ALPHADIF (hereinafter "ALPHADIF"), a simplified joint-stock company (société par actions simplifiée), registered under SIREN number 487 505 190, located at Z.I. Toulon Est, 901 Chemin Alphonse Lavallée, 83210 La Farlède, France, is the controller of your personal data.
ALPHADIF is committed to preserving the confidentiality of information provided in the context of its services and more generally to protecting the personal information and privacy of its customers, collaborators, partners, service providers, website visitors, users of applications deployed by the company and any person using its services in general, in compliance with applicable regulations and in particular the "Informatique et Libertés" Act No. 78-17 of 6 January 1978 as amended and European Regulation 2016/679 (GDPR) on the protection of personal data.
This policy aims to inform you of:
- The objectives pursued by data processing operations (purposes);
- The types of personal data we collect about you;
- How your personal data is processed;
- The terms and conditions of use of your personal data and your rights in this regard, in compliance with European and French legislation.
All operations on your personal data are carried out in compliance with applicable regulations, in particular Regulation No. 2016/679, known as the General Data Protection Regulation ("GDPR"), Act No. 78-17 of 6 January 1978 on data processing, files and individual liberties, and any applicable national data protection legislation.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.
"Processing of personal data" means any operation or set of operations performed with or without automated means on data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" is the legal or natural person who determines the purposes and means of processing, i.e. the objective and the way it is carried out. In practice and in general, this is the private or public body, represented by its legal representative.
"Processor" means the natural or legal person or any other body that processes personal data on behalf of the controller.
"Authorised Third Parties" means the natural or legal person, public authority, service or body, under the direct authority of the controller or the processor, who are authorised to process personal data.
2. Controller and Data Protection Officer
ALPHADIF is responsible for the processing of personal data carried out in the context of the services it offers and the processing carried out via the mobile applications and websites it deploys. Information concerning the data controller:
ALPHADIF, simplified joint-stock company, registered under SIREN number 487 505 190, located at Z.I. Toulon Est, 901 Chemin Alphonse Lavallée, 83210 La Farlède, France
The legal representative is Philippe POMA, President.
ALPHADIF has appointed a GDPR compliance officer reachable at the following address: dpo_alphadif@actecil.fr.
3. Personal Data Collected, Purposes and Legal Bases
Certain personal data may be collected by ALPHADIF:
- When visiting and using the following websites: https://seamaid-lighting.com/ and https://smartlighting.app;
- When using the following mobile applications: Lumilink by Seamaid application and Smartlighting application;
- In the context of the services offered by the company: warranty extension, loyalty programme, technical assistance, promotional offers, professional training;
- In the context of the company's activities and objectives.
You will find below more information on the collection of personal data.
| Purposes |
Categories of data collected |
Legal basis |
Retention period |
| Website users / visitors https://seamaid-lighting.com/ | |||
|
Creation of a personal user account and a professional account.
|
Identity and contact details, account identifiers |
Performance of contractual measure (T&Cs) for account creation |
For the duration of the user's registration on the platform. In case of inactivity for 24 months, the user's information will be deleted. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Newsletter management. |
Email address |
Consent |
Information will be retained until the person unsubscribes. |
|
Cookie management (carry out audience statistics, improve your user experience and offer you personalised content). |
Identity and contact details, monitoring of product and service usage |
Consent |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Management of registrations, re-registrations and monitoring of service usage. |
Identity and contact details, monitoring of product and service usage |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Database hosting and maintenance. |
Identity, contact details, usage data, commercial tracking |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
| Website users / visitors https://smartlighting.app | |||
| Cookie management (carry out audience statistics, improve your user experience and offer you personalised content). |
Connection data, website browsing, pages visited, bounce rate |
Consent |
Data collected through the use of cookies is retained for 13 months and then deleted from the database. |
|
Management of requests submitted via the site contact form. |
Name, email address, message |
Legitimate interests |
Data is retained for the duration of processing the request. It may be retained longer depending on the request and the service provided. |
|
Management of registrations, re-registrations and monitoring of service usage. |
Identity and contact details, monitoring of product and service usage |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Database hosting and maintenance. |
