Privacy Policy

Introduction

Neptune law firm (“Neptune”), with offices in Paris and Lyon, operating as an Association d’Avocats à Responsabilité Professionnelle Individuelle (AARPI – partnership with individual professional liability) whose head office is at 38, rue Jean Mermoz – Paris 75008 (France) – Phone number: +33 (0)1 78 65 31 43, registered at the Paris Bar, sets out below its privacy policy in respect of personal data, in compliance with applicable data protection regulations in France governed by: (i) the French Data Protection Act (Loi 78-17 relative à l’informatique, aux fichiers et aux libertés) of 6 January 1978; (ii) Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 (“General Data Protection Regulation”), which entered into force on 25 May 2018; and (iii) any other standards, decrees, regulations or legislation that may be issued by a competent national or European personal data protection authority (hereinafter collectively referred to as “Applicable Personal Data Protection Regulations”).

The purpose of this privacy policy is to inform you about the potential processing of your personal data by Neptune, in its capacity as controller, and/or the processing by Neptune of third-party personal data disclosed by you, in the capacity of processor.

1- Scope of application of the Policy

Neptune is the controller for processing the personal data (meaning any information concerning an identified or identifiable person) concerning you as a client (your “Personal Data”), processed via the website available at the following address: www.neptune.legal (“Website”), under the terms and conditions set out in this personal data protection policy (“Privacy Policy”).

The Website’s editorial manager is Patrick Douin.

The Website is hosted by OVH SAS – 2 rue Kellermann – BP 80157 – 59053 ROUBAIX CEDEX 1 – Phone number: 1007

This Privacy Policy and the Cookie Policy also presented on the Website, available here, concern all users including those who use the Website without having registered or subscribed for a specific service (collectively, the “Users”).

2- Type of personal data collected

Neptune collects your registration data, the data you voluntarily disclose to it, the browsing data concerning your access to and use of the Website, and other miscellaneous information. Specifically, Neptune collects the following information:

  1. The data that you voluntarily share with Neptune: Neptune may collect your Personal Data, particularly concerning your personal records (name, first name, age, postal address, email address), marital status, profession (job, etc.), and economic and financial information.
    This data is exclusively collected in the framework of the performance and management of the contract between you and Neptune, as required by the legal or regulatory obligations applicable to Neptune, to fulfil its legitimate interests (follow-up and maintain the client relationship), or based on your prior consent.
  2. Browsing data: when you access and use the Website, Neptune may collect information concerning your visits. For example, to enable you to access the Website, our servers receive and register information concerning your computer, device and browser, which can include your IP address, the type of browser and other information concerning the applications or hardware. If you access the Website from a Smartphone or another device, Neptune may collect the device ID, geolocation data and other ID data concerning the device. The information can also be collected using cookies and other tracking technologies (such as browser cookies, retargeting and audience measurement cookies, web beacons, etc.). These technologies may also be used to collect and store information concerning your use of the Website, such as the pages you visit. For further information, please read our Cookie Policy here.

We do not collect:

  1. Financial data from payment service providers.
  2. Special categories of Personal Data: we request you not to disclose or communicate to us, via the Website, any data considered by the French Data Protection Authority (CNIL) as Special Categories of Personal Data or assimilated (these include the police record, racial or ethnic origin, political opinions, religious or philosophical beliefs, health data or trade union membership).

3- Purposes for which personal data is collected

We process your Personal Data to:

a) enable your use of the Website and show you our various fields of expertise and services;

b) enhance your user experience of the Website;

c) provide you with assistance as a client and reply to your inquiries;

d) comply with legal obligations or reply to requests from public and governmental authorities;

e) fulfil Neptune’s interests: in certain cases Neptune may disclose your Personal Data, particularly if it considers in good faith that it should be processed to (i) protect, exercise or defend the rights, privacy, security and property of Neptune or its employees, representatives and service providers (including for the performance of our contracts and our terms of use); (ii) protect the safety, privacy and security of the Website’s users or the public; (iii) protect itself from fraud or with a view to risk management;

f) subject to you prior consent, where necessary, conduct business development operations based on your personal preferences and choices.

4 – Legal basis for processing your data

a) the processing operations referred to in Section 3 (a), (b), (c) and (e) of this Privacy Policy are based on the Controller’s legitimate interest to ensure the proper functioning of the Website and reply to queries from Users. However, with regard to the use of certain cookies, the processing is based on the Data Subject’s consent (cookies);

b) the processing referred to in Section 3 (d) of this Privacy Policy is based on applicable legal and regulatory requirements;

c) the processing referred to in Section 3 (f) of this Privacy Policy is based on the User’s consent.

5 – Data storage period

Neptune only collects your Personal Data that is strictly necessary for the intended purposes, as set out above, and for the time strictly necessary for the purpose concerned. In particular, your Personal Data is stored in our active database for the time required to perform the mission entrusted to Neptune. At the end of this storage period, your Personal Data will be erased or archived for the time necessary (i) to enable Neptune to fulfil its legal and regulatory obligations, and/or (ii) to defend a legal claim.

