Version in force on 31, January 2024
ABBELIGHT, a simplified joint stock company with capital of €60.065.30, registered with the Créteil Trade and Companies Register under number 819 252 701, whose registered office is located at 191 avenue Aristide Briand, 94230 CACHAN (hereinafter “ABBELIGHT“), pays particular attention to the protection of personal data and undertakes, within the framework of this privacy policy (hereinafter the “Privacy Policy“), to protect them in accordance with the applicable regulations and in particular the Regulation ( EU) No. 2016/679 of April 27, 2016 known as the “General Data Protection Regulation” or “GDPR” and French Law No. 78-17 of January 6, 1978 as amended, known as the “Loi Informatique et Libertés” as amended (the “Regulations applicable to the protection of Personal Data”).
ABBELIGHT publishes a site offering information on itself and its activity (the “Corporate Site”) available at the www.abbelight.com address, as well as an e-shop offering for sale chemical products intended for use in laboratories (the “E-Shop”) available at the www.abbelight.com/shop address (hereinafter together the “Sites“). The purpose of the Sites may involve an exchange of data, including personal data (the “Personal Data“) between users of the Sites (the “Data Subjects“), and ABBELIGHT.
The processing of Personal Data thus implemented through the Sites is operated by ABBELIGHT, in its capacity as data controller, within the meaning of the Regulations applicable to the protection of Personal Data. As a result, ABBELIGHT undertakes to always comply with legal and regulatory requirements, and to only process Personal Data under the conditions set out below.
ARTICLE 1. MAP OF PERSONAL DATA PROCESSING
ABBELIGHT processes the following Personal Data of Data Subjects:
| Concerned person | Purpose | Legal basis | Categories of data processed | Data retention period |
|---|---|---|---|---|
| Data Subjects | Communication of ABBELIGHT with the Data Subject requesting information by any means made available on the Sites (contact form, contact email, contact telephone, etc.) | Consent and legitimate interest of ABBELIGHT | Full name E-mail address Phone number Entity on behalf of which it acts (together the ‘Identifying Data”) Connection logs IP address Any information that will be communicated by the Data Subject when making contact |
A period of three (3) years |
| Data Subjects | Sending newsletters | Consent | E-mail address | A period of three (3) years from the last contact with the Data Subject, unless the Data Subject unsubscribes from the newsletter |
| Data Subjects | Events registration | Consent | Full name Company/Institute/Lab Email address |
A period of three (3) years |
| E-Shop Users wishing to create / use their account | Enabling the opening of an account, as well as access to the eshop; ensuring the smooth operation of the account and the services provided | Performance of the contractual relationship | Full name E-mail address User name Phone number Billing address Shipping address Entity on behalf of which it acts |
The entire duration during which the User has an account on the E-shop |
| E-Shop Users wishing to place an order | Manage orders placed via the account and the delivery of products ordered by the user | Performance of the contractual relationship | Full name E-mail address Phone number Employer Entity on behalf of which it acts Billing address Shipping address The bank details required for payment of the order are not processed by ABBELIGHT but by STRIPE and PAYPAL in accordance with the terms of the GTC. |
The entire duration during which the User has an account on the E-shop |
| Data Subjects | Improved performance and functionality of the Site | Legitimate interest of ABBELIGHT | Statistical usage data (cookies) IP address Connection logs |
For the entire duration during which the Data Subject is active on the Sites |
| Data Subjects | Litigation management | Legitimate interest of ABBELIGHT | Any Personal Data provided by Data Subject during other processes | For the entire duration during which the Data Subject is active on the Sites/ has an account on the E-shop |
| Data Subjects | Prevention and detection of fraud, malware, and management of security incidents | Legitimate interest of ABBELIGHT and legal obligation | Any Personal Data provided by Data Subject during other processes | In case of suspicion of fraud, prevention/ detection processing is started, with check and transfer if necessary |
| Data Subjects | Hosting of the Sites | Performance of the TOU | All Personal Data | For the entire duration during which the Data Subject is active on the Sites/ has an account on the E-shop |
The mandatory or optional nature of the entry of Personal Data is specified during collection, by an asterisk affixed next to the mandatory data. The mandatory communication of certain Personal Data is necessary for ABBELIGHT to implement the purposes specified above. The optional data allow ABBELIGHT to better know the Data Subject in order to provide them with services more suited to their needs.
ARTICLE 2. DURATION OF PERSONAL DATA RETENTION
The Personal Data of the Data Subjecst collected during their use of the Sites is kept for the durations specified in the schedule above.
Beyond the aforementioned Data retention period, the Personal Data is archived by ABBELIGHT, in a secure environment, for the legal period of limitation for evidentiary purposes, for the establishment, exercise or defense of a legal right.
ARTICLE 3. PERSONAL DATA RECIPIENTS
Unless there is a legal or judicial obligation requiring it to do so, ABBELIGHT will never disclose, assign, rent or transmit the Personal Data it processes to third parties.
Notwithstanding the foregoing, the Data Subject is informed that ABBELIGHT uses third-party services to provide part of the operational management of the Sites. For the purposes of performing their tasks, these third parties may be recipients of the Personal Data:
ABBELIGHT’s employees, for the purposes of carrying out the tasks entrusted to them by ABBELIGHT as part of the operational management of the Sites;
The following service providers, which act as “subcontractors“ of ABBELIGHT within the meaning of the Regulations applicable to the protection of Personal Data, on the instructions of ABBELIGHT, which only communicates to it the data strictly necessary for the performance of its missions, under the contractual conditions signed with ABBELIGHT which comply with the Regulations applicable to the protection of Personal Data:
The hosting provider of the Site and its databases, the company WP ENGINE, its datacenters being located in the United Kingdom, for the purposes of performing technical hosting and database management services data. For any additional information on the processing of Personal Data operated by WP ENGINE, the Data Subject may read its privacy policy at the following address: https://wpengine.com/legal/privacy/ .
