PREAMBLE
This Privacy Policy is addressed to you as a user of the website (hereinafter the “SITE”) and aims to inform you of how your personal data may be collected and processed by ELXPR.
Respect for your privacy and personal data is a priority for us. We undertake to process your data in strict compliance with the French Data Protection Act of 6 January 1978, as amended (hereinafter the “Data Protection Act”), and Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation – “GDPR”).
In all circumstances, we undertake to comply with the following essential principles:
• You remain in control of your personal data;
• Your data is processed in a transparent, confidential, and secure manner.
ARTICLE 1 – IDENTITY & CONTACT DETAILS OF THE DATA CONTROLLER
The data controller of your personal data is:
ELXPR
Société par Actions Simplifiée (SAS)
Share capital: €5,000
SIREN: 815 227 749
RCS: 815 227 749 R.C.S. Bobigny
Registered office:
8 RUE VEUVE BOUQUIN
93150 LE BLANC-MESNIL
France
Legal representative (President): Meziane Hillal
For any questions relating to the management and use of your personal data, you may contact us:
• By email at: contact@elxpr.com
• By post at: ELXPR, 8 RUE VEUVE BOUQUIN, 93150 LE BLANC-MESNIL, France
Legal reminder: The data controller determines the purposes and means of processing personal data. A processor is a person who processes personal data on behalf of the controller and acts under its authority and instructions.
ARTICLE 2 – COLLECTION & ORIGIN OF DATA
Your data is collected:
• Either directly from you (when creating an account, placing an order, or using the contact form on the SITE);
• Or indirectly during your browsing of the SITE (connection and navigation data).
In all cases, your data is collected and processed solely for:
• Managing your account;
• Processing orders and deliveries;
• Providing services offered on the SITE;
• Offering commercial proposals;
• Improving our services;
• Ensuring effective customer relationship management.
Where required, we obtain your consent and/or allow you to object to certain uses of your data, such as commercial prospecting or third-party cookies used for audience measurement and targeted advertising.
ARTICLE 3 – PURPOSES & LEGAL BASIS FOR PROCESSING
Your personal data is processed for the following purposes:
1. Management and monitoring of your account, contracts, orders, deliveries and invoices
Legal basis:
• Contractual necessity (performance of a contract or pre-contractual measures)
2. Responding to your information requests and managing customer relations
Legal basis:
• Your consent
3. Sending commercial offers relating to our services
Legal basis:
• Our legitimate interest in promoting our services
• Your consent where required
4. Managing and responding to requests related to data protection rights
Legal basis:
• Legal obligation (GDPR and Data Protection Act)
5. Ensuring proper functioning and continuous improvement of the SITE
Legal basis:
• Our legitimate interest in ensuring optimal functionality and quality
• Your consent where required
6. Personalizing online communications and advertisements
Legal basis:
• Your consent
7. Fraud prevention
Personal data collected on the SITE may be processed by our payment service provider to secure payments and deliveries and ensure optimal service quality.
A fraud risk assessment may be performed for each order. ELXPR may request additional supporting documents where necessary. Such measures may temporarily suspend or cancel an order if security cannot be guaranteed.
Legal basis:
• Legal obligation
• Contractual necessity
ARTICLE 4 – DATA PROCESSED
The mandatory or optional nature of requested data is specified at the time of collection.
For account, order and invoice management:
• First name, last name
• Email address
• Telephone number
• Postal address
• Anonymized banking data
For responding to information requests:
• First name, last name
• Email address
• Telephone number
For commercial communications:
• Email address
• First name, last name
• Postal address
• Telephone number
For managing data protection rights requests:
• First name, last name
• Email address
• Telephone number
• Copy of identity document (if required)
For fraud prevention:
• First name, last name
• Type of bank card used
• Card expiry date
• IP address used during payment
ARTICLE 5 – RECIPIENTS OF YOUR DATA
Within the limits of their respective responsibilities, the following may access your data:
• Authorized ELXPR personnel (administration, accounting, marketing, sales, logistics, IT)
• Companies responsible for SITE management
• Carriers and delivery providers
• Payment service providers
• Subcontractors acting on behalf of ELXPR
• Courts, mediators, auditors, accountants, lawyers, bailiffs, debt recovery companies
• Police or judicial authorities when legally required
• Third parties placing cookies on your devices with your consent
ARTICLE 6 – DATA RETENTION PERIOD
Your data is retained only for the time necessary for the purposes described above:
Account, orders, contracts, invoices:
• 3 years after the end of the commercial relationship
Customer relations and information requests:
• 3 years from the end of the relationship (if client)
• 3 years from last contact (if prospect)
Commercial offers:
• 3 years from end of relationship or last contact
Data protection rights management:
• 1 year for access or rectification requests
• 3 years for opposition requests
Website functionality and audience measurement:
• 13 months (raw browsing data is deleted or anonymized thereafter)
Fraud prevention:
• 3 years after end of commercial relationship
ARTICLE 7 – YOUR RIGHTS
In accordance with the GDPR and French Data Protection Act, you have the following rights:
• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to withdraw consent at any time
• Right to restriction of processing (Article 18 GDPR)
• Right to object (Article 21 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to define instructions concerning your data after death
You may exercise your rights by emailing contact@elxpr.com or writing to:
ELXPR
8 RUE VEUVE BOUQUIN
93150 LE BLANC-MESNIL
France
You may also lodge a complaint with the French Data Protection Authority (CNIL):
https://www.cnil.fr/fr/plaintes
ARTICLE 8 – CONNECTION DATA & COOKIES
The SITE uses connection data (date, time, IP address, browser type, pages visited) and cookies (small files stored on your device) to:
• Identify users
• Improve browsing experience
• Measure website traffic
• Provide personalized services
You may configure your browser to refuse cookies.
ARTICLE 9 – TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
As part of its activity, ELXPR may transfer personal data to subcontractors or service providers located outside the European Union.
Where such transfers occur, ELXPR ensures appropriate safeguards are implemented in accordance with GDPR requirements to ensure confidentiality and security of your data.
You will be informed of such transfers where applicable.
ARTICLE 10 – SECURITY
ELXPR and its subcontractors implement all appropriate technical and organizational measures to ensure the security and confidentiality of personal data, in accordance with the GDPR and the French Data Protection Act.
These measures include:
• Physical security of premises
• Secure authentication procedures
• Confidential login credentials and passwords
• Connection logging
• Data encryption where appropriate
ELXPR takes all necessary precautions to prevent data alteration, damage, or unauthorized access.