Personal data and cookies

Privacy and Personal Data Protection Policy

v

1. Who processes your personal data?

Hexa-GO (hereinafter “we” or the “Company”) places the protection of your personal data at the heart of its concerns.

This Privacy Policy sets out the principles and guidelines for the protection of your Personal Data and aims to inform you about:

  • The Personal Data we collect and the reasons for such collection,
  • The way in which your Personal Data is processed,
  • Your rights regarding your Personal Data.

We undertake to comply with the regulations in force relating to the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR”), as well as any applicable national regulations (hereinafter the “Regulations”).

2. What personal data is processed by our services?

We undertake to collect only data that is strictly necessary for the direct or indirect performance of the subscribed services when they require the processing of our customers’ personal data (or that of our customers’ customers). Where optional data is requested, we will clearly inform you which Personal Data is necessary for the performance of the subscribed service and which data is voluntarily provided by you.

The Company mainly processes Personal Data collected directly from you, such as:

  • Identification data: last name, first name, company name, SIRET number
  • Connection data: logs, browsing data, etc.

3. Why do we process your personal data?

We undertake to process your personal data for specified, explicit and legitimate purposes and not to process it further in a manner incompatible with those purposes.

Legal bases:

Each processing operation carried out by the entities of the Company, as Data Controller, is based on at least one of the legal grounds provided for by the applicable regulations, namely:

  • The performance of a contract to which the data subject is party, or the performance of pre-contractual measures taken at their request,
  • Compliance with legal and regulatory obligations to which the Company is subject,
  • The protection of the vital interests of the data subject or of another natural person,
  • The performance of a task carried out in the public interest,
  • The legitimate interests pursued by the Company, while respecting the interests, freedoms and fundamental rights of the data subject,
  • And/or the collection of the data subject’s consent for one or more specific purposes.

Purposes:

We process your Personal Data in particular for the following purposes and on the basis of the legal grounds presented in the table below.

  • Managing the commercial relationship between professionals and Hexa-GO and, in certain cases, Colissimo.
  • Enabling professionals to contact customer service.
  • Enabling professionals to manage their widget.
  • Enabling professionals to access their secure area.
  • Producing statistics and satisfaction surveys.
  • Carrying out commercial prospecting.
  • Sending newsletters and/or automated emails (subject to prior customer consent).
  • Managing the exercise of rights.

4. How long is your personal data retained?

The retention period of your personal data is determined according to the products and services subscribed to and the Personal Data processing operations carried out by the Company. We undertake not to retain your Personal Data beyond the period necessary to provide such products or services in accordance with your contract.

Some of your Personal Data may be retained for longer periods pursuant to specific legal or regulatory provisions, or in order to respond to requests from authorities or authorized third parties.

Personal Data which, due to its use for various processing operations, is subject to several retention periods is retained for the longest applicable period.

Except in the cases mentioned above, the retention of any Personal Data is limited to the sole purpose(s) for which it is processed, unless otherwise stated and notified to you.

At the end of these periods, we proceed with their destruction in accordance with our internal policy or anonymize them for statistical purposes.

5. How is your Personal Data protected?

In accordance with the regulations in force, we undertake to implement all appropriate technical and organizational measures to ensure a level of security for your Personal Data that is appropriate and proportionate to the risk. These measures (e.g. data segregation, anonymization, encryption, access restriction, etc.) are intended to ensure the confidentiality, integrity, availability and resilience of your Personal Data.

The Company undertakes to take into account the protection of your Personal Data and your privacy from the design stage of new products or services offered to you. To ensure security and guarantee the respect and proper exercise of your rights, measures to protect your Personal Data are implemented.

As data controller, we notify personal data breaches to the competent supervisory authority, namely the French Data Protection Authority (CNIL), as soon as possible and, where feasible, within seventy-two (72) hours after becoming aware of any personal data breach likely to result in a risk to your rights and freedoms. Any breach of your Personal Data likely to result in a high risk to your rights and freedoms will be notified to you as soon as possible in accordance with the applicable regulations.

6. With whom is your Personal Data shared?

Your Personal Data is collected directly from you and is used only for the purposes that have been brought to your attention.

Your Personal Data may in particular be communicated to the following recipients, for the purposes set out above:

  • The Company’s potential subsidiaries and the Group to which it belongs, to internal departments responsible for the performance of the subscribed services, in particular Customer Service, Sales Department, etc.,
  • Subcontractors, partners or service providers who perform services on your behalf or on our behalf,
  • Commercial partners, after having informed you in advance and allowed you to express your choices via a checkbox,
  • Authorized administrative or judicial authorities or, more generally, any authorized third party (lawyers, statutory auditors, etc.), in order to comply with our legal or regulatory obligations.

Some of your Personal Data processed by the Company is collected indirectly from the following sources:

- Either from our customers, who provide information on subscribers, beneficiaries, rights holders, contacts and recipients. This data is necessary for the performance of the subscribed services,

- Or from third parties, such as fraud prevention organizations, data providers, organizations (World Customs Organization, etc.) and members of the Universal Postal Union.