6 – Data processing

Your Personal Data is processed both manually and electronically and is protected by appropriate security measures. Neptune implements technical and organisational measures to ensure the security and privacy of your Personal Data and to prevent it from being damaged, erased or disclosed to unauthorised third parties.

In this respect, although Neptune applies appropriate administrative, technical and organisational measures to protect your Personal Data from theft, loss, or unauthorised use, disclosure or modification, it cannot guarantee that it can protect it against all existing forms of IT risks.

In case of a breach of your Personal Data liable to constitute a risk, Neptune undertakes to send notice of the breach concerned, in accordance with Articles 33 and 34 of the General Data Protection Regulation, to the competent supervisory authority (CNIL) no later than 72 hours after becoming aware thereof, and to the User as soon as possible.

7 – Access to your data

In the framework of the intended purposes set out in Section 3 of this Privacy Policy, your data is shared by Neptune with those of its staff authorised to process it by virtue of their duties. Neptune may also share your Personal Data with the following recipients:

a) Third-party service providers, processors or ultimate processors (i.e., computer service providers, other entities of the group and other service providers, including but not limited to: IT service providers, experts, consultants, companies involved in potential mergers, demergers or other legal processes and, in particular, to other legal advisors (in the scope of exchanges of legal documents, litigations, etc.) or to legal formalityies service providers (for the purpose of filing applications for registration with court registrars or other authorities)).

b) Some processors may be located in the European Union and may process your Personal Data on the behalf, on the instructions or under the authority of Neptune. In accordance with the General Data Protection Regulation, Neptune requires its processors to demonstrate sufficient guarantees concerning the implementation of appropriate technical and organisational measures to ensure the security and privacy of your Personal Data.

8 – Your rights in respect of your Personal Data

You can exercise the following rights at any time, free of charge:

a) right of access, portability, modification, erasure and restriction of the information concerning you;

b) right to refuse the processing of your data on legitimate grounds;

c) possibility to instruct us as to what becomes of your data (storage, erasure, disclosure to third parties, etc.) after your lifetime.

You can exercise these rights by writing to the following email address: contact@neptune.legal

You also have the right to file a complaint with a national supervisory authority such as the CNIL in the event of a violation of applicable personal data protection regulations, such as the General Data Protection Regulation.

9 –Processing of third-party personal data disclosed by the client to Neptune, and processed by the latter as processor

You may potentially provide us with third-party Personal Data (e.g.: Client’s employees, Client’s clients, etc.) concerning their personal records (name, first name, age, postal address, email address), marital status, profession (job, etc.) and economic and financial information (“Third-Party Data”).

You will then be the controller for the processing of such Third-Party Data. Neptune, who collects and processes the Third-Party Data on your behalf and according to your instructions, then acts as processor.

In your capacity as controller, you represent and warrant that you fulfil your obligations in terms of the protection of such Third-Party Data and, in particular, that you (i) guarantee the lawfulness of the processing of such Third-Party Data, (ii) have informed and obtained, where necessary, the data subjects’ consent, (iii) have implemented all the appropriate technical and organisational measures to ensure the security and privacy of the Third-Party Data, (iv) allow the data subjects to rapidly and effectively exercise their rights, and (v) have implemented an effective procedure in the event of a Third-Party Data breach.

You are the owner of the Third-Party Data and remain exclusively liable for any violation of personal data regulations committed in the scope of your management of the Third-Party Data as controller, and Neptune will not incur any liability in such respect. In no event may Neptune be held liable for any breach of such personal data that you may commit.

As processor of the Third-Party Data, Neptune undertakes, in accordance with Article 28 of the General Data Protection Regulation, to:

  • process the Third-Party Data solely for the purpose of the mission entrusted to it by you;
  • process the Third-Party Data only on your instructions;
  • ensure that the persons authorised to process the Third-Party Data undertake to maintain confidentiality or are bound by an appropriate legal confidentiality undertaking;
  • implement appropriate technical and organisational measures to ensure the security and privacy of the Third-Party Data;
  • take into account, in respect of tools, products, applications or services, the principles of data protection by design and data protection by default;
  • assist you, where possible, in complying with the obligation to respond to requests for exercising the data subject’s rights;
  • inform you of any Third-Party Data breach as soon as possible after becoming aware thereof;
  • assist you, in view of the information available, to ensure compliance with legal requirements in terms of security of the processing, notification of data breaches and data protection impact assessment;
  • make available to you all the information necessary to demonstrate Neptune’s compliance with its obligations and to enable audits, including inspections, to be conducted by you or another auditor appointed by you, and to contribute towards such audits.

10 – Amendments and updates

Neptune reserves the right to amend or update the applicable Privacy Policy following any amendment or addition to applicable personal data protection regulations and will inform Users thereof on its Website. Users are therefore encouraged to regularly consult the Website.