Data protection and privacy policy
Contents
Privacy Policy
1. Definitions
2. Data subjects
3. Purposes and legal bases of data processing
4. Data recipients
5. Rights of users and customers
6. Data retention period
7. Data processing outside the European Union
8. Changes to this policy
9. Contact details
This data protection policy (hereinafter “ the Policy ”) defines the conditions under which the simplified joint stock company OMEDOM, registered in the Albi trade and companies register under number 895 124 949 and whose head office is located at 72 bis, Rue du Commandant Blanché 81000 ALBI (hereinafter “ OMEDOM ”) processes the personal data of people benefiting from or wishing to benefit from the services offered on its web and mobile application (hereinafter “ the Solution ”) .
Before accessing the Solution and its services, the User is invited to read the provisions below.
1. Definitions
The purpose of this Policy is to define the way in which data is collected and processed by the Data Controller. The terms indicated below have the following definition:
“ Customer ” means the natural person subscribing to a subscription contract and/or benefiting from or wishing to benefit from the services offered on the Solution, the term Customer including the potential Customer;
“ Personal data ” or “ Data ” means any information allowing a natural person to be directly or indirectly identified;
“ Data Protection Officer ” or “ DPO ” means the person responsible for advising and monitoring the Data Controller with regard to the protection of Personal Data. In this case, the OMEDOM DPO can be reached at dpo@omedom.com;
“ Processing Manager ” means the natural or legal person who determines the purposes and means of processing Personal Data, in this case OMEDOM, a simplified joint stock company registered in the Albi trade and companies register under number 895 124 949 and whose head office is located at 72 bis, Rue du Commandant Blanché 81000 ALBI.
“ Subcontractor ” means the natural or legal person responsible for processing Personal Data in the name and on behalf of the Data Controller as part of a service or provision;
“ Processing ” means any operation relating to Personal Data, regardless of the process used, whether computerized or not, such as collection, recording, organization, adaptation, modification, extraction, consultation, communication, use, dissemination or reconciliation of Data;
“ User ” means the natural person browsing the Solution.
2. Data subjects
This Policy is addressed to Users and Customers of the Solution who are individuals, employees and managers of Customers who are legal entities.
3. Purposes and legal bases of data processing
The Personal Data of Users and/or Customers are collected and processed by the Data Controller on legal grounds and to the extent that they are strictly necessary for the achievement of the purposes below. These purposes are determined, explicit and legitimate.
The majority of Processing implemented by OMEDOM is based on the execution of the contract between OMEDOM and the User and/or the Client. The following purposes are therefore based on this basis or the execution of pre-contractual measures:
Processing requests for information sent by the User and/or the Customer through the Menu, “Help and Contact”;
Creation and management of the User account;
Adding a property to the User's account;
Sharing the property with a third party (which includes sharing the: name, first name and email address of the User/Customer);
Generation of documents such as invoices, reminder letters and rent receipts;
Configuration and monitoring of the User budget for each property;
Cash flow monitoring across the entire portfolio;
Monitoring of savings/investments;
Monitoring of current credits;
Generation of energy performance valuation and diagnosis data;
Subscription to a subscription to the Solution;
Processing of Bank Data;
Administration of the Solution;
Fight against fraud;
Prevention of possible disputes.
In the absence of certain mandatory Data (surname, first name, postal code, email address and password), OMEDOM will not be able to process the User's or Customer's request, create the account and implement places the requested subscription.
The economic and financial Data (income, financial situation, Banking Data) processed by OMEDOM are for the exclusive purpose of using the Solution.
The Processing carried out on the basis of the consent of the User and/or the Client is in particular the following:
Personalization of the Solution via tracking and monitoring of the User's and/or Client's navigation (cookies) for the purposes of analysis and improvement of the user and/or Client's experience;
Sending newsletters to individual Customers;
Sending notifications to the User and/or Customer;
Sending communications to the User and/or Customer
The User and/or Client have the right to withdraw their consent at any time, without affecting the lawfulness of the Processing carried out before its withdrawal.
