Privacy
policy
Personal Data Protection Policy / Website Privacy Policy
HERBAPAC is committed to preserving the confidentiality of information provided online and, more generally, to protecting the personal information and privacy of its employees, partners, suppliers, website visitors, and anyone using its services in general, in compliance with current regulations, particularly the so-called “Data Processing and Liberties” law No. 78-17 of January 6, 1978, as amended, and the European Regulation 2016/679 (GDPR) regarding the protection of personal data.
This policy aims to inform you:
- Of the objectives pursued by data processing (purposes);
- Of the types of personal data we collect about you;
- About how your personal data is processed;
- Of the conditions and modalities of using your personal data and your rights in this respect, in compliance with European and French legislation.
All operations on your personal data are carried out in compliance with current regulations, particularly Regulation No. 2016/679, known as the General Data Protection Regulation (“GDPR”), Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, and any applicable national legislation on data protection.
Without prejudice to the choices available to you under this policy and the law, you acknowledge having been informed of and accepted this Policy.
If you disagree with the terms of this policy, you are free not to provide any personal data. However, you are warned that the provision of certain data is a condition for access to services and that without such provision, some functionalities and services may be degraded.
1. DEFINITIONS
The following terms will have the following meanings:
A “Personal Data” refers to any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to them.
A “Processing of personal data” refers to any operation or set of operations performed with or without the use of automated processes and applied to data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.
The “Data Controller” is the natural or legal person who determines the purposes and means of the processing of personal data; that is, the goal of and the way to carry out the processing. In practice and generally, it refers to the private or public entity represented by its legal representative.
A “Processor” refers to the natural or legal person, or any other entity, that processes personal data on behalf of the data controller.
“Authorized Third Parties” refer to the natural or legal person, public authority, agency, or body under the direct authority of the data controller or processor, authorized to process personal data.
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller for the site https://herbapac.fr/ is:
HERBAPAC
The legal representative is François de Bretagne, president.
HERBAPAC has appointed a data protection officer who can be contacted at the following address: j.roudet@salpa.fr
3. PERSONAL DATA COLLECTED, PURPOSES, AND LEGAL BASES
When using the site https://herbapac.fr/, certain personal data may be collected.
Purposes | Categories of data collected |
Legal basis |
Retention periods |
Management of information requests and contact initiation | Via the contact form: identity and contact details | Legitimate interest of Herbapac |
Duration necessary for processing requests, Up to 3 years from the last request / the last contact with the person concerned |
Prior to the collection of data, you will be informed whether the requested personal data must be provided mandatorily or if they are optional.
Data marked with an asterisk in forms are mandatory. Without providing them, access to the Services and their use by the concerned person will be impossible, or a request related to a form cannot be fulfilled.
The other data are optional, and not providing them will not affect the delivery of promised services or responses to inquiries, although it may limit their relevance.
4. RECIPIENTS OF DATA, AUTHORIZED THIRD PARTIES, AND PROCESSORS
The recipients of the data are as follows:
Treatments concerned: | Recipients |
Managing requests for information and contacts |
HERBAPAC |
Authorised third parties :
HERBAPAC reserves the right to transfer your personal data in order to fulfill its legal obligations, particularly if it is compelled to do so by a judicial requisition.
In accordance with current regulations, your personal data may be transmitted to organizations, auxiliary judicial bodies, and ministerial officers authorized by legislative or regulatory provision, as part of a specific mission or the exercise of a communication right.
When HERBAPAC is faced with a request for disclosure from a third party based on a text, we ensure that the provision cited is in effect, and that it indeed provides for a right of disclosure to the benefit of the requester.
HERBAPAC ensures that only the data specified by the text are transmitted or, in case of ambiguity in the text, only the data that seem strictly necessary to achieve the intended purpose.
The disclosure of data will be carried out in a manner that ensures their security, by adapting the measure chosen to the nature of the data and the risks involved.
Subcontractors:
In the event that HERBAPAC entrusts data processing activities to subcontractors, it will only use subcontractors who provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the reliability and security requirements of applicable regulations and ensures the protection of individuals’ rights.
No personal information of the user of the website https://herbapac.fr/ is published without the user’s knowledge, exchanged, transferred, ceded, or sold on any medium to third parties. Only the scenario of the acquisition of HERBAPAC and its rights would allow for the transmission of said information to the potential buyer, who would in turn be bound by the same obligation of data retention and modification with respect to the website user.
5. SECURITY MEASURES
Considering the evolution of technologies, the implementation costs, the nature of the data to be protected, and the risks to the rights and freedoms of individuals, HERBAPAC implements all appropriate technical and organizational measures to ensure the confidentiality of personal data collected and processed, and a level of security appropriate to the risk, including:
- An IT charter
- Access rights management
- A certified health data host for our care software
- Fighting against malware (viruses, spyware, logic bombs, etc.)
