Privacy Policy

Version updated to 08/25/2020

The company is committed to protecting your privacy. Please contact us if you have any questions or concerns regarding the use of your personal information and we will be happy to assist you. This privacy policy forms part of our Terms of Sale; by accepting the terms and conditions, you also accept this policy. In the event of a conflict between the terms used in the Conditions of Sale and the Privacy Policy, the latter shall prevail.

Definitions

Trade name used by SAS , with capital of €50,000, headquartered in France, registered in the Nantes Trade and Companies Register under number , represented by Mr. as Chairman;
Administration: a government service that materializes the exercise of public authority in civil status or immigration matters;
Application: IT solution enabling the User to use the functionalities and services offered by the company;
Customer: Person who has signed and agreed to the GTS and the obligations contained therein;
Administrative Document: Document requested by the Customer for personal or professional administrative purposes;
Data: Any element (information, texts, photographs, photocopies, messages, etc.) collected by the User and implemented by him/her within the Site, the Application and the Services through his/her use;
Personal Data: Refers to any information relating to an identified or identifiable natural or legal person; an "identifiable natural or legal person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, economic, cultural or social identity;
Functionality: Each element implemented, accessible and usable within the various Services;
Means of Access: Methods and/or functions by which the User can access one or more Services in order to use them for his or her own needs;
Operator: Company that operates the various electronic telecommunications networks required to access and use the Services;
Services: All the services made available to the User by and accessible via the Access Means;
Site (or Website): The website enabling the User to access the Services, i.e.: www.nomamundi.com Third Party: Refers to natural or legal persons who are not linked by common ownership or control to or to other individuals unrelated to and/or the User;
User: Refers to any individual or legal entity accessing the Site and, where applicable, the Application.

Data protection principles

The company undertakes to comply with the following data protection principles:

• Processing is legal, fair and transparent. Processing activities have legitimate grounds. The company always considers your rights before processing personal data. It will provide you with information about the processing on request.
• Processing is limited to the purpose. The processing activities correspond to the purpose for which the personal data was collected.
• collects and processes only the minimum amount of personal data required.
• Processing is limited in time. The company does not keep your personal data longer than necessary.
• will do its utmost to ensure data integrity and confidentiality.

In accordance with the current Personal Data Regulations (RGPD), the processing operations designated in this documentation must receive your prior acceptance. Indeed, on the occasion of a request for Administrative Documents made via the Website, you are asked to accept this Data Protection Policy.

The processing we carry out may also be dictated by a legal obligation incumbent upon us, in particular for accounting or tax purposes.

Most of 's processing operations fall within the scope of those necessary to the contractual relationship and the provision of the requested service, i.e. the supply of administrative documents to the customer.

The performance of the (pre)contractual relationship between us, at your initiative, requires a certain number of processing operations to be carried out.

In any event, we ensure that we do not disregard your interests or your fundamental rights and freedoms by allowing you, at any time, to object to all or part of the processing described in this Personal Data Protection Policy.

As minors are also concerned by our services, this privacy policy also applies to them. Data concerning them is available to their legal representatives.

Who collects your Personal Data?

The Website is published by SAS , with capital of €5,000, headquartered in France and registered in the Nantes Trade and Companies Register under number , represented by Mr. in his capacity as Chairman;

As part of the management and operation of the Site, and in its capacity as data controller under the French Data Protection Act of January 6, 1978, as amended, may collect Personal Data from Users.

attaches great importance to respect for privacy and takes all necessary measures to ensure the confidentiality and security of Users' Personal Data. To this end, invites Users to read the present Data Protection Policy in order to be informed of how their Personal Data is processed and of their rights.

Who are the recipients of Personal Data?

Users' Personal Data is collected and processed by Société . The data may also be communicated to the Company's subcontractors who act in the name and on behalf of the Company , and in particular the Site host.

The Company may communicate Users' Personal Data in order to cooperate with administrative and judicial authorities.

Lastly, may communicate Users' Personal Data to third-party service providers for the purposes of statistical studies of Site usage and Site optimization. In this context, Users' Personal Data will be anonymized.

