Preamble

The purpose of this Privacy Policy is to provide users with the Website of the Société SOCIETE DE DISTRIBUTION D’ORGANES MECANIQUES – D.O.M (RCS TOULON 391 011 111) (hereinafter “the User” or “Users”) all the necessary information about the policy of using and processing personal data; how their personal data are collected; the rights they have on them; the recipients of these personal data; the person responsible for the processing of User data and the cookie policy of the Site.

It supplements the existing legal and regulatory provisions and the General Terms of Use (GGUs) accessible on the Site.

I. CONFIDENTIALITY POLICY ON PERSONNEL CARACTER

Article 1. General principles:

The collection of personal data is governed by regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free flow of such data, and repealing Directive 95/46/EC (general data protection regulation) "GDP").

1.1. Definitions:

In accordance with Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, it is meant by:

• Personal donation, "any information pertaining to an identified or identifiable natural person. Is deemed to be an identifiable natural person, a natural person who may be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or one or more specific elements specific to his or her physical, physiological, genetic, psychic, economic, cultural or social identity” ;

• Processing, “any operation or set of transactions carried out or not using automated processes and applied to personal data or data sets, such as collection, recording, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, transmission, dissemination or any other form of disposal, reconciliation or interfacement”.

1.2. Obligations:

It is the result of Regulation (EU) 2016/679 of 27 April 2016 that personal data must be:

1. Processed in a lawful, fair and transparent manner with respect to the person concerned,

2. Collected for specific, explicit and legitimate purposes and not subsequently treated in a manner incompatible with these purposes ;

3. Adequates, relevant and limited to what is necessary in relation to the purposes for which they are processed ;

4. Exacts and, if necessary, kept up to date; all reasonable measures must be taken to ensure that the personal data that are inaccurate, in view of the purposes for which they are processed, are deleted or corrected without delay ;

5. Held in a form that allows the identification of the persons concerned for a period not exceeding that required for the purposes for which they are treated ;

6. Processed to ensure appropriate security of personal data, including protection from unauthorized or unlawful processing and from accidental loss, destruction or damage, using appropriate technical or organizational measures.

1.3. Licety of treatment:

In accordance with the GDPR, treatment is lawful only if, and to the extent that, at least one of the following conditions is met:

1. The data subject consented to the processing of his personal data for one or more specific purposes ;

2. The processing is necessary for the execution of a contract to which the person concerned is a party or for the execution of pre-contractual measures taken at the request of the person concerned ;

3. Treatment is necessary to respect a legal obligation to which the controller is subject ;

4. Treatment is necessary to safeguard the vital interests of the data subject or another physical person ;

5. Treatment is necessary for the performance of a public interest mission or for the exercise of the public authority vested in the controller ;

6. Treatment is necessary for the purposes of legitimate interests pursued by the controller or by a third party, unless the interests or fundamental freedoms and rights of the person concerned require the protection of personal data, including when the person concerned is a child.

Article 2. Collection of personal data:

2.1. Data collected:

Personal data collected as part of the company’s activity D.O.M are:

• The user’s identification data (e.g. name and first names, social name, postal address, email address, telephone number, SIRET number, IP address etc.) ;

• Payment data (e.g. RIB) ;

• Order data (e.g. purchased products, returns etc.).

The collection and processing of these data are the following:

• Ensure proper management of client files; the quality of the services provided and the successful execution of purchase contracts entered into under orders ;

• Provide a customer service allowing the Corporation to manage or resolve any requests from Users ;

• Preventing fraud or abuse and resolving disputes that may arise during an order.

2.2. Storage times:

Personal data shall be retained, in accordance with the laws and regulations, for the period necessary to meet the above-mentioned purposes and to provide the services and assistance thereto.

2.3. Data controller:

The person responsible for the processing of personal data is the company SOCIETY DE DISTRIBUTION OF MECANICAL BODIES – D.O.M, a limited liability company with a capital of 500.010 Euros whose head office is located 259 Chemin des Clapiers 83220 LE PRADET, registered in the Register of Trade and Companies of TOULON under number 391 011 111.

It ensures respect for the protection of the personal data of the Users and the care of the processing. For this purpose, it is accessible during the working hours provided on the Site and the contact details are as follows:

? : 04.98.01.65.00

? : info@dom-france.fr

? : SARL D.O.M, 259 Chemin des Clapiers 83220 LE PRADET

2.4. Data hosting:

The Host of the Corporation’s Site D.O.M is: the company OVH, 2 Rue Kellermann, 59100 ROUBAIX.

