PERSONAL DATA PROTECTION POLICY
Our philosophy and commitments
AGATHA INC undertakes to protect your personal data and is committed to providing a high level of protection for your personal data in accordance with European Regulation 2016/679 and the French Data Protection Act No. 78-17.
To this end, please find below our data protection policy which explains what personal data we
collect, how and on what grounds it is processed, how it is stored and your individual rights.
We kindly ask that you read it.
Our Data Protection Officer is available to answer any questions you may have and can be
contacted at the following address: firstname.lastname@example.org.
You can find the text of the applicable European Regulation here: https://eur-
lex.europa.eu/legalcontent/FR/TXT/?uri=CELEX%3A32016R0679 or refer any questions or
issues to the French regulatory authority (CNIL) by going to its website at www.CNIL.fr.
We reserve the right to amend this version of the Personal Data Protection Policy from time to
time. You will be notified of such amendments.
Your data controller
AGATHA INC is the data controller responsible for processing your personal data whose
contact details are as follows: 55 ter Av. René Cassin, 69009 Lyon. It is hereinafter
referred to by its name or as ” We ” and “Us”.
Your personal data and its collection by AGATHA INC
Your personal data may be collected:
when you visit our site,
whenever we communicate with you and vice versa,
during our prospecting activities,
when entering into or performing our agreements
by our clients when they use the Agatha application
We do not collect any data that is not necessary for the purpose of the processing mentioned
at the time the data is collected or that is prohibited by laws or regulations.
Some data may be required to be collected or may be optional and you are advised which
information is required. Your personal data may be collected by third-party service providers
or partners, who undertake to comply with European and national regulations on personal
We may need to transfer your data outside the European Union. Such transfers may only be
made to a country or organization that is covered by an adequacy decision (Art. 45 of the
GDPR) or that provides adequate safeguards (Art. 46 of the GDPR).
We do not make any automated decisions based on your personal data.
We may need to collect the following personal data from you:
Personal details, identity, contact details, images
Personal data of an economic and financial nature
Our processing of your personal data
We process your personal data by incorporating it into databases; it is stored, retained and, if
necessary, rectified, deleted, archived, anonymized or pseudonymized, and/or transferred to
trusted third parties.
We may process your personal data for the following purposes or for purposes specified to you
at the time the data is collected:
Your information on our products, services, etc., and promotions
– Communicate with you
We may use your personal data for commercial prospecting purposes, and in particular to
send you information on our products/services, our commercial and promotional offers, price
quotations and other pre-contractual documents, and/or news concerning us by e-mail, postal
mail or telephone.
Performance of your current agreements and client follow-up
We use your personal data to carry out current agreements in accordance with your requests.
We may also send you information about your order or current agreements, their state of
progress, invoices and contract documents, advice, the implementation of our warranties
where applicable and our statutory obligations. We also use your personal data to manage our
client relations, your requests or complaints, any disputes and to track your client history.
Improving the use of our services and improving our offers
We process your personal data to enable you to make optimal use of our services, improve
our offers and products/services, track your user experience, and conduct anonymous
satisfaction surveys, polls and statistics.
Your bank details may be collected either directly by us or by a dedicated service provider
selected by us guaranteeing the complete confidentiality of your banking details. Said details
are only retained for the time necessary for the duration of the contractual relationship or in
accordance with the statutory limits.
Protection against fraudulent activities
The personal data collected may be used to fight against fraud, in particular with regard to
payments or direct debits. As such, said data may be transmitted to our payment security
Ensuring compliance with laws and court decisions
Your Data may be used to:
– reply to a request from an administrative or judicial authority, a representative of the
law, a court officer or to comply with a court order;
– ensure compliance with our general terms and conditions of sale/service;
– protect our rights and/or obtain compensation for any damage we may suffer or in
order to limit the consequences of such damage;
– prevent any action in violation of current laws, particularly in the context of fraud
Furthermore, we may process your personal data for the following purposes:
– Sales relations
Sending marketing campaigns by email, mail or telephone (including through the use
of a service provider)
– Various Agenda management
Client statistics and surveys: Some data is processed for statistical purposes, in
particular to evaluate and improve the performance of our programs or to measure traffic to
our site. Personal data is anonymized in such cases and for such purposes.
