Personal Data Protection Policy

Personal Data Protection Policy

Thank you for using our website.

Lynred (hereafter referred to as “Lynred”) cares about protecting your privacy and ensuring the confidentiality of your personal data. In our capacity as “controller” (see definition below), we have implemented policies to protect any personal data concerned by you collected by Lynred (“Personal Data Protection Policy,” hereafter referred to as the “Policy”).

This Policy is intended to provide you with clear, easy-to-understand information about how we use your personal data. Lynred is committed to handling your personal data in compliance with France’s data protection laws (the Data Protection Act of January 6, 1978 and the subsequent amendments to this act on June 21, 2018), with the EU General Data Protection Regulation (EU Regulation 679 of 2016, hereafter referred to as “GDPR”), and, more broadly, with all laws and regulations currently in force (hereafter referred to as “Laws”).

Specifically, this Policy describes how Lynred collects and processes your data and Lynred’s commitments to protecting your personal data.

The version of the Policy on our website is the version in force. The Policy is subject to change at any time. Therefore, we recommend that you check the website regularly to remain informed of any changes to the Policy.

In the interest of clarity, we have provided the definitions of the terms used in the Policy. These definitions are provided for information only, and are not intended as substitutes for the more comprehensive vocabulary used in France’s Data Protection Act and the EU GDPR. We have defined the following terms for the purposes of this Policy:

Cookies: A cookie is a small text file that is used to keep track of your preferences. For example, when you use a website, read an email, or install or use a software or mobile application, regardless of the type of device (computer, smartphone, reader, etc.), cookies may be installed.

Personal data: Personal data is any information that is related to a specific individual person.

Purpose: The reason or reasons for which the data processor processes your data.

Controller: The natural or legal person that determines the purposes and means of personal data processing. For the purposes of the Policy, Lynred is the controller. Lynred’s identity and contact details are available in the “We are” and “About” sections of the website.

Third party: A natural or legal person that processes personal data on behalf of and according to the written instructions of the controller.

Processing: Any operation or set of operations carried out on personal data including, but not limited to, collection, storage, reading, and archiving for a predetermined or determinable duration and for the purposes for which the data was collected.

 

PERSONAL DATA COLLECTED

Lynred agrees to only collect personal data that is strictly necessary to the purposes of processing and to refrain from collecting more personal data than what is strictly necessary. Lynred also agrees to provide you with the following information when collecting your personal data:

  • The purposes for which the data is being collected.
  • How to contact the controller.
  • The legal basis for processing.
  • Whether or not collecting your personal data is required or optional.
  • How long your personal data will be stored.
  • The recipients of your personal data.
  • Whether or not your personal data will be transferred outside the European Economic Area (if necessary).
  • Your rights and how to exercise them (with France’s data protection agency, or CNIL).

We collect your personal data in several ways:

  • Forms you complete on our website or on paper when visiting our facilities; forms provided by Lynred for you to complete (such as when signing a contract, for example).
  • Any email or postal mail you send to us.
  • Business cards you intentionally give us.
  • Cookies on our website (see “cookies” below).
  • Social media.
  • Other legal and fair channels (about which you will have been previously informed).

Please note that any information you communicate on social media could be used by the social network in question independently of any processing carried out by Lynred. If you use social media, we encourage you to stay informed of the potential consequences of your online activity by checking the confidentiality and data processing policies of any social networks you use. Lynred does not control how social networks use data or social networks’ data protection policies; therefore, Lynred cannot be held liable for the actions (or failure to act) of social networks.

Specific information relative to online forms:

When you opt to provide your personal data via one of the forms on our website, you will notice that certain fields are marked with an asterisk. The asterisk denotes information that is required in order for your request to be processed. If the information is not provided, Lynred cannot provide you with the services offered (requests for information or callbacks, newsletters, and job applications, for example). Fields not marked with an asterisk are not required. All sign-ups are completed through an opt-in process that requires an active confirmation on your part. If you wish to stop receiving information on our job openings, products, or events (or, more broadly, any of our marketing communications), simply tell us your preferences by sending an email to privacy@lynred.com  or by using the unsubscribe link or email address found at the bottom of our newsletters and emailers. This type of processing is subject to your consent, and you can withdraw your consent at any time (see “Your rights” below).

