• Français

Privacy Policy

Home | Privacy Policy

NATSU (“NATSU,” “our,” “we,” and “us”) and our partners respect your privacy.

Please read this privacy policy carefully to understand how your personal data is collected, processed, and stored when you use this website https://medulla-tech.io.

The term “personal data” refers to any information relating to a natural person that allows them to be identified, directly or indirectly, from a single piece of data or from a combination of data.

All personal data collected on this website is processed under the responsibility of NATSU, a simplified joint-stock company with a share capital of €1,000, registered in the Paris Trade and Companies Register under number 933 267 528, with its registered office at 326, 59, rue de Ponthieu 75008 Paris, in accordance with Law No. 78-17 of January 6, 1978 on information technology, files, and civil liberties, in its current version, as well as Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Within the meaning of the regulations applicable to personal data, NATSU is therefore the data controller.

This privacy policy describes:

  1. How NATSU uses your personal data
  2. How NATSU shares your personal data
  3. How NATSU protects your personal data
  4. Where NATSU hosts and transfers your personal data
  5. How you can exercise your rights regarding your personal data
  6. Updates to the privacy policy
  7. How to contact us

 

1. How NATSU uses your personal data

NATSU may use your personal data for the following purposes:

To create your customer account on this website
To manage orders for products and/or services
To take the necessary actions to manage contracts, invoices, and customer relations
To publish and manage reviews left on products and/or services ordered on this website
To send you our newsletter, if you have subscribed to it
Respond to your contact request made from our website
Establish a loyalty program
Provide you with tailored advertising and content
Create a file of users, prospects, and customers
(10) Compile sales and traffic statistics
(11) Manage any unpaid bills and disputes
(12) Comply with our legal obligations
Most of the processing operations listed above are necessary for the performance of the contract entered into with NATSU when you use our website to order the products and/or services available for sale on the site.

When you voluntarily provide us with personal data, the collection of your personal data is based on the following legitimate interest: to better respond to your requests for information.

However, the processing of your personal data for the purpose of sending you our newsletter is based solely on your consent to receive our newsletter, which you can withdraw at any time. If you do not consent to receiving the newsletter, please note that this will not prevent you from creating a customer account and placing orders on our website.

2. How NATSU shares your personal data

Within NATSU, and in accordance with each processing purpose, your personal data is collected, processed, and stored by authorized NATSU staff, solely within the scope of their respective responsibilities, and in particular by customer service, the marketing department, and the IT department.

We do not share personal data with other companies, organizations, or individuals unless one of the following circumstances applies:

(1) Sharing with prior consent: after obtaining your consent, NATSU will share the information you have authorized with the specific third parties or categories of third parties specified when your consent was obtained.

(2) Sharing with our service providers: NATSU may also disclose your information to companies that provide services for us or on our behalf. Examples of these service providers include companies that provide IT services, such as our web host or email service provider, delivery services for our products, or marketing activities on our behalf. These service providers may use your information solely for the purpose of providing services to you on behalf of NATSU.

(3) In compliance with legal obligations, sharing in accordance with laws and regulations: NATSU may share your information as required by laws and regulations, to resolve legal disputes, or as required by judicial or administrative authorities under the law.

NATSU will ensure the legality of any sharing of personal data through data processing clauses with the companies with which your personal data is shared, requiring them to comply with this privacy policy and to take appropriate security and confidentiality measures when processing personal data.

3. How NATSU protects your personal data

NATSU attaches great importance to the security of your personal data and has adopted industry best practices to protect your personal data and prevent unauthorized access, disclosure, use, modification, damage, or loss of this information.

We have also taken appropriate precautions to ensure that our hosting provider preserves the security and confidentiality of the data and, in particular, prevents it from being distorted, damaged, or disclosed to unauthorized persons.

NATSU also adopts the following organizational measures:

(1) We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to the purposes for which it is processed.

(2) We retain your personal data for the period strictly necessary for the purpose of the processing, unless the retention of your data is required or permitted by law. For example, we retain data related to the fulfillment of your orders for the period required by law for the retention of accounting records, i.e., a maximum of 10 years from the relevant financial year.

Data that may enable the establishment, defense, or exercise of legal rights may be retained for a maximum period of 5 years from the date of collection or the last contact from the prospect (in accordance with the limitation period under common law).

(3) We deploy access control mechanisms to ensure that only authorized personnel can access your personal data.

In the event of a personal data breach, NATSU will comply with the legal and regulatory requirements applicable to the notification of personal data breaches to the competent supervisory authorities and/or the individuals concerned.

4. Where NATSU hosts and transfers your personal data

Your personal data will be hosted within the hosting infrastructure of our host, located in France.

Some third parties to whom we disclose your personal data are located in countries outside the European Union, including the United States of America.

