SITE CONFIDENTIALITY POLICY

www.sico.net / extranet.sico.net

ARTICLE 1: FOREWORD

This confidentiality policy applies to the sites: www.sico.net / extranet.sico.net

The aim of this confidentiality policy is to inform Internet and extranet site users:

• How their personal data is collected and processed. All data likely to identity a user must be considered as personal data. In particular, this relates to the user's first name and surname, age, postal address, profession, professional email address, location or IP address;
• What are users' rights in relation to this data;
• Who is responsible for processing the personal data which is collected and processed;
• To whom is this data passed on;
• Any site policy for "cookies" files.

This confidentiality policy completes the legal notices and the General Usage Conditions that users may find at the following address:

http://www.sico.net/mentions_legales.html

ARTICLE 2: GENERAL DATA COLLECTION AND PROCESSING PRINCIPLE

In accordance with the provisions of article 5 of European regulation 2016/679, the collection and processing of site user data respect the following principles:

• Legality, good faith and transparency: data may only be collected and processed with the consent of the user who owns it.
  Each time personal data is collected, the user will be informed that their data is being collected and why.
• Limited purposes: the data is collected and processed to meet one or more objectives determined in these general usage conditions;
• Minimisation of data collection and processing: only the data needed to meet the site's objectives is collected;
• Reduced data conservation over time: the data is kept for a limited period, of which the user is informed.
• Integrity and confidentiality of the data collected and processed: the data processing manager undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be legal, and in accordance with the requirements in article 6 of European regulation 2016/679, personal data may only be collected and processed if at least one of the conditions below are respected:

• The user has given express consent for processing;
• The processing is necessary to carry out a contract;
• The processing responds to a legal obligation;
• The processing can be explained by a need related to saving the vital interests of the person concerned or another individual;
• The processing can be explained by a need related to carrying out a public interest mission or one which falls to the public authority;
• The processing and collection of personal data are necessary for the legitimate and private interests of the person in charge of processing it or a third party.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED WHILE BROWSING THE SITE

A. DATA COLLECTED AND PROCESSED AND COLLECTION METHOD

The following personal data is collected on the SICO site:

• Surname, first name, email address, telephone No., company name
• Technical sheet and SDS (Safety Data Sheet) consultation history
• Downloadable document consultation history (SDS, technical sheets, protocols, photos, detergent sheets, etc.).

This data is collected when the user performs one of the following operations on the site:

• When the user fills in the contact form to contact someone at SICO
• One of the documents mentioned above is downloaded

The processing manager will keep all the data collected in their site IT systems and under reasonable security conditions for a period of: 5 years.

The data is collected and processed for the following purposes:

• The user's data is used to filter the data they may access (security of the information presented in the "SDS" safety data sheets).
• The user's data enables them to be sent the company newsletter.

B. DATA TRANSMISSION TO THIRD PARTIES

The personal data collected by the site is not transmitted to any third parties and is only processed by the site's publisher.

C. SITE HOSTING

The SICO site is hosted by ANEOL, whose head office is located at the address below:

5 Rue de la Télématique, 42000 Saint-Etienne

The hosting company may be contacted on the following telephone number: 04.77.21.76.42

The data collected and processed by the site is hosted and processed exclusively in France.

ARTICLE 4: DATA PROCESSING MANAGER

A. THE DATA PROCESSING MANAGER

The person is charge of processing personal data is Alexandra GUITTARD, Marketing Manager. This person may be contacted as follows:

By email at the address alexandraguittard@sico.net

The data processing manager is in charge of determining the end purposes and the resources commissioned to process personal data.

B. DATA PROCESSING MANAGER'S OBLIGATIONS

The processing manager undertakes to protect the personal data collected, to not pass it onto any third parties without the user being informed of it and to respect the end purposes for which this data is collected.

In addition, the data processing manager undertakes to notify the user if the data is rectified or deleted, unless it generates disproportionate formalities, costs and procedures for them.