Identity, contact details, usage data, commercial tracking |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
| Users of the Lumilink by Seamaid mobile application | |||
|
Creation and management of user accounts. |
Identity and contact details, account identifiers, location data |
Performance of contractual measure (T&Cs) for account creation |
For the duration of the user's registration on the platform. In case of inactivity for 24 months, the user's information will be deleted. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Database hosting and maintenance (storage of data related to the use of a universal Bluetooth lighting control device; data storage allows monitoring and maintaining services, updating application versions, ensuring security and resolving any issues). |
Identity and contact details, account identifiers, location data |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
| Users of the Smartlighting mobile application | |||
|
Creation and management of user accounts. |
Identity and contact details, account identifiers, location data |
Performance of contractual measure (T&Cs) for account creation |
For the duration of the user's registration on the platform. In case of inactivity for 24 months, the user's information will be deleted. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
|
Database hosting and maintenance (data stored for this purpose is related to the use of a set of lamps and projectors, location, energy consumption information, technical error messages; data storage allows monitoring and maintaining services, updating application versions, ensuring security and resolving any issues). |
Identity and contact details, account identifiers, location data |
Performance of T&Cs where applicable |
Data is retained for the entire duration of account activity. In case of a request to close or delete the account, data will be retained for 1 year from the date of the closure or deletion request. |
| Accounting, legal and regulatory | |||
|
Debt recovery and unpaid invoices management |
Standard identification data, personal and professional life data |
Contract |
Data is retained for up to 10 years after the end of the contract. |
|
Payment of supplier and provider invoices |
Standard identification data, professional life data |
Contract |
Data is retained for up to 10 years for accounting data. Other data is retained for 5 years. |
|
Pre-litigation and disputes management |
Standard identification data, personal and professional life data |
Legitimate interests |
5 years |
|
GDPR compliance management |
Standard identification data, personal and professional life data |
Legal obligation |
Data is retained for the calendar year of the request, plus five (5) years. Retention period for any identity documents is one (1) year. |
| Communication and marketing | |||
|
Participation in professional trade shows |
Standard identification data and contact details |
Pre-contractual measures |
Data is retained for up to 3 years after the last contact with the person. |
|
Conducting satisfaction surveys |
Standard identification data |
Legitimate interests |
For the duration of the survey. |
| Commercial and logistics | |||
|
Management of online customer accounts (B2B) and customer loyalty accounts |
Standard identification data, professional life data |
Contract |
For commercial relationship management: contract duration + 5 years. For accounting and invoicing: contract duration + 10 years. |
|
Customer file management |
Standard identification data, personal and professional life data |
Contract |
For commercial relationship management: contract duration + 5 years. For accounting and invoicing: contract duration + 10 years. |
|
Database hosting and maintenance |
Standard identification data |
Legitimate interests |
Data is retained for up to 10 years for accounting data. Other data is retained for 5 years. |
|
Commercial prospecting |
Standard identification data, professional life data |
Legitimate interests |
Data is retained for up to 3 years after the last contact with the person. |
|
Customer service and after-sales service management |
Standard identification data |
Contract |
Data is retained for up to 10 years for accounting data. Other data is retained for 5 years. |
|
Customer account referencing |
Standard identification data |
Legitimate interests |
Data is retained for up to 10 years for accounting data. Other data is retained for 5 years. |
|
Customer database exploitation and analysis |
Standard identification data, professional life data |
Legitimate interests |
Contract duration + 5 years. |
In general, all customer data is also collected for the purposes of accounting management, invoicing and debt recovery for ALPHADIF, on the basis of our legal obligations, our contractual relationships or our legitimate interest.
Prior to data collection, you will be informed whether the personal data requested is mandatory or optional.
Data marked with an asterisk in the forms is mandatory. Failure to provide it will make it impossible for the person concerned to access and use the Services, or a form-related request will not be able to be fulfilled.
Other data is optional and failure to provide it will not affect the delivery of the promised services or responses to information requests, although it may limit their relevance.
To create an account on our website and applications, you must be at least 15 years old.
Any deletion of a user account entails the complete deletion of the data linked to that account. In case of a request to delete an account, data will be retained for 30 days from the request to allow for a possible change of mind by the holder.
