Privacy Policy

1. Purpose of this privacy policy :

Orion respects your privacy and is committed to protecting your personal data. The purpose of this personal data protection policy is to specify the conditions under which Orion processes your personal information. It applies to information relating to customers, prospective customers, users of the website and/or application and users of other services. It specifies the purposes for which Orion may process your personal information and the legal basis for processing such information (referred to as « processing »). Said policy takes into account the requirements and obligations resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (referred to as « RGPD ») and the amended Loi Informatique et Libertés.

2. Person responsible for processing your personal data :

Orion (SAS registered with the RCS of Cusset under n°399 768 043 represented by Mr. Stéphane Barralis), is responsible for processing your personal data (referred to as « Orion », « we », « us » or « our » in this personal data protection policy).

 

3. Coordonnées :

If you have any questions regarding this personal data protection policy, including any request to exercise your rights conferred by the RGPD and/or the amended Loi Informatique et Libertés, please contact us using the details below:

Orion
Telephone:
Email:

Postal address:

Orion

You have the right to lodge a complaint with the CNIL, without prejudice to any legal remedy, if you believe that we have breached the RGPD. You can contact the CNIL:

Commission Nationale de l’Informatique et des Libertés
Postal address: 3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22

The Commission Nationale de l’Informatique et des Libertés (CNIL) is also a source of additional information on your rights regarding the protection of personal data. The CNIL is an independent administrative authority with a mission to inform, advise, control, alert and anticipate in the field of personal data protection.

4. Why do we collect and store personal information ?

Personal data or personal information refers to any information from which a natural person can be, directly or indirectly, identified. We may request and collect certain personal data from you, for example, when you make a purchase, fill in a request form on our website, contact our Customer Service department, or when you ask to receive a brochure, quotation or information, or when you take part in our events or competitions. This personal information is collected to enable us to process your requests and meet your needs.

5. What categories of personal data do we collect ?

We only collect and process personal data that is adequate, relevant and limited to what is necessary for our relationship.

We may collect, store and process different categories of personal data, namely: Identity Data: First name, last name; Contact Data: Billing address, delivery address, e-mail address(es), telephone number(s) and, where applicable, information about your needs, constraints, motivations and profile with regard to the purchase and supply of our products and services, this category of information being limited to relevant and not excessive information.

Mandatory information is indicated by an asterisk in the fields of our online forms. This information is required to enable us to respond to your request. If this information is not provided, we will not be able to process your request.

6. How is your personal data collected?

6.1. Direct interactions

You can provide us with your personal data by filling in web forms or by contacting us directly by post, by telephone, by e-mail on our website and/or our application or by any other means. This includes personal information, which you provide when you: – Fill in and submit a form on our website – Subscribe to the Orion Newsletter

6.2 Cookies and tracking software

We may use « cookies » and other types of tracking software to improve your browsing experience on our website and application, to measure the audience for our website and application, to offer a Live Chat service and to enable you to share content from our website and application via social networks. For more information on cookies and how to deactivate cookies, please read our cookie management policy, which can be found on our website.

7. Legal basis for processing your personal data :

According to the Regulation for the Protection of Personal Data (referred to as « RGPD »), your personal data may be processed:

  • Where you have given your consent;
  • Where this is necessary for the performance of the contract, which you have entered into with us, or for the performance of pre-contractual measures taken at your request ;
  • Where necessary to comply with a legal obligation;
  • When necessary to protect your vital interests or those of another natural person;
  • Where necessary for the performance of a task carried out in the public interest;
  • When it is necessary for our legitimate interests, unless your interests or fundamental rights and freedoms prevail.
    In the majority of cases, we will obtain your consent for the processing of your personal data, in particular where we collect personal data for commercial prospecting purposes.

8. What categories of information may we hold about you and how do we use it ?

We process personal data for specific purposes. The information we may hold relates to our relationship with you. The table below shows the purposes we pursue, the categories of personal data we collect and the legal basis on which we process personal data:

Purpose(s)/Activity Data category Legal basis for processing
To manage our relationship with you in relation to the protection of personal data, including:
Keeping you informed about our personal data protection policy;
Responding to your requests for access, rectification, deletion, etc.
Identity & Contact Necessary to comply with a legal obligation
Necessary for our legitimate interests (keeping our records up to date etc.)
To process product orders and delivery, including:
Managing payment;
Collecting monies owed to us;
Completing notices or surveys;
Processing order and delivery transactions.
Identity & Contact Necessary for the performance of our contract with you
Necessary to comply with a legal obligation
To handle all after-sales requests, including:
Warranty repairs ;
Technical support.
Identity & Contact Necessary for the performance of a contract between us and you
To comply with a legal obligation
To communicate information about :
Our products and services;
Our local distributors and retailers;
Events ;
Contests;
Or for other promotional purposes.
Identity & Contact
Information on your needs, constraints, motivations and profile with regard to the purchase and supply of our products and services. This information is limited to relevant and non-excessive information and is intended to best meet your needs, constraints and motivations.
– Your consent
Where necessary for our legitimate interests

This list is not exhaustive. We also keep records of most contacts we have had with you. We process this information in order to provide you with products and/or services. In general, the information we hold has been provided by you at the time of ordering or directly to our customer service department by e-mail or telephone.

We only collect relevant and non-excessive personal information for the sole purpose of enabling us to provide our products and/or services. In some cases, you may refuse to provide your contact information or unsubscribe if you feel that a communication or request is inappropriate. However, please note that this may affect our ability to provide you with certain products and/or services if you refuse to provide information which prevents us from doing so.

When we send you information about our products and/or services outside the contractual framework and for the purposes of commercial canvassing, your personal data is processed with your prior consent, unless you are already a customer and the canvassing concerns products and/or services similar to those already supplied. Where the processing of your personal data is based on our legitimate interest, your consent is not required. Our legitimate interest is understood to be the need to ensure the management, monitoring and development of our commercial activity.

If you no longer wish to receive our marketing communications, you will find an unsubscribe option on the e-mails we send you. For any other activity that you wish to deactivate, please contact our personal data protection department using the contact details given in article 3 above.

9. How do we manage your personal information?

We process your personal information in accordance with the principles of the General Data Protection Regulation (referred to as « GDPR »).

We process your personal information lawfully, fairly and transparently and ensure that such information is:

  • Collected for specified, explicit and legitimate purposes ;
  • Adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • Accurate and, if necessary, kept up to date;
  • Kept for no longer than is necessary for the purposes for which they are processed;
  • Processed in such a way as to guarantee their security, confidentiality and integrity, using appropriate technical or organizational measures.

    Access to your personal data is restricted to authorized persons on a strict need-to-know basis. We are committed to keeping your personal data up to date, and encourage you to inform us of any changes necessary to ensure the accuracy of your information. To ensure the confidentiality of your personal information, we may ask you security questions to confirm your identity when you call us.

10. Who will receive your personal information ?

Normally, only relevant Orion personnel may have access to your personal information. However, from time to time we may share relevant, non-excessive information with third parties for the purposes described in the « Why we collect personal information » section or when we are legally required to do so. When sharing personal information, we comply with all aspects of the GDPR.

If necessary or requested, we may share information to the following categories of recipients:

  • With our authorized dealers, in order to carry out repairs as part of our warranty program or where consent has been given for dealers to communicate with you about our products, services, events and other promotional activities ;
  • With third-party service providers, to complete spa installations and repair work as part of our warranty program;
  • With third-party suppliers of computer software and hardware;
  • With external agencies, who support us in marketing campaigns and events;
  • With any other third-party suppliers, if required;
  • With the competent authorities in application of a law, regulation or court order.

    This list is not exhaustive, as there are other circumstances in which we may be required to disclose personal information, for example:

  • To comply with our legal obligations;
  • In the course of legal proceedings (or where we are required to do so by an enforceable court order);
  • To protect the vital interests of an individual (in a life-or-death situation).

12. Data retention – How long do we keep your personal data ?

We only keep your personal data for as long as is necessary to achieve the purpose for which it was collected. In order for us to decide how long we retain your personal data, we take into account and assess the sensitivity, the potential risk of unauthorized use, the purpose we are pursuing and the legal basis for the processing. Details of our full retention periods for your personal data can be found in our data retention policy. You can request this by contacting our Data Protection Officer at the address given in article 3. The personal information of our prospects is not kept beyond 3 years from their last contact.

13. Security of personal data :

We have implemented security measures to ensure that your personal data is protected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. We also restrict access to personal data to employees and third parties who need to know about it in the course of their work. We have procedures in place to manage any potential breach of personal data, which will be notified to the CNIL, as well as to you, as required by law.

14. Your rights under the gdpr and the amended data protection act and how to exercise them :

You hold the following rights under the RGPD and the amended Loi Informatique et Libertés.

Your rights may be exercised by contacting us using the contact details set out in Article 3 herein.

In the event of doubts about your identity and/or sending your request by post, we ask that your written request be accompanied by proof of identity. No payment is required to exercise your rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, Orion may either require payment of reasonable fees that take into account the administrative costs incurred in providing the information, making the communications or taking the actions requested, or refuse to comply with your requests. We have one (1) month at the latest to provide you with the information you have requested, although we will try to provide it as quickly as possible.

