Privacy Policy
Personal Data Protection
Last Updated: September 14, 2023
This Privacy Policy - Personal Data Protection ("Policy") is intended to inform any individual browsing the website of the company https://www.exponensia.com/ ("Site") on how it collects and uses Data in accordance with the French law n°78-17 of January 6, 1978, as amended, relating to information technology, data files, and civil liberties, and the European Regulation n°2016/679.
We encourage Users to regularly consult this Policy, as it may be modified, supplemented, or unilaterally updated by the Company to reflect its latest developments without prior notice.
Definitions:
"Company": refers to the company EXPONENSIA LLC, with its registered office at 224 W 35th St Ste 500, 554, New York, NY 10001, USA registered under number 7458290.
"Site": refers to the website accessible via https://www.exponensia.com/ allowing users to access the services offered by the Company, as well as conferences, newsletters, and a reserved area for clients, all provided by the Company.
"Data": refers to any information about an identified or identifiable natural person ("data subject") directly or indirectly, especially by reference to an element (name, identification number, location data, online identifier...) or one or more elements enabling their identification.
"Processing": refers to any operation involving Data (collection, recording, organization, storage, adaptation, dissemination, erasure...).
"Users": refers to any person affected by the Processing carried out on the Site (users, prospects, clients...).
Who is the Data Controller?
Subscribing to the training, services, and/or access offered by the Company via the Site involves the Processing of personal data, which you accept.
A "Data Controller" is the one who, alone or jointly with others, determines the purposes and means of Processing.
The Company is the Data Controller and, concerned about the confidentiality and security of your personal data, commits to complying with this Policy and only collects relevant and necessary data for the intended purpose.
What Data is Processed?
The Site presents the activities of our Company and various forms (contact, newsletter subscription, etc.). By completing the forms and communicating with us via the Site, you provide us with the following categories of information:
| Identification Data | Gender/sex, name, first name, and optionally, we may ask for your date of birth to offer birthday offers. |
| Contact and Correspondence Data | Postal address, phone number, email address. |
| Connection Data | Connection and usage logs, IP address, date and time of connection, connection duration, etc. |
| Payment and Transaction Data | Payment method and history, transaction date, amount, order number, billing data. |
| Commercial Data | Pre-sales appointments, training, and services you benefit from, transaction number, pre-contractual exchanges related to the order. |
| Content Data | Sound, image, video, folder names stored by videographers during weeks, coaching, etc. |
| Customer Account Data | Username and password, account settings, use of account features, information on content viewing, time spent on content, downloaded files, comments, questions, and published reviews, etc. |
| Organization and Monitoring Data | Information about coaching organization (time slots, cancellations, etc.), progress indicators, data, surveys, evaluations, reports. |
| Commercial Solicitation | Management based on your choice to receive or not our commercial offers and those of our partners using the contact information provided, data necessary for loyalty actions, prospecting, and surveys |
| Customer Relations | Your feedback about us (through social media, customer satisfaction surveys, product testing) and management of customer complaints and disputes. |
| Website Usage | Cookie choices, navigation tracking, location data. |
For What Purposes are the Data Processed?
The Company collects your personal data after obtaining your consent when necessary, for specific, explicit, and legitimate purposes described below:
| Purposes | Personal Data | Legal Basis |
|---|---|---|
| Management of the relationship with prospects | Identification and contact: name, first name, phone number, email address, and postal address, commercial solicitation | Legitimate interest (presentation of services, processing and follow-up of requests, prospecting management, management of requests to exercise rights) |
| Provision of Training and Services (order-related) | Order information, identification and contact: name, first name, phone number, email address, and postal address | Contractual performance |
| Billing and payment collections | Identification and contact: name, first name, phone number, email address, postal address, financial data | Contractual performance Compliance with a legal obligation |
| Commercial contact | Identification and contact: name, first name, phone number, email address | Consent Legitimate interest (contacting the client following their appointment request) |
| Customer account management (registration and access) | Identification and contact: name, first name, phone number, postal address, email address, password Connection data: IP address, browser data | Legitimate interest (maintaining and updating the customer file, administering the Sites) |
| Handling complaints | Identification: name, first name, customer number | Legitimate interest (responding to customer needs and adapting our training and services) |
| Publication of reviews | Identification and contact: name, first name, activity, ordered training or services | Legitimate interest (obtaining customer feedback on their experience with us) |
| Customer service and commercial relationship (studies, statistics, satisfaction surveys, reviews, improvement of training and services) | Identification and contact: name, first name, email address, phone number Commercial data (ordered training and services) | Contractual performance Legitimate interest (defining the type of customers and their interests in training and services, developing the Site and our business based on customer needs) User consent |
| Promotion and commercial communication | Identification and contact: name, first name, phone number, email address, and postal address Commercial data (ordered training and services) | User consent |
| Website navigation (including cookies) | Identification and contact: name, first name, phone number, email address, postal address Connection data: IP address, browser data Location data | Legitimate interest (Site management, maximizing use, and securing the Sites and the network) |
| Management of requests to exercise rights | Identification and contact: name, first name, phone number, email address, and postal address Commercial data (ordered training and services) | Compliance with a legal obligation |
What is the Data Retention Period?
