Privacy Policy - Verisav | Data Protection

Personal Data Protection

The confidentiality and security of your data is an absolute priority for us.

For more information about our privacy practices and the measures taken to protect your privacy, please see our Privacy Policy and Cookie Charter in detail.

To exercise the rights relating to data concerning you and/or make a complaint, you can contact us directly via our email address: contact@verisav.fr

Security

Verisav is committed to protecting your data according to the highest security standards.

Certifications and Compliance

GDPR Compliance (General Data Protection Regulation)
Encryption of data in transit and at rest
Secure hosting in the European Union
Regular security audit

Data Collection and Use

We collect and process your personal data as part of our after-sales service management and Digital Product Passport (DPP) services.

Types of data collected:

Identification data: name, first name, email address, phone number
Connection data: IP address, connection logs, cookies
Product data: product information, warranty history, ASS records
Technical data: information on breakdowns, diagnostics, repairs

Purposes of processing:

Management of after-sales service requests
Product traceability via DPP
Improvement of our services
Communication with our customers
Compliance with legal obligations

Legal Basis for Processing

The processing of your personal data is based on:

Contract performance: for the provision of our ASS and DPP services
Legitimate interest: for improving our services and security
Consent: for marketing communications (if applicable)
Legal obligation: to comply with applicable regulations

Data Sharing

Your personal data is only shared with:

Partner distributors and repairers (only data necessary for processing your request)
Our technical service providers (under strict confidentiality agreement)
Competent authorities (if required by law)

We never sell your personal data to third parties.

Data Transfers Outside the European Union

Verisav is committed to protecting your personal data and limiting transfers outside the European Union.

Data hosting

Our data is mainly hosted in the European Union:

Web hosting: O2SWITCH (France) - data stored exclusively in the EU
Database: Supabase - hosting configured in the European Union
Cloud services: All our providers are selected for their GDPR compliance

Guarantees in case of transfer

In the event that some of our technical service providers are located outside the EU, we ensure that:

Standard contractual clauses approved by the European Commission are in place
Appropriate safeguards are provided to protect your data
You are informed of any transfer to a third country
Transfers comply with European Commission adequacy decisions when applicable

Currently, all our data is stored and processed in the European Union.

Data Retention

We retain your personal data only for the duration necessary for the purposes for which it was collected, in accordance with legal and regulatory obligations.

Retention periods by type of data:

User account data

3 years after last activity on the account:

Total inactivity (no login, no ASS request) for 3 consecutive years:

ASS (After-Sales Service) data

Durée : 5 years after the end of legal or contractual warranty

Critères de suppression : End of warranty + 5 years (legal obligation to retain commercial documents)

DPP (Digital Product Passport) data

Durée : Product lifetime + 2 years after end of life

Critères de suppression : Compliance with European regulatory requirements on product traceability

Connection data and logs

Durée : Maximum 12 months

Critères de suppression : Automatic rotation after 12 months (security and fraud prevention)

Marketing and newsletter data

Durée : Until consent withdrawal or 3 years of inactivity

Critères de suppression : Newsletter unsubscribe or inactivity for 3 years

Suppression des données : Upon expiration of retention periods, your data is automatically and securely deleted permanently, except where there is a legal obligation to the contrary (retention as evidence in case of dispute, etc.).

Your Rights

In accordance with GDPR (General Data Protection Regulation), you have the following rights regarding your personal data:

Right of access (Article 15 GDPR)

You can obtain a copy of all personal data we hold about you.

Response time: maximum 1 month

Right to rectification (Article 16 GDPR)

You can request correction of your inaccurate or incomplete data.

Response time: maximum 1 month

Right to erasure (Article 17 GDPR)

You can request deletion of your data in certain cases (right to be forgotten).

Subject to legal retention obligations

Right to data portability (Article 20 GDPR)

You can retrieve your data in a structured and machine-readable format.

Format: JSON or CSV according to your preferences

Right to object (Article 21 GDPR)

You can object to the processing of your data for legitimate reasons.