What personal data does collect?

The company offers a platform to assist customers with the provision of Administrative Documents. In this respect, collects personal data from Users submitting the request. Declarative information, provided by you, among :

• Civility;
• First and last name ;
• Year and place of birth ;
• Telephone number* ;
• E-mail address ;
• Place of residence (address declared by the User) ;
• Religion
• Level of education
• Spouse's marital status and contact details
• Parents' civil status and place of birth
• Employer (name and address)
• Nationalities (current and of origin)
• Passport (number, place of issue, validity dates)
• Travel data (travel dates, place of arrival, trip content, purpose and history in the country or related countries)
• Contacts in the customer's country of origin and in the customer's target country

Automatically collected information about you

• The identifier of the connection at the origin of the communication ;
• Traces of connections (via cookies);
• The identifier assigned by the information system to the content, the object of the operation;
• The types of protocols used to connect to the service and transfer content;
• The nature of the operation.

Information provided by third parties

• The presumed location of the User, based on IP data
• His career on other websites
• Payment information, secured so that it cannot be used for other purposes

* In accordance with article L.223-2 of the French Consumer Code, the User is hereby informed that he /she may,if he/she so wishes, register on a telephone anti-solicitation list available on the website www.bloctel.gouv.fr, even though the telephone number provided to is not transferred to any third party for commercial purposes during the order process.

For what purposes are personal data collected?

uses Users' personal data for the following purposes:

• Provision of Services ;
• Billing ;
• Obtaining administrative documents from the authorities ;
• Follow-up of files with the authorities ;
• Response to any questions/complaints from Users ;
• Drawing up sales statistics ;
• Marketing ;
• Management of unpaid bills and litigation.

does it use the services of external service providers?

YES, wishes to offer the best possible service to its Users. In this respect, relies on the best external service providers to :

• Storage of personal data;
• Instant messaging ;
• Email marketing;
• Internal messaging ;
• Submitting customer requests to the authorities ;
• Online advertising;
• Billing ;
• Collecting user feedback;
• Online payment.

Concerning the storage of personal data:

With regard to the storage of personal data, has selected a third-party service provider with all the necessary approvals for data collection and storage. The servers used by this third-party service provider are located in Switzerland.

The selected service provider is Infomaniak, located at 25 rue Eugène-Marziano, 1227 Les Acacias (Switzerland), Tel: +41 (0) 22 820 35 44. Its privacy policy is available at this address: https: //www.infomaniak.com/fr/cgv/reglement-general-protection-donnees

The company also uses Google Cloud solutions to manage its data and transfer it to external service providers. The Google Cloud privacy policy is available at: https: //business.safety.google/intl/fr_fr/

About instant messaging :

has an online instant messaging service through which the User can contact the services. Certain data may be collected in this context. The service used by to provide this service is SendInBlue.

SendInBlue's privacy policy is available at: https: //fr.sendinblue.com/rgpd/

Concerning email marketing (email & SMS):

takes the liberty of sending you certain emails as part of your transactional process, in compliance with best practices, particularly with regard to unsubscribing. Certain data may be collected in this context. The service used by to provide this service is SendInBlue.

SendInBlue's privacy policy is available at: https: //fr.sendinblue.com/rgpd/

About internal messaging :

In order to process your data, uses a high-performance messaging service, enabling us to work efficiently and effectively. To this end, it uses the messaging services of Google Workspace, whose privacy policy is as follows: https: //business.safety.google/intl/fr_fr/ All data exchanged with this service provider (Google) via its services is hosted expressly in Europe. No messages exchanged leave the company, except to contact the Customer or the Administrative Services, and unless otherwise instructed by the Customer.

Concerning the submission of Customer requests to the authorities :

Each external partner working with must sign a particularly restrictive NDA(non-disclosure agreement) for the strict use of data for the sole purpose of submitting it to the competent authorities for the performance of the service for which the customer has commissioned .

