Privacy Policy
Updated January 25, 2022
This Privacy Policy is addressed to you, as a user of the website www.api-k.com and www.api-k.com (hereinafter the “Sites”). It is written with the aim of describing and informing you of the processing that can be carried out via the Sites.
The Site is published by API-K, whose information is available under the “Legal Notices” (“We”) tab.
We are concerned about the protection of your privacy and the confidentiality of your personal data.
This Policy allows Us to specify who controls and manages the personal data collected via the Sites, as well as the personal information collected, the purposes and methods of processing, the extent of data transfers. Similarly, the Policy specifies the security measures that We put in place to protect your data, and informs you of all your rights over your personal data, in accordance with European Union regulations.
API-K is responsible for the processing of personal data collected on our Sites in accordance with the laws and regulations applicable to data confidentiality, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 known as “ General Data Protection Regulations” and Law No. 78-17 of January 6, 1978 known as the “Data Protection Act” as amended (together hereinafter referred to as “GDPR”).
If you have any questions about the Privacy Policy, please do not hesitate to contact us:
- Par email : privacy@api-k.com
- By post : API-K – Protection des données personnelles – 48 Avenue Lac du Bourget 73370 Le Bourget-du-Lac (France)
- Quelles sont les données personnelles que Nous traitons, sur quelles bases légales ces traitements sont-ils fondés, quelles sont les finalités qu’ils remplissent et pendant combien de temps les données sont-elles conservées ?
Identification data: this includes your contact details required for our commercial relationship and in particular to create your online customer account, in particular your first name(s), last name(s), e-mail address, telephone number, username and password.
Communications Data: This includes your preferences in receiving marketing or advertising solicitations from us.
Profile Data: This includes your interests, preferences, testimonials, reviews and responses to any surveys.
Order Data: This includes your purchase history and order details, information relating to your payments or our refunds and details of the products you have purchased from us. We will not directly collect or process your banking information. Payments are processed by a specialist service provider (indicated in Section 2 below) via a secure online payment platform and are never sent via our Sites in clear text but encrypted to high security standards. Order Data also includes information you provide to us when requesting further information about a product or order or when contacting our customer service department.
Purpose(s) | Data processed | Legal basis(s) | Shelf life in active database |
Creation and management of your customer account | Identification data Profile data | Performance of a contract | Until your request to delete the account or at the latest 3 years after your last contact with us. |
Processing and fulfillment of your orders | Identification data Order data | Performance of a contract | Until your request to delete the account or at the latest 3 years after your last contact with us |
To respond to you and resolve your queries | Identification data Order data | Performance of a contract | Until the closure of your request or request |
For marketing purposes | Identification data Profile data Communication data | Your consent | Until your withdrawal of consent or at the latest 3 years after your last contact with us |
To manage our relationship with you | Identification data Order data Profile data | Our legitimate interest | Until your request to delete the account or at the latest 3 years after your last contact with us |
To ensure that you can exercise your rights (as listed below) | Identification data | Legal obligation | Until your request to delete the account or at the latest 3 years after your last contact with us |
Assert and defend the rights of the data controller or third parties before the judicial authorities | Identification data Order data Communication data | Our legitimate interest | Until the end of the legal prescription – Article L110.4 of the Commercial Code |
To prevent fraud and ensure the regularity of transactions | Identification data Order data | Our legitimate interest (preventing fraud or guaranteeing the security of the network and information of your computer systems) | 5 ans |
- Data recipients, subcontractors and service providers
Only the authorized and determined persons mentioned below will be able to have access to your data:
- authorized APIK personnel,
- the APIK subcontractors, the list of which can be communicated to you on request at the address privacy@api-k.com
- the Sites hosts is Microsoft Azure and KINSTA If you want to know more about their data protection policy, we invite you to click on the following link: https://azure.microsoft.com/fr-fr/overview/trusted-cloud/privacy/
- the payment provider STRIPE and PAYPAL, as data controller. If you want to know more about their data protection policy, we invite you to click on the following link: https://stripe.com/fr/privacy and https://www.paypal.com/fr/webapps/ mpp/paypal-and-your-data
- The courts concerned, mediators, chartered accountants, auditors, lawyers, bailiffs, debt collection companies,
Your data is not communicated, exchanged, sold or rented to any other person than those mentioned above.
Users of the Sites understand and accept that their username and password will be shared between the Sites and the APIK Applications (the “Applications”) and that they will therefore be able to connect to the Applications, with the same username and password used on the personal space of the Sites
- Cookies
The deposit of cookies on your terminal, during the consultation and use of the Websites are governed by the Cookies Policy which we invite you to read carefully.
