Publisher information

The present web site accessible at the URL www.naltilia.com (hereinafter “the Site”) and the software solution accessible at the URL (hereinafter “the Solution”) are the property of NALTILIA, SAS with capital of €150, registered in the Paris Trade and Companies Register under number RCS 932 432 099, with registered office at 3 avenue Fénelon, Maisons Laffitte, France, subject to VAT under number FR27932432099 E-mail:[email protected] The publication director is Jean-Christian Le Meur in his capacity as NALTILIA's Chief Executive Officer.

Hosting information

The Site is hosted in Europe by https://www.vercel.com and https://railway.com/. Vercel can be contacted by e-mail at the following address: [email protected] and Railway can be contacted by e-mail at the following address: [email protected]

The texts, images, sounds, animations, software and other contents included in this website are the exclusive property of NALTILIA or its licensors. Any act of transmission, distribution, transfer, reproduction, storage or total or partial public communication must have the express consent of NALTILIA.

The Site may contain links to other third party sites that it cannot control and assumes no responsibility for the content that may appear on these third party sites.

Who has access to your personal data?

All information is collected and recorded by Naltilia, acting as data controller, whose head office is located at 3 avenue Fénelon, 78600 Maisons Laffitte. The data is accessible only by NALTILIA’s strictly authorized personnel, who have been trained in the protection of personal data.

If you have any questions about data protection, please contact us at [email protected].

Our hosts

To enable you to access our Naltilia website, Naltilia uses Scaleway and Railway, the recipient of some or all of the data you transmit. Scaleway and Railway are responsible for the hosting, maintenance and operation of the naltilia.com website.

In order to enable you to access the forms and other public channels generated by our compliance platform, Naltilia, as a provider of its subscribers, uses Scaleway and Railway. Scaleway and Railway are also the recipients of some or all of the data you transmit. Scaleway and Railway are responsible for hosting, maintaining and participating in the smooth operation of our compliance platform, forms and other public channels.

Our office automation supplier

For the day-to-day management of its activities, Naltilia uses Google on its employees' workstations. This company is the recipient of some or all of the data you transmit when interacting with Naltilia. This company transfers data outside the European Union in accordance with standard contractual clauses. A copy of these clauses is available here https://policies.google.com/u/0/privacy?hl=fr#europeanrequirements.

Our B2B prospecting solution providers

Naltilia uses several service providers to manage its commercial prospecting. These companies are also the recipients of some or all of the data you transmit:

- HUBSPOT, a CRM and appointment scheduling tool, which transfers data outside the European Union under the terms of standard contractual clauses and binding company rules. A copy of these clauses is available https://legal.hubspot.com/dpa.

- LINKEDIN, a publicly accessible database of business contacts, which transfers data outside the European Union under the terms of standard contractual clauses and binding corporate rules. A copy of these clauses is available https://www.linkedin.com/help/linkedin/answer/a1343190

Administrative and judicial authorities and any authorized regulated profession

As a reminder, Naltilia may transmit data to the competent authorities in order to follow up on claims made against Naltilia and to comply with administrative and judicial procedures. Any regulated profession authorized to receive data for the satisfaction of legal and regulatory obligations may also have access to data, such as auditors, experts, or any auditor of a competent authority.

What data does Naltilia process?

The data processed by Naltilia comes from various channels and includes data related to your identity (surname, first name, etc.), contact details (e-mail address) your professional life (professional details, company name, etc.), as well as connection data collected via message, e-mail, telephone and videoconference exchanges (e-mail opening, message timestamp, duration of call or videoconference, etc.).

Why does Naltilia process your personal data?

To process your requests for information: Naltilia processes your data in order to respond to your requests for information and documentation. The legal basis for this processing is Naltilia's legitimate interest in contacting visitors to the site. The provision of this data is mandatory in order to respond to the request. Consequently, failure to provide this data will prevent your request from being processed.

To provide you with commercial offers: Naltilia processes your data in order to send you commercial offers by e-mail, message, videoconference and telephone. In accordance with the regulations, your prior consent to receive such solicitations is not mandatory as long as they are part of a B2B (business-to-business) commercial approach and within the framework of your professional activity. Nevertheless, you are free to object to such prospecting by exercising your right to object under the conditions detailed in the last section of the policy. The legal basis for this prospecting is Naltilia's legitimate interest in developing its commercial relations.

To manage our customers and partnerships: Naltilia processes your data in order to manage its customers, partnerships, contracts and associated billing. The legal basis for this processing is the performance of the contract or pre-contractual measures between you and Naltilia. The provision of this data is compulsory in order to offer and execute a commercial service. Consequently, failure to provide this data will prevent the commercial service from being carried out correctly.

To enable you to consult and enter your requests at our compliance platform: Naltilia processes your connection data in order to allow you to enter or consult a regulatory request (gift or invitation declaration, internal alert declaration, security incident declaration...) from our compliance platform. The legal basis for this processing is Naltilia's legitimate interest in providing the service subscribed to its subscribers. The provision of this data is mandatory in order to enable you to consult and enter requests. Consequently, failure to provide this data will prevent requests from being consulted or entered.

How long does Naltilia keep personal data?

The data you send to Naltilia is kept for a defined and respected period.

Data collected to process your requests for information: 3 years from receipt of the request.

Data collected to offer you commercial offers: 3 years from the last contact with the person concerned.

Data collected to manage our clientele and partnerships: 5 years from the end of the commercial relationship for evidentiary purposes in the event of litigation; 10 years from the close of the financial year for accounting purposes for invoicing data.

Data processed to enable you to consult and enter your requests from our compliance platform: Naltilia acts as a subcontractor for its customers and complies with the retention periods applied by the latter.

What are your rights?

You can contact us to exercise your rights by sending an e-mail to [email protected]

If you would like to know more about your rights, you can consult the website of the French personal data protection authority, the CNIL.

Right of access, right of rectification, right of deletion: You can consult, modify or delete your personal data at any time, and thus exercise your right of access, right of rectification or right to erasure by the means presented at the beginning of this section.

Right to object: When you receive e-mails from Naltilia, you are free to object at any time by clicking on the unsubscribe link at the bottom of the messages, by indicating this during our telephone or video-conference exchanges or by using the means presented at the beginning of this section.

Right to portability: You may exercise your right to portability at any time by using the means presented at the beginning of this section. Naltilia will provide you with a copy of your personal data in an open and interoperable format in order to facilitate its use.

Right to limitation: You may exercise your right to limitation in addition to the exercise of another right by specifying it in your request by the means presented at the beginning of this section. Naltilia will no longer process your personal data and will retain it for the period required to verify/review the exercise of the other right (access, deletion, portability, etc.).

Right to withdraw your consent: You may withdraw your consent if the processing is carried out on the basis of your consent, provided that the withdrawal of such consent does not affect the lawfulness of the processing based on consent carried out prior to the withdrawal thereof.

Right to lodge a complaint: If you believe that Naltilia is unlawfully processing your personal data in breach of your rights, you may at any time lodge a complaint with the French data protection authority (CNIL) via its website.