Last updated: 03/21/2025

PREAMBLE

At HEEDINGCLIMATE SOLUTIONS (hereinafter “HEEDING”), we attach particular importance to respecting your privacy and your personal data (hereinafter “Personal Data”) .

We undertake to ensure that theprocessing of Personal Data that we carry out complies with the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter “ GDPR ”) and the Data Protection Act of 6 January 1978 (hereinafter “ LIL ” or “ Data Protection Act ”).

SOME  ADDITIONAL KEY NOTIONS:

 “ Personal  Data ”

  Article  4(1) of the GDPR defines the term “personal data” or “personal data” as any  information relating to a natural person and which allows that natural person to be identified directly or indirectly .

Ex 1: Your first and last name and/or a photo allow you to be identified directly.

Ex 2: Your email address allows you to be identified indirectly.

"  Treatment "

 Article  4(2) of the GDPR defines the term “Processing” as any operation or set of  operations which is performed on Personal Data, regardless of the process  used.

Ex:  collection, recording, organization, storage, adaptation, modification,  extraction, consultation, use, communication by transmission, diffusion or  any other form of making available, reconciliation or interconnection,  locking, erasure or destruction...)

OBJECT

The purpose of this “Privacy Policy” (hereinafter the “ Policy ”) is to inform all natural persons concerned (hereinafter referred to as “ You ”) about:

• How HEEDING collects and uses your Personal Data; and
• The rights you have in relation to your Personal Data, as well as the means     available to you to exercise these rights.

WHO IS THE “DATA CONTROLLER” OF YOUR PERSONAL DATA

HEADING CLIMATESOLUTIONS, a simplified joint-stock company, registered with the Grasse Trade and Companies Register under number 938 468 915 and whose registered office is located at 1047 Route des Dolines Business Pole 1, 06560 VALBONNE – France will have the status of Data Controller for Processing relating to:

• The response to your requests for information;
• Sending our newsletter and commercial offers when you have consented to this;
• Management of requests for rights arising from the GDPR and the LIL;
• Ensure the proper functioning and continuous improvement of our site.

SOME  ADDITIONAL KEY NOTIONS:

 “Data controller”

Article  4(8) of the GDPR defines the term “Controller” as the person who determines  the means and purposes of the Processing.

 Where two  or more controllers jointly determine the purposes and means of the  Processing, they are called Joint Controllers (or Co-Controllers).

 " Subcontractor "

The  Subcontractor is a person processing Personal Data on behalf of the Data  Controller; he acts under the authority of the Data Controller and on the  latter's instructions.

WHAT ARE THE PURPOSES, CATEGORIES OF PERSONAL DATA AND LEGAL BASES OF THE PROCESSING WE IMPLEMENT?

When the legal basis used for the Processing operations that we carry out is based on the pursuit of a legitimate interest, You have the possibility as a data subject, upon simple request, to obtain additional information relating to the balancing of interests.

In all cases, HEEDING only collects the Personal Data necessary for the explicit purposes determined below:

Processing1: Response to your requests for information :

• Details of the purposes pursued : management and processing     of requests of all types (contact, information, responses to requests,     monitoring of requests, IT monitoring, etc.);
• Legal basis : Contractual, Processing is necessary     for the performance of a contract or pre-contractual measures (Article     6(1)(b) of the GDPR).

Processing2: Sending our newsletter and commercial offers when you have consented to them:

• Details of the purposes pursued : management of newsletter     subscriptions, sending of commercial offers;
• Legal basis :
   
  • Our legitimate interest (promotion of HEEDING services within the framework      of an existing commercial relationship);
   
  • User consent when required. The user can unsubscribe at any time via an      unsubscribe link provided in each communication.

Processing3: Management of requests for rights arising from the GDPR and the LIL:

• Details of the purposes pursued : all operations necessary     for monitoring requests for rights sent to HEEDING (qualification of the     request, investigations, carrying out specific technical operations,     etc.);
• Legal basis : legal obligation (GDPR and LIL).

Processing4: Ensure the proper functioning and continuous improvement of our site:

• Details of the purposes pursued : Production of commercial     statistics or performance measurement of communications deployed, audience     measurements, improvement of navigation on the site managed by HEEDING,     adaptation of the presentation to the terminal used, etc.;
• Legal basis : Our legitimate interest in ensuring     the best level of operation, quality and security of our site, in     particular through its visitor statistics.

HEEDING will also be authorized to use this Personal Data for the purpose of fulfilling a legal or regulatory obligation.

In any event, and for each defined purpose, HEEDING will use all means at its disposal to ensure the security and confidentiality of the Personal Data entrusted to it, incompliance with the laws and regulations in force.

SOME  ADDITIONAL KEY NOTIONS:

“Purpose of  processing”

The Purpose  of Processing is the primary objective for which personal data is used. The  data must not be further used in a manner incompatible with this initial  purpose, which must be determined and legitimate.

"Legal  basis"

 The Legal  Basis for Processing is what legally justifies the use of collected personal  data. The GDPR provides for six legal bases: consent, contract, legal  obligation, protection of vital interests, public interest, and legitimate  interests.

WHAT DATA IS COLLECTED?

The mandatory or optional nature of the Personal Data collected and the possible consequences of a failure to respond are indicated during the various contacts with the persons concerned.

You can consult the details of the Personal Data that we may have about you below:

The details of the information provided below are not intended to be exhaustive and are intended primarily to inform you about the categories of Personal Data that HEEDING may process.