Particularly for marketing communications

Right to restriction (Article 18 GDPR)

You can request restriction of processing of your data in certain cases.

During examination of your request

How to exercise your rights?

To exercise any of these rights, send a request by email to: contact@verisav.fr

Your request must be accompanied by a copy of an identity document to verify your identity. We will respond within a maximum period of 1 month.

Right to complain: If you believe your rights are not being respected, you can file a complaint with the CNIL https://www.cnil.fr

Cookies and Similar Technologies

Our website uses cookies to improve your browsing experience and analyze our traffic.

Types of cookies used:

Essential cookies: necessary for the website to function
Performance cookies: to analyze website usage
Functionality cookies: to remember your preferences

Data Protection Officer (DPO)

In accordance with GDPR, VERISAV has designated a Data Protection Officer (DPO) with the CNIL under designation number DPO-168738.

DPO contact details

Responsible: Kévin Boutillier, President of Verisav

Email: contact@verisav.fr

Address: Portail Gris Anthracite, 32 Chemin Jean Massot, 33750 Beychac-et-Caillau, France

Phone: 05 47 79 20 23

The DPO is your privileged contact for any questions concerning:

Exercise of your GDPR rights (access, rectification, erasure, portability, etc.)
Personal data processing carried out by Verisav
Security measures in place
Any complaint relating to the protection of your data

For any other more general information on Personal Data Protection, you can consult the website of the Commission nationale de l'information et des libertés (CNIL) at the following address: https://www.cnil.fr

Data Breach Notification

In the event of a personal data breach likely to pose a high risk to your rights and freedoms, Verisav undertakes to:

Notification obligations

Notification to CNIL

Deadline: Within 72 hours of discovering the breach

Content: Description of the breach, categories of data concerned, number of people affected, likely consequences and measures taken

Information of data subjects

Deadline: Without undue delay after discovering the breach

Conditions: Only if the breach presents a high risk to your rights and freedoms

Content: Nature of the breach, data concerned, measures taken to limit risks, recommendations to protect yourself

Preventive measures

To prevent breaches, Verisav implements technical and organizational security measures: data encryption, secure access, regular backups, security audits, staff training.

In case of a detected breach, we will inform you immediately by email at the address you have provided, indicating the measures taken to remedy the situation.

Policy Modifications

Our Personal Data policy may be modified or amended at any time in case of legal, jurisprudential evolution, decisions and recommendations from CNIL or practices.

Any new version of this Policy will be brought to the attention of Data Subjects by any means defined by the Company, including electronically.

The currently online version – effective December 1, 2025 – is the only binding version during the entire duration of use of the website and until a new version replaces it.

Last update: 12/01/2025

Personal Data Protection

The confidentiality and security of your data is an absolute priority for us.

For more information about our privacy practices and the measures taken to protect your privacy, please see our Privacy Policy and Cookie Charter in detail.

To exercise the rights relating to data concerning you and/or make a complaint, you can contact us directly via our email address: contact@verisav.fr

Data Collection and Use

We collect and process your personal data as part of our after-sales service management and Digital Product Passport (DPP) services.

Types of data collected:

Identification data: name, first name, email address, phone number
Connection data: IP address, connection logs, cookies
Product data: product information, warranty history, ASS records
Technical data: information on breakdowns, diagnostics, repairs

Purposes of processing:

Management of after-sales service requests
Product traceability via DPP
Improvement of our services
Communication with our customers
Compliance with legal obligations

Data Transfers Outside the European Union

Verisav is committed to protecting your personal data and limiting transfers outside the European Union.

Data hosting

Our data is mainly hosted in the European Union:

Web hosting: O2SWITCH (France) - data stored exclusively in the EU
Database: Supabase - hosting configured in the European Union
Cloud services: All our providers are selected for their GDPR compliance

Guarantees in case of transfer

In the event that some of our technical service providers are located outside the EU, we ensure that:

Standard contractual clauses approved by the European Commission are in place
Appropriate safeguards are provided to protect your data
You are informed of any transfer to a third country
Transfers comply with European Commission adequacy decisions when applicable

Currently, all our data is stored and processed in the European Union.

