privacy policy

Users are informed that personal data concerning them may be collected by HOLDING GALAXITY (hereinafter the “Company”) when they browse the www.xefi.com website (hereinafter the “Website”).

This confidentiality policy defines and informs users of the manner in which the Company uses and protects the information transmitted, where applicable, when they use the Site.

 Users are informed that the Company takes great care to respect the privacy of users and their personal data.

 In this respect, the Company undertakes to comply scrupulously with the applicable laws and regulations in accordance with the texts of Act no. 78-17 of 6 January 1978, as amended, relating to information technology, files and freedoms (hereinafter the “Data Protection Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “RGPD“).

 In the course of its business and to monitor user behaviour on the Site, the Company collects and processes personal data.

INTRODUCTORY ARTICLE – DEFINITIONS

Capitalized terms used in this privacy policy have the meanings set out below:

– Personal data: any information relating to an identified or identifiable natural person (…); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity; (Article 4.1 RGPD).

– Processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (Article 4.2 RGPD).

– Controller: the controller is any “natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing operation; where the purposes and means of such processing are determined by Union law or by the law of a Member State, the controller may be designated or specific criteria for such designation may be laid down in Union law or in the law of a Member State“;

– Cookies and Plotters: A cookie is a text file installed on the hard disk of the connection terminal, at the request of the site consulted by a browser. It records information relating to Internet browsing and enables the site to determine whether the same browser has already been connected previously. The length of time it is kept is defined by the site operator and may be limited to the browsing session on the site in question or longer.

 This applies to traces left behind and read, for example, when visiting a website, reading an email, installing or using software or a mobile application, regardless of the type of terminal used, such as a computer, smartphone, e-reader or video game console connected to the Internet.

 ARTICLE 1 – PURPOSE

Users may browse the Site without disclosing any personal information.

 Where appropriate, the Company may ask the user to communicate Personal Data concerning him/her, in order to enable him/her to use the services offered on the Site.

 The Personal Data collected in connection with the provision of services corresponds to the information required by the Company and its commercial partners, if any, for the proper performance of the services or to enable the user to access all of the Site
‘s functionalities.

 The following information in particular may be collected as part of the use of the full functionality of the Site: Surname, IP address, First name, Gender, Date of birth, Telephone number, Company, Position, Field of activity, Personal email address, Professional email address, Address, Town, Postcode, CV & Cover letter.

By providing this information, the user accepts that it may be collected, processed and stored by the Company for the purposes and within the scope listed below.

 The Company may process the user’s Personal Data for the following purposes:

– To provide the information or services requested by the user, such as receiving a call back from the Company’s teams, obtaining a response to an application, filling in the contact form, receiving the newsletter, etc;

– Creating and managing a user profile ;

– Create and manage access to our online services;

– Carrying out statistical studies ;

– To enable the user to make purchases on the Site

– To provide the user with appropriate information or services;

– To gather information about navigation and behaviour on the website, enabling the Company to improve its products and the quality of navigation on the Site, in particular through the use of cookies;

– For the purposes of helping users to find the answer to their needs more quickly, in particular with regard to localised agency searches;

– Detect malicious behaviour such as fraud, phishing and spam;

– Enable users to authenticate themselves in their customer area using the personal identifiers they have defined for this purpose.

ARTICLE 2 – COLLECTION AND SPECIFIC USE OF DATA

In addition to the purposes set out in article 1 of this privacy policy, users are informed that they may leave a comment on the Site.

 Users have the option of saving their contact information, i.e. the name and e-mail address used to submit the comment, for future connections via the use of a cookie.

 These cookies are stored for one (1) year.

 Users may change their choice at any time and delete this cookie.

 For security purposes, the user’s IP address is verified in order to prevent spam and help detect undesirable comments.

The user may use the contact form on the Site in order to be contacted again and/or to obtain commercial information about the Company’s products and services.

 To this end, the user provides his/her surname, first name, contact e-mail address and/or telephone number and expressly consents to this data being used by the Company for commercial prospecting purposes.

 Personal data collected via the contact form is kept for a reasonable period of time, in line with the purpose for which it was collected.

 The user has the option of providing data specified as “optional” on the contact form.

 The procedures for collecting and storing “optional” data are similar to those implemented by the Company for processing the data required to make contact.

Users may respond to job offers by replying to an advertisement published on the Site.

 The user consents to this data being used by the Company to process his/her application for the job offer for which the data was disclosed and/or to communicate to the user a job offer similar to the one for which the data was disclosed.

