VONA SAS, registered with the Paris Trade and Companies Register under SIRET number 51522328700019 and located at 40 rue Damrémont, 75018 Paris, France (“VONA”), respects privacy in accordance with European regulations and national legislation (Regulation 2016/679 of the European Parliament and Council of April 27, 2016, and the French Data Protection Act of January 6, 1978), ensuring the protection, confidentiality, and security of personal data.

This Privacy and Cookies Policy informs visitors to the website (i.e., clients, prospects, candidates, partners) about how personal data is collected and processed by VONA and its potential subcontractors in compliance with the General Data Protection Regulation (GDPR).

VONA is the Data Controller for the personal data processed and collected on its behalf. Personal data refers to any information relating to an identified or identifiable natural person, either directly or indirectly. Processing of personal data involves any operation or set of operations performed, with or without automated means, on personal data or sets of such data.

VONA is responsible for defining the purposes, legal bases, and retention periods related to the processing of personal data. VONA subcontracts the hosting of its website to Webflow.

‍
1. WHAT DATA IS COLLECTED?
1.1 Personal data from the contact form
‍VONA provides a contact form in the “Contacts” section for any contact request. By completing the form, you agree to transmit to VONA personal data concerning you, necessary for the management and processing of your request. Without your consent, VONA will not be able to contact you.
‍
The data collected are:
- Name
- First name
- Professional and/or personal email address
- Professional and/or personal telephone number
- Any other DCP entered in the free text field provided to explain the request

---------------------------------
Legal basis
‍Consent

Purpose of the treatment
‍Meet the need (s) included in the request
Recontact the requester

Recipient (s)
Dedicated email address
Shortlist within VONA (communication manager, lead generation, HR manager, DPO)

Shelf life
At least: time required to process the request and to respond
Maximum: 1 year from collection


1.2 Cookies used by the website
1.2.1 Essential cookies
‍Strictly necessary, or essential, cookies are cookies that are essential for the proper technical functioning of a website. They enable essential functionalities such as accessing secure areas of the site, managing the user session, remembering privacy preferences, and other elements related to security and accessibility. Without these cookies, the site cannot provide the services expected by the user.
‍
The Vona website uses essential cookies to allow it to function properly.
of the site and to protect against online threats. These cookies do not allow
It is necessary to identify the user.

---------------------------------
Legal basis
‍Legitimate interest

Cookie name
_cfuvid
‍
Purpose of the treatment
This cookie is created when rate limiting rules are enabled to protect the site from abnormal or malicious traffic, such as denial of service (DDoS) attacks.

Recipient (s)
Webflow

Shelf life
Maximum: 1 hour

---------------------------------
Legal basis
‍Legitimate interest

Cookie name
_CF_BM
‍
Purpose of the treatment
This cookie makes it possible to differentiate real human users from automated bots. The aim is to limit the number of requests from potentially harmful bots, which improves security and the user experience for real users.

Recipient (s)
Webflow

Shelf life
Maximum: Duration of the session

1.2.2 Analytical cookies
‍In application of the European ePrivacy Directive and the RGPD, Internet users must be informed and give their consent prior to the deposit and reading of certain cookies or trackers (French name).

Cookies are small data files that are stored on the computer or mobile device of visitors when they visit a website. Their purpose is to collect information on the navigation of visitors in order to personalize their experience or to track their behavior for analytical or advertising purposes.
‍
VONA does not resell or transfer these cookies free of charge for commercial purposes. The analyses
are carried out by the administrator of the website and their use remains
strictly internal.
‍
The data collected are:
- IP address,
- Browser used,
- Duration of navigation,...

---------------------------------
Legal basis
‍Consent

Purpose of the treatment
‍Statistics: Gather information on how visitors interact with the website.

Recipient (s)
Webflow Analyze - Shortlist within VONA (marketing & communication team)

Shelf life
Maximum: 120 days
Beyond this period, VONA and its subcontractor Webflow undertake to delete all personal data collected for statistical purposes.


2. WHERE IS YOUR PERSONAL DATA TRANSFERRED?
The personal data collected through the website is transferred to the subcontractor Webflow, a company based in the United States, which hosts them.
Webflow is committed to ensuring that its information system, that of its service providers and
its subcontractors, are protected against external attacks, through the use of adequate security measures. The company is equipped with technical and contractual tools that ensure the protection of the information transmitted to it. Webflow complies with the Data Privacy Framework (EU-US Data Protection Framework), which regulates the transfer of data from citizens of the European economic zone to the United States.


3. HOW IS YOUR PERSONAL DATA SECURED?
As a consulting firm specialized in cybersecurity, VONA places particular importance on the security of your personal data. VONA puts in place appropriate protection measures to guarantee the confidentiality, integrity, availability and traceability of your personal data.
The Webflow host encrypts the data from end to end during the transfer. It ensures that its infrastructures are secure and that data is backed up and can be recovered in the event of an incident. Webflow is SOC 2 certified by the AICPA (American Institute of Certified Public Accountants), which guarantees Webflow protects information by implementing control mechanisms for the security, availability, integrity, integrity, traceability of treatments, traceability of treatments, confidentiality and protection of the personal data processed.


4. WHAT ARE YOUR RIGHTS AND HOW DO YOU EXERCISE THEM?
4.1 Rights of the persons concerned
The legal basis for the processing of personal data is consent.

As a data subject, you have the following rights:

Right of access (article 15 RGPD): You have the right to know whether or not personal data concerning you is being processed. If yes, to obtain a copy of this data. You can also request information on the purpose of the processing, the categories of data collected, and the recipients of this data.

Right to rectification (article 16 RGPD): If your personal data is incorrect or incomplete, you have the right to request that it be corrected or updated.

Right to erasure or “right to be forgotten” (article 17 GDPR): You can request the deletion of your personal data under the conditions provided for by the RGPD.

Right to limitation of processing (article 18 GDPR): You have the right to request the limitation of the processing of your personal data under the conditions provided for by the RGPD.

Right to data portability (article 19 RGPD): You have the right to receive personal data concerning you and provided to a data controller, in a structured, commonly used and machine-readable format, in order to transfer them to another data controller.

Right to object (article 21 RGPD): You can object to the processing of your personal data at any time, in particular if this data is used for direct marketing purposes.

Right to withdraw consent (article 23 GDPR): If data processing is based on the user's consent, the user has the right to withdraw consent at any time. Such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal.

4.2 Exercising your rights
In order to exercise your rights, or for any request for information concerning the processing of your personal data, you can contact our personal data protection department within VONA:
- To the following email address: dpo@vona.eu
- By mail: 29 rue du Faubourg Poissonnière, 75009 Paris
‍
You can also contact the National Informatics Commission directly
and Liberties (CNIL) for any question or complaint.


5. WHAT ARE THE MODALITIES FOR MODIFYING THE PRIVACY POLICY?
VONA regularly reviews this Privacy and Cookie Policy to reflect the evolution of its practices in the protection of personal data and the management of cookies. Each time this policy is amended, the “Last Updated” date at the top of the first page is updated.