Preface

As part of its activities and for the purpose of providing the Services, Sigilium is required to collect and process the personal data of its users (hereinafter referred to as “Users”).

This privacy policy, established by Sigilium, aims to provide Users with a synthetic and comprehensive overview of the personal data processing operations carried out by Sigilium.

Sigilium places particular importance on respecting Users' privacy and the confidentiality of their personal data, and is committed to processing data in accordance with applicable laws and regulations, particularly Law No. 78-17 of January 6, 1978, relating to computing, files and freedoms (hereinafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).

Definitions

Personal data: any information relating to an identified or identifiable natural person, that is, who can be identified, directly or indirectly, by reference to an identification number or to one or more specific elements.

Processing of personal data: any operation or set of operations performed on personal data, regardless of the process used, including collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, as well as locking, erasure or destruction.

Cookie: a cookie is information stored on a user's hard drive by the server of the site he or she is visiting. It contains several pieces of data: the name of the server that placed it, a unique numeric identifier, possibly an expiration date. This information is sometimes stored on the computer in a simple text file to which a server accesses to read and record information.

Data Controller – DPO

The data controller for the personal data referred to herein is the company Sigilium, a limited liability company with a capital of 7000 euros, located at 141 avenue de Wagram 75017 Paris, registered with the Paris Trade and Companies Register under number B 809 637 382.

The company Sigilium has designated a Data Protection Officer who can be contacted at the following address: dpo@sigilium.com.

Collected Data

Sigilium collects Users' data in order to provide them with the services for which they have subscribed to the platform.

The mandatory or optional nature of the data entered (to finalize the User's registration and provide them with Sigilium services) is indicated during collection by an asterisk.

In addition, certain data is collected automatically due to the actions of the User on the site (see the section on cookies).

Purposes

The personal data collected by Sigilium in the context of providing services is necessary for the execution of contracts concluded with the User, or to allow Sigilium to pursue its legitimate interests while respecting the rights of the User. Some data may also be processed based on the User's consent.

The purposes for which Sigilium processes the data are as follows:

• the commercial and accounting management of the contract;

• the management of activation and marketing coordination;

• the detection of malicious behaviors (fraud, phishing, spam, etc.);

• the improvement of the user journey on the site;

• more generally any purpose referred to in Article 2 of Deliberation No.2012-209 of June 21, 2012, establishing a simplified standard concerning automated processing of personal data related to the management of users and prospects.

Recipients of the Data

The personal data collected is intended for the commercial and accounting services of Sigilium. It may be shared with Sigilium's subsidiaries or with subcontracting companies that Sigilium may engage in the execution of its services.

In this context, personal data may be transferred to a member or non-member country of the European Union. Sigilium puts in place safeguards to ensure the protection and security of this data, in compliance with regulations.

Sigilium neither sells nor rents personal data to third parties for marketing purposes without the express consent of Sigilium Users.

Outside of these cases, disclosure of personal data to third parties may only occur in the following situations:

• with their authorization;

• at the request of legally competent authorities, by court order, or in the context of legal proceedings.

Data Retention Period

In order to fulfill its legal obligations or to have the necessary elements to assert its rights, Sigilium may archive the data under the conditions set forth by regulations.

Thus, the personal data collected by Sigilium regarding the identity and contact details of its Users are archived for a maximum period of two years after the termination of the contractual relationship for client Users, or from their collection by the data controller or the last contact from the prospective User regarding data relating to them.

The cessation of the contractual relationship is understood as the express termination of the contract by the User or the non-use of Sigilium's services for a period of five years.

User Rights

In accordance with the regulations, the User has the rights of access and rectification of personal data concerning them, allowing them to correct, complete, update, or delete data that is inaccurate, incomplete, ambiguous, outdated, or whose collection, use, communication, or retention is prohibited.

The User also has the rights to request the limitation of processing and to object on legitimate grounds to the processing of their personal data. Additionally, the User can provide instructions regarding the fate of their personal data in the event of their death.

When applicable, the User can request the portability of their data, or when the processing is based on consent, withdraw their consent at any time.

The User can exercise their rights by emailing dpo@sigilium.com or by sending a letter to:

Sigilium SARL – DPO Team

141 avenue de Wagram - 75017 Paris

The User can also at any time modify their data by logging into https://www.Sigilium.com/fr/ and clicking on “log in” or by contacting the customer relations service at contact@Sigilium.com

The User can unsubscribe from Sigilium's newsletter or marketing emails by following the unsubscribe links contained in each of these emails.

The User can, in the event of a dispute, file a complaint with the CNIL whose contact details can be found at the internet address https://www.cnil.fr.

The User will have access to detailed information about the use of their personal data, particularly regarding the purposes of processing, the legal bases allowing Sigilium to process the data, their retention periods, their recipients, and, if applicable, the transfers to a non-member country of the European Union, as well as the safeguards implemented. To do this, the User can send their request by email to dpo@Sigilium.com.

Cookies

For more information on how Sigilium manages cookies, please visit our cookie policy page.

Security

Sigilium has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent them from being distorted or damaged or accessed by unauthorized third parties.

These measures include:

• Proven antivirus and detection of intrusion attempts,

• Encrypted data transmission using SSL/https technology

  
  

Furthermore, access to processing by the Sigilium services receiving the data requires authentication of the persons accessing the data, via an access code, an individual password, and two-factor authentication.

Data transmitted over unsecured communication channels is subject to technical measures to render this data incomprehensible to any unauthorized person.

Any questions regarding the security of Sigilium's website can be addressed to support@Sigilium.com.

Modification of the Privacy Policy

Sigilium reserves the right to update this Privacy Policy to comply with changes in applicable laws and regulations.

Changes will be notified via our website or by email, if possible, at least thirty days before they take effect.