Concerning online advertising:

The company may occasionally use services to promote its activities. These services use Users' browsing patterns to provide them with a personalized message. These services are as follows:

• Facebook Pixel: https: //www.facebook.com/business/gdpr
• Google Ads: https: //business.safety.google/intl/fr_fr/
• Microsoft Ads: https: //www.microsoft.com/fr-fr/trust-center/privacy?rtc=1

About billing :

relies on a fully paperless external invoicing service to centralize and optimize accounting management processes. This data is used to keep a record of customer orders on the company's Internet sites and to keep accounting documents, as required by the authorities in the company's country . Quickbooks' privacy policy can be accessed at: https: //quickbooks.intuit.com/fr/gdpr/ In order to connect its payment system to its billing system, uses the Zapier connection service, whose privacy policy is as follows: https: //zapier.com/privacy/

Concerning customer feedback:

The company uses a trusted third party to collect customer reviews following their order. The Google Reviews privacy policy is available at this address: https: //privacy.google.com/intl/fr_fr/businesses/compliance/

About online payment :

When making a payment, uses the resources of an external payment service provider in order to guarantee the fluidity and quality of its services.

For online payment, uses the Stripe company. Stripe's privacy policy is available at the following address: https: //stripe.com/ie/privacy

When you make a payment, the service provider collects Personal Data concerning your means of payment (credit card number, expiry date of credit card, visual cryptogram, which is not stored, etc.). Please note that does not collect or hold any banking data directly.

How long do you keep my personal data?

Your Personal Data on the Website as you have declared and/or completed them on the Website are only kept for a strictly necessary period, namely :

Internal messaging:

• Sensitive customer documents: 18 months after receipt
• Form entries: 18 months for finalized applications
• Product : 18 months after dispatch to the customer
• Exchanges with administrations: 18 months after receipt

Website:

• 30 days for partial entries
• 6 months after customer return date for full entries

Cloud:

• Follow-up: 6 months after customer return date
• Files: 6 months after customer return date

Billing and payment:

• 10 years at year-end

These deadlines do not apply to ongoing legal or administrative proceedings.

In the event of a request for complete data on all media, the Customer may make a request using the contact form on the Website. You can also exercise your right to oblivion by lodging a complaint with the CNIL.

On the other hand, cookies and Website audience measurement statistics are kept for no longer than thirteen (13) months.

How does ensure the security of Personal Data?

The Company ensures that Users' Personal Data is adequately and appropriately secured, and has taken the necessary precautions to preserve the security and confidentiality of the Data, and in particular to prevent it from being distorted, damaged or communicated to unauthorized persons.

All human service providers handling customer data have signed a confidentiality agreement with , guaranteeing discretion regarding the content exchanged. has also taken out CYBER RISQUES insurance to cover any loss of data and anticipate future risks ( AXA policy no. 10282430204).

Concerning transmission security

The Website uses an "https" connection encryption protocol with a TLS 1.2, 128-bit key.

The User must be vigilant regarding the encryption of the page. They must not provide any personal information if the page does not contain this encryption (symbolized by a padlock in the browser address bar), as this page is not administered by .

Use of cookies

In accordance with CNIL deliberation no. 2013-378 of December 5, 2013, the Company informs Users that cookies record certain information that is stored in the memory of their hard disk. This information is used to generate Site audience statistics and to offer services according to the Services they have already selected during their previous visits.

Furthermore, Article 30 of the RGPD states, "Natural persons may be associated [...] with online identifiers such as IP addresses and cookies or other identifiers [...]. These identifiers may leave traces which, in particular when combined with unique identifiers and other information received by servers, may be used to create profiles of natural persons and to identify those persons."

In this respect, Users wishing to browse the Site must accept the cookie management policy. A warning message, in the form of a banner, asks each person visiting the Site whether they wish to accept cookies. These cookies do not contain any confidential information about Site Users.

We use various types of cookies:

• Necessary cookies: these cookies are necessary for you to use certain important functions on our website. These cookies do not collect any personal information.
• Functionality cookies - these cookies provide features that make using our service more convenient and allow us to offer more personalized functionalities.
• Analytical cookies: these cookies are used to track the use and performance of our website and services.
• Advertising cookies: these cookies are used to serve ads that are relevant to you and your interests. They are also used to limit the number of times you see an advertisement. They are generally placed on the website by advertising networks with the permission of the site operator. These cookies remember that you have visited a website and that this information is shared with other organizations such as advertisers.