 

THE LEGAL BASIS FOR AND PURPOSE OF PROCESSING YOUR PERSONAL DATA

Regardless of the type of processing of your personal data, Lynred agrees to have a clearly defined purpose for processing your data at the time your data is collected. The purpose or purposes for which your data will be processed will be clearly explained to you. Lynred also agrees to use your data for only for the purpose or purposes intended at the time your data is collected. Lynred will never use your personal data for purposes other than those originally intended.

As required by the GDPR, we collect your personal data lawfully and with your consent or according to the terms of a contract between you and Lynred, and/or to pursue legitimate Lynred interests in terms of safety and security and/or to comply with the legal obligations to which Lynred is subject.

Therefore, the main purposes for which your personal data is collected include, but are not limited to, the following:

Opt-in:

  • To process your application for employment or internships.
  • To send you product information, either in response to a one-off request submitted using one of our contact forms, or in response to an email/newsletter subscription request submitted using one of our contact forms, or if you provided us with a business card at a trade show or other meeting.
  • To send you marketing event information, either in response to a one-off request submitted using one of our contact forms, or in response to an email/newsletter subscription request submitted using one of our contact forms, or if you provided us with a business card at a trade show or other meeting.
  • To respond to other requests submitted using one of our contact forms.

Contract-related:

  • To manage our relationship with you using our CRM and to provide you with the products and/or services you request from us and, more broadly, to fulfil any contractual obligations between Lynred and your organization that requires the personal information of parties to the execution and performance of the contract.

Legal requirements:

  • To comply with our legal obligations, including, but not limited to, labor laws (such as if you were to be hired by Lynred), and safety requirements.
  • To perform an agreement in compliance with France’s anticorruption laws. Several years ago, Lynred implemented ethics policies to ensure healthy, transparent relationships with its partners. Therefore, Lynred agrees to audit its partners to ensure that they are acting with integrity, one of Lynred’s core values. If Lynred collects sensitive data (Article 9 of the GDPR) to meet its obligations under France’s anticorruption laws, and insofar as the data is critical to the aforementioned audits, Lynred agrees to obtain your consent. Lynred reserves the right not to sign a contract or to withdraw from an existing contract if the information required is not provided to Lynred or if you withdraw your consent to this processing.

Legitimate Lynred interests:

  • To prevent and detect fraud, manage security incidents, and, more generally, ensure safety and security during your visits to our facilities.
  • To run our website: When you simply use our website without sending any information via our online contact forms, your browsing preferences are collected by cookies (see “cookies”). This data is only processed for the purposes of tracking website traffic, compiling statistics, and improving the user experience on our website. This data is not used for any other purpose. If you do not consent to the collection of this data, simply ensure that the concerned cookies are not enabled on your browser. However, please be aware that cookies required for the website to run properly cannot be deleted. Also be aware that, depending on how you choose to manage cookies, the website and certain features on the website may not work as intended and may not meet your expectations.
  • To manage any disputes.

In the event that your personal data is processed for other purposes not listed here, Lynred agrees to inform you before your data is processed and, if required by law, to obtain your consent.

 

RECIPIENTS

Access to your personal data is strictly limited to persons designated and authorized by Lynred and to competent organizations/companies for instances where processing requires the involvement of a third party of this type. In these cases, you will be informed of the identity of the recipients of your personal data before processing. In any event, these third parties are, due to the nature of their activity, legitimate to receive your personal data for the purposes for which the data was lawfully obtained. If necessary, your personal data could be disclosed to government institutions, agencies, or legal or administrative authorities if they request that we disclose your personal data.

Lynred does not transfer your personal data outside the European Economic Area or outside countries currently deemed to have implemented adequate data protection measures by France’s data protection agency (CNIL), unless the processing of your personal data or the law so requires. In these cases, Lynred agrees to inform you before your data is transferred.

