PERSONAL DATA PROTECTION POLICY
4D is particularly concerned with respect for privacy and the protection of personal data. As part of its publishing business, 4D is required to process information about you. For example, by completing a form, making a purchase at the store, contacting our sales staff, registering for an event that we organise, participating in a competition, and browsing the 4D website, you provide us with information, some of which may identify you (“personal data”).
We only use your personal data in the cases provided for by the regulations in force:
- Performance of a contract we have entered into with you, and/or
- Compliance with a legal obligation, and/or
- Your consent to the use of your data, and/or
- The existence of a legitimate interest in using your data.
If you have any questions regarding this document, please contact the Data Protection Officer: firstname.lastname@example.org
1. The data controller
The data controller is 4D, a French société par actions simplifiée (simplified limited company) with share capital of €2,240,245, whose registered office is located at 66, Route de Sartrouville – 78230 Le Pecq, France, registered in the Versailles Trade and Companies Register under number 318 918 851.
2. The types of data collected
2.1 The data you send us directly
In the context of the various types of contact we have with you, you may be required to provide us with information that concerns you. Information is collected in particular when subscribing to the 4D Partner Programme, creating an account on our website, ordering from our Store or accessing any other offer or service.
These data include:
- First names, surname, title and date of birth;
- Postal address, email address and telephone numbers;
- The encrypted username and password used to identify you on our websites (forum, store, etc.)
- Encrypted information about your means of payment (including credit card number);
- Any other information you wish to bring to our attention.
2.2 The data we collect in the context of our business relationship
The data we collect in the course of our business relationship with you include:
- Information about the history of your business relationship: subscriptions, orders for products and services and invoicing and payment, where applicable;
- Your participation in promotions, competitions and events;
- Your requests to our technical support department;
- Information on purchases of 4D products and services.
2.3 The data we automatically collect
2.4 Data concerning children
Our products and services are aimed at adults capable of fulfilling contractual obligations. Underage users must obtain the consent of their legal guardian prior to transmitting personal data concerning them.
2.5 Exclusion of any sensitive data
4D does not collect any sensitive data concerning you. Sensitive data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data or sexual orientation. If such information is in any way transmitted to 4D, it will be deleted.
3. Data security
Pursuant to the Regulations in force, 4D undertakes to implement appropriate technical and organisational measures in order to guarantee a level of security appropriate to the risks. The resources implemented by 4D are listed in a special document available on request from the DPO (email@example.com).
The information collected from this form is electronically processed by 4D:
- for events organised by the company;
- to keep you informed of latest product and service announcements, software updates or upgrades, system enhancements, special offers and other information;
- to enable you to create and manage a personal profile;
- to enable us to contact you;
- to customise marketing communications and website content based on your preferences, for example, in response to your request for specific information about products and services that may be of interest to you
- to conduct questionnaires and surveys to provide better products and services to our customers and users;
- to meet contractual or legal obligations;
- for customer management purposes
5. Retention period
4D undertakes to keep personal data for a period of time in accordance with the legal provisions or in proportion to the purposes for which they have been registered. The retention periods vary depending on whether we have a current contractual relationship (you are an active customer), whether we had a contractual relationship with you in the past (you are a passive customer) or whether we have never had such a relationship with you (you are then a prospective customer). Data related to your browsing of our online services collected by cookies that you have authorised have a specific retention period.
The table below shows the main data retention periods.
Prospective customer data
Create and manage a prospective customer file
3 years from collection or the last contact from the prospective customer
Active customer data
Customer account management
Througout the term of the contractual relationship
Passive customer data
Data concerning the performance of the contract
Management of the customer account, orders, deliveries, invoicing and payments
10 years after the end of the contract or the last contact from the inactive customer
6. Notifications of personal data breaches
4D shall notify any breach of Personal Data security that accidentally or unlawfully causes the destruction, loss, alteration, unauthorised disclosure of Personal Data transmitted, stored or otherwise processed, or unauthorised access to such Personal Data, promptly upon becoming aware of it.
4D has an internal data leak procedure available on request from the DPO (firstname.lastname@example.org).
7. Access to data collected by 4D
7.1 Access to data within 4D
The following may have access to some of your data:
- 4D employees in the technical support, administrative, accounting, IT and sales & marketing teams.
- 4D group subsidiaries
Personnel with access to personal data are subject to a confidentiality obligation (by a nominative confidentiality agreement signed at the time of recruitment).
7.2 Our subcontractors
4D undertakes where possible to use subcontractors:
- Established in a country of the European Union or the European Economic Area, or
- Established in a country with a sufficient level of protection by decision of the European Commission with regard to the Applicable Regulations, or
- Certified Privacy Shield if it is established in the United States, or
- Having the appropriate safeguards pursuant to Article 46 of the GDPR
4D imposes on its subcontractors a level of obligation at least as equivalent in terms of Personal Data protection to that set out in this policy and by the Applicable Regulations.
7.3 Our business partners
4D draws your attention to the fact that if you decide to subscribe to the products or services of our business partners and allow them access to some of your information, in particular by logging in to their websites or applications, their privacy policies and their cookies are binding on you. We have no control over the collection or processing of your data implemented by our business partners on their own platform.
7.4 Police, judicial or administrative authorities
This applies where we have a legal obligation to do so or to guarantee the rights, property and security of the 4D group.
8. Transfer of data outside the European Union
We retain your personal data in the European Union. However, 4D may transfer Personal Data outside the European Union. In all cases, 4D shall refrain from transferring the Personal Data without putting in place the appropriate tools to supervise such transfers pursuant to Article 46 of the GDPR, outside of:
- The European Union, or
- The European Economic Area, or
- Countries recognised as having an adequate level of security by the European Commission, including companies based in the United States of America certified as “Privacy Shield”.
The necessary agreements, and in particular standard contractual clauses drawn up by the European Commission, will be entered into between 4D and its own subcontractors, or any other third party involved in the Processing, unless the European Commission has recognised the third country in question as providing an adequate level of protection.
9. Data subjects’ right to be informed and the exercising of their rights
In accordance with Regulation (EU) 2016/679 on the protection of personal data, you have the following rights to your data: right of access, right of rectification, right to erasure, right to be forgotten, right to restriction of processing, right to portability. You may also define guidelines for the retention, erasure and communication of your personal data after your death. You have the right to access, modify and correct information concerning you.
You also have a right to object to the processing of your personal data for legitimate reasons.
To exercise your rights, you must send a letter to the 4D company’s Data Protection Officer, at the following postal address: 4D, 66 Route de Sartrouville. Parc les Erables- Bâtiment 4 – 78230 or Le Pecq – France or by email to the following address email@example.com
Before we respond to your request, we may verify your identity and/or ask you to provide further information to respond to your request. We will endeavour to respond to your request within a reasonable period and, in any event, within the deadlines set by law.
In the event of an unsatisfactory response, you may lodge a complaint with the French Data Protection Authority (CNIL): https://www.cnil.fr/fr/plaintes