Personal Data Protection Policy

Thank you for visiting our website.

LYNRED (hereafter referred to as “LYNRED”) cares about protecting your privacy and ensuring the confidentiality of your personal data. In our capacity as “controller” (see definition below), we have implemented policies to protect all personal data about you collected by LYNRED (“Personal Data Protection Policy,” hereafter referred to as the “Policy”).

This Policy is intended to provide you with clear, easy-to-understand information about how we use your personal data. LYNRED is committed to handling your personal data in compliance with France’s data protection laws (the Data Protection Act of January 6, 1978 and the subsequent amendments to this act on June 21, 2018), with the EU General Data Protection Regulation (EU Regulation 679 of 2016, hereafter referred to as “GDPR”), and, more broadly, with all laws and regulations currently in force (hereafter referred to as “Laws”).

Specifically, this Policy describes how LYNRED collects and processes your data and LYNRED’s commitments to protecting your personal data.

The version of the Policy appearing on our website is the current version. The Policy is subject to change at any time. We therefore recommend that you consult the website regularly to remain informed of any changes made to the Policy.

For the sake of clarity, we have provided the definitions of the terms used in the Policy. These definitions are provided for informational purposes only and are not intended to replace the more comprehensive vocabulary used in France’s Data Protection Act and the EU GDPR. We have defined the following terms for the purposes of this Policy:

Cookies: A cookie is a small text file that is used to keep track of your preferences. For example, when you use a website, read an email, or install or use a software or mobile application, regardless of the type of device (computer, smartphone, reader, etc.), cookies may be installed.

Personal data: Personal data is any information that is related to a specific individual person.

Purpose: The reason or reasons for which the data processor processes your data.

Controller: The natural or legal person that determines the purposes and means of personal data processing. For the purposes of the Policy, LYNRED is the controller. LYNRED’s identity and contact details are available in the “We are” and “About” sections of the website.

Third party: A natural or legal person that processes personal data on behalf of and according to the written instructions of the controller.

Processing: Any operation or set of operations carried out on personal data including, but not limited to, collection, storage, reading, and archiving for a predetermined or determinable duration and for the purposes for which the data was collected.

PERSONAL DATA COLLECTED

LYNRED agrees to only collect personal data that is strictly necessary to the purposes of processing and to refrain from collecting more personal data than what is strictly necessary. LYNRED also agrees to provide you with the following information when collecting your personal data:

• The purposes for which the data is being collected.
• How to contact the controller.
• The legal basis for processing.
• Whether or not collecting your personal data is required or optional.
• How long your personal data will be stored.
• The recipients of your personal data.
• Whether or not your personal data will be transferred outside the European Economic Area (if necessary).
• Your rights and how to exercise them (with France’s data protection agency, or CNIL).

We collect your personal data in several ways:

• Forms you complete on our website or on paper when visiting our facilities; forms provided by LYNRED for you to complete (such as when signing a contract, for example).

• Any email or postal mail you send to us.

• Business cards you intentionally give us.

• Cookies on our website (see “cookies” below).

• Social media.

• Other legal and fair channels (about which you will have been previously informed).

Please note that any information you share on social media may be used by the social media plateform in question independently of any processing carried out by LYNRED. If you use social media, we encourage you to stay informed of the potential consequences of your online activity by reviewing the privacy and data processing policies of the social media plateforms you use. LYNRED does not control how social media plateforms use data or their data protection policies; therefore, LYNRED cannot be held liable for the actions (or inaction) of social media platforms.

Specific information regarding online forms:

When you opt to provide your personal data via one of the forms on our website, you will notice that certain fields are marked with an asterisk. The asterisk denotes information that is required in order for your request to be processed. If the information is not provided, LYNRED cannot provide you with the services offered (requests for information or callbacks, newsletters, and job applications, for example). Fields not marked with an asterisk are not required. All registrations are made through an opt-in process that requires an active confirmation on your part. If you no longer wish to receive information about our job offers, products, or events (or, more generally, our marketing communications), simply let us know your preferences by sending an email to privacy@LYNRED.com or by using the unsubscribe link or email address at the bottom of our newsletters and emails. This type of processing is subject to your consent, which you may withdraw at any time (see “Your Rights” below).