Finally, OMEDOM may process certain Data for the purposes of the legitimate interests it pursues in the context of marketing and statistical operations relating to the use of the Solution and its commercial prospecting:
Evaluation and improvement of services and User experience;
Satisfaction surveys;
Sending newsletters to professional customers.
The User and/or Customer have the possibility to unsubscribe, at any time, from any electronic communication by clicking on the “unsubscribe” button accessible at the bottom of each communication or by unchecking the notification(s) in the Solution for any notification(s) received by email.
4. Data recipients
The recipients of the Data collected and processed by OMEDOM are:
Authorized members of its staff due to their functions;
The people possibly responsible for maintaining the Solution, whether internal or external to OMEDOM;
Subscription payment solution providers;
Bank aggregation solution providers;
Providers of data analysis solutions for energy performance valorization and diagnosis;
Providers of solutions to combat payment risks;
Data analysis solution providers.
Finally, the Data Controller may communicate User and/or Customer Data to legitimate recipients for reasons required by law.
5. Rights of users and customers
The rights of Users and/or Customers over their Data are as follows:
Right of access to Data
The User and/or Customer may ask the Data Controller for confirmation that their Personal Data is or is not processed.
If the Data Controller actually processes Data, the User and/or Customer can check its accuracy by requesting a readable copy in an understandable format of all information that the Data Controller holds concerning them.
Right to rectification of Data
The User and/or Customer may request the modification of their Personal Data when it is erroneous or incomplete.
Right to object to Processing
The User and/or Customer may object, for legitimate reasons, to their Personal Data being used for specific purposes.
Right to withdraw consent
The User and/or Customer may withdraw their consent at any time when the Processing of their Personal Data is based on it.
Right to restriction of Processing
The User and/or Customer may request that the Processing of their Personal Data be blocked for a certain time, in particular while examining a request to exercise rights.
Right to erasure of Data
The User and/or Customer may request the erasure of the Personal Data that the Data Controller holds about them, provided that compelling or legal reasons do not allow OMEDOM to keep them.
Right to give instructions on the fate of Data after death
The User and/or the Client have the possibility of informing the Data Controller on the terms of use of their Data after their death.
Right to Data Portability
The User and/or Customer may request the recovery of some of their Data for their own use or for the purpose of communicating it to another organization.
For any request to exercise rights, the User and/or the Customer must send their requests to the address dpo@omedom.com.
OMEDOM may request communication of a copy of proof of identity if necessary. OMEDOM undertakes to respond as soon as possible, and in any event within one (1) month from receipt of the complete request. This deadline may nevertheless be extended by two (2) months taking into account the complexity and number of requests.
In the absence of a satisfactory response from the Data Controller, the User and/or the Client are entitled to lodge a complaint with the CNIL, 3 place de Fontenoy TSA 80715 /75334 Paris Cedex 07.
6. Data retention period
OMEDOM undertakes to respect the storage periods imposed by current regulations.
The Data processed within the framework of a subscription contract for the Solution is kept for the entire duration of the latter and up to 3 (three) years after its termination.
The contractual elements are kept for 5 (five) years at the end of the contract on a probative basis and the Data relating to invoicing can be kept for 10 (ten) years under a legal accounting obligation.
Tax documents can be kept for up to 6 (six) years from their issue.
Data relating to asset management may be kept for up to 5 (five) years after their issue.
7. Data processing outside the European Union
The processed Personal Data is stored in France.
It is however possible that, in the context of certain missions, certain Data may be processed by Subcontractors located outside the European Union. Concerned about protecting the privacy and personal data of Users and/or Customers, OMEDOM makes its best efforts to select partners offering guarantees of security and confidentiality and to establish contractual relationships corresponding to regulatory standards, in particular at the European level.
8. Changes to this policy
The Data Controller reserves the right to modify this Personal Data Protection Policy. In this case, an updated version will be published on the Site and in the Solution and the User/Client will be informed by any means.
9. Contact details
For any additional information or any complaint relating to the use of their Data, the User/Customer can contact the OMEDOM DPO at the address: dpo@omedom.com.