Privacy Policy

1. Preamble

TraceX is committed to the strict application of regulations concerning the protection of personal data, namely in particular - as a company subject to French law - Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms, as amended (known as the Loi Informatique et Libertés) as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 the General Data Protection Regulation (hereinafter the "
GDPR").

We therefore invite you to carefully read this document (hereinafter referred to as the "
Privacy Policy"), the purpose of which is to define the rules applicable to the collection and processing of your personal data.

If you have any questions concerning our Privacy Policy and, in general, the collection and processing of your personal information by TraceX, please do not hesitate to contact us using the contact form on the Site and/or consult the website of the Commission Nationale de l'Informatique et des Libertés (hereinafter the "CNIL").

2. Definitions

In this Privacy Policy, the following terms have the following meanings:

a) "
personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "User"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

b) User "
consent": any free, specific, informed and unambiguous expression of will by which the End User accepts, by a declaration or by a clear positive act, that personal data concerning him or her may be processed;

c) "
processing" means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

d) "
limitation of processing" means the marking of retained personal data with a view to limiting their future processing;

e) "
controller" means the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing. For the purposes of this Privacy Policy, the data controller is TraceX ;

f) "
processor" means the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller;

g) "
third party" means a natural or legal person, a public authority, a service or a body other than the User, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data;

h) "
recipient" means the natural or legal person, public authority, department or other body that receives personal data, whether or not it is a third party;

i) "
supervisory authority" means an independent public authority established by a Member State and responsible for monitoring the application of the GDPR, in order to protect the fundamental rights and freedoms of natural persons with regard to processing and to facilitate the free flow of personal data within the European Union. In France, this is the CNIL;

j) "
Platform" refers to the QMS software platform, an electronic quality management system published by TraceX at the following address: https://app.tracex.co 

k) "pseudonymization" means the processing of personal data in such a way that they can no longer be attributed to an individual without recourse to additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

l) "
Site" refers to the https://tracex.co

m) "personal data breach" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. Acceptance and updating of the TraceX Privacy Policy

By formalizing your registration on the Platform you confirm that you have read and accepted TraceX's Terms of Service (hereinafter “
TOS”) and Privacy Policy, without restriction or reservation. If you do not agree with any of its terms, you are free not to use or no longer to use the TraceX Services (in the event of modification of the terms of the Privacy Policy).

This Privacy Policy may be modified, supplemented or updated, in particular in order to comply with any legal, regulatory, jurisprudential or technical developments. However, the User's personal data will always be processed in accordance with the policy in force at the time of collection, unless a mandatory legal requirement stipulates otherwise and applies retroactively. 

4. Processing of the User's personal data

4.1 Personal data provided to TraceX

We collect one or more personal data from the User who wishes to find out more about our activities (contact forms), and to benefit from our services (platform registration forms).

This data is kept and used by TraceX for the needs of the platform in order to allow access to the Service, the identification and authentication of the end User, the improvement of the Services, and the conservation of evidential elements.

If, in your capacity as manager of the client organization, you have provided us with data on your employees so that they can access the Platform, you certify that you have obtained this information with their consent so that we can reuse it.

Accessing and using the Platform implies the collection and processing of your personal data, in particular last name, first name, telephone number and e-mail address. Certain information is mandatory (followed by an asterisk) and other information is optional, as indicated on our forms. 

In particular, the Data Controller undertakes to:

- Process, host and use data only for the purposes specified in the TOS ;
- Not to divulge data to third parties, whether private or public, physical or moral, apart from employees and technical service providers when necessary;
- Inform the End-User of any security breach or vulnerability that may have or is likely to have direct or indirect consequences on data and/or may accidentally lead to the disclosure of or unauthorized access to data, particularly personal data.

4.2 Purpose of processing

The End User's personal data is collected and processed only for the purposes defined in this article, namely:

a) To provide and manage our services;
b) To manage the User's orders for services;
c) To communicate with the User and improve the quality of our services, i.e. to answer your questions;
d) To fight online fraud;
e) To resolve any possible disputes or settle any problems in connection with the use of our services;
f) To improve the User's experience on the Platform.

4.3 Legal basis

The collection of your personal data for the aforementioned purposes is carried out with the User's consent (as provided for in Article 2 of this Privacy Policy) accompanied by acceptance of the contractual documents; TOS. As provided for in Article 7 of the GDPR, the User may, at any time, withdraw his/her consent, without this affecting the lawfulness of the processing based on the consent given prior to the withdrawal thereof.

4.4 Data protection officer

The person in charge of personal data at TraceX is Mr. Charles Rollet, who can be contacted at the following e-mail address:
-
[email protected]

In addition, for any request or question relating to GDPR compliance and application by and in TraceX services, please do not hesitate to contact us via the contact form available on the Site. 

5. Sharing and transfer of the User's personal data

5.1 Sharing of personal data

Your personal data may, where appropriate, be passed on to third-party subcontractors involved in the provision of our services (technical and hosting service providers, customer follow-up and satisfaction surveys, management of security incidents or fraudulent activity, etc.).

TraceX undertakes to communicate your information and personal data only to authorized and trusted service providers, who process them on our behalf, according to our instructions and in compliance with this Privacy Policy and with all other appropriate security and confidentiality measures.

Whenever possible, we choose to use European service providers. Where this is not the case, data exchanges are governed by standard contractual clauses adopted by a supervisory authority and approved by the European Commission.

