1. Data collected by MADIASOFT
The parties agree that, depending on the services to which it has subscribed, the Customer's database(s) may contain personal data. The Customer is the data controller for this data. This data will be processed by the Service Provider at the request of the Client, by its use of the Service Provider's services requiring a database or when requesting the Service Provider for interventions on its data.
When the Customer uses KAFINEA services and products, the following data is collected and processed: title, first name, surname, company name, country, intra-community VAT number if applicable, password, postal address, telephone number, email address, IP address(es) and domain name, connection data and navigation data when authorized by the Customer, Order histories, complaints, incidents and correspondence on the site. Some data is collected automatically during visits to the https://www.kafinea.com website (see paragraph on cookies below).
MADIASOFT will never collect or process sensitive personal data within the meaning of the regulations, relating for example to the Customer's racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, information relating to his health, his full credit card number or personal bank account.
2. Purposes and legal basis of the processing
The processing will be carried out in accordance with data protection legislation. In particular, the Service Provider undertakes to process personal data only when and as requested by the Client, and for the purpose of performing one of the services of the Contract, unless required by law, in which case the Service Provider will notify the Client in advance, unless prohibited by law.
MADIASOFT only uses the Customer's personal data in the cases provided for by the regulations in force, which are:
• the execution of the service contract concluded by the Client with MADIASOFT;
• invoice and accounting management;
• the resolution of possible problems in order to improve the use of its site and its services;
• monitoring the Customer relationship such as conducting satisfaction surveys (with the Customer's consent, which is optional), managing complaints, analyzing the volume and history of the Customer's use of its services;
• the transmission of newsletters, as well as information on its services and those of its partner companies,
• the management of requests for the right of access, rectification and opposition;
• management of unpaid invoices and litigation;
• the existence of a legitimate interest in using the data;
• the prevention, detection and investigation of any potentially prohibited and illegal activities or contrary to good practices, and ensure compliance with its general conditions of use;
• compliance with its legal and regulatory obligations.
3. Identity and contact details of the data controller
Personal data is collected by the company MADIASOFT, SARL registered with the RCS of Fort de France under the number Siret 482 302 213 00012 and whose registered office is located at Les Cascades 2 Place François Mitterrand 97200 FORT DE FRANCE.
MADIASOFT collects and processes the Customer's personal data in a fair and lawful manner, and in compliance with the principles of European Regulation 2016/679 of 27 April 2016 (GDPR).
MADIASOFT is responsible for the processing of the Customer's personal data within the meaning of the GDPR.
5. Recipients of personal data
The Customer's personal data are intended for the sole use of MADIASOFT and may be transmitted to subcontracting companies that MADIASOFT may use in the context of the execution of its services and products. In accordance with Article 28 of the GDPR, access to data by MADIASOFT's subcontractors is provided for in a contract signed between MADIASOFT and the subcontractor, which mentions its obligations regarding the protection of personal data entrusted to it. MADIASOFT ensures compliance with data protection requirements for all its subcontracting companies.
MADIASOFT does not sell or rent the Customer's personal data to third parties for marketing purposes.
Employees of the support, administrative, accounting, technical, marketing and sales departments may have access to the Customer's personal data. The Service Provider undertakes to ensure that all personnel authorised to process personal data are subject to a duty of confidentiality.
MADIASOFT does not disclose the Client's personal data to third parties, except in the following cases:
• the Customer makes the request or authorizes disclosure;
• disclosure is required to process transactions or provide services requested by the Customer;
• MADIASOFT is compelled to do so by a governmental authority or regulatory body, in the event of a judicial requisition, subpoena or any other similar governmental or judicial requirement, or to establish or defend a legal claim;
• the third party acts as an agent or subcontractor of MADIASOFT in the execution of the services (for example, host, postal or digital mail sending providers, maintenance and technical development providers).
6. Preservation of personal data
MADIASOFT collects the Customer's personal data for the purposes of fulfilling its contractual obligations as well as information on how and how often to use its services and products. It keeps this data in active databases, log files or other types of files for as long as the Customer uses its services.
MADIASOFT only stores the Customer's personal data for the time necessary to provide its services and products. MADIASOFT also stores the following personal data in accordance with the legal provisions:
• information relating to the management of the Customer account, orders, invoicing, payments: 10 years after the end of the contract or the last contact from the inactive Customer;
• information relating to the constitution and management of prospecting files: 3 years from the collection of data or the last contact from the prospect;
• the personal data of inactive Customers for the purpose of sending information about its commercial and marketing offers, within 3 years after the end of the commercial relationship.
When the retention of data is no longer justified by the management of a Customer account, a legal obligation, disputes or litigation, or commercial requirements, and notwithstanding the exercise of deletion or modification rights, MADIASOFT will delete the data securely.
MADIASOFT undertakes to provide the Client with any information necessary to demonstrate compliance with data protection legislation, authorise and reasonably contribute to audits, including inspections, conducted or mandated by the Client for this purpose.
MADIASOFT undertakes to inform the Customer immediately, insofar as it is legally authorized to do so, in the event of a request from an administrative or judicial authority relating to his personal data.
MADIASOFT makes every effort to prevent the loss, misappropriation, intrusion, unauthorized disclosure, alteration or destruction of personal data communicated by the Customer. To do this:
• The hosting servers on which MADIASOFT processes and stores the databases are exclusively located within the European Union.
• All information communicated via MADIASOFT websites is protected by industry standards in terms of security.
• MADIASOFT has put in place appropriate electronic, physical and supervisory procedures to safeguard and preserve the data collected through its services.
• MADIASOFT employees are subject to an obligation of confidentiality and non-disclosure and have all signed a specific commitment relating to the protection of personal data.
• When MADIASOFT uses service providers to process personal data, it ensures that these service providers guarantee an equivalent level of security protection.
MADIASOFT undertakes to notify the Customer as soon as it becomes aware and confirms any unauthorized, accidental or illegal processing, access or disclosure of personal data. To do this, the Customer undertakes to provide the Service Provider with valid contact information in order to allow any notification to the Customer.
8. Transfer of personal data
MADIASOFT stores the Customer's personal data within the European Union.
10. Customer's rights
In accordance with the Data Protection Act of 6 January 1978 and European Regulation 2016/679 of 27 April 2016, the Customer has the following rights over his personal data:
• Right of access
• Right to rectification
• Right to object
• Right to erasure
• Right to portability
• Right to limitation
The Customer may exercise these rights by writing to MADIASOFT: firstname.lastname@example.org.
All requests must be motivated, signed and accompanied by a copy of a valid identity document.
The Customer is entitled to file a complaint with the Commission Nationale Informatique et Libertés (CNIL), 3 Place de Fontenoy, 75007 Paris (https://www.cnil.fr/professionnel).
It is recommended that you check these rules from time to time to stay informed of the procedures and rules regarding the Customer's personal information.