PREAMBLE

At HEEDING CLIMATE SOLUTIONS (hereinafter ‘HEEDING’), we give particular importance to respecting your privacy and your personal data (hereinafter ‘Personal Data’).

We undertake to ensure that the processing of Personal Data carried out by us complies with the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter ‘GDPR’) and with the French Data Protection Act of 6 January 1978 (hereinafter ‘LIL’ or ‘Data Protection Act’).

A FEW MORE KEY CONCEPTS :

"Personal Data"

Article 4(1) of the GDPR defines the term ‘personal data’ as any information relating to a natural person which enables that person to be identified directly or indirectly.
Ex 1 :Your first and last name and/or a photo can be used to identify You directly.
Ex 2: Your e-mail address identifies you indirectly.

"Treatment"

Article 4(2) of the GDPR defines ‘Processing’ as any operation or set of operations which relates to Personal Data, regardless of the process used.
E.g.: collection, recording, organisation, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, combination or interconnection, blocking, erasure or destruction, etc.).

SUBJECT

The purpose of this ‘Privacy Policy’ (hereinafter referred to as the ‘Policy’) is to inform all natural persons concerned (hereinafter referred to as ‘You’) about :

• How HEEDING collects and uses your Personal Data; and
• The rights you have in relation to your Personal Data, and the means available to you to exercise these rights.

WHO IS THE ‘CONTROLLER’ OF YOUR PERSONAL DATA

HEEDING CLIMATE SOLUTIONS, a simplified joint stock company, registered with the Registre du Commerce et des Sociétés de Grasse under number 938 468 915 and whose registered office is located at 1047 Route des Dolines Business Pole 1, 06560 VALBONNE - France, will have the status of Data Controller for the Processing relating to:

• Responding to your enquiries;
• To send you our newsletter and commercial offers where you have given your consent;
• Managing requests for rights arising from the RGPD and the LIL;
• To ensure the smooth running and ongoing improvement of our site.

A FEW MORE KEY CONCEPTS :

"Data controller"

L’article 4 (8) du RGPD définitle terme « Responsable du Traitement » comme la personne quidétermine les moyens et les finalités du Traitement.

Lorsque deux responsables dutraitement ou plus déterminent conjointement les finalités et les moyens duTraitement, ils sont les Responsables conjoints du Traitement (ouco-responsables).

"Sub-contractor"

The Sub-processor is a person who processes Personal Data on behalf of the Data Controller, acting under the authority of the Data Controller and on the latter's instructions.

WHAT ARE THE PURPOSES, CATEGORIES OF PERSONAL DATA AND LEGAL BASES OF THE PROCESSING WE IMPLEMENT?

Where the legal basis used for the Processing operations that we carry out is the pursuit of a legitimate interest, You, as the data subject, have the possibility, on request, of obtaining additional information relating to the balancing of interests.

In all cases, HEEDING collects only the Personal Data necessary for the explicit purposes set out below:

Processing 1: Responding to your enquiries :

• Details of the purposes: management and processing of requests of all kinds (contact, information, responses to requests, tracking of requests, IT tracking, etc.);
• Legal basis: Contractual, the Processing is necessary for the performance of a contract or pre-contractual measures (Article 6(1)(b) of the GDPR).

Processing 2 : Sending you our newsletter and commercial offers where you have consented to this:

• Details of the purposes: managing newsletter subscriptions, sending commercial offers;
• Legal basis :
• • Our legitimate interest (promotion of HEEDING services as part of an existing commercial relationship);
  • User consent where required. The user may unsubscribe at any time via an unsubscribe link provided in each communication.

Treatment 3 : Managing requests for rights under the RGPD and LIL:

• Details of the purposes pursued: Carrying out commercial statistics or measuring the performance of the communications deployed, audience measurement, improving browsing on the site managed by HEEDING, adapting the presentation to the terminal used, etc. ;
• Legal basis: Our legitimate interest in guaranteeing the best possible level of operation, quality and security of our site, in particular through visitor statistics.

Process 4: Ensuring the smooth running and ongoing improvement of our site:

• Details of the purposes pursued: Carrying out commercial statistics or measuring the performance of the communications deployed, audience measurement, improving browsing on the site managed by HEEDING, adapting the presentation to the terminal used, etc. ;
• Legal basis: Our legitimate interest in guaranteeing the best possible level of operation, quality and security of our site, in particular through visitor statistics.

HEEDING will also be authorised to use this Personal Data in order to fulfil a legal or regulatory obligation.

In any event, and for each defined purpose, HEEDING will do everything in its power to ensure the security and confidentiality of the Personal Data entrusted to it, in compliance with the laws and regulations in force.

A FEW MORE KEY CONCEPTS :

"Purpose of processing"

The Purpose of Processing is the main objective of the use of personal data. The data must not be used subsequently in a way that is incompatible with this initial purpose, which must be specified and legitimate.