 To this end, the user shall provide the Company with any personal information concerning him or her that is useful for fulfilling these purposes.

 The personal data disclosed in this context is subject to a strict obligation of confidentiality on the part of the personnel likely to have access to it and is accessible only by the Company’s qualified personnel.

 In the event that the candidate user’s profile is not selected, the data collected in this context will be permanently deleted at the end of the recruitment process and will not be archived in accordance with the provisions of the French Labour Code.

ARTICLE 3 – TRANSMISSION OF DATA

The Company is the sole recipient of personal data.

 Under no circumstances does the Company market the personal data of visitors and users of the Site for advertising or commercial purposes.

The Company’s subcontractor undertakes under the same conditions not to market the personal data of visitors and users of the Site for any purpose whatsoever.

 The subcontractor is subject to an obligation of confidentiality and may only use the user’s data in accordance with the Company’s policy.

 The user’s Personal Data may be passed on to the Company’s staff and subcontractors in order to respond favourably to the user’s requests, insofar as this is necessary with regard to and within the limits of the purposes set out above.

ARTICLE 4 – RETENTION PERIOD

Users’ Personal Data is kept by the Company for no longer than is necessary for the purposes for which it is collected and processed and, in any event, for no longer than thirty-six (36) months from the date of collection.

 Users are informed that a retention period for their Personal Data may be applied by virtue of a legal or regulatory provision.

ARTICLE 5 – USER RIGHTS

5.1 Exercising rights

In accordance with the provisions of the RGPD, users are informed that they have rights relating to their personal data.

 Users may exercise their rights directly with the Company, provided they can prove their identity. Users may also exercise their rights by contacting the Company’s DPO, whose contact details can be found in article 9 below.

 The user’s various rights are :

5.1.1 – Access rights

The user may ask the data controller whether it holds any information about the user and request that all such data be communicated to him/her.

 Exercising the right of access enables the accuracy of the data to be checked and, if necessary, rectified or deleted.

5.1.2 – Right of rectification

Users may ask the data controller to rectify, update, block or delete information concerning them.

5.1.3 – Right of deletion

Users may ask the data controller to delete all or part of their Personal Data, provided that they justify their request with one of the supporting documents listed in Article 17 of the RGPD.

5.1.4 – Right to limit processing

Users may ask the data controller to temporarily freeze the use of all or some of their data.

5.1.5 – Right to portability

Users may ask the data controller to provide them with a copy of their personal data in a structured and machine-readable form for transmission to another data controller.

5.1.6 – Right of objection

You may object to the processing of your personal data, except on legitimate and compelling grounds invoked by the data controller.

 The Company undertakes to respond to users’ requests to exercise their rights within a reasonable period of time.

5.2 Opposition to commercial canvassing

Users who do not wish to be the subject of commercial canvassing by telephone are informed that they may register free of charge on an anti-canvassing list, for example: https://www.bloctel.gouv.fr/.

 Users who do not wish to receive or no longer wish to receive our news and solicitations may indicate this to the Company via the contact e-mail address specified in the communications or via a link located in said communications. The user may modify the parameters of his online profile.

ARTICLE 6 – SAFETY

In accordance with article 32 of the RGPD, the Company implements the appropriate technical and organisational measures to guarantee a level of security appropriate to the risk.

 To this end, the Company takes all necessary measures to preserve the integrity and confidentiality of Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.

ARTICLE 7 – COOKIES POLICY

The Company, as publisher of the Site, may install cookie(s) on the hard disk of the user’s terminal, the aim being to improve the user’s browsing experience on the Site.

 A notification banner on the use of cookies is displayed on the Site when the user logs on for the first time.

 Users have the option of accepting or refusing the deposit of cookies by ticking boxes and may change their choice at any time.

 Users are informed that integrated content (videos, images, articles, etc.) from third-party sites may be reproduced on the Site.

 This integrated content may serve as a vector for the third-party sites from which it originates and for which the user has a personal space to install tracking and collection cookies on the user’s terminal.

 The Company is not responsible for the installation of third-party cookies on the user’s terminal by social networks and third-party companies.

7.1 Types of cookies

7.1.1 Cookies required for browsing

These cookies are necessary to understand how to navigate the Site.

7.1.2 – Analytical and functional cookies

In order to adapt the Company’s services to users’ requests, the Site measures the number of visits, the number of pages viewed and the activity of visitors on the Site.