TREATMENTS

DATA COLLECTED

The response to your requests for information

 
• Name, first name
 
• Email address
 
• Phone number
 

Sending our newsletter and commercial offers when you  have consented to them

 
• Name, first name
 
• Email address
 

Managing requests for rights arising from the GDPR and  the LIL

 
• Name, first name
 
• Email address
 
• If applicable, copy of proof of identity
 

Ensure the proper functioning and continuous improvement  of our site

 
• Data collected via cookies and other trackers present on our site.
 

In any event, HEEDING  undertakes to Process all Personal Data collected in accordance with the GDPR  and the LIL .

WHO ARE THE RECIPIENTS OF YOUR DATA?

Within the limits of the irrespective responsibilities and for the purposes mentioned above, the main people who may have access to your Personal Data are the following:

·        Authorized HEEDING personnel;

·        The service providers responsible for the management and hosting of our site and the HEEDING IT system;

·        Where applicable, the authorized personnel of our subcontractors;

·        Where applicable, the relevant courts, mediators, accountants, auditors, lawyers, bailiffs, debt collection companies, police or gendarmerie authorities in the event of theft or judicial requisition;

·        Third parties may place cookies on your devices when you consent to them.

‍

For any request for  additional information about our subcontractors, you can write to us at contact@myheeding.com

Your Personal Data is not communicated, exchanged, sold or rented to any person other than those mentioned above without your express, prior consent and in accordance with the applicable legal and regulatory provisions.

HOW LONG IS YOUR PERSONAL DATA KEPT?

We retain Your Personal Data onl yfor the time necessary for the purposes pursued, as described above, and summarized in the table presented below:

TREATMENTS

SHELF LIFE

The response to your requests for information

For the entire duration necessary for the processing of  the request then storage in intermediate archiving for three (3) years at the  end of the contractual relationship, or for three (3) years after the last  contact with HEEDING.

Sending our newsletter and commercial offers when you  have consented to them

The Data is kept until consent is withdrawn (unsubscribe  via the link provided for this purpose) or, where applicable, for the entire  duration of the contractual relationship, then stored in intermediate  archiving for three (3) years at the end of the contractual relationship, or  for three (3) years after the last contact with HEEDING.

Managing requests for rights arising from the GDPR and  the LIL

Data relating to the management of legal requests are  kept for the entire duration necessary to process the request and then stored  in intermediate archiving for the applicable criminal limitation period,  namely six years, in intermediate archiving (Art. 8 of the Code of Criminal  Procedure).

Ensure the proper functioning and continuous improvement  of our site.

The retention period of the various cookies installed by  HEEDING is detailed in the cookies charter accessible on our site.

WHAT ARE YOUR RIGHTS?

In accordance with the Data Protection Act and the GDPR, you have the following rights:

• Right of access ( article 15 GDPR ), rectification ( article 16 GDPR ), updating, completeness of Your Data (     find out more )
• Right to block or erase your     Personal Data ( article 17 GDPR ), when they are inaccurate, incomplete,     ambiguous, out of date, or whose collection, use, communication or     conservation is prohibited ( learn more )
• Right to withdraw your     consent at any time ( article 13-2c GDPR )
• Right to limit the     Processing of Your Data ( article 18 GDPR )
• Right to object to the     Processing of Your Data ( article 21 GDPR ) ( learn more )
• Right to portability of the     Data that You have provided to us, when Your Data is subject to automated     Processing based on Your consent or on a contract ( article 20 GDPR ) ( find out more )
• Right to define the fate of     Your Data after Your death and to choose whether or not we communicate     Your Data to a third party that You have previously designated ( article 85 LIL ) ( find out more ).

In the event of death and in the absence of instructions from You, we undertake to destroy Your Data, unless their retention proves necessary for evidentiary purposes orto meet a legal obligation.

These rights can be exercised by:

•         Either by completing the contact form available on the site;

•         Either by email to the address: contact@myheeding.com;

•         Or by mailt o the address: 1047 Route des Dolines Business Pole 1, 06560 VALBONNE.

Finally, you can also file a complaint with the supervisory authorities, in particular the CNIL ( https://www.cnil.fr/fr/plaintes ).

WHAT ABOUT CONNECTION DATA AND COOKIES?

HEEDING uses connection data on its site (date, time, Internet address, protocol of the visitor's computer or telephone, page consulted) and cookies (small files saved on your computer, tablet or telephone) allowing you to identify yourself, to memorize your consultations, and to benefit from audience measurements and statistics of oursite, in particular relating to the pages consulted.

Depending on the purposes, users can consent, refuse or choose the storage of certain types of cookies on their devices.

The terms and conditions for depositing cookies and the rights available to users are provided for in the cookie charters available on our site.

IS YOUR PERSONAL DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?

As a matter of principle, we process your Personal Data within the European Union.

However, given the nature of our activity, and subject to informing you in advance, we may be required to transfer your Personal Data outside the European Union.

In this case, HEEDING will inform you of the measures taken to control this transfer and ensure compliance.

WHAT SECURITY MEASURES ARE IN PLACE TO PROTECT YOUR PERSONALDATA?

HEADING and its possible Subcontractors undertake to implement all necessary technical and organizational measures to ensure the security of the Processing of Personal Data and the confidentiality of your Personal Data, in application of the LIL and the GDPR.

In this respect, we take all necessary precautions, with regard to the nature of your Personal Data and the risks presented by the Processing, to preserve its security and, in particular, to prevent the Personal Data from being distorted, damaged, or from being accessed by unauthorized third parties.

In this respect, HEEDING takes the necessary precautions, given the nature of Your Personal Data and the risks presented by our Processing, to preserve the security of the Personal Data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties (encryption of certain Personal Data, etc.).

UPDATE TO OUR PRIVACY POLICY:

This Privacy Policy may be subject to change, particularly in response to legislative and regulatory developments. To this end, users can view the updated policy directly on our website.

‍