Privacy policy
Date of last modification : 08 July 2024
We are committed to ensuring that the collection and processing of your data, carried out from the NatéoSanté site, complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés). This policy informs you about how NatéoSanté, its subcontractors and any partners process your personal data. This policy applies in particular to customers and users of NatéoSanté offers and services. It may be supplemented by specific information brought to the user’s attention, with regard to a particular offer or service.
Cookies
A cookie is a small computer file, a tracer, deposited and read, for example, when a website is consulted. The use of these tools is subject to your consent whenever they are not strictly necessary for the operation of the site concerned.
Protection against SPAM
In order to filter messages recognised as spam via the contact forms, we use a service that analyses the data transmitted: reCAPTCHA. Use of these forms implies acceptance of the confidentiality policies specific to these services, described below. Google reCAPTCHA (Google Ireland Limited) is a service for protecting form entries on our site. It is used to differentiate between human input and automated abuse. Use of reCAPTCHA is subject to Google Ireland Limited’s Privacy Policy and Terms of Use. Data transmitted: cookies and usage data. Place of processing: Ireland.
Form and teleservice
Each form or teleservice limits the collection of personal data to what is strictly necessary (data minimisation) and indicates in particular: the data controller and the purposes for which the data is collected (purposes) ; whether it is compulsory or optional to collect this data in order to manage your request and a reminder of the categories of data processed; the recipients of the data (only NatéoSanté in principle, unless specified in the form when transmission to a third party is necessary to manage your request); how long the data will be kept whether data is transferred outside the European Union or automated decisions are taken; your rights with regard to Data Processing, Data Files and Individual Liberties and how to exercise them with the CNIL. Personal data collected as part of the services offered on the NatéoSanté site are processed using secure protocols and enable NatéoSanté to manage requests received in its IT applications.
What are your rights?
You have the right to access, rectify and delete data concerning you. You may request the portability of the latter. You also have the right to object to the processing carried out or to ask for it to be restricted. In addition, you may issue instructions concerning the retention, deletion or communication of your personal data after your death.
How do you exercise your rights?
You may exercise your rights and contact NatéoSanté at any time at the addresses below, with a copy of your identity document if you wish to exercise your rights, unless the elements communicated in your request enable you to be identified with certainty By signed letter to the following address Postal address If you do not receive an adequate response, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).
Purposes of processing your personal data
NatéoSanté only processes personal data for specified, explicit and legitimate purposes. NatéoSanté does not process such data in a manner incompatible with these purposes. To this end, the purposes pursued by NatéoSanté are as follows:
Processing of contact form data
Collection, transmission and recording of data to get in touch with the company: Sending a reply email Management of quotes
Data processing of the account creation form
Collection, transmission and recording of data to create an account: Sending a reply email
Management of orders and customer relations
The company NatéoSanté needs information about you for the management of your orders and the follow-ups to it (for example deliveries), invoices, accounting and in particular the management of customer accounts, the monitoring of customer relations such as the carrying out of satisfaction surveys, the management of complaints and after-sales service.
Paying for your orders and payment details
When you pay on our site, your payments are secure. NatéoSanté does not collect your payment details. All of your bank details are collected solely by our PCI-DSS certified payment service provider (Be2bill), which ensures payment security. When you pay for an order, the card used for payment is kept for the time required for the transaction and then for a period of 13 months from payment in order to guarantee proof of the transaction and combat payment card fraud.
Customer knowledge and site audience statistics
We may use data to better understand our customers or for statistical purposes to analyse our site activity and improve the services we offer. We carry out audience measurement, for example we measure the number of pages viewed, the number of visits to the site, as well as visitors’ activity on the site and how often they return. You can deactivate this audience measurement for your current Internet browser by unchecking the option below (or by clicking here, if the checkbox does not appear below):
Sending messages by email
Following the creation of your account and if you have not objected, you may receive information and offers from us by electronic communication (email). We measure the open rate of our electronic mailings in order to tailor them as closely as possible to your needs.
What data is processed?
NatéoSanté only processes data or a category of data if it is strictly necessary for the intended purpose. You can find information on these purposes above. NatéoSanté processes the following categories of data: Identity data: First name, surname, company profile, etc. Contact data: Email, postal address, telephone number, etc. Connection data: Customer connection logs, order history, etc. Content data: transactional emails, invoices, etc. Location data
Who receives your data?
The data collected is intended for the site’s internal departments and its subcontractors. Finally, the data processed may be transmitted to the competent authorities, at their request, as part of legal proceedings, as part of legal investigations and requests for information from the authorities or in order to comply with other legal obligations.
| Sous-traitants | Services | Hors UE ? |
|---|---|---|
| Fluxeos | Hosting | No |
| Stripe | Secure bank payment solution | No |
| Matomo | Statistics tools | No |
| Colissimo / Chronopost | Sending and delivery services for your parcels – La Poste | No |
How is your data secured?
NatéoSanté ensures that your data is processed securely and confidentially, including when certain operations are carried out by subcontractors. To this end, appropriate technical and organisational measures are put in place to prevent the loss, misuse, alteration and deletion of your personal data. These measures are adapted according to the level of sensitivity of the data processed and according to the level of risk presented by the processing or its implementation.
Data retention period
The administrative useful life (DUA) is the length of time for which archived documents, data or information must be kept and kept in a condition to be consulted and used, either by those who produced them or by archive services. You will find below the administrative useful life (ALU) applicable to the main procedures managed by NatéoSanté. The AUL covers the retention period in the active database and in the internal archives.
| Procédures | DUA |
|---|---|
| Processing of data from the newsletter registration form | 3 years |
| Processing of registration form data | 3 years |
| Processing of contact form data | 3 years |
| Referral to the data controller | 3 years |
| Deletion of customer account if inactive (no purchases) | 3 years |
Changes to the data protection policy
This personal data protection policy may be subject to change.