Personal data protection policy on sophim.com website

When using this website (https://www.sophim.com/), you have the option of submitting personal data via data collection forms. The purpose of this “Privacy Policy” is to inform you about how your data is processed when you use these forms.

Who is responsible for processing my data?

Personal data transmitted via the forms on this site are processed by SOPHIM, registered with the Trade and Companies Register under SIRET no. 33802624800033 (hereinafter “SOPHIM”) in its capacity as data controller.
For what purposes and on what legal grounds is my data processed?
This data is processed on the basis of SOPHIM’s legitimate interests for the purpose of responding to your contact request. This data may also be processed, if you are a professional, for the purpose of promoting the products and services of the data controller (by e-mail, post or telephone). You may object to these promotional operations each time you receive an e-mail from SOPHIM (via an unsubscribe link included in each e-mail sent for this purpose) and/or by writing to the contact details given below.

How long is my data processed?

Requests sent through forms are kept :
– 1 year after your request is sent, when processed for the purpose of responding to your contact request;
– 3 years after your last contact when processed for the purpose of promoting SOPHIM’s products and services.
In certain exceptional situations, your data may be kept for longer than these periods (non-exhaustive list: in the context of litigation, when ordinary and extraordinary remedies are no longer available against the decision rendered; for the purposes of compliance with certain legal obligations incumbent on SOPHIM; at the request of a legal authority, etc.).

To whom may my data be transmitted? Where is it processed?

When your request concerns the distribution of products marketed by SOPHIM in countries other than France and Spain, you are informed that your professional data will be transmitted by SOPHIM to its partner distributor in charge of distributing SOPHIM products in the country concerned by your request.

To carry out its activities, SOPHIM relies on products and services provided by specialized service providers (software publishers, data hosts, e-mail routers, specialized consultants, etc.). In order to protect your personal data, SOPHIM only uses subcontractors who offer robust guarantees of security and compliance. A legal document systematically governs the relationship between SOPHIM and its subcontractors.
Personal data transmitted via forms may be transferred to these subcontractors, acting solely on documented instructions from SOPHIM, and may only be processed by its subcontractors within this framework. In this case, your data may be transferred outside the European Union, and in particular to the United States under the Data Privacy Framework and/or the implementation of appropriate safeguards (including the signing of standard contractual clauses adopted by a supervisory authority or the European Commission) and/or under an adequacy decision of the European Commission to a country ensuring an adequate level of protection.

What are my rights? How can I exercise them?

Pursuant to regulatory provisions, you have the following rights with respect to your personal data:
– A right of access to your personal data (the right to obtain from SOPHIM confirmation as to whether or not personal data concerning you is processed by us, information concerning the processing carried out, and access to said personal data);
– The right to rectify any inaccurate personal data;
– A right to erasure of your personal data. This right is conditional on certain grounds detailed within Article 17 of the RGPD ;
– A right to the limitation of your personal data. This right is conditional on certain grounds detailed within Article 18 of the RGPD ;
– A right to the portability of your personal data (the right to receive personal data concerning you and/or that you have provided to SOPHIM in a structured, commonly used and machine-readable format). This right is subject to certain requirements detailed within Article 20 of the RGPD;
– A right to object to the processing implemented. This right is subject to certain requirements detailed within Article 21 of the RGPD ;
– A right to define the fate of your data after your death and to choose whether or not SOPHIM communicates your data to a third party designated by you.

Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) regarding the processing of your personal data. We encourage you to contact SOPHIM before lodging a complaint so that we can respond to your requests and expectations.

To exercise your rights, you can send a free request to the following address:
– by e-mail to the following address: dpo@sophim.com; or
– by post to the following address SOPHIM – Délégué à la Protection des Données – Rue Pierre-Gilles de Gennes, 04310 Peyruis – FRANCE
You are further informed, in accordance with Article 13-1, b) of the RGPD, that the entity My external DPO is appointed as Data Protection Delegate (“DPO”) to the Commission Nationale de l’Informatique et des Libertés, on behalf of the entity SOPHIM. You can contact the DPO directly using the contact form provided on his website.