- Your rights
- Rights of access, erasure, rectification and withdrawal of consent
In accordance with the Data Protection Act, as well as the GDPR, you have the right to obtain the communication and, if necessary, the rectification or the deletion of the data concerning you, by contacting:
- email address: privacy@api-k.com
- by post : API-K – Protection des données personnelles – 48 Avenue Lac du Bourget 73370 Le Bourget-du-Lac (France)
You can also exercise your right to withdraw consent at any time, for data that has been collected and is processed on the basis of this legal basis.
- Right of opposition
You have the possibility of opposing, for legitimate reasons, to appear in a file, and can refuse without having to justify yourself, that the data which concern you are used for commercial prospecting purposes.
In addition, you have the possibility to object at any time, for reasons relating to your particular situation, to the processing listed in Article 21 of the GDPR.
- Right to portability
You have a right to the portability of the personal data that you have provided to us, understood as the data that you have actively and consciously declared in the context of accessing and using the Sites and its services, as well as data generated by your activity in the context of the use of the Sites and its services. We remind you that this right relates only to data collected and processed on the legal basis of consent or the performance of the contract binding us.
This right can be exercised free of charge, at any time, and in particular when closing your account on the Sites, by contacting us at the addresses mentioned in Article 4.a).
In this context, we will send you your personal data, by any means deemed useful, in an open standard format commonly used and machine-readable, in accordance with the state of the art.
- Right to restriction of processing
You are reminded that you also have the right to limit the processing of your personal data, understood as freezing the use of your data. You have the right to obtain the limitation of the processing of your personal data, in the following cases:
- During the period of verification that we implement, when you dispute the accuracy of your personal data;
- When the processing of this data is unlawful, and you wish to limit this processing rather than delete your data;
- When We no longer need your personal data, but you wish to keep them to exercise your rights; And
- During the legitimate grounds verification period, when you have objected to the processing of your personal data.
You can exercise this right by contacting Us at the addresses mentioned in Article 4.a).
- Right not to be the subject of a decision based exclusively on automated processing
You are reminded that you have the right not to be the subject of a fully automated decision which would produce a legal effect or affect you under substantially similar conditions, unless you have given Us your express consent, if this processing is necessary for the conclusion or performance of a contract, or if it is authorized by specific legal provisions.
In any case, We must inform you if such a fully automated decision has been taken against you and you can:
- Ask to know the logic and the criteria used to make this decision,
- Challenge the decision and express your point of view,
- Request the intervention of a human being who can reconsider the decision, by contacting Us at the addresses mentioned in Article 4.a).
- Lodging a complaint before a supervisory authority
You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the Commission Nationale Informatique et Libertés for France), in the Member State in which your habitual residence is located, your work or the place where the violation of your rights would have been committed, if you consider that the processing of your personal data subject of this Policy constitutes a violation of the applicable texts.
Ce recours pourra être exercé sans préjudice de tout autre recours devant une juridiction administrative ou juridictionnelle. En effet, vous disposez également d’un droit à un recours administratif ou juridictionnel effectif si vous considérez que traitement de vos données à caractère personnel objet de la présente Politique constitue une violation des textes applicables.
To find out more about your rights, you can also consult the website of the Commission Nationale de l’Informatique et des Libertés, accessible at the following address: https://cnil.fr
- Security
We and our potential subcontractors undertake to implement all technical and organizational measures to ensure the security of our processing of personal data and the confidentiality of your data, in application of the Data Protection Act and of the European Data Protection Regulation (GDPR) and Law No. 2018-133 of February 26, 2018 “on various provisions for adaptation to European Union law in the field of security”.
As such, We take the necessary precautions, with regard to the nature of your data and the risks presented by their processing, to preserve the security of the data and, in particular, to prevent them from being distorted, damaged, or that third parties not have access to it (physical protection of the premises, authentication process for our customers with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
- Transfers outside the UE
We undertake to make our best efforts not to transfer your data outside the European Union.
In the event that We should do so, We confirm that measures controlling this (these) transfer(s) will be taken to ensure respect for the confidentiality and integrity of your data.
- Modifications
We reserve the right, at our sole discretion, to modify this Policy, in whole or in part, at any time.
These changes will take effect upon posting of the new Privacy Policy.
Except for substantial modification(s) requiring your express consent, your use of the Sites, following the entry into force of these modifications, will constitute acknowledgment and acceptance of the new privacy policy. Failing this, and if this new privacy policy does not suit you, you must no longer use the Sites and will be able to exercise your rights at the addresses mentioned in Article 4.a) hereof.