Users visiting the home page or any other page of the Site directly from a search engine will be informed :

• the specific purposes of the cookies used ;
• the possibility of objecting to these cookies and changing the settings by clicking on a link in the banner;
• and of the fact that the continuation of its navigation means agreement to the deposit of cookies on its terminal.

To guarantee the free, informed and unequivocal consent of the User visiting the Site, the banner will not disappear until the User has clicked on one of the banner's action buttons.

Unless the User has given his/her prior consent, cookies will not be deposited or read:

• if any person who visits the Site (home page or directly on another page of the Site from a search engine for example) does not continue his navigation: a simple absence of action cannot be assimilated to a manifestation of will;
• or if they click on the link in the banner allowing them to refuse the deposit of cookies.

The effects of your browser's "Private Browsing" feature The "Private Browsing" mode now offered by virtually all web browsers enables users to browse the Internet without storing the history of pages visited or downloads. As far as cookies are concerned, any that have been saved during "private browsing" will be deleted automatically when you close your browser. Private Browsing" mode does not allow you to refuse or prevent cookies from being stored on your computer during browsing. Private Browsing" mode simply allows you to limit the length of time cookies are stored on your computer. How do I delete cookies? For more information, please consult the conditions for deleting cookies by clicking on the following links:

• Internet Explorer: https: //support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
• Microsoft Edge: https: //privacy.microsoft.com/fr-fr/windows-10-microsoft-edge-and-privacy/
• Google Chrome: https: //support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=fr
• Mozilla Firefox: https: //support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur
• Opera: http: //help.opera.com/Windows/10.20/fr/cookies.html
• Safari (MacOS): https: //support.apple.com/fr-fr/guide/safari/sfri11471/mac

What are Users' obligations?

Users acknowledge that the Personal Data disclosed by them on the Site and/or the Application are valid, adequate and up-to-date. Users are solely responsible for their Personal Data.

Users undertake not to violate the privacy and protection of Personal Data of any Third Party, in particular persons declared on their behalf as part of a process.

What are the rights of Users whose Personal Data is collected?

In accordance with the laws and regulations in force concerning the processing of Personal Data, you may :

• Access all your Data at any time;
• You may object to the processing of your Data for legitimate reasons;
• Rectify, update and delete your Declarative Data, by contacting us via the contact form on this site, subject to legitimate grounds;
• Request the portability of your Data ;
• Request the deletion of certain Data.

In addition, you have the possibility of communicating to us directives relating to the conservation, deletion and communication of your Personal Data after your death. These directives, or a kind of "digital will", may designate a person to be responsible for their execution; failing this, your heirs will be designated.

In the absence of a directive, your heirs may contact to :

• access to data processing for the "organization and settlement of the deceased's estate";
• to receive communication of "digital assets" or "data similar to family heirlooms, which may be passed on to heirs" within the meaning of the law;
• to have your data deleted from the Sites and to object to further processing of your Personal Data.

In any event, you may tell us at any time that you do not wish your Personal Data to be communicated to a third party in the event of your death.

How can I exercise my rights with regard to Personal Data?

In order to exercise your rights with regard to , you may send a request to via the contact form or to one of the addresses indicated below. The company reserves the right to request proof of identity.

A reply will be sent within a week of receipt of the request.

How are Users informed of changes to this Data Protection Policy?

Société may modify this Data Protection Policy at any time. The Company will inform Users by any means of the modifications made to the present Policy. The Company invites Users to regularly read the Data Protection Policy in order to keep themselves fully informed of its provisions.

Each transaction carried out on one of the websites requires acceptance of this privacy policy.

How to contact

Users may contact the company with any questions they may have about this Data Protection Policy at the following addresses:

• Mail: [email protected]
• Contact form
• Postal address:

,

• Phone : 

Data Protection Officer (DPO) If you have any questions about the processing of your personal data, your rights or this policy, please do not hesitate to contact our Data Protection Officer (DPO): ([email protected] - )