employees of our customers, who provide data to submit reviews
    For more information on the categories used, please ask our client/service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons.

    6. Type of personal data

    The type of personal data is defined by the CGU Certishoppping with our customers and may include the following data:
    a. Personal data (name, title, academic title/diploma, date of birth)
    b. Contact details (email address, telephone number, address)
    c. Contract data (contract details, services, customer number)
    d. Employment data
    e. Photos
    f. Videos
    g. Electronic communication data (IP address, web pages viewed, details of the device used, operating system and browser)
    h. Details (height, hair color, etc.)
    For more information about the personal data transmitted, please ask our client / your service provider directly. As part of the information requirements, Certishoppping provides information to authorized persons. Please make a request compliance@certishoppping.com

    7. Data retention and deletion

    The personal data that is mentioned in a review is masked by the Certishoppping moderation team in accordance with the Certishoppping publication rules. Following this change, personal data can only be viewed by system administrators and the manager of the Certishoppping moderation team and will be deleted from Certishoppping systems at the moment the contract of the main customer is terminated by Certishoppping.
    The personal data provided by the data subject in the context of the customer dialogue will be deleted by Certishoppping from the Certishoppping systems at the time of termination of the account for the customer's main contract.
    Personal data submitted by data subjects to the processor as part of a complaint or feedback link request will be erased by Certishoppping upon completion of the case and Certishoppping will delete such data from Certishoppping's systems.
    After termination of the customer's main contract, Certishoppping is obliged to hand over to the customer all personal data, documents and processing results created within the framework of the contractual relationship, as well as to observe data protection and data security in accordance with the customer instructions. This applies to all data backups at Certishoppping. This does not apply to data generated in connection with a third party service commissioned by the customer (such as Google feed); these are deleted in accordance with the guidelines of the third-party service provider. Even the data that has become the property of Certishoppping according to the customer's main contract will not be deleted after the end of the main contract, but will be kept in accordance with the applicable data protection regulations.

    8. Information about children

    Our Website is not intended for children. If you learn that a child under the age of 13 has provided us with their personal information, please contact us.

    9. Person responsible for processing and transferring personal data outside the EU

    We use external companies for the maintenance of the technical operation of the website and our services. These companies are personal data processors for which we are the data protection officer. By agreeing to this policy, you agree that we may also process the data for which you are the data protection officer by the same processor.
    We have data processing agreements with these processors and they state that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions for the processing of data in accordance with the Policy and for the purposes of the Website.
    The processors have taken reasonable technical and organizational measures to ensure that the information is not destroyed, lost, damaged, disclosed, used or unlawfully used by any unauthorized person in violation of data protection laws.
    At your request – and possibly for a fee at the hourly rate applicable to the request processor at that time – the processor must provide you with information which sufficiently demonstrates that the above technical and organizational security measures have been taken. taken.
    Some of these third party processors and service providers are located outside of the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of this data, for example if the processor is part of the EU Privacy Shield - United States.

    9. Person responsible for processing and transferring personal data outside the EU

    We use external companies for the maintenance of the technical operation of the website and our services. These companies are personal data processors for which we are the data protection officer. By agreeing to this policy, you agree that we may also process the data for which you are the data protection officer by the same processor.
    We have data processing agreements with these processors and they state that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions for the processing of data in accordance with the Policy and for the purposes of the Website.
    The processors have taken reasonable technical and organizational measures to ensure that the information is not destroyed, lost, damaged, disclosed, used or unlawfully used by any unauthorized person in violation of data protection laws.
    At your request – and possibly for a fee at the hourly rate applicable to the request processor at that time – the processor must provide you with information which sufficiently demonstrates that the above technical and organizational security measures have been taken. taken.
    Some of these third party processors and service providers are located outside of the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of this data, for example if the processor is part of the EU Privacy Shield - United States.