The grounds for processing your personal data
Pursuant to regulations, our processing of your personal data is warranted if it is based on one
of the following grounds:
– Your consent to our processing of your data: you agree to your personal data being
processed by giving your express consent. You can withdraw such consent at any time
by contacting our DPO; or
– The existence of an agreement between you and us: in such event the processing of
the data is warranted by what is necessary for the performance of the agreement; or
– Our legitimate interest in processing your personal data provided that said interest is
commensurate and respects your fundamental rights and privacy; or
– Laws or regulations in force that require us to process and retain your personal data.
How and for how long your personal data is kept
We manage your personal data in three phases:
– An active phase during which the data is retained for the time shown below in an
“active” database: in such event, your personal data may only be accessed by those
individuals with an operational need to access it in order to carry out the authorized
– An archiving phase (for
a period of time beyond the active; database retention
period) whenever there is a legitimate reason for doing so: your personal data is then
archived for a limited time with restricted access.
– A deletion or anonymization phase: following the additional archiving within the time
limits set out below, your personal data is deleted or anonymized (so that it can no
longer constitute personal data capable of identifying you).
Your personal data is retained for the time necessary for the requirements of its processing,
our client relationship where applicable and the performance of agreements and within the
limits specifically laid down by law; we may retain your personal data in archives for
requirements related to retaining of accounting, tax or evidential records for the time required
by the applicable regulations. As an example, please find below the retention periods that
apply to the following
Withdrawing your consent to the collection or processing of your personal data
Your consent to the collection of your personal data may be withdrawn by emailing our Data
Protection Officer at email@example.com or by sending a letter by postal mail, stating your
full name, email address and the precise nature and purpose of your request for withdrawal.
You may also send us any comments about your personal data to AGATHA INC 10 BD MARIUS
VIVIER MERLE 69003 LYON.
Exercising your personal data rights
– A right of access, which allows you to obtain:
Confirmation that your data is or is not being processed;
a copy of all personal data held by the data controller.
– A right to request portability of certain data: this allows you to retrieve your personal
data in a structured, commonly used and machine-readable format.
– A right to object: this allows you to stop receiving commercial prospecting from us or
our partners, or, for reasons relating to your particular situation, to have the
processing of your data be stopped for the purposes of research and development or
the fight against fraud and prevention.
– A right of rectification: this allows you to rectify information about you when it is
obsolete or incorrect and also allows you to complete any information about you which
– A right of deletion: this enables you to require that your personal data be deleted
subject to the statutory retention periods. This right can be applied in the event that
your data is no longer required for processing.
– A right of limitation: This allows you to limit the processing of your data in the following
In the event of any illegal use of your data;
In the event that you dispute the accuracy of your information;
If you need the data to establish, exercise or defend your rights, it shall no longer be actively
processed and cannot be modified during the period in which you exercise such right.
You can exercise the aforementioned rights by sending an e-mail or letter to the following
address: 10 BD MARIUS VIVIER MERLE 69003 LYON. Please include your last name, first name,
address and e-mail address (if necessary your client reference number) as well as the subject
of your request in clear and legible terms. AGATHA INC may ask you to provide proof of your
identity when it has reasonable doubt concerning your real identity. AGATHA INC undertakes
to respond to your verified request within one month of receipt.
In the event of any difficulty, you can contact our personal data protection officer directly by
e-mail at firstname.lastname@example.org or contact the Commission Nationale de l’Informatique et
des Libertés (French National Commission for Information Technology and Civil Liberties –
CNIL) by going to www.cnil.fr/fr/plaintes.
Our processors and partners
AGATHA INC may send your personal data to processors performing services involving the
processing of your data that is in compliance with the purposes referred to herein; said sub-
processors must treat your personal data with the same level of confidentiality as AGATHA INC
and have undertaken to fully comply with the regulations on personal data, in particular with
We do not sell your personal data; if you would like further information and more specifically
the identity of the service providers or partners to whom your personal data has been sent,
you can contact our data protection officer at the following address: email@example.com.
The service providers or partners likely to have access to your personal data include but are
not limited to:
– service providers managing outsourced services for the performance of our services
– service providers helping us to improve our services, carry out data analysis and
optimize our products and services, and conduct surveys and statistics;
– auditors, chartered accountants, consultants, lawyers, auditing firms, IT and
information management service providers, security providers;
– investors and buyers.
We may also send your personal data to the French authorities, administrations and courts, in
particular in connection with a legal action or legal formalities requiring such disclosure.