UVI – Privacy Policy for users, third parties and candidates

As from 13 Dec. 2021

UVI takes your right to privacy very seriously. This Privacy Policy is intended to give you an understanding of how and why we collect and use your personal data:
- On UVI’s website (www.uvi.net) while you are browsing;
- And/or in the context of our commercial relationship if you are a user of the products and services offered by our company;
- And/or in the context of our relationship if you are or represent a third party (prospect, partner, supplier, member of an administrative or judicial authority, journalist, etc.);
- When you apply for a position in our company.

If you are required to make our company the recipient of information concerning people other than yourself (for example, other people working for the company you represent, prospects, etc.), you guarantee that you have ensured:
- to send us only information that is strictly essential for what leads you to communicate it to us;
- to ensure that these people are well informed and have not objected to it, or even, when consent is required by law, to guarantee that you have obtained such consent;
- and to provide them with a copy of this Privacy Policy, where the use of the term "you" applies to both you and the persons in question..

Who has access to your personal data?

Your personal data is processed by the company UVI, whose head office is located at 159 rue Amelot, 75011 Paris – France, which is the data controller.

We take great care in handling your personal data and we never sell your data.

However, your data may be made accessible to our payment service providers who use it under their own responsibility for the purposes of transactions, as well as to agents for the purposes of managing a dispute or a file (lawyers, bailiffs, etc.).

In addition, our service providers acting on our behalf and under our instructions ("processors" within the meaning of the regulation) may need to access to all or part of your personal data. Only the personal data necessary for the performance of their services will be made accessible to them.
Some of these service providers need to transfer some of your personal data to the United States, in the case of Paypal, this is done through the implementation of binding corporate rules validated by European protection authorities, accessible at: https://www.paypal.com/fr/webapps/mpp/ua/bcr?locale.x=fr_FR, or for the other service providers, by contractual clauses ensuring data protection safeguards.

You can obtain communication of these clauses upon request to the contact details mentioned in Article 5 below. Your data may also be made accessible to our outsourced support located in Japan, a country recognised by the European Commission as having an adequate level of personal data protection (decision of 23 January 2019).

In addition, if required by the laws or regulations to which our company is subject, certain data may be transmitted to the competent judicial or administrative authorities.

Finally, as our business is constantly evolving, we may have to sell all or part of our assets. In such cases, your data may be transferred to anyone involved in the preparation and execution of the operation, and your data may then be included in the assets sold..

What is the nature of the personal data we collect and use?

We only collect and use the personal data necessary for the purposes set out below, namely:

- When you browse our website: your browsing data (IP address, time and duration of your visit, operating system, browser and pages viewed);
- If you use our products and services: data relating to your identity, your contact details and your payments made and amounts due, identifiers for access to our products and services, your language preferences, your usage history of our products and services, when you register a product through our website, data relating to said product and the serial number used, where applicable, your answers to questions we may ask you;
- If you are or represent a third party: any data communicated to us during our exchanges, which will generally include your identity, the elements relating to the subject of our exchanges, as well as, where applicable, your contact details;
- If you send us an application for a position within our company: any information you provide us with, in particular data relating to your identity (surname, first name, address, photograph, date and place of birth, etc.), your contact details (telephone number, email address), your professional life (training, professional experience, diplomas, distinctions, skills, etc.), as well as any information resulting from the examination of your application (suitability of your profile for the position, dates and results possible interviews ...)..

How your personal data is processed, for how long time, and on what legal grounds?

The purposes for which your personal data will be processed depend on your situation. They are summarized in the table below, but not all purposes will necessarily apply to your situation.

Purposes

Lawfulness of processing

Retention period

Follow-up and management of your information requests or contacts

Execution of pre-contractual or contractual measures taken at your request (request of information on our services…) or, if your requests are made on behalf of a company, our legitimate business interest in responding to the requests 

3 years after the end of our commercial relationship, or if not applicable 3 years after our last contact 



Customer relationships management and loyalty (surveys, contests…)

Our business legitimate interest to developp our activities 

Development of statistics and marketing analysis, continuous improvement of our knowledge and services

Improving knowledge of customers and their needs

IT security management

Our legitimate interest in ensuring our safety and the safety of our products and services

Sending newsletters and other information about our company and our activities

Consent (for non-customers). Our legitimate business interest

15 days maximum after your request to unsubscribe

Management of our relationships in the context of the provision of our services to which you or the organisation you represent have subscribed (execution and monitoring of our services, control of access to our services, invoicing, assistance, after-sales service, management of unpaid bills, collection)

Performance of a contract between you and our company or, if the contract was entered into by a company, our legitimate interest in performing a contract to which a third party (the organisation you represent) is a party

1 year after the termination of the contract 

Management of our relationships with third parties (administration, journalists, etc.)

Our legitimate interest (carrying our activities and managing our relationship with third parties)

1 year after our last contact 

Management of our relationships with our suppliers and service providers, invoicing, management of unpaid debts and collection

Our legitimate business interest

1 year after the termination of the contract

Keeping the general accounts and any auxilliary accounts that may be attached to them  

Our legal obligations and legitimate business interest

1 year after the end of the financial year

Managing your application if you apply

Execution of pre-contractual measures taken at your request

2 years after the end of the recruitment process unless you have objected to your application being kept in our applicant pool or you have been recruited


Creation of a pool of applications which, although rejected at a given time, are likely to correspond to a future need.


Legitimate interest (improving recruitment)

Production of recruitment statistics

1 year after the end of the recruitment process unless you object

Management of litigation 

Our legitimate interest in ensuring the defence of legal rights

For the duration of the proceedings (until the expiry of the procedures)

Compliance with legal, accounting and tax obligations, including data retention

Compliance with our legal obligations

For the period of retention required by the applicable legislation

Management of the exercising of your rights on your personal data

Compliance with our legal obligations

6 months after our last contact


At the end of these periods, the data will, if necessary, be archived for a period not exceeding the statutory limitation periods or applicable archiving obligations or for the duration of proceedings in the case of litigation. Once these periods expire, the data will be destroyed..

How is the security of your data ensured?

We have implemented organisational and technical measures to effectively secure the data we receive from you. Our employees are trained and committed to respecting the confidentiality of the data.

To protect your personal data sent to our servers, we use Secure Sockets Layer (SSL) software, which encrypts all information you transmit to us.

We would like to stress the importance of protecting yourself from unauthorised access to your password and computer. If you share your computer with others (especially computers in public places such as Internet cafes or libraries), make sure you log out after each session.

Despite these actions, unauthorised access to your data by third parties is not 100% guaranteed. Therefore, we would like to point out that every transmission of data over the Internet is at your own risk..

What are your rights and how can you exercise them?

You may exercise at any time the various rights provided for by the regulation in force: right of access, rectification of erroneous data concerning you, and, in the cases and within the limits provided for by the regulation, opposition, erasure of some of your personal data, to limit their use or to request their portability with a view to their transmission to a third party, but also to define the fate of your data after your death.

To exercise your rights, simply write to support.uvi.net and attach, if necessary, any document proving your identity and the validity of your request.

You are reminded that we may, in accordance with the regulation, refuse to grant certain requests concerning some of these rights (in particular the right of erasure), for legitimate reasons such as the need to defend legal rights or the requirements of a legal obligation to retain certain data.

In the event of unresolved difficulties, you may refer the matter to the French National Commission for Information Technology and Civil Liberties (CNIL).