Data Retention

We retain your personal data only for the duration necessary for the purposes for which it was collected, in accordance with legal and regulatory obligations.

Retention periods by type of data:

User account data

3 years after last activity on the account:

Total inactivity (no login, no ASS request) for 3 consecutive years:

ASS (After-Sales Service) data

Durée : 5 years after the end of legal or contractual warranty

Critères de suppression : End of warranty + 5 years (legal obligation to retain commercial documents)

DPP (Digital Product Passport) data

Durée : Product lifetime + 2 years after end of life

Critères de suppression : Compliance with European regulatory requirements on product traceability

Connection data and logs

Durée : Maximum 12 months

Critères de suppression : Automatic rotation after 12 months (security and fraud prevention)

Marketing and newsletter data

Durée : Until consent withdrawal or 3 years of inactivity

Critères de suppression : Newsletter unsubscribe or inactivity for 3 years

Your Rights

In accordance with GDPR (General Data Protection Regulation), you have the following rights regarding your personal data:

Right of access (Article 15 GDPR)

You can obtain a copy of all personal data we hold about you.

Response time: maximum 1 month

Right to rectification (Article 16 GDPR)

You can request correction of your inaccurate or incomplete data.

Response time: maximum 1 month

Right to erasure (Article 17 GDPR)

You can request deletion of your data in certain cases (right to be forgotten).

Subject to legal retention obligations

Right to data portability (Article 20 GDPR)

You can retrieve your data in a structured and machine-readable format.

Format: JSON or CSV according to your preferences

Right to object (Article 21 GDPR)

You can object to the processing of your data for legitimate reasons.

Particularly for marketing communications

Right to restriction (Article 18 GDPR)

You can request restriction of processing of your data in certain cases.

During examination of your request

How to exercise your rights?

To exercise any of these rights, send a request by email to: contact@verisav.fr

Your request must be accompanied by a copy of an identity document to verify your identity. We will respond within a maximum period of 1 month.

Right to complain: If you believe your rights are not being respected, you can file a complaint with the CNIL https://www.cnil.fr

Data Protection Officer (DPO)

In accordance with GDPR, VERISAV has designated a Data Protection Officer (DPO) with the CNIL under designation number DPO-168738.

DPO contact details

Responsible: Kévin Boutillier, President of Verisav

Email: contact@verisav.fr

Address: Portail Gris Anthracite, 32 Chemin Jean Massot, 33750 Beychac-et-Caillau, France

Phone: 05 47 79 20 23

The DPO is your privileged contact for any questions concerning:

Exercise of your GDPR rights (access, rectification, erasure, portability, etc.)
Personal data processing carried out by Verisav
Security measures in place
Any complaint relating to the protection of your data

Data Breach Notification

In the event of a personal data breach likely to pose a high risk to your rights and freedoms, Verisav undertakes to:

Notification obligations

Notification to CNIL

Deadline: Within 72 hours of discovering the breach

Content: Description of the breach, categories of data concerned, number of people affected, likely consequences and measures taken

Information of data subjects

Deadline: Without undue delay after discovering the breach

Conditions: Only if the breach presents a high risk to your rights and freedoms

Content: Nature of the breach, data concerned, measures taken to limit risks, recommendations to protect yourself

Preventive measures

To prevent breaches, Verisav implements technical and organizational security measures: data encryption, secure access, regular backups, security audits, staff training.

In case of a detected breach, we will inform you immediately by email at the address you have provided, indicating the measures taken to remedy the situation.

Policy Modifications

Our Personal Data policy may be modified or amended at any time in case of legal, jurisprudential evolution, decisions and recommendations from CNIL or practices.

Any new version of this Policy will be brought to the attention of Data Subjects by any means defined by the Company, including electronically.

The currently online version – effective December 1, 2025 – is the only binding version during the entire duration of use of the website and until a new version replaces it.

Last update: 12/01/2025