LEGAL BASIS AND PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA

Regardless of the type of processing of your personal data, LYNRED undertakes to clearly define the purpose of the processing of your data at the time of collection. The purpose(s) for which your data will be processed will be clearly explained to you. LYNRED also undertakes to use your data for only for the purpose specified at the time of collection. LYNRED will never use your personal data for purposes other than those initially intended.

In accordance with the GDPR, we collect your personal data lawfully and with your consent or under the terms of a contract between you and LYNRED, and/or to pursue legitimate LYNRED interests in safety and security and/or to comply with the legal obligations to which LYNRED is subject.

Therefore, the main purposes for which your personal data is collected include, but are not limited to, the following:

Opt-in:

• To process your application for employment or internships.

• To send you product information, either in response to a one-off request submitted using one of our contact forms, or in response to an email/newsletter subscription request submitted using one of our contact forms, or if you provided us with a business card at a trade show or other meeting.

• To send you marketing event information, either in response to a one-off request submitted using one of our contact forms, or in response to an email/newsletter subscription request submitted using one of our contact forms, or if you provided us with a business card at a trade show or other meeting.

• To respond to other requests submitted using one of our contact forms.

Contract-related:

• To manage our relationship with you using our CRM and to provide you with the products and/or services you request from us and, more broadly, to fulfil any contractual obligations between LYNRED and your organization that requires the personal information of parties to the execution and performance of the contract.

Legal requirements:

• To comply with our legal obligations, including, but not limited to, labor laws (such as if you were to be hired by LYNRED), and safety requirements.

• To perform an agreement in compliance with France’s anticorruption laws. Several years ago, LYNRED implemented ethics policies to ensure healthy, transparent relationships with its partners. Therefore, LYNRED agrees to audit its partners to ensure that they are acting with integrity, one of LYNRED’s core values. If LYNRED collects sensitive data (Article 9 of the GDPR) to meet its obligations under France’s anticorruption laws, and insofar as the data is critical to the aforementioned audits, LYNRED agrees to obtain your consent. LYNRED reserves the right not to sign a contract or to withdraw from an existing contract if the information required is not provided to LYNRED or if you withdraw your consent to this processing.

Legitimate LYNRED interests:

• To prevent and detect fraud, manage security incidents, and, more generally, ensure safety and security during your visits to our facilities.

• To run our website: When you simply use our website without sending any information via our online contact forms, your browsing preferences are collected by cookies (see “cookies”). This data is only processed for the purposes of tracking website traffic, compiling statistics, and improving the user experience on our website. This data is not used for any other purpose. If you do not consent to the collection of this data, simply ensure that the concerned cookies are not enabled on your browser. However, please be aware that cookies required for the website to run properly cannot be deleted. Also be aware that, depending on how you choose to manage cookies, the website and certain features on the website may not work as intended and may not meet your expectations.

• To manage any disputes.

In the event that your personal data is processed for other purposes not mentioned here, LYNRED undertakes to inform you before processing your data and, if required by law, to obtain your consent.

RECIPIENTS

Access to your personal data is strictly limited to persons designated and authorized by LYNRED and to competent organizations/companies in cases where processing requires the involvement of such a third party. In such cases, you will be informed of the identity of the recipients of your personal data prior to processing. In all cases, these third parties are, due to the nature of their business, entitled to receive your personal data for the purposes for which it was legally obtained. If necessary, your personal data may be disclosed to government institutions, agencies, or judicial or administrative authorities if they request us to disclose your personal data.

LYNRED does not transfer your personal data outside the European Economic Area or outside countries currently considered by the French data protection agency (CNIL) to have adequate data protection measures in place, unless the processing of your personal data or the law requires it. In such cases, LYNRED undertakes to inform you before your data is transferred.

If necessary for processing, your personal data may be transferred to third parties authorized by LYNRED to process your data. LYNRED requires these third parties, in their capacity as processors, to comply with the law and the GDPR clause included in our contracts with our processors. These subcontractors include technical service providers (data hosting, website service providers, etc.). We also require our subcontractors to provide us with sufficient guarantees regarding the security and confidentiality of the personal data we transfer to them. We also ensure that all our subcontractors take all necessary technical and organizational measures to guarantee the confidentiality, integrity, and security of your personal data. LYNRED undertakes not to disclose your personal data to subcontractors who have not provided these guarantees.

LYNRED will never sell your personal data. LYNRED also undertakes not to share or disclose your personal data in any way to third parties for commercial and/or marketing purposes without first obtaining your consent.

HOW LONG IS YOUR DATA STORED ?

In accordance with the recommendations of the French Data Protection Authority (CNIL), your personal data will only be kept for the period necessary to achieve the purposes for which it was collected.

Once these purposes have been achieved, your personal data will be temporarily archived to enable us to fulfill our legal, financial, and/or tax obligations, and/or for at least the applicable limitation period.

SECURITY MEASURES

LYNRED takes the protection of your personal data very seriously. That is why we have implemented a series of organizational and technical security measures to prevent:

• The unintended destruction or loss of your personal data.

• The disclosure of your personal data to persons who do not need access to your personal data to fulfil the purposes of processing.

• Leaks or breaches of your personal data and, more broadly, unauthorized access to or use of your personal data.

Organizational measures

We are committed to ensuring that your personal data is processed by our employees and by third parties who need access to it in order to achieve the purposes of the processing. Please note that these third parties are bound by non-disclosure agreements, either through their employment contracts or through other contracts in which we have included stringent requirements. We require these third parties to use your personal data solely for those purposes for which it was collected. Please be aware that your personal data may be disclosed to administrative or judicial authorities with whom LYNRED does not have a contractual relationship. These authorities have their own procedures for protecting your personal data.

To ensure that our employees understand the importance of protecting your personal data, we have implemented a program to raise their awareness of how your personal data should be used. Our objective is for all our employees to understand their responsibilities in protecting your personal data.

Technical measures

Unless explicitly stated otherwise, and with the exception of data directly collected and processed by our US subsidiary LYNRED-US, all information systems used by LYNRED are hosted on European soil and managed by European service providers. All necessary measures, whether physical or IT-related, are implemented to ensure the adequate protection of your personal data. These measures may vary depending on the platform and the information concerned. For example, sensitive data is encrypted for storage or transfer over the Internet.

COOKIES

Our website uses cookies to measure traffic and generate statistics in order to improve your browsing experience. These cookies are not used for any other purpose and do not contain viruses or malware.

We use the following types of cookies:

Cookies necessary to the operation of the website

These cookies enable the features necessary for the website to function and do not collect any personal data for commercial or marketing purposes. These cookies cannot be disabled. We use the following cookies for these purposes:

• CookieConsent: The data collected by these cookies is automatically deleted one year after it is collected.

Marketing cookies

These cookies are used to monitor traffic on our website in order to display advertisements tailored to users. We use two types of cookies for this purpose:

• NID, which collects data to identify the device you are using so that targeted ads can be displayed. The data collected is deleted six months after your last visit to the website.

• Rc ::c, which distinguishes human users from robots. The data collected is immediately deleted when you leave the website.

YOUR RIGHTS

At LYNRED, it is important that you are able to exercise your rights regarding the protection of your personal data. Given our commitments to data security, you must provide proof of your identity to exercise your rights. You will only be given access to personal data that concerns you directly and individually. Therefore, each time you exercise your rights, we will ask you to provide a valid ID. Furthermore, we reserve the right to complete any other legitimate and reasonable verification to confirm your identity. We reserve the right to decline your request if you do not provide the proof of identity we request, and we cannot be held liable for doing so.