If the integrity, confidentiality or security of the user's personal data is compromised, the processing manager undertakes to inform the user by all methods.

ARTICLE 5: USER RIGHTS

In accordance with the regulations concerning personal data processing, the user has the rights listed below.

For the data processing manager to be able to meet their request, the user must communicate to them: their first name and surname and email address and, if relevant, their account, personal space or subscriber number.

The data processing manager is bound to respond to the user within a maximum of 30 (thirty) days.

A. PRESENTATION OF THE USER DATA COLLECTION AND PROCESSING RIGHTS

a. Access, rectification and erasure rights

The user may take note of, update, modify or request the deletion of the data which relates to them, respecting the procedure below:

The user must send an email to their SICO contact (commercial assistant) or the personal data manager for them to create, access, modify or delete their account.

If they have one, the user has the right to request the deletion of their personal space, following the procedure below:

The user must send an email to their SICO contact (commercial assistant) or the personal data manager for them to delete their personal space.

b. Data portability right

The user has the right to request the portability of their personal data, held by the site, to another site, by conforming to the procedure below.

The user must send an email to the personal data manager for them to process their request.

c. Right to limit and oppose the processing of the data

The user has the right to request the limitation or oppose the processing of their data by the site, without the site being able to refuse this, unless it can demonstrate legitimate and compelling reasons that may prevail over the user's interests and rights and freedoms.

To request the limitation of the processing of their data or to formulate opposition to the processing of their data, the user must follow the procedure below:

The user must send an email to the personal data manager for them to process their request.

d. Right to not be the subject of a decision based exclusively on an automated process

In accordance with the provisions of regulation 2016/679, the user has the right to not be the subject of a decision based exclusively on an automated process if the decision produces legal effects in relation to them or affects them significantly in a similar way.

e. Right to determine how data is used after their death

The user is reminded that they may organise how their data collected and processed is used if they die, in accordance with the law No. 2016-1321 of 7th October 2016.

f. Right to contact the relevant inspection authority

If the data processing manager decides not to respond to the user's request, and the user wishes to contest this decision, of if they think that one of the rights listed above has been infringed, they are entitled to contact the CNIL (Commission Nationale de l’Informatique et des Libertés - the French National Council for IT and Liberties, https://www.cnil.fr) or any competent judge.

B. PERSONAL DATA OF MINORS

In accordance with the provisions of article 8 in European regulation 2016/679 and the IT and Liberties law, only minors aged 15 years and over may consent to the processing of their personal data.

If a user is a minor aged under 15 years, the agreement of a legal representative will be required for their personal data to be collected and processed.

ARTICLE 6: CONFIDENTIALITY POLICY MODIFICATION CONDITIONS

This confidentiality policy may be consulted at any time at the address indicated below:

http://www.sico.net/politique_confidentialité.html

The site's publisher reserves the right to modify it to guarantee its compliance with current law.

Consequently, the user is invited to consult this confidentiality policy regularly to keep up to date with the latest changes made to it.

The user is informed that this confidentiality policy was last updated on: 18/10/2018.

ARTICLE 7: APPLICABLE LAW, LANGUAGE AND DISPUTES

This Confidentiality Policy is governed by French law. It is drafted in French. If it is translated into one or more languages, only the French text will be valid in the event of a dispute. The invalidity of one clause does not make the whole Confidentiality Policy invalid. The temporary or permanent application of one or more clauses in this Policy by SICO does not mean that it has renounced the other clauses in this Policy, which continue to produce their effects.

SICO is subject to the rules which apply in terms of personal data protection, in particular the European General Personal Data Protection Regulation No. 2016/679 of 27th April 2016 (called "GDPR"), and all the rules under national law taken in application of it, in the alternative.

In the event of a dispute and if no amicable agreement can be reached, the competent court will be the one determined according to the applicable procedure rules.