Privacy and Data Protection Policy

Last updated: May 10, 2024.

This document outlines the commitments of PUREMIUM SAS (hereafter referred to as "the Company") to protect the personal data of users and visitors. We adhere to the principles of the General Data Protection Regulation (GDPR) by ensuring that data processing is lawful, fair, and transparent. Our goal is to clearly inform you about the collection and use of your personal data during your navigation or interaction with our services.

Data Processing

Personal data are pieces of information that can directly or indirectly identify an individual (hereafter referred to as "you" or "the data subject"). Our website aims to connect you with our partners so that you can benefit from offers that meet your needs.

In this context, your personal data are:

  • Collected via an online form available on our site.
  • Transferred securely to our partners to allow you to enjoy tailored offers.
Data Controller

PUREMIUM SAS, located at 16 Rue de la Ville l'Évêque, 75008 Paris, is the data controller. We determine the purposes and means of processing the collected data and are responsible for the collection, transfer, and storage of data related to consents, in accordance with the GDPR.

Personal Data Collected

By using our website and filling out our forms, you provide data to facilitate your connection with our partners based on your needs. The personal data collected depend on the purpose of your request for connection and the products or services you seek.

PUREMIUM SAS may collect the following personal data, depending on the situation:

  • Identification data: name, first name, and title.
  • Contact details: email address, phone number, postal address.
  • Private life: information about your lifestyle, family situation, existence of pets, consumption habits, occurrence or absence of a claim, etc.
  • Professional life: information about your roles, profession, professional address, professional phone number, professional email address, etc.
  • Economic and financial data: income level by bracket, estimation of your wealth by bracket, whether you own or rent your home, etc.

Fields required for connection are clearly indicated by an asterisk. You are free to fill or not fill the optional fields of the interfaces. Omitting this optional information will not affect your request for connection.

Consent and Confirmation: Your personal data are collected upon confirmation of your request for connection. We may send you a confirmation SMS on the provided mobile phone number.

Your consent to be re-contacted by our partners for commercial prospecting purposes (by email or SMS) is collected by checking a dedicated box during the process.

These measures ensure that PUREMIUM SAS collects and manages your personal data responsibly and in accordance with your preferences.

Purposes of Processing

The personal data of users are processed by PUREMIUM SAS for the following purposes, with specific legal bases indicated for each:

Processing Activity
Purpose
Legal Basis

Collection and transfer of data necessary for connection

Connect with partners according to users' needs.

Contract performance (Art.6(1)(b) GDPR)

Sending a confirmation code

Confirm users' contact details.

Legitimate interest (Art.6(1)(f) GDPR), necessary for verifying contact details.

Optional collection and transfer of data during connection

Enhance understanding of users.

User consent (Art. 6(1)(a)GDPR).

Collection of consent to receive electronic advertisements (email, SMS) from a partner

Enable sending of electronic advertisements.

User consent (Art. 6(1)(a) GDPR).

Collection of information on responses to partner offers

Facilitate contract execution with partners to whom data are transferred.

Legitimate interest (Art.6(1)(f) GDPR), tracking user engagement.

Collection of IP address

Improve security and perform visit statistics.

Legitimate interest (Art.6(1)(f) GDPR), essential for security and visit analysis.

Transfer of IP address to partners

Ensure the quality of the connection.

Legitimate interest (Art.6(1)(f) GDPR), necessary for the quality of the connection.

Transfer of data to digital advertising providers

Identify new audiences interested in services.

Legitimate interest (Art.6(1)(f) GDPR), crucial for market expansion.

Use of third-party services

Use tools necessary for business operation.

Legitimate interest (Art.6(1)(f) GDPR), indispensable for efficient business operation.

Data Recipients

The personal data we collect may be transmitted to the following partners:

  • Internal collaborators at PUREMIUM SAS, only within the scope of their respective duties.
  • Commercial partners of PUREMIUM SAS, after obtaining the prospect's consent, to enable contact for telephone sales canvassing.