    10. Data Protection Officer

    Under the GDPR, Certishoppping confirms that a data protection officer is in place to monitor compliance with data protection and data security rules involving the data protection officer. The Data Protection Officer is currently:
    Imene Abbes
    32 Bd de Strasbourg
    75010 Paris - France
    T: +33 (0) 9 74 59 54 73 │ P: +33 (0) 6 14 92 53 42
    compliance@certishoppping.com
    We have data processing agreements with these processors and they state that they are only authorized to act in accordance with our instructions. By accepting this Policy, you authorize us to provide the Processor with instructions for the processing of data in accordance with the Policy and for the purposes of the Website.
    The processors have taken reasonable technical and organizational measures to ensure that the information is not destroyed, lost, damaged, disclosed, used or unlawfully used by any unauthorized person in violation of data protection laws.
    At your request – and possibly for a fee at the hourly rate applicable to the request processor at that time – the processor must provide you with information which sufficiently demonstrates that the above technical and organizational security measures have been taken. taken.
    Some of these third party processors and service providers are located outside of the European Union, such as in the United States. You authorize us to use processors in dangerous third countries, provided that there is a legal framework governing the transfer of your personal data and guaranteeing adequate protection of this data, for example if the processor is part of the EU Privacy Shield - United States.

    11. Use of cookies

    To make your visit to our website more attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files which are stored on your data carrier and which store certain settings and data for communication with our system via your browser.
    Some of the cookies we use are deleted after the end of the browsing session, i.e. after closing your browser. Other cookies remain on your device and allow us to recognize your browser on your next visit.
    Cookies do not contain personal data and therefore cannot be directly assigned to a user. Please note that some cookies are automatically placed as soon as you access our website. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases or exclude the acceptance of cookies for certain cases or generally. If you do not accept cookies, this may limit the functionality of our website.
    Below you will find information about the cookies we use and your browser configuration options.

    11.1. Necessary cookies

    These cookies are essential for the proper functioning of our website. These are, for example, cookies allowing you to log in to the customer area or to add something to your shopping cart. The legal basis is Article 6(1)(b) GDPR.

    11.2. Analytics/performance cookies

    These cookies allow the collection of anonymized data concerning the behavior of users of our website. They are then reviewed by us, for example, to improve the functionality of the website and to provide you with attractive offers. The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.

    11.3. Functional cookies

    These cookies are used for certain functionalities of our website, for example to offer a better flow of navigation on our website, to show you personalized and relevant information. The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.
    Cookie settings can be adjusted individually in the different browsers.
    Each browser (eg Internet Explorer™, Chrome™, Firefox™, Safari™ or Opera™) differs in how it handles cookie settings. A description in the help menu of each browser explains how you can change your cookie settings.

    11.4. DoubleClick cookies from Google

    As part of the Google Analytics application (see below), this website also uses the DoubleClick cookie, which enables your browser to be recognized when you visit other websites. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address will be truncated before transmission within member states of the European Union or in other states party to the Agreement on the European Economic Area. . Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will use this information to compile reports on website activity and to provide other services relating to website activity. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf. You can deactivate the use of cookies by Google by making the corresponding settings on the Google website. Users can also opt out of the use of cookies by third-party vendors by accessing the Network Advertising Initiative's opt-out page. You can also refuse the installation of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website.

    11.5. Google Tag Manager

    We also use Google Tag Manager to manage usage-based advertising services. The Tag Manager tool is a cookie-free domain that does not store any personal data. The tool triggers other tags that may optionally record data (see above). If you have opted out at domain or cookie level, this applies to all tracking tags implemented with Google Tag Manager.

    11.6. Storage of personal data

    We record all the data that you transmit to us as part of a demo request (even in the event of cancellation) and if you wish to subscribe to our services and/or use our services. You can, for example, when purchasing and/or using our services or when purchasing our products, transmit your name, address, e-mail address and telephone number. If you subscribe to our services, our newsletter, purchase and/or use our services or otherwise use customer service or technical support, you may be required to complete a form asking you to disclose personal information. such as your name, address, email address and telephone number. This information will be stored in our database.

    11.7. Facebook Retargeting

    Our website uses social plugins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins are marked with a Facebook logo or the addition “Facebook Social Plugin”. If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly by Facebook to your browser and incorporated into the website. By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our site. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example, press the “Like” button or leave a comment, the corresponding information is transmitted directly from your browser to Facebook where it will be saved. To learn more about the purpose and scope of data collection and further processing and use of data by Facebook, as well as your related rights and settings options for protecting your privacy, please please refer to Facebook's privacy policy. If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. We have no influence on the scope of data that Facebook collects using this plugin and inform our users accordingly to the best of our knowledge. The purpose and scope of data collection and further processing and use of data by Facebook, as well as rights and privacy settings, can be found in Facebook's privacy policy: https:/ /www.facebook.com/about/privacy/.