4. Data Recipients, Authorised Third Parties and Processors
The data recipients are as follows:
| Data processing concerned | Personal data recipients |
| Website users / visitors https://seamaid-lighting.com/ | |
|
Creation of a personal user account and a professional account. |
Internal: manager, marketing department and sales department. External: Host and IT management. |
|
Newsletter management. |
Internal: manager, marketing department. External: Host and IT management. |
|
Cookie management (audience statistics, user experience improvement, personalised content). |
Internal: manager and administrator, marketing department. External: IT management, hosts, developers and publishers of audience statistics tools and social networks. |
|
Management of registrations, re-registrations and service usage monitoring. |
Internal: manager, marketing department and sales department. External: Host and IT management. |
|
Database hosting and maintenance. |
Internal: Database manager and administrator, marketing department, sales department. External: Host, IT management. |
| Website users / visitors https://smartlighting.app | |
| Cookie management (audience statistics, user experience improvement, personalised content). |
Internal: manager and administrator, marketing department. External: IT management, hosts, developers and publishers of audience statistics tools and social networks. |
|
Management of requests submitted via the site contact form. |
Internal: manager and administrator, sales department or management. External: Host and IT management. |
|
Management of registrations, re-registrations and service usage monitoring. |
Internal: manager, marketing department and sales department. External: Host and IT management. |
|
Database hosting and maintenance. |
Internal: Database manager and administrator, marketing department, sales department. External: Host, IT management. |
| Users of the Lumilink by Seamaid mobile application | |
|
Creation and management of user accounts. |
Internal: manager, marketing department and sales department. External: Host and IT management. |
|
Database hosting and maintenance (Bluetooth lighting control). |
Internal: Database manager and administrator, marketing department. External: Host, maintenance, development team. |
| Users of the Smartlighting mobile application | |
|
Creation and management of user accounts. |
Internal: manager, marketing department and sales department. External: Host and IT management. |
|
Database hosting and maintenance (lamps, projectors, location, energy, errors). |
Internal: Database manager and administrator, marketing department. External: Host, maintenance, development team. |
| Accounting, legal and regulatory | |
|
Recovery, unpaid invoices, pre-litigation and disputes management |
Factor for customer data, lawyers where applicable, two directors, administrative and accounting manager, assistant/apprentice, bailiff where applicable. |
|
Payment of supplier and provider invoices |
The president, the general manager, the administrative and financial manager, the accounting assistant. |
|
GDPR compliance management |
Data Protection Officer |
| Communication and marketing | |
|
Participation in professional trade shows |
Authorised communication and marketing professionals, General Manager of ALPHADIF. |
|
Conducting satisfaction surveys |
Authorised communication and marketing professionals, General Manager of ALPHADIF, Qualtrics (software publisher). |
| Commercial and logistics | |
|
Management of online customer accounts (B2B) and loyalty accounts |
Authorised sales and logistics professionals, General Manager of ALPHADIF. |
|
Customer file management |
Authorised professionals with access to commercial management and accounting applications. |
|
Database hosting and maintenance |
Appster company. |
|
Commercial prospecting |
Sales staff and sales assistants, marketing department. |
|
Customer service and after-sales service management |
Sales secretaries, sales staff, store manager, president, commercial director, distributor. |
|
Customer account referencing |
Authorised sales and logistics professionals, General Manager of ALPHADIF. |
|
Customer database exploitation and analysis |
Authorised sales and logistics professionals, General Manager of ALPHADIF. AXE INFORMATIQUE company, Groupe Solution, PCI services. |
Authorised Third Parties:
ALPHADIF reserves the right to transmit your personal data in order to fulfil its legal obligations, and in particular if required to do so by judicial requisition.
In accordance with applicable regulations, your personal data may be transmitted to organisations, officers of the court and ministerial officers authorised by a legislative or regulatory provision, within the framework of a specific mission or the exercise of a right of communication.
When ALPHADIF is confronted with a request for communication from a third party relying on a text, we ensure that the cited provision is in force and that it effectively provides a right of communication to the applicant.
ALPHADIF ensures that only the data provided for by the text is transmitted or, in the event of imprecision in the latter, only the data that appears strictly necessary to achieve the intended purpose.