Our subcontractors and service providers: PUREMIUM SAS collaborates with third-party companies acting as subcontractors in accordance with the GDPR. These providers perform personal data processing exclusively under the instructions of PUREMIUM SAS. We also ensure that they apply adequate technical and organizational measures to ensure that these processes meet security standards and protect your rights in accordance with regulations.

PUREMIUM SAS strives to limit as much as possible the use of providers located outside the European Union or the European Economic Area. However, the operational requirements of PUREMIUM SAS and the nature of the services offered may require transfers of personal data to countries outside these areas. In such cases, PUREMIUM SAS ensures the protection of your personal data by applying Standard Contractual Clauses approved by the European Commission or by implementing other appropriate safeguards to secure these transfers and comply with established data protection standards.

Our digital advertising providers: PUREMIUM SAS may also securely and encryptedly transmit users' personal data to other online advertising service providers. To protect this information, we use a one-way encryption algorithm (SHA 256) that preserves their integrity. This algorithm generates a unique digital fingerprint for the encrypted data. Thus, when we transfer these data to a provider:

  • If they already have information about the concerned user, they can identify them by comparing the digital fingerprint received from PUREMIUM SAS with the one they generated from their own data.
  • If they do not have information about the concerned user, they will not be able to access the transmitted personal data.

This encryption and fingerprint comparison method ensures enhanced protection of personal data during their transfer to our digital advertising partners.

Data Retention Duration

PUREMIUM SAS retains users' personal data as long as necessary to achieve the purposes provided by the processing. Details concerning the retention duration and exceptions are as follows:

  • Data necessary for connection with our partners and data obtained after connection: kept in active base for 2 years from the last active contact, then archived for an additional 3 years for managing potential claims or disputes
  • Optional data for connection with our partners: kept up to 3 years if consent is not withdrawn.
  • IP address: retained for a duration of 1 year
Data Security

We implement technical and organizational measures to protect data against unauthorized access, loss, alteration, or accidental or illicit destruction. These measures include encryption, pseudonymization, and access limitation.

Your Rights Concerning Your Personal Data

In accordance with the GDPR, you have the following rights concerning your personal data:

  • Right to object: you can at any time object to the processing of your personal data based on legitimate interest. For advertising purposes, no justification is necessary to exercise this right. For other purposes, compelling reasons are required for your request.
  • Right to withdraw consent: you can withdraw your consent to the processing of your personal data at any time, without having to justify your decision.
  • Right of access: you have the right to inquire about the details and management of the processing of your personal data and to obtain a copy of them.
  • Right to rectification: you have the right to ask us to correct or complete your personal data if they are inaccurate or incomplete.
  • Right to erasure: you can request the erasure of your personal data. We strive to respond to this request while respecting legal obligations that may require the retention of certain data.
  • Right to restriction of processing: you can request the restriction of processing of your personal data in certain situations, such as when disputing the accuracy of data or if processing is deemed inappropriate but you do not wish for immediate erasure.
  • Right to data portability: you can request to receive your personal data in a technically usable format or to have them transferred to a third party of your choice.
  • Post-mortem directives: you have the right to set guidelines regarding the management of your personal data after your death.
  • Right to lodge a complaint with a supervisory authority: you have the right to file a complaint with the CNIL (National Commission on Informatics and Liberty) or any other competent supervisory authority.

If you wish to withdraw your consent to advertising solicitations from our partners, we encourage you to address your request directly to them. PUREMIUM SAS does not directly manage these solicitations and does not send you advertisements directly.

To exercise these rights, you can:

  • Send us a message at .
  • Address your request to the attention of the DPO at the headquarters of PUREMIUM SAS, at the address mentioned previously
  • Fill out the form available on our site https://www.puremium.com.

PUREMIUM SAS may request additional information to verify your identity. The personal data provided during your request to exercise rights, as well as any subsequent correspondence, are retained for a duration of three years after the final processing of your request. Only the referent and the DPO have access to these archives.

Regarding Advertising Solicitations from Our Partners

If you wish to withdraw your consent to advertising solicitations from our partners, we encourage you to address your request directly to them. PUREMIUM SAS does not directly manage these solicitations and does not send you advertisements directly.

Update

This policy may be updated periodically. The last update was made on May 10, 2024.