In the event of indirect collection, the Company undertakes to inform the individuals in accordance with the conditions set out in Article 14 of the GDPR.

Certain services may be used by minors. In such cases, minors must obtain the consent of their parents or legal representatives.

7. Is your personal data transferred outside the European Union?

All processing of your Personal Data is carried out within the territory of the European Union (EU).

However, for certain specific services, we may use subcontractors, partners or subsidiaries established outside the EU. In such cases, your Personal Data is communicated to them strictly for the purposes of carrying out their assignments.

In the event of transfer of your Personal Data to a country outside the EU, we undertake to implement all appropriate safeguards available under the applicable regulations to ensure the supervision and security of such transfers.

8. What are your rights and how can you exercise them?

When we collect your personal data, you receive, through information notices, clear and transparent information on the processing carried out and on the procedures for exercising your rights. In accordance with the Regulations, you may exercise your rights subject to meeting the applicable conditions.

These rights are:

  • The right to access the personal data we hold about you. This includes the right to request additional information on:
    • The categories of data we process,
    • The purposes of the processing of such data,
    • The recipients and categories of recipients to whom your data has been disclosed,
  • The retention period of your data where possible, or, where this is not possible, the criteria used to determine such period;
  • The right to have inaccurate or incomplete personal data concerning you rectified;
  • The right to object at any time to the use of your Personal Data;
  • The right to be “forgotten” by exercising your right to erasure of your Personal Data;
  • The right to request the restriction of the processing of your Personal Data;
  • The right to request that your Personal Data be recovered in a structured, commonly used and readable format in order to use it and transmit it to another data controller (right to data portability);
  • The right to provide instructions regarding the fate of your Personal Data after your death;
  • The right to withdraw your consent at any time, where consent has been requested. This will in particular allow you to modify and/or withdraw your consent regarding commercial prospecting.

Any request must indicate your last name, first name and the address to which you wish to receive the response. You must provide proof of your identity. In the event of a genuine doubt as to your identity, an identity document (front/back copy) may be requested. It will be retained for the time necessary to process your request and then permanently deleted.

These rights may be exercised by contacting us:

- either by email at: pro@hexa-go.com

- or by post at: 31 boulevard Tisseron, 13014 Marseille, France

The Company undertakes to respond to your requests to exercise your rights as soon as possible and, in any event, within the legal time limits.

If, after contacting us, you consider that your rights regarding your data are not being respected, you may submit a complaint to the French Data Protection Authority (CNIL):

CNIL - 3 place de Fontenoy - TSA 80715 – 75334 Paris Cedex 07

Or by telephone: +33 1 53 73 22 22.

You are informed of the existence of the telephone marketing opposition list “Bloctel”, on which you may register: https://conso.bloctel.fr.

9. How can you contact our Data Protection Officer (DPO)?

Hexa-GO has appointed a Data Protection Officer (DPO) with the CNIL.

You may contact the Data Protection Officer at the following address:

Data Protection Officer

Juliette Pairé, admin@hexa-go.com, +33 4 12 33 30 31

Glossary

Personal Data”: Any information relating to an identified or identifiable natural person.

Recipient”: Any department, company or organization that receives and may access your Personal Data.

“The Company”: The legal entity, acting as data controller, which drafted this Policy.

Privacy and Personal Data Protection Policy” and “Policy”: This Policy describing the measures taken for the processing, use and management of your Personal Data and your rights as a data subject.

Data Controller”: The Company that carries out the processing of your Personal Data.

Processing”: Any operation or set of operations applied to your Personal Data.

Personal Data Breach”: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data.

Processor”: Any natural or legal person, public authority, department or other body which processes personal data on behalf of the data controller.

Cookies Policy

Scope of Application

Hexa-GO, hereinafter “we” or “the Company,” publisher of the Passerelle Colissimo site(s), hereinafter “the Site,” processes your personal data as data controller throughout your navigation on the Site.

The Site uses cookies, trackers, and other similar technologies, placed and/or read by us or by third parties during your visit. For simplicity, all these technologies are referred to below as “Cookies.”

This policy aims to inform you about the operation and use of Cookies on the Site. It covers all services linked to the Site as well as all its subdomains. This policy is complementary to the Company’s Privacy Policy.

What is a Cookie?

The term “Cookies” is used broadly and covers all trackers placed and/or read, for example, when visiting a website or mobile app, or when activating or prior to activating a chatbot. For convenience, we use the term “Cookies” to encompass all technologies that read or write data on the user’s device. A Cookie or tracker is placed by your web browser (e.g., Internet Explorer, Firefox, Safari, Google Chrome, etc.) on a dedicated space on your device’s hard drive, by the Site server or a mobile app you visit.

The information stored may be sent back to our servers or to third-party servers during a subsequent visit.

What Types of Cookies Are Used on the Site?