- The protection of IT channels (networks)
- Backups
- Data segmentation
- Encryption
As part of the security measures, the site uses an SSL certificate. It is symbolized by the padlock displayed on the address bar. This ensures that the information transmitted between your browser and our site is secure.
HERBAPAC staff and collaborators are also made aware of the protection of personal data.
6. TRANSFER OUTSIDE THE EU
Personal data is not transferred outside the European Union.
Some features integrated into the site may collect data destined for servers in the United States. The transfer of these data is governed by the Data Privacy Framework.
7. EXERCISE OF RIGHTS
In accordance with the “Informatique et Libertés” law of January 6, 1978, as amended, and Regulation (EU) 2016/679 on the protection of personal data, you have the following rights over your data: right of access, right to rectification, right to erasure (right to be forgotten), right to object, right to restriction of processing, right to data portability, according to the applicable conditions depending on the processing in question.
You can also set out instructions regarding the retention, erasure, and communication of your personal data after your death.
When the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
To exercise your GDPR rights, you can contact us:
– by email:contact@herbapac.fr
– or by mail at the following address : HERBAPAC – rue du pont du péage – 67118 GEISPOLSHEIM
We thank you for specifying the object of your request and the right(s) you intend to exercise. In case of reasonable doubt about your identity, valid proof may be requested.
If you believe, after contacting us, that your rights over your personal data are not being respected, you can file a complaint with the CNIL (French Data Protection Authority).
8. COOKIES
When visiting our site, cookies (also known as connection tokens) are placed on your device to perform audience statistics, improve your user experience, and offer personalized content.
Some cookies are mandatory because they ensure the proper functioning of our website, while others require your consent.
To adjust your preferences, you can use the cookie management panel.
You also have the option to manage the cookies used on the site:
- By setting your browser* to accept or refuse cookies on a case-by-case basis before their installation.
- By regularly deleting cookies from your device through your browser.
- By installing a cookie manager to add, delete, modify, search, protect, and block cookies.
- By activating private browsing mode or the “Do Not Track” setting of your browser.
*The management of cookies and your choices varies with each browser. It is described in the help menu of your browser, which will allow you to learn how to change your cookie preferences.
However, we inform you that by setting your browser to refuse cookies, some functionalities, pages, and areas of the site will not be accessible, for which we cannot be held responsible.
We also draw your attention to the fact that when you oppose the installation or use of a cookie, a refusal cookie is installed on your terminal equipment. If you delete this refusal cookie, it will no longer be possible to identify you as having refused the use of cookies. Similarly, when you consent to the installation of cookies, a consent cookie is installed. Consent or refusal cookies must remain on your terminal equipment.
Cookies allow the storage, for the duration of the cookie’s validity, of status information when a browser accesses different pages of a website or when the browser returns to the website later.
Several types of cookies may be used by the site:
1. Functional Cookies
Functional cookies are necessary for the website’s operation. Functional cookies are essential for site operation and user navigation. They are essential for users to navigate the site and use its main functionalities, securing their connection.
These cookies have a very short lifespan, for the duration of the active session.
Without these cookies, users will not be able to use the site normally, and it is, therefore, advised against preventing their use or deleting them.
2. Audience Measurement Cookies
Audience measurement and statistical cookies allow us to know the use and performance of the sites, establish statistics, attendance volumes, and use of various elements (visited content, paths…) to improve the interest and ergonomics of the services offered. These cookies also serve to measure the site’s consultation traffic.
For some of these cookies, the IP address (the only data linked to the identification of the Sites’ visitors in this context) is anonymized by removing the last byte.
The lifespan of audience measurement cookies is limited to thirteen months.
Refusing to implement such cookies or deleting them does not affect people’s navigation on the sites but prevents HERBAPAC from ensuring the improvement of the quality of services offered to its sites’ visitors.
3. Marketing Cookies
Marketing cookies are used to track visitors across websites. The goal is to display ads that are relevant and engaging for the individual user and therefore more valuable for publishers and third-party advertisers.
The lifespan of marketing cookies is limited to thirteen months. Refusing to implement such cookies or deleting them does not affect people’s navigation on the sites but prevents HERBAPAC from ensuring the improvement of the quality of services offered to its sites’ visitors.
9. LIABILITY LIMITATION
HERBAPAC cannot be held responsible for the accuracy and relevance of the information posted online by the user.
10. MODIFICATION OF THIS POLICY
In case of modification of this Policy by HERBAPAC or if the law requires it, it will be published on our Site and will be effective upon its publication. Therefore, we invite you to refer to it during each visit to be aware of its latest version available continuously on our Site.