2.5. Sharing personal data with third parties:

The personal data collected may be shared with third parties to whom the Corporation relies to provide certain services, including credit institutions for the implementation of payment services; suppliers and partners related to the transportation and delivery of orders and, in general, any supplier and partner related to the services provided; the customer service and the assistance of Users.

They may also be shared with the competent public authorities when required by law (e.g. in the context of the fight against fraud) and to third parties whose access has been authorized by the User directly or indirectly (e.g. through the publication of comments in spaces accessible to the public).

Article 4. Rights of the data subject:

In accordance with Regulation (EU) 2016/679 of 27 April 2016, each person concerned with the collection and processing of personal data concerning it shall be entitled to:

• A right of access ;

• A right of rectification ;

• A right to erase (also calls “right to forget”) ;

• A right to limitation of treatment ;

• A right to portability ;

• A right of opposition.

4.1. On the right of access:

The right of access allows the data subject to know whether or not personal data concerning the data are processed and, where they are, to obtain access to the data and to the information referred to in Article 15 of the European Regulation 2016/679 of 27 April 2016.

4.2. On the right to correction:

The right to rectification allows the data subject to rectify the personal data that is inaccurate or to request that the personal data be completed when the data is incomplete.

4.3. On the right to erase:

The right to deletion allows the person concerned to require the data controller to delete, as soon as possible, the personal data concerning the person concerned when one of the reasons for article 17 of European Regulation 2016/679 of 27 April 2016 applies ;

4.4. On the right to limitation of treatment:

The right to limitation of processing allows the person concerned to obtain the limitation of the processing of his or her personal data when one of the elements of Article 18 of European Regulation 2016/679 of 27 April 2016 applies ;

4.5. On the right to portability:

The right to data portability allows the data subject to receive the data it has provided and to transmit it to another controller under the conditions set out in Article 20 of the European Regulation 2016/679 of 27 April 2016.

4.6. On the right of opposition:

The right of opposition allows the person concerned to object at any time to the processing of personal data concerning him or her under the conditions set out in article 21 of the European Regulation 2016/679 of 27 April 2016.

4.7. On the exercise of the rights of the persons concerned:

The person responsible for processing personal data undertakes to comply with the obligations relating to the collection and processing of personal data; their confidentiality and to guarantee the exercise of the rights of the persons concerned.

For this purpose, each person concerned may exercise his or her rights free of charge by e-mailing to info@dom-france.fr, in which he or she specifies the reason for his or her application and the rights or rights that he or she intends to exercise.

The data subject may also submit the request under the same conditions to the following postal address: SARL D.O.M, 259 Chemin des Clapiers 83220 LE PRADET.

Any request must be accompanied by a copy of the valid identity document of the applicant.

Upon receipt of the application, the person responsible for processing personal data has a period of one (1) month to provide a response to the applicant. If necessary, this period may be extended by two (2) months, given the complexity and number of requests. Where applicable, the controller shall inform the person concerned of this extension and the reasons for the postponement within one (1) month of receipt of the request.

If the person concerned considers that his or her rights have not been respected and after contacting the person responsible for the processing of personal data, he or she may send information to CNIL.

For more information on the rights available, the User can consult the CNIL website directly: https://cnil.fr/en.

II. COOKIES POLICY

Article 1. Definition and functionality of cookies:

A computer cookie is a file stored by a server in the terminal (computer, phone or any other similar device) of a User when browsing a site or consulting a computer advertisement.

Cookies have several purposes and are collected in particular to facilitate navigation, to memorize the identification of Users, to send personalized services, to offer advertisements and to know how Users interact with different platforms to improve them.

There are two different types of cookies:

• Internal cookies: these are cookies deposited by the website editor used by the User to optimize and personalize the services offered to them.

• Third-party cookies: cookies deposited by third-party companies for advertising purposes.

These cookies last 13 months.

Article 2. Use, activation and deactivation of cookies:

The User is informed beforehand that cookies may be used without consent when strictly necessary for the operation of the Site and for the provision of the services offered.

In any case, no sensitive information (e.g. bank data, password etc.) is stored.

During the first navigation on the Site of the Society D.O.M, a cookie information band will appear from which the User can accept or refuse the registration of cookies by clicking on the " accept" button or the "continue without accept" button.

At any time, the User will be able to set the cookie management in the “ parameter” tab that is accessible on this Site to allow it to directly manage the activation and deactivation of the use of cookies that are not strictly necessary for the operation of this Site.

The User can also set the cookies in the configuration panel of each browser (such as chrome google, internet explore, mozilla firefox, safari).

For further information, the User can consult the CNIL website directly: https://cnil.fr/en.