The Company retains your personal data and collected information only for the duration necessary to achieve the purposes mentioned above or to allow us to meet our legal obligations.
| Data Concerned | Retention Period |
|---|---|
| Data processed for commercial prospecting purposes | 3 years from the date of data collection or the last known action of the prospect |
| Data for order processing and management of commercial relationships | 3 years from the customer's last known action or, if applicable, the end of the contractual relationship. Accounting documents: 10 years from the end of the fiscal year |
| Service contracts with a value less than €120.00 | 5 years from the conclusion of the contract. |
| Service contracts with a value exceeding €120.00 | 10 years from the delivery date or the provision of the service |
| Banking details | 13 months for immediate debit payment cards and 15 months for deferred debit payment cards from the debit date |
Once the retention or archiving period necessary to achieve the specified purposes has expired, our company has implemented a procedure for the effective deletion of the Data.
In any case, Data subject to Processing is not retained for longer than necessary to fulfill the obligations stipulated at the time of contract conclusion or obligations stipulated by applicable law. Moreover, they may be anonymized and stored for statistical purposes, especially in aggregated form.
Likewise, we archive information that justifies the execution of our contractual obligations until the expiration of the statute of limitations or performance period applicable to the claim to adequately defend our interests in case of a dispute. This applies in particular but not exclusively to deadlines provided by commercial, civil, and consumer law.
Are the Data Secure?
We use physical and logistical security measures and employ appropriate technical and organizational security measures to limit the risks of accidental, unauthorized, or unlawful access, disclosure, alteration, loss, or destruction of your personal data. We are committed to taking appropriate measures.
We invite you to exercise caution in deciding what personal data related to your private life or sensitive data you choose to make public through your reviews, comments, and positions of any kind on the Site, social media, or in groups and/or conversations with other Site users.
In the event of an incident that exposes your data to a risk of alteration, loss, or unauthorized access, we commit to:
- Investigate the causes of the incident.
- Take necessary measures to limit the negative effects and potential harm resulting from the incident.
- Notify the competent authority and/or affected individuals as soon as possible if it is a legal requirement.
In no case can the commitments defined above be construed as an acknowledgment of fault or responsibility for the occurrence of this incident.
Who are the Recipients of the Data?
The processed data is intended for the Company and authorized individuals within the company who need it for their mission.
The company may share your personal data with its service providers and partners for the provision of training or services, conducting business analysis, processing payments, providing customer service, or marketing. Your personal data may also be collected by service providers for the execution of Site functionalities or as necessary in the performance of their mission. They are not authorized to share or use the data for any purpose other than that defined above.
The data processed may, within the framework provided by applicable regulations, be transmitted to the competent authorities for compliance with legal obligations. They may also be shared if we deem it necessary and at our sole discretion to investigate, prevent, or initiate legal proceedings, defend our rights, respond to a complaint or summons, or comply with subpoenas, orders, or other legitimate and enforceable legal procedures.
Personal data collected may be processed outside the European Union. In this case, the Company takes the necessary measures with its subcontractors and partners to ensure an adequate level of protection for your personal data in compliance with applicable regulations.
We may publish, disclose, and use aggregated information (information about Site users, prospects, clients...) that we combine so that no individual can be identified individually. This processing is based on our legitimate interest for statistical purposes, sector and market analysis, presentation of our activities, promotional and advertising purposes, and other commercial purposes.
What are Your Rights?
The Company has implemented technical and organizational measures to protect the integrity, availability, and confidentiality of your personal data appropriately according to their nature, processing, and accessibility.
You have several rights over your personal data:
Right of access: This right allows you to obtain a copy of the personal data we hold about you and to know the Processing carried out on them.
Right to rectification: This right allows you to update, modify, or correct your personal data.
Right to object: This right allows you to object at any time for reasons relating to your particular situation to the Processing by the Company of your personal data, particularly for commercial prospecting purposes.
Right to erasure: This right allows you to request the deletion of all or part of your personal data (does not apply to data whose retention is required by law).
Right to restriction: This right allows you to temporarily limit the Processing of your personal data if you contest their accuracy, the lawfulness of the Processing of this data, or if this data is still necessary for the establishment, exercise, or defense of legal rights.
Right to data portability: This right allows you to obtain a copy of your personal data in a technically usable format for yourself or another entity than the Company.
How to Exercise Your Rights?
You can exercise your rights at any time by contacting the Company's customer service at the email address: contact@exponensia.com. Any request to exercise your rights must be accompanied by elements justifying your identity (name, first name, email address, customer number, etc.).
You also have the possibility to file a complaint directly with the National Commission for Information Technology and Civil Liberties (CNIL) by visiting the website https://www.cnil.fr/.
In the event of a request to exercise your rights, we reserve the right to specify the request and to ask you to justify your identity (retention period of 1 year for the exercise of the right to rectification and access, and 3 years for the exercise of the right to object).
And Social Media?
The Company may contact you or respond to your requests/questions directly via social media if you contact us through this channel. In this case, the use of social media will involve the Processing of personal data by the providers of these networks (see their privacy policy).
The information you provide about yourself may be enriched for commercial purposes, customer acquisition, communication, advertising, or marketing through other sources such as social media. This includes information considered "public" or accessible to page or group administrators. The legal basis for this processing is our legitimate interest as a commercial entity.