    11.8. Use of Google Analytics as a web analysis tool

    This website uses Google Analytics, a web analysis service of Google Inc. (www.google.fr). This analytics tool uses cookies to analyze website usage. The information generated by the cookie about the use of this website is usually transferred to a server in the United States and stored there. No adequacy decision covering the United States has been taken by the European Commission within the meaning of Article 45 (1) of the GDPR. Google Inc. is, however, certified under the EU-US Privacy Shield, which means that transmission is permitted under Article 46 (2) (f) GDPR (Implementing Decision (EU) 2016/1250 of the European Commission of July 12, 2016). By activating IP anonymization on this website, Google Analytics truncates the IP address prior to transmission within member states of the European Union or in other signatory states to the Agreement on the Economic Area. European. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will use this information on behalf of the operator of this website, in order to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to the use of the website and the use of the Internet. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the transmission of the data generated by the cookie and relating to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the available browser plug-in. at the following address http://tools.google.com/dlpage/gaoptout?hl=de As an alternative to the browser plugin, you can click on this link in order to prevent the collection of data on this website in the future Web by Google Analytics. An opt-out cookie will then be installed on your device. If you delete your cookies, you must click the link again.

    11.9. Sending a contact request

    Your personal data is collected if you provide it voluntarily when contacting or registering for our services. We use your data exclusively to be able to offer you the desired information or services, i.e. only the information and data absolutely necessary to answer your request or to process the contractual relationship will be stored and processed. The legal basis is Art. 6 par. 1 bed. b GDPR. The data collected by us when using the contact form will be automatically deleted after complete processing of your request, unless we still need your request for the fulfillment of contractual or legal obligations.

    11.10. Zendesk Live Chat Tool

    If you use the live chat tool to contact us, the data you voluntarily enter there (name, email address, message) will be stored with our service provider Zendesk. and processed exclusively by us for the purpose of responding to your request, then deleted. Zendesk Inc. is self-certified under the EU-US Privacy Shield. For more information, please see https://www.zendesk.com/company/customers-partners/privacy-policy/ Any further use by Zendesk of the data entered is excluded.

    12. Changes to this Privacy Policy

    We reserve the right to change this privacy policy. If we make material changes to this policy, we will post them on our website or, if not, we will notify you so that you have an opportunity to become aware of the changes before they take effect.

    13. Subsequent Disclosures

    In addition, we will disclose your personal information to the following parties and under the following conditions:
    a. Third parties, ie mandated vendors, consultants and providers of other services to enable them to perform services for us/on our behalf.
    b. Certishoppping subsidiaries and other Certishoppping Group companies.
    c. To ensure compliance with applicable laws and to respond to lawsuits and legal actions (including but not limited to subpoenas or court orders) or requests from public and governmental authorities.
    d. To cooperate on investigations or complaints with regulators and government agencies, including the Directorate General for Competition, Consumer Affairs and Fraud Control (DGCCRF).
    e. Third parties in connection with the enforcement of our Terms of Use.
    f. Third parties protecting our business or that of our employees.
    g. Third parties allowing us to benefit from any recourse and to limit the damages that could impact us.
    h. Third parties to investigate alleged or proven inappropriate acts, such as: fraud and abuse on our website, to investigate, prevent or take action against these acts.
    i. Third parties in the event of a restructuring, merger, acquisition, sale, joint venture, transfer or other sale of any or all of our business or assets. (including in connection with bankruptcy or similar litigation).

    14. Storage time

    In principle, we retain personal data only for the time necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for proof for civil claims or for statutory storage requirements.
    As proof, we must keep the contractual information for three years from the end of the year in which the business relationship ends with you. Any claim becomes time-barred after the statutory limitation period at the earliest at that time.
    Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so due to legal documentation obligations which may arise from the German Commercial Code, Tax Code, Banking Act, Money Laundering Act and Securities Trading Act . The retention periods for documents are two to ten years.

    15. Right of revocation and opposition

    In accordance with Article 7 (2) of the GDPR, you have the right to revoke a consent once it has been given to us at any time. Accordingly, we will not continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
    Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 par. 1 bed. f GDPR, you have the right in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons which arise from your particular situation and which, in your opinion, speak in favor of your legitimate interests. If there is a contradiction with the processing of data for the purpose of direct advertising, you have a general right of objection, which is also implemented without giving reasons on our part.
    If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the contact details mentioned above.

    By clicking "Allow All Cookies", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and aid in our marketing efforts. View more
    Cookie settings
    Accept
    Decline
    Privacy & Cookie policy
    Privacy & Cookies policy
    cookie name Active
    Save settings
    Cookie settings