The company BREVO for sending newsletters; The carrier delivering the products and ABBELIGHT’s financial partners managing the payment of orders, when the user places an order on the Eshop.
Third-party cookies publishers, under the conditions set out below.
ARTICLE 4. SECURITY MEASURES
ABBELIGHT undertakes to make its best efforts to:
Ensure the physical and logical security of the servers on which the Sites are hosted and, in particular, the integrity of the network and servers against any external malicious act or any known computer attack. The servers are protected against intrusions by a firewall. Security updates for operating systems and anti-virus software are installed regularly;
To implement and maintain security and confidentiality measures for the Sites, which take into account the principles of Personal Data protection, and are adapted to the risk generated by their processing on the rights and freedoms of the persons concerned, in accordance with the requirements of the Regulations applicable to the protection of Personal Data. These measures aim to (i) protect the data – and in particular the Personal Data – against destruction, loss, alteration and disclosure to unauthorized third parties and (ii) ensure that the availability of the data – and in particular the Personal Data – is re-established and that access to it is possible within an appropriate timeframe in the event of a physical or technical incident. ABBELIGHT also implements a procedure to regularly test, analyze and evaluate the effectiveness of the aforementioned security measures.
In the event of server failure, ABBELIGHT will make its best efforts to restore the service as quickly as possible, within the limits of the service level commitments made by the hosting provider.
ARTICLE 5. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EUROPEAN UNION
Some ABBELIGHT partners and/or service providers mentioned in article 3 above are part of groups of companies whose holding entity is located outside the European Union. As a result, the Personal Data of Data Subjects may be transferred to third countries. The Data Subject is informed that these companies may be subject to legal, governmental, or judicial obligations to disclose data, including Personal Data, regardless of where such data is hosted.
ABBELIGHT always ensures that any such transfers are made under appropriate conditions of security and confidentiality to guarantee a level of protection of the Personal Data of Data Subjects equivalent to the level required within the European Union, in accordance with the Regulations applicable to the protection of Personal Data, where applicable by concluding with them the standard contractual clauses adopted by the European Commission.
ARTICLE 6. RIGHTS OF DATA SUBJECTS ON THEIR PERSONAL DATA
Data Subjects always have the following rights over their Personal Data:
Right of access: have confirmation of the processing of their Personal Data as well as a certain amount of information on the processing, such information being in any case given in this privacy policy.
Right of rectification: have their Personal Data rectified when they are inaccurate or incomplete.
Right to erasure, also called “right to be forgotten”: have their Personal Data erased when they are no longer necessary regarding the purposes for which they were collected or when the Data Subject objects to the processing of their Personal Data.
Right to limitation of processing: have the processing of their Personal Data limited if the Data Subject disputes the accuracy of the data, if the Personal Data retention period has expired but the Data Subject still needs to keep this Personal Data for the establishment, exercise, or defense of a legal right, or if the Data Subject has opposed the processing.
Right to portability: have the Personal Data that the Data Subject has communicated to ABBELIGHT transferred to it in a readable format or ask ABBELIGHT to transfer the Personal Data that the Data Subject has communicated to another data controller.
Right of opposition: have the ability to object at any time, for reasons relating to their personal situation, to the processing of their Personal Data, in particular in the case where this opposition concerns commercial prospecting, including profiling.
Withdrawal of consent: withdraw their consent to the future processing of their Personal Data by ABBELIGHT, when the processing is based on consent.
Right to lodge a complaint: lodge a complaint with the “Commission nationale de l’informatique et des libertés” (“CNIL”) if the Data Subject considers that the processing carried out by ABBELIGHT constitutes a violation of their Personal Data. The CNIL services can be contacted via an online form available here: https://www.cnil.fr/fr/webform/nous-contacter
Data Subjects’ rights to their Personal Data may be exercised at any time with ABBELIGHT by email at the following address: privacy@abbelight.com. Some of these rights may also be exercised via the Data Subject’s account on the E-shop.
ARTICLE 7. HYPERTEXT LINKS
The Sites may contain hypertext links to third-party sites. ABBELIGHT has no control over the content of third-party sites referenced by hypertext links. These sites are published by third-party companies independent of ABBELIGHT. ABBELIGHT can therefore not undertake any responsibility for the content, advertising, services or any other information or data available on or from these sites. Consequently, the Data Subject acknowledges being solely responsible for the access and use of these sites. ABBELIGHT cannot be held responsible for any proven or alleged damage or loss resulting from or in connection with the use or the fact of having trusted the content, goods, or services available on these sites.
ARTICLE 8. MANAGEMENT OF COOKIES
ABBELIGHT uses cookies for the proper functioning of the Sites and to monitor and analyze traffic on it. A “cookie” is a small data file sent to the Data Subject’s browser by a web server and stored on the hard drive of its computer or other computer medium. They do not in any way risk damaging the said support.
The information collected through cookies is solely and strictly intended for ABBELIGHT, in compliance with the Regulations applicable to the protection of Personal Data. Cookies from third-party publishers (Google, Facebook, Twitter) allow these publishers to access the information collected through their cookies, according to the methods specified in the table below.
Personal Data processed through cookies is kept by ABBELIGHT for the lifetime of the corresponding cookies and, in any event, for a maximum of thirteen (13) months, beyond which the consent of the Data Subject is requested again.
ABBELIGHT uses the following cookies:
