Logo Vistory

Privacy policy

Article 1 – Purpose – Scope

This Policy informs you about the type of personal data we collect, how we process it, the measures we take to ensure its security and the nature of your rights.

By using the https://vistory.com website (hereinafter the “SITE”), you declare that you accept the terms of this Policy and consent to our collection, use and disclosure of your personal data in accordance with the Policy. This Policy applies to all personal data that you directly or indirectly provide to us. If you do not agree with the terms of the Policy, please do not use the https://vistory.com website.

The Policy may be amended at any time. It is binding on the user from the date it is posted on the SITE. The date of the update is mentioned each time the Policy is modified. The user is therefore invited to consult the most recent update of the Policy on a regular basis.

Article 2 – Owner and data controller

The personal data collected and processed when using the SITE are processed by VISTORY, a simplified joint stock company with a capital of 150,000 euros, whose registered office is located at 13 avenue Morane Saulnier – 78140 Vélizy-Villacoublay, registered in the Versailles Trade and Companies Register under number 809 772 825, intra-community VAT number 809 772 825 (hereinafter “VISTORY”), in its capacity as manager of the processing of said personal information.

VISTORY has appointed Mr David Dupont, Director of Operations, as Data Protection Officer.

If you have any questions about the collection and/or processing of data, the content hereof, your rights under applicable law or how to update your information, please send an e-mail to: dpo@vistory.com.

Article 3 – Data collection methods

Subject to applicable laws, VISTORY collects personal data (i) about users consulting or using the SITE or (ii) about any third party whose information the user provides to VISTORY when:

Browsing the site or using any of the SITE’s services;
Filling in any online form of the SITE – including the contact form;
Subscribing to any SITE newsletter;
Any participation in a game or competition, product tests, satisfaction surveys or polls;
Any offline exchanges between the user and VISTORY, by telephone, SMS, e-mail or post, for example.

The user’s personal data may also be collected when the user fills in only part of the fields to be filled in on the SITE or when the entry is abandoned during the process. This data may be used by VISTORY to contact the user, notably for marketing purposes.

Article 4 – Personal data collected

In this Policy, “personal data” refers to information or items of information that make it possible to identify the user directly or indirectly. This generally includes, depending on the circumstances and the user’s browsing on the SITE:

Identity information: surname, first name, title;
Contact information: professional and personal details (postal address, delivery address, billing address, telephone number, email address);
Information concerning the user’s professional background;
Connection data when the user browses the VISTORY websites;
Data necessary for the execution of contracts concluded by CETIM within the framework of its collective and commercial activities, etc….
Data necessary for the management of event relations, communication operations, solicitation, promotion, investment, sponsorship and partnership.

This data is collected fairly, when strictly necessary and legal. We undertake to collect only the minimum amount of personal information necessary for the purposes covered by this Policy. VISTORY does not collect or process any “sensitive” or “at risk” data as defined by the GDPR.

Subject to applicable legislation, VISTORY reserves the right to supplement the data collected with information obtained from third parties authorised to share it (e.g. public sources to obtain the user’s SIRET or sector of activity).

If the user provides personal data concerning a third party, it is the user’s responsibility to ensure compliance with the regulations applicable to the protection of personal data and in particular its obligations to obtain the prior consent of the third parties concerned. As such, in accordance with the applicable regulations on data protection, the user declares to have notified the third party concerned and obtained their express consent to provide their personal data and to have informed them of the way in which VISTORY collects, uses, discloses and stores personal data.

Article 5 – Purposes of processing

The user authorises the personal data collected as described above to be collected, stored and used:

To enable VISTORY to fulfil its contractual obligations with the user;
To enable VISTORY to fulfil its legitimate interest (e.g. for internal administrative purposes, customer management, data analysis and benchmarking, direct marketing, maintenance of automatic back-up systems or detection or prevention of criminal activity);

To enable VISTORY to meet its legal obligations (e.g. to respond to requests from the tax and/or social authorities).

Article 6 – Legal basis for processing

Subject to applicable laws, VISTORY collects and processes the user’s personal data from the user on the following legal bases:

To process and execute the user’s document order

Legal basis: contractual, legitimate interest to guarantee the best level of services and user consent when required.

To manage the commercial relationship with the user (customer service; support)

Legal basis: contractual, legitimate interest in guaranteeing the best level of service and user consent where required.

Monitor, measure, improve and protect the SITE and its content and offer a personalised, high-quality user experience (data used here in pseudonymised form).

Legal basis: legitimate interest in guaranteeing the best level of service.

To carry out internal checks on the SITE, applications, systems and services in order to test and improve their security, delivery and performance or to personalise the user experience.

Legal basis: legal obligation, legitimate interest in guaranteeing the best level of service and user consent where required.

To provide any information to the user in accordance with regulatory or legal obligations.

Legal basis: legal obligation.

Detecting, preventing, investigating or preventing criminal, illegal or prohibited activities, or protecting VISTORY’s rights (including liaising with law enforcement agencies).

Legal basis: legal obligation.

Contacting the user for marketing campaigns, advertisements, or targeted information that may be useful to the user, based on the user’s use of the SITE.

Legal basis: contractual, legitimate interest in guaranteeing the best level of service and user consent where required.

To carry out data analysis and comparative analysis

Legal basis: contractual, legitimate interest in guaranteeing the highest level of service and user consent where required.

Any processing of personal data for purposes other than those set out herein will require the user’s consent if it is not justified by a legitimate interest.

Article 7 – Conservation period

VISTORY keeps personal data only for as long as is strictly necessary to fulfil the purposes described above, to comply with its legal, regulatory and contractual obligations and to defend its legitimate interests. This data will be retained and used for legal, tax, regulatory, anti-fraud and legitimate conduct of VISTORY’s business purposes for as long as legally permitted.

In the event that VISTORY no longer requires the personal data, VISTORY will destroy it in a secure manner (without information or notice).

Article 8 – Transfer to third parties

VISTORY may transmit and share the user’s personal data:

To any company belonging to the VISTORY Group, for the purposes indicated in this Policy (for example: for global information management and customer relationship management; for accounting purposes and software and service improvement; and in order to provide information, applications, products or services requested by the user);
To service providers and agents (including their sub-contractors) or third parties processing information on behalf of VISTORY (e.g. administration of the SITE, management of registrations and subscriptions, follow-up of the processing of a request, auditors and consultants) so that they can help VISTORY to respond to the user’s request and to comply with its legal and regulatory obligations;
To any third party including any administrative authority or public body, in order to comply with VISTORY Group’s legal and regulatory obligations, including legal or regulatory reporting and the detection or prevention of unlawful acts;
To any third party, in the context of existing or imminent legal proceedings, provided that VISTORY is legally authorised to do so (for example, in response to a court order);

Article 9 – Actions marketing

VISTORY may from time to time use the user’s personal data to contact the user with information about its applications, products and services that may be of interest to the user.

VISTORY may also share the user’s information with companies of the VISTORY group and carefully selected third parties, so that they can contact the user with information about applications, products and services that may be of interest to him, by telephone, mail, SMS or e-mail.

This processing is carried out on the following legal bases: contractual, legitimate interest in guaranteeing the best level of operation and quality of the applications, products and services and the user’s consent where required.

The user may request that marketing actions aimed at him or her be terminated at any time by sending an e-mail to: contact@vistory.com. When sending by e-mail, VISTORY clearly specifies in the subject of the message, which appears in the electronic mailbox, the identity, or the commercial nature of the proposal. At the bottom of the message, the user will also find the possibility to exercise his right to oppose the sending of any new message.

Article 10 – Right of access, rectification, portability and deletion of personal data

Insofar as required by the laws in force, the user has the following rights:

The right to know how the data is used and the right to access it;
The right to request the modification, rectification, updating or deletion of data and to restrict the processing of data;
The right to object to the processing of data;
The right to block or delete personal data that is inaccurate, incomplete, equivocal, out of date, or the collection, use, communication or storage of which is prohibited;
The right to receive personal data in a structured, commonly used and machine-readable format, or to have it sent directly to another company, if technically feasible (“data portability”);
The right to withdraw consent at any time – where consent was required;
The right to refuse any decision based on automated processing of personal data, in particular profiling; and
The right to lodge a complaint with the supervisory authority responsible for data protection issues, the Commission Nationale de L’Informatique et des Libertés, https://www.cnil.fr/fr/plaintes.

In order to exercise any of the aforementioned rights, the user must follow the following procedure: send an email specifying the subject of his/her request and using the following email address: dpo@vistory.com.

In case of withdrawal of consent to the use of personal data for the purposes set out in this Policy, the user is informed that VISTORY may no longer be able to provide access to all or part of the SITE, applications and services.

Article 11 – Safety measures

VISTORY ensures data security by taking technical and organisational measures to ensure the security of personal data processing and data confidentiality, in application of the French Data Protection Act and the RGPD, and more specifically the measures necessary to prevent their unlawful or unauthorised processing or their accidental loss, destruction and/or damage.

VISTORY strives to protect the user’s personal data. The user is responsible for the confidentiality of their possible authentication information, such as identifiers, passwords or trademarks (collectively, the “Data”). They transmit this information to third parties at their own risk. The user is responsible for any misuse of the Access Data resulting from a breach of these obligations.

The user shall ensure that all persons who have the right to access and use the Access Data shall exercise reasonable care in their use of the Access Data and in particular shall:

  • Immediately report to VISTORY any errors, bugs and flaws affecting the VISTORY website https://vistory.com, when they become aware of such events;
    Refrain from using the SERVICE for any illegal purpose;
    Will not spread viruses, Trojan horses or other malicious code via the VISTORY services;
    Will not attempt to access the profile and personal data of other users, use the account of another user or impersonate a user.

    If the user believes that his account has been hacked, he is invited to contact VISTORY’s customer service at the following e-mail address: contact@vistory.com.

Article 12 – No transfers outside the European Union

VISTORY’s infrastructure is hosted in a data centre designed and operated in France. The data processed directly by VISTORY is not transferred outside the European Union. Nevertheless, the cookies used on the SITE may lead VISTORY to transfer data (cookies) outside the European Union. In this case, VISTORY remains very vigilant (see the Cookies paragraph).

Article 13 – Other sites and social networks

If the user follows a link from VISTORY’s SITE, applications or services, to another site or service, this Policy is no longer applicable. VISTORY is not responsible for the privacy practices of third party sites or services and VISTORY encourages the user to read the privacy policies posted on the relevant sites or services.

Article 14 – Cookies, statistics and traffic data

Among other technologies, VISTORY uses cookies on the SITE to facilitate use of the SITE and to study usage and, more generally, to improve the services provided.

During the user’s first visit to the SITE, VISTORY installs cookies on the user’s computer, tablet or cell phone. These cookies are installed by VISTORY and enable VISTORY to:

Optimize user browsing and service operation,
Carry out studies and statistics on SITE traffic,
Process requests via contact forms.

By expressly accepting this information, the user accepts VISTORY’s cookie policy. The user may freely configure the installation of cookies and the information attached to these cookies. The user may also choose to deactivate all cookies. This can be done in the user’s browser settings. If the user deactivates cookies, he/she will no longer have access to many functions that facilitate his/her experience as a customer, and the SITE, its applications and services may not function correctly.

Users may delete cookies from their browsers at any time, and may refuse to accept cookies by following the procedure indicated on their browser. It should be noted, however, that use of the SITE may be impaired or even impossible in this case.

The placement of technical cookies does not require the prior consent of the user, but is based on the pursuit of VISTORY’s legitimate interest in ensuring the proper functioning of the SITE. The deposit of other cookies from which the user’s personal data is collected requires the user’s prior consent.

In accordance with current legislation, cookies may not be stored for more than 13 months. However, information collected by means of tracers may be kept for a maximum of 25 months.

The cookies used are as follows:

Cookies strictly necessary for the operation of the SITE: SITE cookies

These are cookies that are necessary for the proper functioning of the SITE, applications or services (accessing secure parts of the SITE, for example).

  • Functional cookies:

These cookies enable SITE, applications and services to remember user choices (such as username, language or region) and offer enhanced, more personal functionality. These cookies may also be used to remember changes to font or font size and other customizable parts of web pages. They may also be used to execute the order. The information collected by these cookies can be rendered anonymous; furthermore, these cookies do not track the user’s browsing activity on other websites.

  • Performance and statistical cookies :

These cookies collect information relating to how visitors and users use the SITE, applications and services, such as, for example, which functionality is most used by visitors and whether they receive error messages from different areas of the SITE, applications or services. These cookies do not collect any information that could allow a visitor or user to be identified. All information collected by these cookies is aggregated and therefore anonymous. VISTORY only uses these cookies to improve the operation of the SITE, applications and services.

  • Cookies Google Analytics
  • Targeting or advertising cookies
  • Web beacons and other tracking technologies

These web beacons are used to count the number of users who have visited the SITE after clicking on an advertisement on another website or in an e-mail, and to retrieve details of products or services purchased. These Web beacons collect limited information that does not allow identification of a specific person. The user cannot refuse the use of Web beacons, but they may be deactivated by the cookies to which they are attached.

  • IP address and traffic data

VISTORY keeps track of traffic data automatically recorded by its servers, such as IP address, information relating to the user’s device, the website visited by the user before and after the SITE. VISTORY also collects certain statistics from sites, applications and services, such as access frequencies, pages consulted and displayed; this information does not allow the identification of any particular person.

Article 15 – Applicable law – Settlement of disputes

This Policy is governed by French law. This applies to both substantive and formal rules, notwithstanding the place of performance of substantial or accessory obligations.

The parties shall endeavor to settle amicably and in good faith any disputes that may arise between them concerning the interpretation, partial or total performance or non-performance of this Policy. The user shall first contact VISTORY to obtain an amicable solution.

In the absence of an amicable agreement, any dispute will be submitted to the competent court in the defendant’s place of residence. However, in the case of a professional user, the courts of the Versailles Court of Appeal will have exclusive jurisdiction.

Last update: January 31, 2023