 These cookies make it possible to understand the use and performance of the Site and to improve its operation by analysing the number of visitors to the information pages, and by monitoring opening rates, click rates and bounce rates on an individual but not nominative level.

 Important: these cookies are subject to their own confidentiality policies and are in no way the responsibility of the Company (Google Search Console, etc.).

 Users are informed that the IP address of the terminal with which they have connected to the Site may be collected by the Company in order to determine the city from which the connection was made, for statistical purposes.

7.1.3 – Share button cookies

These social cookies enable users to share pages and content on third-party social networks via the social sharing buttons.

 Important: these cookies are subject to their own privacy policies and are in no way the responsibility of the Company (Facebook, YouTube, Twitter, LinkedIn and Instagram).

– Facebook, whose cookies policy can be viewed by clicking on the following link: https://fr-fr.facebook.com/policies/cookies/

– Instagram, whose cookies policy can be viewed by clicking on the following link: https://www.facebook.com/help/instagram/155833707900388

– LinkedIn, whose policy on cookies can be consulted by clicking on the following link: https://www.linkedin.com/legal/cookie-policy?_l=fr_FR

– Twitter, whose options for controlling or restricting the use of cookies, as well as its policy on the use of cookies, can be consulted at the following link: https://support.twitter.com/articles/20170518#

– YouTube, where users can find help on deleting cookies from the Google Chrome browser by clicking on the following link: https://support.google.com/youtube/answer/32050?hl=fr and also the full cookie policy at the following link: https://www.google.fr/intl/fr/policies/technologies/cookies/

7.2 Setting cookies

Most Internet browsers are configured by default to allow cookies to be deposited.

 The user may modify these standard settings so that all cookies are systematically rejected, or so that only some cookies are accepted or rejected, depending on the sender.

 If cookies are refused, deleted or blocked, the user is informed that browsing on the Site may be altered or reduced.

 The Company declines all responsibility for the consequences of any deterioration in the user’s browsing conditions due to the refusal of cookies and/or the deletion or blocking of cookies necessary for the operation of the Site.

7.3 Browser settings

Each Internet browser has its own cookie management settings.

 Depending on the browser used by the user, the methods for deleting cookies are as follows:

– On Google Chrome

 Click on the Tools icon, select the Settings menu and then click on the Privacy and security tab.

 Click on the “Show all cookies” button.

 Select the cookies you wish to refuse and then click Delete.

– On Internet Explorer

 Click on the Tools button, then on Internet Options.

 On the General tab, under Browsing History, click on Settings.

 Click on the Show files button.

 Select the cookies you wish to refuse and click on Delete.

– On Firefox

 Click on the browser’s Tools icon, select the Options menu

 In the window that appears, select “Privacy” and click on “Show cookies”.

 Select the cookies you wish to reject and click Delete.

– On Safari

 Click on the Edit icon, select the Preferences menu.

 Click on Security and then on Show cookies.

 Select the cookies you wish to refuse and click on Delete.

For further information, users may consult the CNIL website at the following address: www.cnil.fr

ARTICLE 8 – COMPLAINT TO THE ADMINISTRATIVE AUTHORITY

In the event of non-compliance with this privacy policy, the user may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).

 To do so, the user may send a request electronically by clicking on the following link: https://www.cnil.fr/fr/saisir-la-cnil

ARTICLE 9 – LIABILITY

The Company recruits NEXEREN (RCS 753 351 709), whose registered office is located at 2507, Avenue de l’Europe, 69140 RILLIEUX-LA-PAPE, as a subcontractor to host user data.

 The Company has previously ensured that its subcontractors implement guarantees similar to those it implements and comply with strict conditions in terms of confidentiality, use and data protection.

The Data Protection Officer is Mrs Myriam RAMBAUD.

 Tel: +33 4 72 01 04 11

 E-mail address: dpo@xefi.fr

ARTICLE 10 – MODIFICATIONS

This confidentiality policy may be amended or supplemented, in whole or in part, at any time in order to comply with changes in legislation, regulations, case law or technology.

 Except in the case of substantial modifications requiring the express consent of the user, use of the Site following the entry into force of these modifications will constitute recognition and acceptance of the new confidentiality policy.

 In the absence of consent, the user may exercise his/her rights under the conditions defined in article 5 above.

 The date of the latest updates will be explicitly stated in the following paragraph of this article.

 This therefore
 implies that the user consults this policy regularly and independently.

 This privacy policy was last updated on: 2 January 2024.