"Legal basis"

The Legal Basis for Processing is what legally justifies the use of the personal data collected. The RGPD provides for six legal bases: consent, contract, legal obligation, safeguarding vital interests, public interest and legitimate interests.

WHAT DATA IS COLLECTED?

The mandatory or optional nature of the Personal Data collected and the possible consequences of a failure to reply are indicated during the various contacts with the persons concerned.

You can consult the details of the Personal Data that we may hold about you below:

The information provided below is not intended to be exhaustive and is primarily intended to inform you about the categories of personal data that HEEDING may process.

In any event, HEEDING undertakes to Process all Personal Data collected in compliance with the RGPD and the LIL.‍

WHO WILL RECEIVE YOUR DATA?

The mandatory or optional nature of the Personal Data collected and the possible consequences of a failure to reply are indicated during the various contacts with the persons concerned.

• Authorised HEEDING personnel;
• The service providers responsible for managing and hosting our website and HEEDING's IT system;
• Where applicable, the authorised personnel of our subcontractors;
• Where applicable, the courts concerned, mediators, chartered accountants, statutory auditors, lawyers, bailiffs, debt collection agencies, police or gendarmerie authorities in the event of theft or judicial requisition;
• Third parties likely to place cookies on your terminals with your consent.

If you would like further information about our subcontractors, please write to us at contact@myheeding.com.

Your Personal Data will not be communicated, exchanged, sold or rented to anyone other than those mentioned above without your express prior consent and in accordance with the applicable legal and regulatory provisions.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We keep your Personal Data only for as long as is necessary for the purposes described above and summarised in the table below:

WHAT ARE YOUR RIGHTS?

Conformément à la LoiInformatique et Libertés et au RGPD, Vous disposez des droitssuivants :

• Right of access (article 15 RGPD), rectification (article 16 RGPD), updating and completeness of Your Data (find out more)
• Right to block or erase Your Personal Data (article 17 GDPR), if it is inaccurate, incomplete, equivocal, out of date, or the collection, use, communication or storage of which is prohibited (find out more).
• Right to withdraw Your consent at any time (article 13-2c RGPD)
• Right to limit the Processing of Your Data (article 18 GDPR)
• Right to object to the Processing of Your Data (article 21 GDPR) (find out more)
• Right to the portability of the Data that You have provided to us, where Your Data is subject to automated Processing based on Your consent or on a contract (article 20 RGPD) (find out more)
• Right to determine what happens to Your Data after Your death and to choose whether or not we pass on Your Data to a third party designated by You (article 85 LIL) (find out more).

In the event of Your death and in the absence of instructions from You, we undertake to destroy Your Data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

These rights can be exercised by :

• Or by completing the contact form available on the website;
• Or by e-mail to contact@myheeding.com;
• Or by post to the following address: 1047 Route des Dolines Business Pole 1, 06560 VALBONNE.

Finally, You may also file a complaint with the supervisory authorities, in particular the CNIL (https://www.cnil.fr/fr/plaintes).

WHAT ABOUT CONNECTION DATA AND COOKIES?

On its site, HEEDING uses connection data (date, time, Internet address, protocol of the visitor's computer or telephone, page consulted) and cookies (small files stored on your computer, tablet or telephone) to identify you, to remember your visits and to measure and analyse the audience for our site, particularly in relation to the pages consulted.

Depending on the purpose, users may consent, refuse or choose to have certain types of cookies deposited on their terminals.

The procedures for depositing cookies and the rights available to users are set out in the cookie charters available on our site.

WILL YOUR PERSONAL DATA BE TRANSFERRED OUTSIDE THE EUROPEAN UNION?

As a matter of principle, we process your Personal Data within the European Union.

Nevertheless, given the nature of our business, and subject to informing you in advance, we may transfer your Personal Data outside the European Union.

In this case, HEEDING will inform you of the measures taken to control this transfer and ensure compliance.

WHAT SECURITY MEASURES HAVE BEEN PUT IN PLACE TO PROTECT YOUR PERSONAL DATA?

HEEDING and any Subcontractors undertake to implement all the technical and organisational measures necessary to ensure the security of the Processing of Personal Data and the confidentiality of your Personal Data, in application of the LIL and the RGPD.

In this respect, we take all necessary precautions, having regard to the nature of your Personal Data and the risks presented by the Processing, to protect its security and, in particular, to prevent Personal Data from being distorted, damaged or accessed by unauthorised third parties.

In this respect, HEEDING takes the necessary precautions, with regard to the nature of Your Personal Data and the risks presented by our Processing, to preserve the security of the Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties (encryption of certain Personal Data, etc.).

UPDATE OF OUR PRIVACY POLICY :

This Privacy Policy may be amended from time to time, particularly in accordance with changes in legislation and regulations. To this end, users can consult the updates directly on our site.