When products available for sale on the website are delivered by resources located in countries outside the European Union, we will be required to transfer your personal data to these countries. Service providers may also access your data on our behalf in order to provide us with a specific service and may be located in countries outside the European Union.

When such transfers occur, we ensure that these transfers of personal data are governed in accordance with applicable regulations in order to ensure an adequate level of data protection, either through an adequacy decision by the European Commission or through legal instruments such as data transfer agreements incorporating the European Commission’s Standard Contractual Clauses.

For any requests concerning recipients and data transfers we make outside the European Union, please contact us at the addresses listed in the “How to contact us” section below.

5. How you can manage your rights regarding your personal data

You have the right to access, rectify, erase, restrict, and object to the processing of your personal data, as well as the right to define guidelines regarding the fate of your data after your death and the right to the portability of your personal data.

You also have the right to lodge a complaint with the French Data Protection Authority (Commission Nationale Informatique et Libertés) or with a competent supervisory authority in any other Member State based on your habitual residence, place of work, or the place where the violation of your rights occurred if you believe that the processing of your data does not comply with applicable laws. This appeal may be exercised without prejudice to any other appeal before an administrative or judicial court, which is also a right available to you.

You may contact us at any time at the addresses indicated in the “How to contact us” section below in order to exercise your rights regarding personal data under the conditions set out in the applicable regulations. You must indicate which right you wish to exercise and provide all the necessary details so that we can respond to your request.

These rights are exercised under the conditions set out in the applicable regulations.

  • The right of access means that you can ask us at any time to tell you whether we are processing personal data about you and, if so, to tell you what personal data is involved and the characteristics of the processing operation(s) carried out.
  • The right of rectification means that you can ask us to rectify your personal data when it is inaccurate. You can also request that your personal data, when incomplete, be completed to the extent that this is relevant to the purpose of the processing in question.
  • The right to erasure means that you can request the erasure of your personal data, in particular when:
  1. Its storage is no longer necessary for the purposes for which it was collected;
  2. Your personal data is processed on the basis of your consent, you wish to withdraw this consent, and there is no other legal basis that could justify the processing;
  3. You have objected to the processing of your personal data and you therefore wish it to be erased;
  4. Your personal data has been processed unlawfully;
  5. Your personal data must be erased in order to comply with a legal obligation under either European Union law or French law.
  • The right to restriction means that you can ask us to restrict the processing of your personal data:
  1. When you contest the accuracy of your personal data for a period enabling us to verify its accuracy;
  2. When, following processing that has been found to be non-compliant, you prefer the restriction of processing to the complete erasure of your personal data;
  3. When we no longer need your personal data for processing purposes but you still need it to establish, exercise, or defend legal claims;
  4. When you have objected to the processing of your personal data and you wish to restrict processing for a period enabling us to verify whether the legitimate grounds you have invoked are justified.

Restriction of processing means that the processing of your personal data will then consist solely of the storage of your corresponding personal data. We will then no longer carry out any other operations on the personal data in question.

  • The right to object means that you can object to the processing of your personal data when such processing is based on the pursuit of NATSU’s legitimate interest. The right to object is exercised subject to justification of a legitimate reason relating to your particular situation. We will then cease the processing in question unless there are legitimate and compelling reasons justifying its continuation in accordance with applicable regulations.
  • The right to define guidelines regarding the fate of your data after your death allows you to make known your instructions regarding the storage, erasure, and communication of your personal data after your death.
  • The right to portability means that you can ask us, under the conditions set out in the applicable regulations, to receive your personal data in a structured, commonly used, and machine-readable format, and to send it to you, or to ask us to send it directly to a third party of your choice when this is legally and technically possible.

Finally, when we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time by contacting us at the addresses indicated in the “How to contact us” section or by clicking on the unsubscribe link in each of our communications.

However, withdrawing your consent does not affect the validity of the processing carried out prior to such withdrawal.

6. Updates to this privacy policy

NATSU reserves the right to modify or update this privacy policy, in whole or in part, at any time, due to changes in applicable regulations regarding the protection of personal data or data processing.

Any substantial changes to the privacy policy will be notified to you by email if you have provided us with a valid email address and will be published on the website. We recommend that you review this Policy regularly to ensure that you are fully aware of our commitments regarding the security and protection of your personal data.

7. How to contact us

If you have any questions, comments, or suggestions, please contact us by visiting the contact us page or by sending them to d p o (at) medulla-tech.io.

Or by post to NATSU office 326, 59, rue de Ponthieu 75008 PARIS.

If you are not satisfied with NATSU’s response to a request to exercise your rights in accordance with Article V above, or if you wish to report a breach of applicable data protection regulations, you have the right to lodge a complaint with the CNIL by mail (CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07) or on its website (www.cnil.fr), or to the data protection authority in the country where you usually live or work.