top of page

GDPR

What is the purpose of our Privacy Policy?


Carbonapp, which manages the carbonapp.fr website, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of our reliability and trustworthiness.

As such, our Personal Data Privacy Policy clearly demonstrates our commitment to ensuring compliance within Carbonapp with the applicable rules on personal data protection, and in particular those of the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who does our Privacy Policy apply to?


Our Privacy Policy applies to you, regardless of your place of residence, if you are at least 15 years old, a candidate for a position at Carbonapp, one of our customers, or a “simple” visitor to the carbonapp.fr website.

If you are under the legal age specified above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at rgpd@carbonapp.fr.

If you believe that we hold personal data concerning your children without your consent, please contact us at the dedicated address detailed above.

Why do we process your personal data and on what basis?

 

We process your personal data primarily for the following reasons:

  • Browse our website, benefit from our services, and enable us to respond to your requests (e.g., requests for information, complaints, requests made via our contact forms, etc.) based on our general terms and conditions of use and our legitimate interest in providing you with the best possible service.

  • Assess your needs and projects and share them (e.g., organizing appointments, collecting information based on your projects and financing) based on the performance of our contract.

  • Follow and comment on our social media posts based on our legitimate interest in having a dedicated social media page.

  • Make appointments with our teams based on our legitimate interest in offering you an easy way to make appointments with us.

  • Apply for a position at Carbonapp based on the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.

  • Allow the downloading of documents based on our terms and conditions of use.

How did we obtain your personal data?

Your data is collected directly from you when you are a customer of our services or a “simple” visitor to our website carbonapp.fr, and we undertake to process your data only for the reasons described above.

It is also possible that your personal data may be processed indirectly in the context of trade shows or social networks (e.g., LinkedIn).

However, when you voluntarily publish content on the pages we edit on social networks, you acknowledge that you are entirely responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

What personal data do we process and for how long?

We have summarized the categories of personal data and their respective retention periods below:

  • Professional identification data (e.g., last name, first name, position, company, etc.) and contact details (e.g., email address and work phone number, etc.) are kept for the entire duration of the service provision, plus the legal limitation periods, which are generally five years.

  • When there is confusion between the name of your organization and your personal name (e.g., sole proprietor, microbusiness, etc.), economic and financial data (e.g., bank account number, verification code, etc.) are kept for the time necessary for the transaction and for managing billing and payments, plus the legal limitation periods, etc.), economic and financial data (e.g., bank account number, verification code, etc.) retained for the duration necessary for the transaction and for managing billing and payments, plus the legal limitation periods, which are generally 5 to 10 years.

  • Email address used in our email marketing campaigns, retained for a maximum of 3 years from the last contact we had with you.

  • Telephone numbers collected as part of our telephone sales prospecting campaigns are retained for a maximum period of three years from the date of our last contact with you.

  • Data provided in CVs and cover letters is retained for the duration of the recruitment process and for two years after your application.

  • Connection data (e.g., logs, IP address, etc.) is kept for a period of 1 year.

  • Cookies are generally kept for a maximum period of 13 months. For more details on how we use cookies, please see our cookie policy, which is available at any time on our website.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are required to retain all personal data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data.

  • Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality, or the secrecy of correspondence.

  • Right to rectify personal data that is inaccurate, obsolete, or incomplete.

  • Right to object to the processing of your personal data for commercial prospecting purposes.

  • Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.

  • Right to restrict your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.

  • Right to data portability, which allows you to retrieve some of your personal data in order to store it or easily transfer it from one information system to another.

  • Right to give instructions on what should happen to your data in the event of your death, either through you, a trusted third party, or a beneficiary.

For a request to be considered, it must be made directly by you at rgpd@carbonapp.fr. Any request that is not made in this way cannot be processed. Requests cannot be made by anyone other than you. We may therefore ask you to provide proof of identity if we have any doubts about the identity of the requester.

We will respond to your request as soon as possible, within a maximum of three months from receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who can access your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.

We would like to point out that we monitor all our technical service providers to ensure that they strictly comply with the applicable rules on personal data protection.

FURTHERMORE, WE GUARANTEE THAT WE WILL NEVER SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.

Can your personal data be transferred outside the European Union?

The personal data processed by our website is hosted on servers located outside the European Union. In order to protect your personal data, we take great care to ensure that our host implements the appropriate safeguards required to ensure the confidentiality and protection of your data.

We may also use technical tools located outside the European Union. If this is the case, we guarantee that they strictly comply with the applicable rules on transfers in order to ensure the confidentiality and adequate protection of your personal data.

How do we protect your personal data?

 

We implement all the technical and organizational measures necessary to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Do we use cookies when you browse our website?

 

We inform you that we use cookies when you browse our website. For more information, please see our Cookie Policy.

Who can you contact for more information about how your personal data is used?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (DPO) with our supervisory authority.

You can contact our DPO at any time, free of charge, at rgpd@carbonapp.fr to obtain more information or details about how we process your data.

How can you contact the CNIL?

You can contact the French Data Protection Authority (CNIL) at any time using the following contact details: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, France, or by telephone on +33 (0)1 53 73 22 22.

Can the Cookie Policy be changed?

 

We may change our Privacy Policy at any time to adapt it to new legal requirements and to new processing methods that we may implement in the future.

​​

Certified compliant by Dipeeo ®

bottom of page