  • Technical and necessary Cookies for the Site’s operation

These Cookies are necessary for the proper functioning of the Site to respect your user preferences. Their collection does not require your consent. Functional Cookies facilitate navigation on the Site, ensure security and performance, and activate basic functions such as page navigation and access to secure areas. The Site cannot function properly without these Cookies. They are strictly necessary and cannot be disabled without affecting access to the Site or certain services. We use these Cookies based on our legitimate interest. They expire automatically when you leave the Site.

  • Audience measurement Cookies requiring your consent

Audience measurement Cookies allow us to measure site traffic and track navigation. Their use requires your consent.

With your consent, certain audience measurement Cookies provide additional statistics on Site usage to improve your browsing experience.

With your consent, we use analysis and personalization Cookies to study customer journeys (online and offline), personalize website and mobile app content in real time, and tailor emails and other communications according to your navigation and profile.

Some Cookies may have purposes beyond simple audience measurement for our exclusive use, such as tracking navigation across different apps or websites.

  • Audience measurement Cookies exempt from consent

Some audience measurement Cookies are exempt from consent under Article 82 of the French Data Protection Act and Article 5 of CNIL Deliberation No. 2020-091 of 17 September 2020.

These Cookies are strictly limited to audience measurement for the exclusive benefit of the Company. They generate anonymous statistical data only and do not allow global tracking across multiple apps or websites, nor are they combined with other data or shared with third parties.

They help us understand how users interact with the Site or mobile apps, measure traffic, and improve the usability and relevance of our services. These audience measurement Cookies are used based on our legitimate interest to analyze page visits and generate anonymous statistics.

You can object to audience measurement Cookies exempt from consent as described in Article 5 of CNIL Deliberation No. 2020-091 (see “How to manage your consent?” below).

  • Advertising Cookies

These Cookies, subject to your consent, track user navigation on the Site and mobile apps to display relevant and interesting advertisements. They may be used to:

  • Show personalized ads based on your profile and navigation,
  • Measure ad performance,
  • Present targeted ads based on your interests inferred from visited pages,
  • Personalize editorial content based on your navigation,
  • Display content in real time matching your interests across multiple sites,
  • Enable external multimedia content (e.g., videos hosted by third-party providers),
  • Allow content sharing on social networks. Even if you do not use the share button, the social network providing the button may identify you through Cookies and track your navigation if your account is active on your device.
  • Third-party Cookies

These Cookies are set by third-party advertisers (ad networks or advertisers). Their use is subject to the privacy policies of these third parties. We inform you about the purpose of the Cookies we are aware of and your options, including opting out. For more details, consult the privacy policies of these third parties. Example: Passerelle Colissimo.

Which Cookies Are Used on the Site?

Below is a list of Cookies that may be placed on your device during navigation, indicating the publisher, name, duration, and purpose.

Unless otherwise stated, personal data collected via these Cookies will only be processed for a maximum duration of XXXX months after collection.

For Cookies requiring your consent, your choices will be retained for six (6) months. After this period, you will be asked again to express your preferences.

  • Internal Cookies set directly on the Site domain:
Cookie Publisher Cookie Name Cookie Duration Purpose
Hexa-Go PHPSESSID Session duration Technical
REMEMBERME 7 days Functional
Axeptio axeptio_all_vendors 12 months Functional
axeptio_authorized_vendors 12 months Functional
axeptio_cookies 12 months Functional
Google _gid 12 months Audience Measurement
_ga_<ID> 13 months Audience Measurement
_glc_au 13 months Advertising

How Can You Manage Your Consent?

On your first visit, a pop-up will inform you about Cookies.

  • Clicking “Accept All” allows us to place all consent-based Cookies on your device.
  • Clicking “Refuse All” prevents us from placing any consent-based Cookies on your device.
  • Clicking “Manage Preferences” lets you select which Cookies or categories we can place and use after saving your choices, as described in this policy.

You can disable Cookies via your device, but this may affect the Site’s functionality.

You can manage your Cookie preferences at any time via the management module by clicking here.

How Can You Exercise Your Rights?

To exercise your rights, you can contact us at:

  • contact@hexa-go.com
  • 33 boulevard Tisseron, 13014 Marseille

As part of the Company’s personal data protection policy, you may contact our Data Protection Officer, Juliette Pairé, at admin@hexa-go.com or 33 boulevard Tisseron, 13014 Marseille.

If you encounter difficulties managing your personal data, you have the right to file a complaint with the French Data Protection Authority (CNIL).

Glossary

  • Data Controller:

Any operation or set of operations performed on personal data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, transmission, dissemination, interconnection, limitation, blocking, deletion, or destruction.

  • Personal Data:

Any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or one or more elements specific to them (e.g., name, first name, ID number, email, IP address, voice, photo, location data, etc.).

  • Legitimate Interest:

A legal basis under data protection regulations. Processing based on this basis is necessary to pursue legitimate interests of the organization or a third party, while respecting the rights and interests of the data subjects.