14.1 Right of access to personal information and how to exercise your rights :

Under the GDPR, you have the right to ask us what personal information we hold about you and to request a copy of your information. This is known as a « subject access request » (SAR). SARs must be made in writing to our Data Protection Manager. We have a subject access form which you can use for this purpose and which we will provide on request. Under the right of access, you also have the right to obtain the information defined in paragraphs a) to h) of Article 15-1. GDPR.

14.2. Right of rectification :

You have the right to obtain the rectification of your personal data, which is inaccurate. Depending on the purposes of the processing, you also have the right to have your incomplete personal data completed. To do this, you can let us know by contacting:
contact@orion-leadingrealtors.com

14.3. Right to erasure (“right to be forgotten”)

You have the right to ask us to delete the personal information we hold about you. You can do this when:

  • The information is no longer necessary for the purposes for which we initially collected/processed it;
  • You withdraw your consent;
  • You object to the processing and when there is no overriding legitimate reason to continue the processing;
  • We have unlawfully processed the information;
  • Personal information must be erased to comply with a legal obligation.

We may refuse to erase your personal information where the personal information is necessary:

  • To exercise the right to freedom of expression and information;
  • To comply with a legal obligation or to carry out a mission of public interest;
  • For reasons of public interest in the field of public health;
  • For archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
  • To establish, exercise or defend legal rights.

14.4. Right to restriction of processing:

You have the right to ask us to restrict the processing of your personal information. When processing is restricted, we are allowed to store the information, but we cannot use it. You can exercise this right when:

    • You contest the accuracy of the information (we must limit the processing until we have verified the accuracy of the information);
    • You object to the processing pending verification whether the legitimate grounds we pursue override your interests, fundamental rights and freedoms;
    • The processing is unlawful;

If we have disclosed your personal information to third parties, we must inform them of the restriction of processing, unless this is impossible or involves disproportionate effort to do so. We must inform you when we decide to lift the limitation, prior to lifting the limitation.

14.5. Right to object to processing:

You have the right to object, at any time, for reasons relating to your particular situation, to the processing of personal data concerning you when this processing is based on the pursuit of our legitimate interests. In this case, we must stop using this information unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or the defense of rights in court. When personal data is processed for marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes.

14.6. Withdrawal of consent:

When the processing of personal data that Orion implements is based on your consent, you can withdraw it at any time. Orion then ceases to process your personal data without the previous operations for which you had given your consent being called into question.

14.7. Right to data portability:

The right to data portability allows you to receive your data in a structured, commonly used and machine-readable format, and to transmit this data to another controller, where technically possible. It allows you to easily move, copy or transfer personal data from one computing environment to another in a safe and secure manner. This right only applies to personal data you have provided to us where the legal basis for the processing is either your consent or the performance of a contract or pre-contractual measures. It also only applies when the processing is carried out by Orion using automated processes.

You also have the following rights:

14.8. Right not to be subject to a decision based exclusively on automated processing (including profiling):

This right applies if the decision produces effects concerning you or significantly affects you.

It does not apply when the decision is necessary for the conclusion or execution of a contract between you and Orion or when it is authorized by European Union law or the law in force in France or when it is based on the explicit consent of the data subject.

14.9. Right to lodge a complaint with the CNIL:

As indicated in article 3 hereof, you have the right to lodge a complaint with the CNIL.

14.10 Right to inform us of the fate you wish to reserve for your data after your death:

You have the possibility to define general or specific directives relating to the conservation, erasure and communication of your personal data after your death.

The general guidelines concern all of your personal data and may be recorded with a trusted digital third party certified by the CNIL.

The specific instructions can only concern treatments implemented by Orion and for which the latter is responsible, to the exclusion of all others. They are registered with Orion. They are subject to the specific consent of the person concerned.

You can change or revoke your instructions at any time.

You can designate a person responsible for carrying out your instructions. This person then has the right, when you die, to read the directives and request their implementation from Orion.

In the absence of designation or, unless otherwise instructed, in the event of death, your heirs are entitled to take note of your directives upon your death and request their implementation from Orion.

In the absence of directives or contrary mention in said directives, your heirs will be able to exercise after your death the rights relating to the conservation, erasure and communication of your personal data.

15. Existence or not of automated individual decision-making:

An automated individual decision is a decision made regarding a person, through algorithms applied to their personal data, without any human being intervening in the process.

No automated decision, within the meaning of article 22 of the GDPR, is made by Orion.

16. Modifications to this personal data protection policy:

Our personal data protection policy is subject to regular review depending on the processing we implement and legal and regulatory developments. We post updates to our website and/or app. You will be notified of any major changes to this policy.

17. Contact us:

If you have any questions regarding this personal data protection policy, please contact us using the contact details provided in this policy.