Your personal data may be disclosed to a third party if TraceX is required to do so by law, regulation or court order, or if such disclosure is necessary for the purposes of an investigation, injunction or legal process, whether at home or abroad. We may also share your personal data with third-party companies, consultants or individuals in order to :

- Enforce the Privacy Policy and any other contractual document binding TraceX to the End User (TOS, etc.) in force, including to ascertain any breaches thereof;
- Protect against any infringement of the rights, property or safety of TraceX and its users, in application of and in compliance with the law.

5.2 Transfer of personal data

Some of your personal data may be transferred to subcontractors located outside the European Union, in particular to the United States.

However, TraceX undertakes to ensure that its subcontractors comply with any personal data protection legislation in force in their country of origin (e.g. Privacy Shield for the United States,
for more information see here).

6. Retention of the User's personal data

TraceX undertakes to keep your personal data only for as long as is strictly necessary for the declared processing(s) according to the aforementioned purposes, and in any event within the limits imposed by law. Thus, depending on the type of personal data, the retention period may vary from a few days to several years.

In any event, we undertake to delete your personal data from our databases at the end of these various periods.

However, we may retain certain information for a period following the closure of your personal account, but not exceeding 36 months, in order to comply with our legal, accounting and tax obligations and, in particular, to prevent any illicit behavior after the deletion of your personal account (reuse of your old account by a third party). In this case, your data will be deactivated and will no longer be accessible online.

7. Security of the User's personal data

TraceX informs you that your personal data is stored on secure servers.

We implement all necessary security measures to protect your personal data from unauthorized access, disclosure, modification, damage or destruction. The Data Controller implements appropriate physical, technical, IT, encrypted and organizational measures to ensure the security and confidentiality of the site, the services and any data contained therein, in particular personal data.

TraceX, its subcontractors and its technical and hosting service providers have deployed appropriate measures to ensure the integrity, confidentiality and security of your personal data. However, we cannot guarantee that your communications and other personal data will not be intercepted or disclosed by a third party.

8. User rights

8.1 General observance of personal data protection rights

With regard to the protection of your personal data, you have:

a) a right to information and access (e.g.: verification of the data concerning you);
b) a right to rectification and erasure (e.g.: updating or correction of your data);
c) a right to limitation of the processing of personal data (e.g.: "freezing" of the use of your data);
d) a right to portability (e.g.: export of your data in a commonly used and readable format for transmission to another data controller); 
e) a right to opposition (e.g.: opposition to the use of your data by another data controller);
f) a right to object (e.g. stopping processing for a specific purpose);
g) a right to deletion (e.g. deletion of personal account);
h) a right not to be subject to an automated individual decision, including profiling.

You may exercise these rights free of charge at any time by:

a) sending an e-mail to:
[email protected]
b) using the contact form available on the Site.

TraceX may ask you for information to confirm your identity if there are reasonable doubts about it (e.g. copy of identity document). If you wish to supplement your data, you may also be asked to provide a declaration or additional elements proportionate to your request.

If you wish to exercise your rights, we will endeavor to provide you with an answer as soon as possible and at the latest within the legal time limit of one month, which may be extended to two months in view of the complexity of the request or the number of requests we have received. In the latter case, we will inform you of the reasons for this extension within one month. During this period, and following an express request from you, we may proceed to limit the processing of your personal data.

Regarding the rectification of personal data of deceased persons, heirs may contact TraceX in the same way as above in order to take the death into account or to proceed with the necessary updates.

8.2 Specific rights of access, rectification, opposition and omission

8.2.1. Right to information

Pursuant to Articles 13 and 14 of the GDPR, any User/customer may, when collecting and obtaining their personal data, from the said User/customer themselves or any other person, require the data controller to provide them with a range of information. 

8.2.2. Right of access and rectification

Pursuant to Article 15 of the GDPR, the user/customer has the right to obtain confirmation from the controller as to whether or not his/her personal data are being processed and, where they are, he/she has the right to obtain access to said data as well as to a certain amount of additional information, including the possibility of obtaining a copy of the data being processed.

Pursuant to Article 16 of the GDPR, any user/customer is granted the right to request, as soon as possible, the rectification or the possibility to complete his/her data. 

8.2.3. Right to object

You may also, for legitimate reasons, object to the processing of your personal data.

In application of law no. 2004-801 of August 6, 2004 on the protection of individuals with regard to the processing of personal data, the User has a legitimate right of opposition, without having to specify the grounds for the request or justify a legitimate reason, in two cases:

- If the request is for personal information not to be used by TraceX's commercial partners and collaborators;
- When the request is to refuse, free of charge, the use of the User's personal data for canvassing purposes, in particular commercial canvassing.

Any request to exercise the right of access, rectification or opposition must be made in writing, be signed by the person making the request, state the address to which the reply should be sent and be accompanied by proof of identity.

The Data Controller will respond to your request within a maximum of two (2) months from the date of receipt, provided that it is sufficiently precise and contains all the information necessary to respond to your request, failing which TraceX will ask you to complete it. 

8.2.4. Right to erasure or "right to be forgotten

Pursuant to Article 17 of the GDPR, any user/customer, whose personal data has been collected and/or processed, has the right to request, as soon as possible and if and only if the conditions of §1 of Article 17 apply, the erasure of said data.

Furthermore, in the event that said data has been transmitted to other entities, the User/Customer has the right to have the "right to be forgotten" mechanism activated automatically and as soon as possible, i.e. the data controller shall take all reasonable steps to inform the other entities that the User/Customer concerned has requested the deletion of any link to his/her personal data, or of any copy or reproduction thereof.



Cookie Settings
This website uses cookies

Cookie Settings

We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

These cookies help us to better deliver marketing content and customized ads.