The company MIMBUS (hereinafter “MIMBUS”), whose head office is located at 1 Rond-Point de Flotis 31240 Saint-Jean, registered in the Toulouse Trade and Companies Register under number 531 522 225, specializes in the publishing of application software.
Through the intermediary of the website https://mimbus.com (hereinafter “Website”) of which it is the owner, MIMBUS communicates on its activity and allows users (hereinafter “Users”) interested in its products and services to get in touch with it or to follow its news.
In its capacity as data controller, MIMBUS takes the protection of the User’s privacy seriously and undertakes to protect his/her personal data.
Therefore, the Website has been developed taking into account the User’s privacy from its conception and in particular the principle of minimizing the data collected.
Consequently, the purpose of this Policy is to provide the User with fair and transparent information as to the means and reasons that lead MIMBUS to collect and process personal data through its Website.
MIMBUS complies with the requirements the legal and regulatory requirements in force, namely the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), the amended Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector (hereinafter “ePrivacy Directive”) and the amended Data Protection Act of 6 January 1978.
ARTICLE 1 : TYPE OF PERSONAL DATA COLLECTED
When the User wishes to contact MIMBUS to obtain more information on its products and services, to request a quotation, or for any other question, he/she can provide various information concerning him/her through the contact form accessible on the Website.
In this respect, MIMBUS collects at least identification data concerning the User, namely his/her name and e-mail address.
The User may also provide MIMBUS with his telephone number and his country or region of residence, if he so wishes.
Finally, when the User wishes to receive news related to MIMBUS’ activity, he/she must provide MIMBUS with his/her name and e-mail address.
ARTICLE 2 – PURPOSE OF PROCESSING PERSONAL DATA
2.1. Legal basis for processing personal data
When the User fills in the form with the aim of sending MIMBUS a contact request, the User is asked to give his free, specific, informed and unequivocal consent to the collection and processing of his personal data.
To do so, after having filled in the information concerning him/her and written his/her message, the User must check a box inviting him/her to consent to the collection and processing of his/her personal data.
Similarly, if the User requests to receive news from MIMBUS, he/she must check a box to obtain his/her consent after filling in his/her name and e-mail address.
MIMBUS will keep proof of the User’s consent to the collection and processing of his/her personal data.
2.2. Purpose of processing personal data
MIMBUS collects and processes the User’s personal data for a specific and legitimate purpose. This personal data shall not be further processed in a way that is incompatible with this initial purpose.
First, MIMBUS uses the information collected for the purpose of forwarding the User’s contact request to the relevant MIMBUS department(s) and responding to it.
Secondly, MIMBUS uses the information collected for the purpose of sending news by e-mail to the User.
ARTICLE 3 – SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
MIMBUS attaches the utmost importance to the security and integrity of its users’ personal data.
MIMBUS undertakes to protect the personal data collected, not to transmit them to third parties without the User’s prior knowledge and to respect the purposes for which the data was collected.
Consequently, MIMBUS undertakes to take all technical, organizational and software measures in the field of digital security to protect the User’s personal data against alteration, accidental or unlawful destruction, accidental or unlawful loss and unauthorized distribution or access, as well as against any other form of unlawful processing or communication to unauthorized persons.
In the event that the integrity, confidentiality or security of the User’s personal data is compromised and is likely to result in a high risk to the User’s rights and freedoms, MIMBUS undertakes to inform the User by any means and as soon as possible.
ARTICLE 4 – ACCESS TO PERSONAL DATA
The administrative and commercial staff of MIMBUS is authorized to process the User’s personal data by virtue of their duties.
ARTICLE 5 – SHARING OF USER INFORMATION WITH THIRD PARTIES
The User’s information may be shared with others in the following ways.
5.1. Sharing of personal data with subcontractors
MIMBUS uses the services of subcontractors with cloud infrastructures to store the User’s personal data.
In order to safeguard the security of the User’s personal data and the protection of the User’s rights, MIMBUS has ensured that its subcontractors use the User’s personal data only in accordance with its instructions and provide sufficient guarantees that they have implemented technical, organizational and software measures that provide a high level of security for its services.
