1 - Introduction
The General Data Protection Regulation (GDPR), effective May 25, 2018, defines the principles to be observed when collecting, processing, and storing personal data. It also guarantees the rights of the individuals concerned.
Gradulux undertakes to ensure that the collection and processing of your data are carried out lawfully, fairly, and transparently, in compliance with the GDPR and the amended French Data Protection Act of 1978.
The collection of personal data from prospects and clients is limited to what is strictly necessary, in line with the principle of data minimization. The purposes of collection, whether providing data is mandatory or optional, and the recipients of such data are always specified.
2 - Definitions
-
Publisher: The natural or legal person who publishes online communication services to the public.
-
Website: All web pages and online services provided by the Publisher.
-
User: The individual using the Website and its services.
3 - Types of Data Collected
When using the Website, the Publisher may collect the following categories of data concerning Users:
-
Civil status, identity, and identification data (name, surname, email, phone number, address, etc.)
-
Professional data (CV, education, training, distinctions, etc.)
-
Connection data (IP addresses, event logs, etc.)
-
Location data (movements, GPS, GSM data, etc.)
Sensitive data is never collected: racial or ethnic origins, political, philosophical or religious opinions, trade union membership, health data, sexual life, genetic or biometric data.
Gradulux keeps a written register of all categories of processing activities carried out as data controller.
4 - Mandatory or Optional Data
Some fields in collection forms are marked with an asterisk (*).
These fields are mandatory, as they are required to process your request (examples: quote requests, information requests).
Other fields not marked with an asterisk are optional.
5 - Who Can Access Your Data?
Your data is accessible only to authorized persons within Gradulux, unless otherwise specified in a form.
Gradulux ensures that any subcontractor provides sufficient contractual guarantees for the implementation of appropriate technical and organizational measures, in compliance with the GDPR.
a - Disclosure to authorities under legal obligations
Your data may be disclosed pursuant to laws, regulations, or decisions of a competent authority.
b - Disclosure to third parties with your consent
Your personal data is strictly confidential and will only be shared with third parties if you give explicit consent.
c - Disclosure to strategic partners
Some data may be shared with strategic partners to provide or promote Gradulux products and services.
d - Confidentiality commitment
Any third party receiving your data will be contractually bound to the same level of confidentiality as Gradulux.
e - Mergers and acquisitions
In the event of a merger, acquisition, or asset transfer, Gradulux commits to maintaining the confidentiality of your data and informing you before any transfer or application of new privacy rules.
6 - Data Retention Period
a - During the contractual relationship
Personal data is retained only as long as necessary to fulfill contractual obligations.
b - Anonymized data
Data may be anonymized and kept beyond this period for statistical purposes only.
c - Deletion after account closure
You may request deletion of your data at any time by contacting our Data Protection Officer (DPO):
Mr. Jean-Luc Burcet – direction(@)gradulux.org
Postal address: Gradulux, 16 bis Avenue Marcellin Albert, 66000 Perpignan, France
d - Deletion after 3 years of inactivity
If you do not log in or perform any activity (e.g., clicking a link) for 3 years, your data will be deleted.
7 - Data Security
Personal data collected on www.gradulux.org is processed via SSL/TLS 1.2 secure protocols.
Physical and logical security measures are implemented to protect your data against unauthorized access, misuse, disclosure, loss, or destruction.
a - Notification in case of a data breach
If we become aware of unauthorized access to your personal data, Gradulux will:
-
Notify you as soon as possible (if legally required)
-
Investigate the cause of the breach
-
Take necessary measures to limit its effects
-
Notify the CNIL (French Data Protection Authority) within 72 hours, if required
b - Limitation of liability
These notifications cannot be interpreted as recognition of liability for the incident.
8 - Your Data Rights
In accordance with the GDPR and the French Data Protection Act, you have the following rights:
-
Right of access and rectification
-
Right to erasure (“right to be forgotten”)
-
Right to object
-
Right to restriction of processing
-
Right to data portability (in a structured, machine-readable format)
-
Right to define post-mortem instructions regarding your personal data
To exercise your rights, please contact our DPO:
Mr. Jean-Luc Burcet – direction(@)gradulux.org
Postal address: Gradulux, 16 bis Avenue Marcellin Albert, 66000 Perpignan, France
You can learn more about these rights here: https://www.cnil.fr/en/understanding-your-rights
Gradulux also reminds you of the French “Bloctel” opt-out list for telephone solicitation: https://conso.bloctel.fr/
9 - What Is a Cookie?
A cookie is a small text file sent by a web server to your browser and stored on your computer’s hard drive.
10 - Cookie Retention Period
Cookies are stored for a maximum of 13 months, as per CNIL recommendations.
Consent must be renewed after this period.
11 - Governing Law and Language
This Privacy Policy is governed by French law.
The French version prevails in case of a dispute.
12 - Disputes and Jurisdiction
Any dispute relating to this Privacy Policy, including its validity, interpretation, execution, or consequences, shall fall under the jurisdiction of the competent courts of Perpignan, France.
Privacy Policy updated on: 21/09/2025
|
