Confidentiality and Personal Data Protection Policy
From the magicsight.io site

Date of last update: 30 April 2024

GENERALITIES

MAGIC SIGHT takes care of your privacy, which we are committed to protecting. We collect your personal data (your “Data”) transparently and believe that you should be able to know for what purpose it is used, understand the rights that this Data gives you, and know how to exercise them. This “Personal Data Protection Policy” explains our practices for the collection, use and possible transfer of your Data. By accepting the General Terms of Use and Sale and using our services, you acknowledge that you accept MAGIC SIGHT's practices, as described in this Personal Data Protection Policy. For any information, questions or remarks concerning this Personal Data Protection Policy, we invite you to contact us (“Support” section above).

DEFINITIONS

All capitalized terms used in this Policy but not defined here have the definitions given to them in the MAGIC SIGHT Terms and Conditions. In addition, the definitions below apply to this privacy policy: Data — refers to data that can directly or indirectly identify the Customer or a User within the meaning of the GDPR. The RGPD — refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to the processing of Personal Data and to the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

DATA PROCESSING

Categories of Data collected by MAGIC SIGHT

MAGIC SIGHT collects the following data for each Customer, representative or User:
· Name, first name
· Professional email address
· Fixed and/or mobile phone number
· Business name
· Business structure
· Intra-community VAT number
· National or local registry number (RCS, SIRENE, etc.)
· Postal address of the company's head office
· Connection data

Except for automatic debit or payment by check, we also inform you that MAGIC SIGHT does not have any banking information about you. All bank information required for payment when placing an order is collected directly by our payment service provider.

Data Collection Purposes

MAGIC SIGHT collects your Data when you create an account or if you contact us by email.

Depending on the case and context, we may need to collect your Data in order to:
· Process your purchases and orders and provide you with the MAGIC SIGHT services you have ordered
· Communicate MAGIC SIGHT news, offers and promotions to you, after having previously obtained your consent for this purpose in particular
· Provide after-sales service including the management of reimbursements
· Offer you an answer in case of request, request or suggestion on your part
· Allow you to exercise your rights
· Ensure the management of complaints and contentious points
· Protect MAGICSIGHT staff and customers
· Conduct statistical analyses in order to improve the user experience on the MAGIC SIGHT website and the offer of MAGIC SIGHT products and services
· Manage MAGIC SIGHT orders
· Comply with our legal obligations to national control authorities and other regulatory bodies

Data is collected in accordance with the following legal bases:
· You have given your explicit consent in accordance with article 6.1 (a) of the GDPR,
· This is authorized and required by law under Article 6.1 (b) of the GDPR, for the processing of contractual relationships · We are legally obliged to do so under Article 6.1 (c) of the GDPR
· Disclosure is required under Article 6.1 (f) of the GDPR to allow MAGIC SIGHT to establish, exercise, or defend legal claims.

Personal Data Retention Period

We only keep Data for the retention periods provided for by the RGPD, if the purpose of the processing has not been completed and according to the nature of the Data. Once the deadlines have expired, this Data will be deleted or archived in the cases provided for by law. The Data collected by MAGIC SIGHT is kept for the duration of the commercial and contractual relationship between it and the Customer. Once the contractual relationship is over, MAGIC SIGHT is likely to keep your Data for a period of five (5) years, with regard to the processing purposes previously set out in accordance with the provisions of the RGPD.
In the event that you have created an account on the MAGIC SIGHT website without ever having placed an order, MAGIC SIGHT will keep your Data for a maximum of fourteen (14) months from the last incoming contact.

Transfer of Personal Data

Access to your Data is strictly limited to MAGIC SIGHT employees and agents, authorized by virtue of their functions and bound by an obligation of confidentiality. However, the Data collected may possibly be communicated to subcontractors who are contractually responsible for the execution of the tasks necessary for the proper functioning of the Platform and/or the Services as well as for the proper management of our relationship with you, without the need for you to give your authorization. The subcontractors in question are subject to an obligation of confidentiality and can only use your Data in accordance with our contractual provisions, and applicable legislation. Apart from the cases mentioned above, we undertake not to sell, rent, rent, transfer or give access to your Data to unauthorized third parties without your prior consent. Also, MAGIC SIGHT may be likely to share its Customers' Data if required by law or judicial procedure, if any public authority requests it or if the transmission of this Data is necessary to ensure the safety of its Customers and protect its own rights, in application of the provisions in force of the RGPD.