5.2. Sharing of personal data with the subsidiary of the MIMBUS group
In order to preserve the security of the User’s personal data and the protection of the User’s rights, MIMBUS has ensured that MIMBUS Inc. uses the User’s personal data only in accordance with its instructions and presents sufficient guarantees as to the implementation of technical, organizational and software measures providing a high level of security for its services.
ARTICLE 6 – PLACE OF COLLECTION AND PROCESSING OF PERSONAL DATA
MIMBUS collects and processes personal data that are hosted on servers located in non-European Union member states, but which may also be communicated to the American subsidiary of the MIMBUS group.
As a result, MIMBUS transfers personal data outside the European Union.
While laws and regulations vary from one country to another, some offering the User more protection than others, MIMBUS ensures that it shares personal data with companies that guarantee a level of protection adequate to the RGPD.
In order to do so, MIMBUS and these companies use and respect a legal framework for data transfer called Standard Contractual Clauses (SCC).
SCCs are written commitments between the parties that serve as the basis for data transfers from the European Union to third countries and that provide appropriate safeguards for the protection of personal data.
The DTAs are defined and approved by the European Commission and cannot be modified by the parties using them. The User can consult this document by clicking here.
ARTICLE 7 – DURATION OF STORAGE OF PERSONAL DATA
The User’s personal data will be kept for a period of three (3) years from the last contact with MIMBUS.
Before the expiry of the aforementioned period, the User may in any case exercise his right to erasure, his right to object or his right to withdraw his consent in accordance with the provisions of Article 9 of this Policy.
ARTICLE 8 – COOKIES
ARTICLE 9 – EXERCISE OF THE USER’S RIGHT
9.1. Presentation of the User’s right
In accordance with the applicable regulations on the protection of personal data, the User has the following rights:
- The User may exercise his/her right of access to his/her personal data;
- The User may exercise his/her right of rectification so that MIMBUS may correct any personal data that is inaccurate or incomplete;
- The User may exercise his/her right to erase his/her personal data if he/she no longer wishes to be contacted by MIMBUS;
- The User may exercise his/her right to the portability of his/her personal data and ask MIMBUS to obtain all his/her personal data in a structured, commonly used and machine-readable format;
- The User may exercise his/her right to limit the processing of his/her personal data, in particular during the time necessary for MIMBUS to verify that the User is validly exercising his/her right to erasure.
- The User may exercise his right to object to the processing of his personal data. In this case, MIMBUS will stop processing the User’s personal data;
- The User may exercise his right to withdraw his consent to the processing of his personal data as easily as he gave it and at any time. In this case, MIMBUS will stop processing the User’s personal data.
9.2. Procedure for exercising rights
The User may exercise the aforementioned rights by contacting MIMBUS by e-mail at the following address: firstname.lastname@example.org.
In support of his request, the User must provide MIMBUS with a copy of his valid proof of identity.
MIMBUS is required to respond to the User’s request within a maximum of 30 (thirty) days from receipt of the request.
However, MIMBUS will have an additional two-month period due to the number or complexity of the requests. If necessary, MIMBUS will inform the User of the extension of the deadline and the reason for it.
MIMBUS is not obliged to accept the User’s request if it is clearly abusive, in particular because of its repetitive nature, or if there are compelling and legitimate reasons that prevent its satisfaction.
In any case, MUMBUS will inform the User of the follow-up given to his request.
In the event that MIMBUS has not responded to the request within the time limit set, the User has the right to refer the matter to the Commission Nationale de l’Informatique et des Libertés (CNIL) if he/she wishes to contest a decision or if he/she believes that one of the rights listed above has been infringed.
3 place de Fontenoy
75334 PARIS CEDEX 07
Téléphone : +33 22.214.171.124.22.
URL : https://www.cnil.fr
ARTICLE 10. MODIFICATION OF THE DATA PROTECTION POLICY
MIMBUS reserves the right to modify this Policy at any time in order to ensure its compliance with current law.
In case of significant changes, MIMBUS will inform the User by e-mail.
MIMBUS encourages the User to periodically review this Policy for the latest information on our privacy practices.