Data communication will be carried out in ways that ensure their security, adapting the chosen measure to the nature of the data and the risks involved.
Processors:
Where ALPHADIF entrusts data processing activities to processors, only processors that provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures are used, so that the processing meets the reliability and security requirements of the applicable regulations and guarantees the protection of data subjects' rights.
No personal information of the website or application user is published without the user's knowledge, exchanged, transferred, assigned or sold on any medium to third parties.
5. Security Measures
Taking into account the state of the art, implementation costs, the nature of the data to be protected and the risks to the rights and freedoms of individuals, ALPHADIF implements all appropriate technical and organisational measures to ensure the confidentiality of the personal data collected and processed and a level of security appropriate to the risk.
As part of the security measures, the site uses an SSL certificate. It is symbolised by the padlock present in the address bar. This guarantees that the information transmitted between your browser and our site is secure.
Furthermore, ALPHADIF ensures the implementation of the following measures at its servers and/or its processors' servers:
- Awareness-raising of persons working on behalf of ALPHADIF on GDPR principles and IT security;
- Use of a professional password manager;
- Implementation of prevention tools such as antivirus, antispam and firewalls;
- Network isolation;
- All administrative access to a production system is carried out via a bastion;
- Connection to the target system is carried out either by a shared service account or by a nominative account via bastions;
- Prohibition of the use of default accounts on systems and equipment;
- SSH keys are protected by a password meeting the requirements of the password policy;
- Automated management of security updates;
- All systems and data necessary for service continuity, information system reconstruction or post-incident analysis are backed up;
- Frequencies, retention periods and storage methods for backups are defined in accordance with the needs of each backed-up asset;
- The execution of backups is monitored, with alerts and error management;
- Logging of all server logs used in the infrastructure.
6. Transfer Outside the EU
Personal data is not transferred outside the European Union.
7. Exercise of Rights
In accordance with the "Informatique et Libertés" Act of 6 January 1978 as amended and Regulation (EU) 2016/679 on the protection of personal data, you have the following rights regarding your data: right of access, right to rectification, right to erasure (right to be forgotten), right to object, right to restriction of processing, right to data portability, subject to applicable conditions depending on the processing concerned.
You may also define directives relating to the retention, erasure and communication of your personal data after your death.
To exercise your GDPR rights, you may contact us:
- By email at dpo_alphadif@actecil.fr;
- Or by post at the following address: ALPHADIF SAS, Z.I. Toulon Est, 901 Chemin Alphonse Lavallée, BP355, 83077 Toulon Cedex 9, France.
Please specify the subject of your request and the right(s) you wish to exercise. In case of reasonable doubt about your identity, a valid proof of identity may be requested.
If, after contacting us, you consider that your rights regarding your personal data are not being respected, you may lodge a complaint with the CNIL.
8. Cookies & Other Trackers
When browsing our websites, cookies (also called: connection tokens) are placed on your device in order to carry out audience statistics, improve your user experience and offer you personalised content.
Some cookies are mandatory as they ensure the proper functioning of our website; others require your consent.
To adjust your preferences, you can use the cookie management panel located in the footer of the seamaid-lighting.com site.
However, we inform you that by refusing cookies, certain features of the site will not be accessible, for which we cannot be held responsible.
We also draw your attention to the fact that when you object to the installation or use of cookies, a refusal cookie is installed on your terminal device.
Several types of cookies and trackers may be used when browsing the site:
| Cookie name | Cookie purpose | Lifetime | Provider |
|
Google Tag Manager |
Navigation analysis. |
24 months by default |
|
|
YouTube |
Access YouTube features and videos on the site. |
7 days by default |
Youtube |
9. Limitation of Liability
ALPHADIF cannot be held responsible for the accuracy and relevance of information posted online or published by users.
10. Amendment of this Policy
In the event of modification of this Policy by ALPHADIF or if required by law, it will be published on our Site and will be effective upon publication. Therefore, we invite you to refer to it on each visit in order to become aware of its latest version, which is permanently available on our Site.
This data protection policy was drafted with the assistance of ACTECIL, a data protection consulting firm.