PERSONAL DATA PROTECTION POLICY

Last update date: March 2024

We place great importance on respecting your privacy and are committed to building strong and lasting relationships with you. Protecting your personal data is of utmost importance to us. Therefore, we provide you with our Data Protection Policy to inform you as clearly as possible about the processes implemented when using the services of the website.

This Policy applies to all services offered on the website nhaparis.com.

This policy is subject to Law No. 78-17 of January 6, 1978, relating to computers, files, and freedoms, as amended in 2004 (hereinafter "Computer and Freedoms Act") and the European Regulation on the protection of personal data of April 27, 2016.

Definitions

"Data Controller" Refers to the person who determines the purposes and means of processing personal data.

"Personal data" Information that allows you to be recognized as an individual. Your last name is personal data. Your phone number, email address, and IP address are personal data.

"Processing of personal data" Operation or set of operations applied to personal data (collection, recording, storage, consultation, etc.)

Who collects personal data?

BRIDGES at 21 PL DE LA REPUBLIQUE 75003 PARIS 3, is responsible for all processing of personal data carried out on the nhaparis.com website.

What are the purposes of collecting your personal data?

BRIDGES undertakes to collect, process, or store your personal data for specific, legitimate, and relevant purposes.

Your data is processed for the following purposes:

Below are examples

§ Management of customer accounts, shopping carts, and orders

§ Management of deliveries, order tracking, and after-sales service

§ Provision of customer service accessible by phone or instant messaging chat

§ Provision of social media sharing tools

§ Sending targeted commercial offers by email, mobile notifications, social networks, or any other medium

§ Management of your subscriptions to our newsletters, notification by email, or SMS

§ Collection of customer reviews on marketed products

§ Customization of websites (mobile and desktop) and applications according to User preferences

§ Organization of competitions and advertising

§ Sharing of information with business partners

With the exception of commercial prospecting operations, BRIDGES considers that all the above processes are necessary for the performance of the contract between a Customer and BRIDGES (legitimate interest).

Commercial prospecting operations are based on your consent to the processing of your data. Thus, when creating your account on the site, you are expressly asked for your consent:

§ To receive offers from BRIDGES

§ To receive offers from BRIDGES' partners

You have the option to withdraw this consent at any time by clicking on the unsubscribe link provided in each of the emails received or by contacting us.

What are your rights and how to exercise them with BRIDGES?

In accordance with the Computer and Freedoms Act of January 6, 1978, you have the right to access, rectify, and object to data concerning you. You can exercise these rights by email or by post to the following address:

BRIDGES

21 PL DE LA REPUBLIQUE 75003 PARIS 3

Email: nhaparis@bridges.work

BRIDGES will respond within 1 month after receiving the request.

From May 25, 2018, and in accordance with Regulation 2016/679 of April 27, 2016, you will also be able to exercise your right to limit processing, to erase your data, to data portability, and not to be subject to automated individual decisions, including profiling.

For reasons of confidentiality and protection of personal data, a copy of a signed ID document must be included with the request.

If the response is not satisfactory, you have the option of contacting the CNIL.

How long are your data kept?

BRIDGES has established precise rules regarding the retention period of users' personal data.

To calculate the most relevant retention period, BRIDGES distinguishes between prospects who have never made a purchase from BRIDGES and its partners and customers who have already made a purchase.

Regarding prospects, the start date of the retention period is the last prospecting mail sent, for which the prospect is likely to be interested, i.e., they clicked on the link to see what is being offered.

For customers, the start date of the retention period is their last purchase.

What happens to your data after your death?

In accordance with Article 40-1 of the Computer and Freedoms Act of January 6, 1978, you can transmit to us your directives regarding the retention, erasure, and communication of your personal data after your death. These directives can be general or specific.

To transmit your directives, contact us by email.

Who are the recipients of your data?

Your data is transmitted to BRIDGES partners who may process the data on their behalf (these are recipients) or solely on behalf of and according to the instructions of BRIDGES (these are subcontractors).

The recipients of the data are:

Examples

§ Marketplace sellers

§ Police authorities in the context of judicial requisitions concerning the fight against fraud

BRIDGES also uses subcontractors for the following operations:

Examples

§ Secure payment on websites and mobile applications

§ Fight against fraud

§ Personalization of website and mobile application content

§ Performing maintenance and technical development operations on the website

Does BRIDGES have a Data Protection Officer?

BRIDGES has appointed a Data Protection Officer responsible for assisting the data controller in complying with the European Regulation. For any questions regarding the protection of personal data, we provide a contact address: oturounet@ak-a.fr

Are your data sent outside the European Union?

Your personal data may be transmitted to companies located in countries outside the European Union to meet the purposes defined above and which do not provide an adequate level of protection for personal data.

Prior to the transfer outside the European Union and in accordance with current regulations, BRIDGES implements all necessary procedures to obtain the guarantees necessary to secure such transfers.

How does BRIDGES protect your data?

BRIDGES takes various measures to ensure the security of your data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. In particular:

Examples

· Access to databases is strictly reserved for authorized persons to be aware of them within the framework of their missions.

· In accordance with the Computer and Freedoms Act of January 6, 1978, and the European Regulation, BRIDGES has ensured that subcontractors undertake to respect the security and confidentiality of data.

· All BRIDGES employees are made aware of the protection of personal data through training, newsletters, and team meetings.

Modification

BRIDGES reserves the right to modify this Data Protection Policy at any time. In the event of a substantial modification such as the introduction of a new purpose, BRIDGES will provide you with prior information about this other purpose. This is to ensure that you have a reasonable period to exercise your rights under the Computer and Freedoms Act of January 6, 1978, and the European Regulation.

However, we encourage you to regularly consult the Policy to learn about the protection measures for your personal information provided by BRIDGES.

This Policy was last updated on the date indicated above.

Contact

For any questions regarding our Policy, you can contact us directly by emailing nhaparis@bridges.work or by mail to BRIDGES 21 PL DE LA REPUBLIQUE 75003 PARIS 3