If necessary for processing, your personal data may be transferred to third parties authorized by Lynred to process your data. Lynred requires these third parties, in their capacity as subcontractors, to comply with the law and with the GDPR clause in our contracts with our subcontractors. These subcontractors include technical service providers (data hosting, website service providers, etc.). We also require our subcontractors to provide us with sufficient guarantees of the security and confidentiality of personal data we transfer to them. We also ensure that all of our subcontractors take all of the necessary technical and organizational measures to guarantee the confidentiality, integrity, and security of your personal data. Lynred agrees not to disclose your personal data to subcontractors that have not provided these guarantees.

Lynred will never sell your personal data. Lynred also agrees not to share or divulge your personal data by any means whatsoever to third parties for sales and/or marketing purposes without first obtaining your consent.

 

HOW LONG YOUR DATA IS KEPT

As recommended by France’s data protection agency (CNIL), your personal data will be kept only as long as necessary for the purposes for which it was collected.

Once these purposes have been fulfilled, your personal data is temporarily archived to enable us to fulfil our legal, financial reporting, and tax obligations and/or at the minimum for the applicable limitation period.

 

SECURITY MEASURES

Lynred takes the protection of your personal data seriously. Therefore, we have implemented a range of security measures, both organizational and technical, to prevent:

  • The unintended destruction or loss of your personal data.
  • The disclosure of your personal data to persons who do not need access to your personal data to fulfil the purposes of processing.
  • Leaks or breaches of your personal data and, more broadly, unauthorized access to or use of your personal data.

Organizational measures

We are committed to ensuring that your personal data is processed solely by our employees and by third parties that need access to your personal data to fulfil the purposes of processing. Note that these third parties are bound by non-disclosure agreements, either through their employment contracts or through other contracts in which we have included stringent requirements. We require these third parties to use your personal data solely for those purposes for which it was collected. Please be aware that your personal data may be disclosed to administrative or judicial authorities with whom Lynred does not have a contractual relationship. These authorities have their own procedures for protecting your personal data.

To ensure that our employees understand the importance of protecting your personal data, we have implemented a program to raise their awareness of how your personal data should be used. Our objective is for all of our employees to understand their responsibilities when it comes to protecting your personal data.

Technical measures

Unless explicitly mentioned otherwise, and excluding data directly collected and processed by our U.S.-based subsidiary Lynred-US, all information systems used by Lynred are hosted on European soil and run by European service providers. All of the expected necessary measures, whether physical or IT-related, are implemented to ensure that your personal data is adequately protected. These measures may vary according to the platform and information concerned. For example, sensitive data is encrypted for storage or transfer over the internet.

 

COOKIES

Our website uses cookies to measure traffic and generate statistics for the purposes of enhancing your browsing experience. These cookies are not used for any other purpose and do not contain viruses or malware.

We use the following types of cookies:

Cookies necessary to the operation of the website

These cookies activate features that are necessary to the operation of the website and do not collect any personal data for sales or marketing purposes. These cookies cannot be disabled. We use the following cookies for these purposes:

  • CookieConsent: The data collected by these cookies is automatically deleted one year after it is collected.

Marketing cookies

These cookies are used to monitor traffic on our website for the purposes of displaying ads tailored to users. We use two types of cookies for this purpose:

  • NID, which collects data to identify the device you are using so that targeted ads can be displayed. The data collected is deleted six months after your last visit to the website.
  • Rc ::c, which distinguishes human users from robots. The data collected is immediately deleted when you leave the website.

 

YOUR RIGHTS

At Lynred, it is important that you be able to exercise your personal data protection rights. Given our commitments to data security, you must provide proof of your identity to exercise your rights. You will only be given access to personal data that concerns you directly and individually. Therefore, each time you exercise your rights, we will ask you to provide a valid ID. Furthermore, we reserve the right to complete any other legitimate and reasonable verification to confirm your identity. We reserve the right to decline your request if you do not provide the proof of identity we request, and we cannot be held liable for doing so.

