Purpose and scope of the Policy 

Coexya attaches the utmost importance and care to the protection of privacy and Personal Data, as well as compliance with the provisions of the applicable Legislation.

Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data (hereinafter "GDPR") states that Personal Data must be processed lawfully, fairly, and transparently. Accordingly, the purpose of this privacy policy (hereinafter the "Policy") is to provide you with simple, clear information on the Processing of Personal Data concerning you, in the context of your browsing and the operations carried out on our website.

Data Controller 

As part of your activity on the Coexya.eu website, we collect and use Personal Data relating to you, an individual (hereinafter referred to as the "Data Subject").

For all Processing, Coexya Group (hereinafter Coexya), a société par Actions Simplifiée (simplified joint stock company) registered in the Lyon Trade and Companies Register under number 881 592 265 and having its registered office at 9 avenue Charles de Gaulle, 69370 Saint-Didier-au-Mont-d'Or (France), determines the means and purposes of the Processing. We therefore act as a Data Controller, within the meaning of the Regulations relating to Personal Data, and in particular the GDPR.

What personal data do we collect and how ?

Using our website, you may be asked to provide us with certain information about yourself, some of which may identify you ("Personal Data"). This is the case when you browse our site or fill in online forms.

The Personal Data collected about you is: 

• Identification data: this includes any information that would enable us to identify you, such as your surname, first name, telephone number and company. We may also collect your e-mail address.
• Connection data: We collect your IP address for statistical purposes.
• Documents of various kinds, such as messages left via our contact form.
• Information relating to your browsing: when you browse our website, you interact with it. As a result, certain information relating to your browsing is collected.
• Data collected from Third Parties: Personal Data that you have agreed to share with us or on publicly accessible social networks and/or that we may collect from other publicly accessible databases.

Why do we collect your Personal Data and how ?

We collect your Personal Data for specific purposes and on different legal grounds.

On the basis of your consent, your Data is processed for the following purposes:

• Management of cookies requiring your consent.

Dans le cadre de l’intérêt légitime de Coexya, vos Données sont traitées pour les finalités suivantes : 

As part of Coexya's legitimate interests, your Data is processed for the following purposes:

• Management of contact requests sent via the dedicated form on our website;
• Sending commercial communications, newsletters and invitations to our events
• Drawing up statistics to improve our products and services.
• As part of the legal and regulatory obligations to which Coexya is subject, your Data is processed for the following purposes:
• Fighting fraud;
• Fighting money laundering and the financing of Terrorism.

Do we share your Personal Data ?

Your Data is intended for use by Coexya employees authorised to respond to your request, depending on the purpose of the collection and within the limits of their respective responsibilities.

For certain tasks related to the purposes, and within the limits of their respective missions and authorisations, it may be transmitted to duly authorised public authorities (judicial, supervisory, etc.), as part of our legal and regulatory obligations.

We do not sell your Data.

Is your Personal Data transferred to third countries ?

Coexya endeavours to keep Personal Data in France, or at least within the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our Website may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.

In the event of a Transfer of this type, we guarantee that it will be carried out:

• To a country ensuring an adequate level of protection, i.e. a level of protection equivalent to that required by European Regulations;
• Within the framework of standard contractual clauses;
• Within the framework of internal company rules.

CHow long do we keep your Personal Data ? 

We keep your Personal Data only for as long as is necessary to fulfil the purpose for which we hold it, to meet your needs or to comply with our legal obligations.

The retention periods for your Data are :

How do we guarantee the security of your Personal Data? 

Coexya is committed to protecting the Personal Data that we collect, or that we process, against loss, destruction, alteration, unauthorised access or disclosure.

We therefore implement all appropriate technical and organisational measures, depending on the nature of the Data and the risks involved in processing it. These measures must make it possible to preserve the security and confidentiality of your Personal Data. They may include practices such as limited access to Personal Data by authorised persons, by virtue of their duties, pseudonymisation or encryption.

In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, back-up copy, software, etc.) are regularly checked and updated if necessary.

What are your rights ? 

The GDPR provides Data Subjects with rights that they can exercise. These include:

1. Right to information: the right to clear, precise and complete information on the use of Personal Data by Coexya.
2. Right of access: the right to obtain a copy of the Personal Data held on the applicant by the Data Controller.
3. Right of rectification: the right to have Personal Data rectified if it is inaccurate or obsolete and/or to have it completed if it is incomplete.
4. Right to erasure / right to be forgotten: the right, under certain conditions, to have Data erased or deleted, unless Coexya has a legitimate interest in retaining it.
5. Right to object: the right to object to the Processing of Personal Data by Coexya for reasons relating to the applicant's particular circumstances (subject to conditions).
6. Right to withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.
7. Right to limit Processing: the right, under certain conditions, to request that Processing of Personal Data be temporarily suspended.
8. Right to Data Portability: the right to request that Personal Data be transmitted in a reusable format enabling it to be used in another database.
9. Right not to be subject to automated decision making: the right of the applicant to refuse fully authorised decision making and/or to exercise the additional safeguards offered in this respect.
10. Right to define post-mortem directives: the right for the applicant to define directives concerning the fate of Personal Data after his/her death.

Additional rights may be granted to Data Subjects by Local Regulations.

To exercise your rights, you may contact the Data Protection Officer (DPO) by email at dpo@aquilab.com

When you send us a request to exercise a Right, you are asked to specify as far as possible the scope of the request, the type of Right exercised, the Personal Data Processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, where there is reasonable doubt, you may be asked to provide proof of your identity.

You also have the right to complain to the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, about the way in which Coexya collects and processes your data.

Updating of this Policy  

This Policy may be updated from time to time to take account of changes in the Regulations relating to Personal Data.

Last update 03/23/2022.