Privacy Policy (2022 09 27)

Respecting your rights as personal data subjects and respecting the applicable law regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, we pledge to maintain the security and confidentiality of the personal data which we have obtained from you. Please note, you are also subject to the requirements of the Data Protection Act.

The Services are operated by Sulitest Impact (the “Company”, “We”), registered under the number W133022480 at Préfecture des Bouches-du-Rhône – France (French law, Association loi 1901), located at Kedge BS – Domaine de Luminy – BP 921 – 13288 Marseille – France. It is therefore governed by the laws and regulations of France.

This Privacy Policy provides a description of how we take care of your personal data, as well as information about your rights to privacy. When using the Services, a User approves the privacy protection practices described in this Policy.

  1. We collect the following personal data on the Website: a) The data necessary for registering a User and for creating an Account: an e-mail address, password, name and surname, birth date, country of origin, time zone, and type of entity (an individual user/an organization). Such data is required for the correct configuration of an Account and for establishing contact with a User, if need be; b) Data required for providing services to a User or to a Respondent, the contents of which may change depending on the service provided or on the nature of an online Test. This may include a residence or address, phone number, education, profession, and the data contained within the online Tests; c) Data required to proceed with the complaint process — name and surname, as well as a User's or Respondent's e-mail address, the device's IP address, Tax Identification Number — which we require from those requesting an invoice who have a Tax Identification Number number; d) Information resulting from the general principles of Internet connections, such as an IP address (as well as other information contained within the system logs), which is used by the Website administrator for technical purposes. IP addresses may also be used for statistical purposes, including the collection of general demographic information (e.g., determining the region in which the connection is made).
  2. Providing the data mentioned above is necessary in cases specified therein, including: a) To use the Services offered by Sulitest Impact; b) To reply to your questions and make it possible to get in touch via e-mail; c) To proceed with voluntary registration (setting up an Account) on the Website. In such a situation, we store the data the User has provided in order to make it easier for the User to use the services available on the Website in the future until the User deregisters (delete the Account).
  3. Functional cookies are required for the sole purpose to enable or facilitate communication by electronic means and are strictly necessary for the provision of the Services at the request of the users. Optional marketing and analytical cookies are always disabled by default.
  4. The personal data of the User is processed by our company as the Controller in order to proceed with the implementation of the services which we render to the User (i.e., the persons whom the data concerns), and which are offered within the scope of the Services. Pursuant to the data minimization principle, we process only those personal data categories which are necessary to achieve the goals which have been discussed in the preceding sentence.
  5. In relation to the personal data of the Users, the Controller is the entity processing the personal data on the basis of an agreement concluded with the User. In such a case, the Controller of the data is a User who is collecting data via online Tests.
  6. As a person using the Website, it is your responsibility to choose if, and to what extent, you would like to use the Services and share information and data about yourself within the scope set forth in this Privacy Policy.
  7. We process personal data for the period necessary to achieve the objectives mentioned in par. 1 and 2 above. Personal data may be processed for a longer period of time if an obligation is imposed on us as the Controller, if required by specific legal provisions, or because of the Controller's legitimate interest specified in par. 9 let. c below (i.e., for the period of the termination of the claims, or the completion of the relevant proceedings, if these were started within the limitation period).
  8. The sources of the personal data processed by the Personal Data Controller are the persons the data concerns.
  9. The following article is the basis for the processing of your personal data; Art. 6 par. 1, let. a of the GDPR, i.e. the data subject has given consent to the processing of their personal data for one or more specific purposes; where the purposes are described within the Terms of Service.
  10. To provide the Services, we rely on data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose.
  11. a) Data management is carried out by our IT partner, ALEAUR (209b Avenue Charles de Gaulle 92200 Neuilly-sur-Seine - SIRET 411 893 167 00014), in accordance with current legislation. The Data from the Sulitest platform is stored in two secure computer centers, located in France and certified ISO 27001, OHSAS 18001, ISO 22301, ISO 14001, SSAE16/ISAE 3401 SOCs, PCI-DSS, ISO9001, ISO 50001, HDA/HADS.
  12. b) In a case where the personal data is transferred to a third country, or to an international organization, the company undertakes to put in place the EU standard contractual clauses for any transfer and to make these clauses available to users.
  13. We do not make any personal data available to third parties without the explicit consent of the person whom the data concerns. Without the consent of the person whom the personal data concerns, this data can be made available only to the bodies which are governed by public law (i.e., tax authorities, law enforcement authorities, as well as to other entities which are authorized by the generally applicable provisions of the law).
  14. The personal data may be entrusted for processing to the processors of such data on behalf of our company as the Controller. In such a situation, as the Controller, we conclude an entrustment agreement with the processor for the processing of personal data. The processor processes the entrusted personal data only for the purposes, within the scope, and as per the goals indicated in the entrustment agreement, which has been referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to proceed with our activities through the Services. As the Controller, we entrust personal data to the following entities for processing: a) Those providing hosting services for the Services; b) Organization Users the Individual User has agreed to share their personal data with.
  15. Under the provisions of the GDPR, each person whose personal data we are processing as the Personal Data Controller has the right to: a) Be informed about the processing of the personal data referred to in art. 12 of the GDPR; b) Have access to their personal data referred to in art. 15 of the GDPR; c) Correct, supplement, update, or rectify the personal data referred to in art. 16 of the GDPR; d) Delete the data (the right to be forgotten), referred to in art. 17 of the GDPR; e) Limit the processing referred to in art. 18 of the GDPR; f) Transfer the data referred to in art. 20 of the GDPR; g) Object to the processing of the personal data, which is referred to in art. 21 of the GDPR; h) In the case of the legal basis: The right to withdraw the consent at any time without any influence on the compliance with the processing right, which has been made on the basis of the consent prior to its withdrawal; i) Not be the subject of profiling, referred to in art. 22, in conjunction with art. 4 par. 4 of the GDPR; j) Lodge a complaint with a supervisory body referred to in art. 77 of the GDPR. The supervisory authority of France, the company’s member state, is CNIL.

Each person whose personal data we are processing must take into consideration the principles of using and implementing these authorizations that result from the provisions of the GDPR.

  1. If you would like to exercise your rights as referred to in the preceding paragraph, you should use functionalities provided by the Services, which will allow you to delete your account and the data stored on the Website. You may also send an e-mail message to either of the addresses referred to in par. 17 or write to the correspondence address.
  2. Any inquiries, requests, and complaints regarding the processing of the personal data by the Controller, hereinafter referred to as the Requests, should be sent to the following e-mail address: support@sulitest.org.
  3. Each identified security breach is documented and in case any of the situations described in the provisions of the GDPR of the Act occurs, the relevant supervisory authority will be notified. Information to data subjects regarding an identified security breach is assessed based on the impact of the breach notification.
  4. All words in capital letters have the meaning assigned to them by the Terms and Conditions of the Website, unless stated otherwise in this Privacy Policy.
  5. The provisions of this Privacy Policy are applicable within the possible extent to all persons with whom we remain in legal relations, and to those for whom we are the Controller of their personal data (i.e., our Users).
  6. In any matters not regulated by this Privacy Policy, the relevant applicable provisions of the law shall apply. In case any of the provisions of this Privacy are not compliant with the regulations of the law, the latter provisions shall be applicable.
  7. We reserve the right to periodically review and change this policy from time to time and will notify users who have enabled the notification preference about changes to our privacy policy.