Accéder à l'en-tête Accéder au contenu principal Accéder au pied de page

Privacy Policy

At Pili, the protection of your personal data is a priority. When you use the www.pili.bio website (the “Site”), we may collect personal data. The purpose of this policy is to inform you about how we process these data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR”)

Who is the data controller ?

The data controller is PILI, a French simplified joint-stock company (SAS), registered with the Toulouse Trade and Companies Register under number 811 524 545 and whose registered office is located at 135 avenue de Rangueil, 31400 Toulouse (France) (“We/Us”).

 What kind of data do we collect ?

Personal data are data that make it possible to identify an individual directly or by cross-checking with other data.

We collect data that falls under the following categories:

  • Identification data (e.g. surname, first name, email and postal address, telephone number);
  • Data relating to your professional life (e.g. company name, occupation);
  • Browsing data (e.g. IP address, pages viewed, date and time of connection, browser used, operating system, user ID, IFA);
  • Any information you wish to send us as part of your contact request.

Entering data in the fields provided for this purpose is mandatory. The optional data are shown by a parenthesis indicating “optional”.

On what legal bases, for what purposes and for how long do we keep your personal data?

Drawing up a customer monitoring file

  • Legal bases: our legitimate interest in developing and promoting our business;
  • Retention period: the data are kept for the entire duration of the contractual relationship.

Sending newsletters, requests and promotional messages

  • Legal bases:
    • For customers: our legitimate interest in retaining and informing our customers of our latest news;
    • For non-professional prospects: your consent;
    • For professional customers and prospects: our legitimate interest in retaining and informing our customers and prospects of our latest news
  • Retention periods: the data are kept for three years from your last contact with Us or until withdrawal of your consent

Responding to your requests for information

  • Legal basis: our legitimate interest in responding to your requests
  • Retention period: the data are kept for the time necessary to process your request for information and deleted once the request for information has been processed. For customers: data is kept for the duration of the contractual relationship.

Complying with the legal obligations applicable to our business

  • Legal basis: complying with our legal and regulatory obligations
  • Retention periods:
    • For invoices: invoices are archived for a period of 10 years;
    • Data relating to your transactions (with the exception of banking data) are kept for 5 years

Developing browsing and audience statistics for the site

  • Legal basis: your consent
  • Retention period: the data are kept for 3 years.

Managing requests to exercise rights

  • Legal basis: our legitimate interest in responding to and following up on your requests
  • Retention periods:
    • If we ask you for proof of identity: we only keep it for the time necessary to check your identity. Once the check has been carried out, the document is deleted.
    • If you exercise your right to object to receiving marketing: we keep this information for 3 years.

Who are the recipients of your data?

The following will have access to your personal data:

  • Our company staff;
  • Our subcontractors: hosting providers, newsletter sending providers, audience measurement and analysis providers, email providers, accounting providers, logistics and transport providers;
  • Where applicable: public and private bodies, exclusively to meet our legal obligations.

Are your data likely to be transferred outside the European Union?

Your data is kept and stored for the duration of processing on the servers of the DataCampus companies in France.

Within the framework of the tools we use (see the Article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:

  • either the data are transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, that country ensures a level of protection deemed to be sufficient and adequate for the provisions of the GDPR;
  • or the data are transferred to a country whose level of data protection has not been recognized as adequate under the GDPR: in this case, these transfers are based on appropriate guarantees indicated in Article 46 of the GDPR, adapted to each service provider, including, but not limited to, the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
  • or the data are transferred on the basis of one of the appropriate guarantees described in Chapter V of the GDPR.

What are your rights to your data

You have the following rights over your personal data:

  • Right to information: this is precisely why we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all your personal data at any time, pursuant to Article 15 of the GDPR.
  • Right to rectify: you have the right to rectify your inaccurate, incomplete or obsolete personal data at any time in accordance with Article 16 of the GDPR.
  • Right to restriction: you have the right to obtain restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection thereof on the grounds set out in Article 17 of the GDPR.
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable laws (Article 77 of the GDPR).
  • Right to issue guidelines relating to the storage, erasure and communication of your personal data after your death.
  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out before the withdrawal.
  • Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to request its transfer to the recipient of your choice.
  • Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite this objection, for legitimate reasons or the defence of rights in court.

You can exercise these rights by writing to us using the contact details below. On this occasion, we may ask you to provide us with additional information or documents to prove your identity.

The Data Protection Officer

You can contact the Data Protection Officer in the following ways:

  • by email to dpo@pili.bio
  • By post: The Data Protection Officer, Pili, 79 avenue de fontainebleau, 94270 Le Kremlin Bicêtre FRANCE

Changes

We may modify this policy at any time, in particular to comply with any regulatory, case law, editorial or technical changes. These changes will apply as of the effective date of the amended version. You are therefore asked to check the latest version of this policy regularly. Nevertheless, we will keep you informed of any significant changes to this Privacy Policy.

Entry into force: September 18, 2024