You have the following rights under France’s data protection law and the GDPR:

The right to access

You have the right to contact us to obtain a variety of information including whether or not we process data that concerns you. If so, you have the right to be informed of the purposes of processing that concerns you, the categories of personal data processed, the recipients of the data (as long as informing you does not violate the recipients’ rights), etc.

When you exercise this right, we provide you with a copy of your personal data that is processed. We reserve the right to invoice you for additional copies of your data in the event of unfounded or nuisance requests.

The right to rectify

You have the right to contact us to complete, correct, or update personal data concerning you and kept by us if this data is incorrect.

The right to object to processing

You have the right to ask us to cease processing of personal data concerning you at any time; if your specific situation so requires, we are committed to fulfilling your request as quickly as possible.

Nevertheless, please be aware that we can refuse your request and that it is legal for us to do so:

  • If Lynred has legitimate and compelling concerns that take precedence over your rights and freedoms.
  • For the purposes of legal proceedings (to ascertain, exercise, or defend a party’s rights in a court of law).

You have the right to object to the use of your personal data for sales and marketing campaigns at any time; you do not need to provide a reason for your request. To exercise your right, simply click the “unsubscribe” link included in our newsletters and emailers or contact the person who initiated the newsletter or mailer.

The right to restrict processing

You have the right to restrict the processing of your personal data that may be in our possession in the following cases:

  • If you dispute the accuracy of your personal data, we agree to restrict the use of your personal data during the time necessary for Lynred to verify the accuracy of your personal data.
  • If processing is discovered to be illegal, but you have expressly requested that we do not delete your personal data.
  • If you have objected to the processing of your personal data (see above). In such cases, we will restrict the processing of your personal data during the time necessary for Lynred to verify whether or not Lynred’s legitimate reasons for processing the data take precedence over your rights and freedoms.
  • If your personal data is no longer necessary for processing, but if it remains necessary for the ascertainment, exercise, or defense of a party’s rights in a court of law.

The restriction of processing can result in moving your personal data to another database so that it cannot be accessed by certain users, for example.

The right of erasure

In certain circumstances, you have the right to ask us to delete in a timely manner any personal data concerning you in our possession.

You may exercise this right if:

  • You withdraw your consent to processing, only if the processing in question was initiated on the sole basis of your consent. (In other words, if there is no other legal basis for the processing in question).
  • If you have objected to processing and if we do not have any compelling and legitimate interests that take precedence over your right and freedom to object to the processing of your personal data.
  • If you have objected to the processing of your personal data for sales and marketing purposes (see above).
  • If the processing in question is illegal
  • If a national legal obligation and/or a European regulatory obligation requires the controller to delete your personal data.

 

Please be aware that we can refuse to delete your personal data if we are subject to legal obligations that require the concerned processing, or if we need your personal data to ascertain, exercise, or defend a party’s rights in a court of law.

The right to data portability

You can ask us to provide you with a copy of the personal data you provided to us in a structured, commonly-used format that can be read by a machine, subject to all of the following conditions being met:

  • The processing of your personal data is carried out on the basis of your consent or a contract.

AND

  • Processing is carried out using automated processes.

Your exercising this right must not infringe upon your right of erasure, subject to the conditions for the right of erasure being met.

 

HOW TO EXERCISE YOUR RIGHTS

The law allows you to exercise all of the rights listed above by contacting us by email at privacy@lynred.com and/or by regular mail to Lynred’s Chief Legal Officer, 364 Route de Valence, Actipole - CS 10027, 38113 Veurey-Voroize, France.

To help us process your request as efficiently as possible, please indicate the nature of your request as clearly as possible. And, to help us fulfil your request in a timely manner, we ask that you provide proof of your identity immediately.

If you do not feel that Lynred is honoring its legal or regulatory obligations with respect to the protection of your personal data and, especially, your rights and/or the security and care of your personal data, you have the right to file a claim with France’s data protection agency (CNIL), which is authorized to investigate failures to protect personal data.