Chargement...

Privacy policy for personal data

Lemon Way, as data controller, responds to its obligations to comply the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and with Act n°78-17 of 6 January 1978 on Information Technology, data files and civil liberties.

LEMON WAY

The data controller is the company LEMON WAY, having its registered office at 14 rue de la Beaune, 93100 Montreuil – France. Tel: + 33 (0) 1 48 18 19 30

NATURE OF DATA COLLECTED

Lemon Way collects directly and indirectly the following categories of data concerning its Users:

  • Civil status, identity, identification data, …
  • Data related to professional activity (CV, education, professional training, distinctions, etc.)
  • Economic and financial data (income, financial situation, tax situation, etc.)
  • Connection data (IP addresses, event logs…)

PURPOSE OF THE PROCESSING

In the context of the operation of the Site and our services, the processing of personal data has as its purpose the management of customers, the creation and management of accounts, the management of contracts, regulatory control in the anti against money laundering, prospecting, the preparation of statistics, the management of requests for access, rectification and opposition rights

RIGHTS OF INDIVIDUALS

You have the following rights within the limits provided by applicable regulations.

  • Right of access to the personal data you have provided;
  • Right to rectification of personal data provided;
  • Right to have your personal data deleted;
  • Right to request a personal processing limitation;
  • Right of objection for legitimate reasons;
  • Right to data portability;
  • Right to lodge a complaint with a supervisory authority (CNIL).

COMMUNICATION TO THIRD PARTIES

Your personal data may be disclosed pursuant to a law, regulation or decision of a competent regulatory or judicial authority.

DATA RETENTION PERIOD

The personal data that Lemon Way collects are kept for the time necessary for the purpose of processing. Beyond this retention period, they become intermediate archives, or they are anonymised and kept for statistical or historical purposes.

Purges concerning your personal data are set up in order to verify the effective deletion as soon as the conservation or archiving period necessary for the fulfilment of the determined or imposed purposes is reached.

COOKIES

A cookie is a text file that can be placed on your device when you visit a website. A cookie file allows its issuer to identify the terminal in which it is stored.

Lemon Way undertakes not to store cookies for more than 12 months after the first deposit in the User’s terminal. The validity period of the User’s consent is also 12 months. The law provides for a maximum storage period of cookies of 13 months maximum.

Lemon Way uses cookies for technical purposes to ensure the proper functioning of its Website. Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, by processing information concerning the frequency of access, the personalisation of pages and the operations carried out and information consulted.

Social network sharing cookies are issued and managed by the publisher of the social network concerned. If you consent, these cookies allow you to easily share some of the content published on our website, in particular through a “button” application sharing according to the social network concerned. 

DATA TRANSFER OUTSIDE THE EUROPEAN UNION

Lemon Way does not transfer personal data outside the European Union. Where applicable, Lemon Way complies with European regulations and French law regarding data transfers to a third country. Lemon Way will inform and seek the consent of its users.

SATA SECURITY

Lemon Way implements the appropriate technical and organisational measures to guarantee an appropriate level of security. The technical measures implemented by Lemon Way delow.

REQUESTS

If you have any questions regarding the user’s privacy policy, or to exercise your rights, you can contact Lemon Way at the following email address: dpo@lemonway.com

VIOLATION OF PERSONAL DATA

We undertake to implement all appropriate technical and organisational measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of personal data concerning you. In the event that we become aware of illegal access to your personal data stored on our servers or those of our subcontractors, or unauthorized access resulting in the realization of the risks identified above, we undertake to:

  • Notify the incident as soon as possible;
  • Take the necessary measures within reasonable limits to eliminate or reduce the negative effects and harms that may result from the incident.

LIMITATION OF LIABILITY

Under no circumstances can the commitments defined in the point above related to the violation of personal data be assimilated to any admission of fault or liability for the occurrence of the incident in question.

MODIFICATION OF PRIVACY POLICY

If this Privacy Policy changes, Lemon Way will not substantially reduce the level of privacy without first informing the individuals concerned and obtaining your consent.

Please note that the privacy policy may be modified or supplemented at any time, in particular in order to comply with any legislative, regulatory, jurisprudential or technological changes. These modifications commit the User as soon as they are put online. It is therefore advisable that the User regularly consults the privacy policy in order to become aware of any changes.

Technical measures in place for GDPR compliance

In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to processing personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and in particular Article 32, and the amended Act No. 78-17 of 6 January 1978 on Information technology, Data Files and Civil Liberties, Lemon Way ensures the security of your personal data through the following technical and organisational measures:

ENCRYPTION OF CONFIDENTIAL DATA

All data (documents, digital data) are stored in automatically encrypted file systems on the fly (AES-256) and compatible with the General Data Protection Regulations through FIPS 140-2 certified software.

Data hosting is located in France in ISO 27001 and PCI DSS compliant data centers.

ACCESS RIGHTS MANAGEMENT

Rights of access shall be subject to compliance with internal allocation procedures and shall meet the following requirements:

  • Monitoring of groups and directories with a security policy reinforcing data control;
  • Reduction of access rights with an “a minima” principle, i.e. maintaining the principle of the least privilege. If it is not necessary, the right of access is not allowed;
  • Fine management of authorisations and revocation in the event of users leaving or being transferred.

The monitoring of rights of access is subject to ongoing internal control by our compliance team.

 TOOLS OF CONTROL EXTERNAL INTRUSIONS INTO THE NETWORK

Lemon Way has chosen for many years to trust the antivirus and anti-malware solution publisher McAfee with its VirusScan Enterprise suite, which is deployed throughout the information system. Network protection solutions are also in place with the use of the latest generation firewalls equipped with advanced features such as UTM (Unified Threat Management), DDOS automatic protection solutions (DPS) and a WAF (Web Application Firewall) operated by the company Imperva.

The information system is continuously analysed by Tenable’s Nessus agents in order to trace any new detected vulnerability in real time. A SIEM (Security Information and Event Management) completes the system in order to collect and analyse all the sensitive activities involved in all IS components.

 PASSWORD POLICY

A strong password management policy is in place (unique identifier, complexity, size, regular change, limitation of attempts, etc.), security policies have been defined and implemented. The correct application of these policies is regularly and automatically monitored on all IS machines using specific monitoring agents and any anomalies are reported to the security team.

PROTECTION VIA SECURE FLOWS

Lemon Way secures all communications to its applications via the use of SSL – TLS 1.2 point-to-point encrypted connection (systematic HTTPS use, SHA-2 certificates). A network partitioning of the different environments is set up, DMZ (Demilitarized Zone) as well as IDS (Intrusion Detection System) intrusion detection systems