MAGIC SIGHT Obligations

MAGIC SIGHT undertakes to comply with the provisions of the amended law of January 6, 1978 relating to information technology, files and freedoms as well as the provisions of the RGPD and any other applicable regulations in the field that would supplement or replace them later.

To this end, MAGIC SIGHT undertakes to comply with the following obligations:
· Process Data only within the framework of this Personal Data Protection Policy and only in connection with MAGIC SIGHT's Terms and Conditions
· Ensure that only duly trained personnel have access to Data
· Implement technical and organizational measures to protect Data, as required by the GDPR
· Ensure that the Data is in no way used, manipulated, distributed, distributed, distributed, copied, processed for purposes other than the fulfillment of obligations as explicitly agreed and arising from this Privacy Policy

Your Data is stored on secure servers and protected by a firewall and antivirus. We put in place security measures to guarantee the confidentiality of your Data against any accidental loss and against any unauthorized access, use, modification and disclosure.

Given the particularities inherent to the Internet, it is however impossible for us to guarantee the optimal security of information exchanges on this network. We strive to protect your Data, but we cannot guarantee the absolute security of the information transmitted on the Platform or when connected to the Customer Area.

We cannot be held responsible for non-compliance with privacy settings or security measures in place on the Platform. As such, you agree that the security of your information is also your responsibility.

For example, it is your responsibility to keep the Authentication Data that allows you to access your Customer Area secret. Do not disclose it to third parties under any circumstances.

EXERCISING YOUR RIGHTS

In accordance with the provisions of the RGPD, you have rights relating to the processing of your Data. To exercise your rights, please contact us using the information in the next section.

Right of access

When we process personal information collected through our website for account management, billing, or marketing purposes, we give you the ability to access, review, edit, and delete any personal information that we process in accordance with the provisions of the GDPR. You have the right to request that we disclose certain information to you regarding the collection and use of your personal information.

Right to rectification

You have the right to obtain the correction of inaccurate Data concerning you, and to have incomplete Data completed.

Right to restrict or object to processing

You have the right to restrict the processing of your Data in certain circumstances. This means you can limit how we use your data.

The right to restrict the processing of your Personal Data may be exercised in the following circumstances:
· You contest the accuracy of your Personal Data
· Your Personal Data has been processed unlawfully
This right is an alternative to your right to erasure.

Right to erasure
You have the right to ask us to delete any Data that we have collected from you and maintained, subject to certain exceptions.

We may refuse your request for deletion if the retention of the information is necessary in order to allow us or our service providers and/or subcontractors to:
· Complete the transaction for which we collected the Data, provide the service you requested, or reasonably fulfill our obligations
· Comply with a legal or regulatory obligation
· Detect security incidents, protect ourselves from malicious, deceptive, fraudulent, or illegal activities, or prosecute those responsible for such acts
· Identify and repair errors that interfere with the existing functionality of the Services

Right to withdraw consent
If we collected and processed your Data based on your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the legality of any processing that we carried out before your withdrawal, nor the processing of your Data based on other legal bases provided for by the GDPR.

Right to data portability
The right to data portability gives you the right to receive the Data you have provided to us in a structured, commonly used and machine-readable format. At your request, we can also transmit your Data directly to another entity.

CONTACT

If you have questions, comments or requests concerning this policy, or if you wish to exercise one of your rights relating to the protection of your Data, you can contact us by:

· Email us at the following email address: contact@magicsight.io
· Send us a letter to the following postal address: MAGIC SIGHT - 8, rue de la Pommeraie - 78530 BUC - FRANCE

You can also file a complaint with the Commission Nationale Informatique et Libertés (CNIL), the competent GDPR supervisory authority on French territory:

· Through the online form available at the following address: https://www.cnil.fr/fr/plaintes
· By post by writing to: CNIL - Complaints Department - 3, place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

ENTRY INTO FORCE AND MODIFICATION
OF THIS PERSONAL DATA PROTECTION POLICY

The version in force is that of the vintage applicable on the date an Account was created.

MAGIC SIGHT reserves the right to modify this Policy, in particular in accordance with changes in data protection regulations and according to the processing methods implemented by MAGIC SIGHT.

MAGIC SIGHT will make its best efforts to keep you informed by any means of any changes. When the treatment is based on consent, MAGIC SIGHT will notify the changes to the Policy so that you can consent to the new version of this Policy.

If MAGIC SIGHT makes a change to this Policy, a new version will be posted on the appropriate media and the “Last Updated” date at the top of this Policy will be updated.

MAGIC SIGHT therefore invites you to regularly consult the materials publishing this Policy.