You have the following rights under France’s data protection law and the GDPR:

The right to access

You have the right to contact us to obtain a variety of information including whether or not we process data that concerns you. If so, you have the right to be informed of the purposes of processing that concerns you, the categories of personal data processed, the recipients of the data (as long as informing you does not violate the recipients’ rights), etc.

When you exercise this right, we provide you with a copy of your personal data that is processed. We reserve the right to invoice you for additional copies of your data in the event of unfounded or nuisance requests.

The right to rectify

You have the right to contact us to complete, correct, or update personal data concerning you and kept by us if this data is incorrect.

The right to object to processing

You have the right to ask us to cease processing of personal data concerning you at any time; if your specific situation so requires, we are committed to fulfilling your request as quickly as possible.

Nevertheless, please be aware that we can refuse your request and that it is legal for us to do so:

• If LYNRED has legitimate and compelling concerns that take precedence over your rights and freedoms.

• For the purposes of legal proceedings (to ascertain, exercise, or defend a party’s rights in a court of law).

You have the right to object to the use of your personal data for sales and marketing campaigns at any time; you do not need to provide a reason for your request. To exercise your right, simply click the “unsubscribe” link included in our newsletters and emailers or contact the person who initiated the newsletter or mailer.

The right to restrict processing

You have the right to restrict the processing of your personal data that may be in our possession in the following cases:

• If you dispute the accuracy of your personal data, we agree to restrict the use of your personal data during the time necessary for LYNRED to verify the accuracy of your personal data.

• If processing is discovered to be illegal, but you have expressly requested that we do not delete your personal data.

• If you have objected to the processing of your personal data (see above). In such cases, we will restrict the processing of your personal data during the time necessary for LYNRED to verify whether or not LYNRED’s legitimate reasons for processing the data take precedence over your rights and freedoms.

• If your personal data is no longer necessary for processing, but if it remains necessary for the ascertainment, exercise, or defense of a party’s rights in a court of law.

The restriction of processing can result in moving your personal data to another database so that it cannot be accessed by certain users, for example.

The right of erasure

In certain circumstances, you have the right to ask us to delete in a timely manner any personal data concerning you in our possession.

You may exercise this right if:

• You withdraw your consent to processing, only if the processing in question was initiated on the sole basis of your consent. (In other words, if there is no other legal basis for the processing in question).

• If you have objected to processing and if we do not have any compelling and legitimate interests that take precedence over your right and freedom to object to the processing of your personal data.

• If you have objected to the processing of your personal data for sales and marketing purposes (see above).

• If the processing in question is illegal

• If a national legal obligation and/or a European regulatory obligation requires the controller to delete your personal data.

Please be aware that we can refuse to delete your personal data if we are subject to legal obligations that require the concerned processing, or if we need your personal data to ascertain, exercise, or defend a party’s rights in a court of law.

The right to data portability

You can ask us to provide you with a copy of the personal data you provided to us in a structured, commonly-used format that can be read by a machine, subject to all of the following conditions being met:

• The processing of your personal data is carried out on the basis of your consent or a contract.

AND

• Processing is carried out using automated processes.

Your exercising this right must not infringe upon your right of erasure, subject to the conditions for the right of erasure being met.

HOW TO EXERCISE YOUR RIGHTS ?

The law allows you to exercise all of the above rights by contacting us by email at privacy@LYNRED.com and/or by post at the following adress : LYNRED, Legal Department, 364 Route de Valence, Actipole - CS 10027, 38113 Veurey-Voroize, France.

To help us process your request as efficiently as possible, please indicate the nature of your request as clearly as possible. And, to help us fulfil your request in a timely manner, we ask that you provide proof of your identity immediately.

If you believe that LYNRED is not complying with its legal or regulatory obligations regarding the protection of your personal data and, in particular, your rights and/or the security and protection of your personal data, you have the right to file a complaint with the French data protection authority (CNIL), which is empowered to investigate breaches of personal data protection.