Privacy Policy

This page describes how Exaion processes personal data.

Introduction

Exaion is committed to Processing the Client’s Personal Data in compliance with the European General Data Protection Regulation (EU) 2016/679 (“GDPR”) and French Law No. 78-17 of January 6, 1978, as amended (hereinafter the “Applicable Personal Data Protection Legislation”).

For the purposes of this Policy, the terms “Controller,” “Data Subjects,” “Personal Data,” “Process/Processing,” “Processor,” “Data Protection Impact Assessment,” and “Personal Data Breach” shall have the meanings assigned to them under the Applicable Personal Data Protection Legislation.

Personal Data

Personal Data refers to any information relating to an identified or identifiable natural person, directly or indirectly. This includes, for example, your name, address, telephone number, and similar identifying information.

Why Do We Use Your Personal Data?

The legal basis for the data processing activities carried out by Exaion in connection with the services it provides is as follows:

Consent: Data is collected and processed with your consent. Under this legal basis, data collection is carried out in a reasonable manner and proportionately to the purposes pursued.

What Types of Data Do We Use?

We use several types of data, described below, so that you can understand the categories of data we collect and process and the reasons for such processing.

Data Provided for Commercial Prospecting Purposes

This includes your first name, last name, email address, and business identification information for professional clients.

This data is used for:

  • Contacting you through Exaion’s sales representatives, based on your consent.

All of the aforementioned data may also be processed for the following purposes:

  • Responding to judicial or administrative procedures, based on compliance with a legal or regulatory obligation.
  • Managing requests related to the exercise of data protection rights, based on compliance with a legal or regulatory obligation.

How Is Data Collected?

Online

  • When you complete the contact form on the website exaion.com.
  • Through email exchanges between you and Exaion relating to any commercial collaboration request.

By Mail

  • When you choose to use postal mail for complaint handling procedures.

How Long Is Data Retained?

This data is collected and processed within the EU. In some cases, it may be transferred to non-European countries that offer an adequate level of data protection.

Personal Data collected and processed under the conditions described above is retained by Exaion for three (3) years following the granting of consent or from the date of the last contact with the prospect.

Sharing of Personal Data

Personal Data collected via the contact form is shared through our customer relationship management (CRM) system.

Processing of Data Outside the European Union

As a general rule, your data is processed and stored within the European Union by Exaion or its processors. Exceptionally, your data may be processed outside the European Union. If such processing occurs in countries that do not provide adequate data protection guarantees as defined under Articles 44 and following of the Applicable Personal Data Protection Legislation, appropriate safeguards will be implemented to ensure the protection of your data, including the use of Standard Contractual Clauses or binding corporate rules.

Your Rights Regarding Your Data

  • Right of access to your data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure of your data.
  • Right to restriction of processing. In such cases, your Personal Data will only be processed in a limited manner; except for storage, processing may occur only with your consent, for the establishment, exercise, or defense of legal claims, for the protection of another natural or legal person’s rights, or for important public interest reasons of the European Union or a Member State.
  • Right to data portability.
  • Right to object to processing.

EXAION reserves the right to restrict the exercise of the above rights where such restriction is necessary to safeguard public order, public security, or any other circumstances provided for under Article 23 of the GDPR through legislative or regulatory measures.

To exercise your rights, you may:

  • Contact us by email at: dpo@exaion.com
  • Contact us by mail at: Exaion, 20 Place de La Défense, 92800 Puteaux, France

You also have the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés).

Data Security

Your data is protected through the implementation of administrative, physical, and technical security measures designed to safeguard your Personal Data against unauthorized access, use, or modification.

Appropriate technical and organizational measures are implemented in accordance with industry best practices to ensure the security of the information systems on which this data is stored and processed.