Legal Information

    Confidentiality Policy

    Privacy Policy

    Preamble

    This privacy policy is designed to inform users of the website about the measures related to the processing of their personal data, specifically explaining how their personal data may be collected and processed on the website.

    1. Identity of the Data Controller

    The data controller is OphtaOL, a SAS (Société par Actions Simplifiée) with a share capital of 1,000 euros, registered in the Paris Trade and Companies Register under number 934 201 201, and whose registered office is located at 60 rue François 1er, 75008 Paris, France. The founder of the company is Stéphane OLEKSA.

    2. User Data Processing

    This privacy policy applies to all users of the website, whether they are visitors, prospects, or clients of the data controller. The data controller ensures that only the data strictly necessary for the purposes for which it is processed is collected and processed.

    2.1. When Data is Collected

    The data controller may collect personal data from users in the following cases:

    • When visiting the site;
    • When using features and services offered on the site;
    • When registering, creating, and updating a user account;
    • When subscribing to the newsletter;
    • When submitting a job application.

    2.2. Nature of Collected Data

    The personal data collected by the data controller refers to information that personally identifies users, such as:

    • Identification data: name, first name, date of birth, phone number, postal address, email address, educational background, and resume.
    • Account management data: username, password.
    • Commercial relationship management data: order number, invoices, address, and payment information (partial credit card number, expiration date).
    • Regarding credit card data: Credit card information is deleted after the transaction is completed. In accordance with Article L.133-24 of the French Monetary and Financial Code, this data may be retained for evidence purposes for up to thirteen (13) months (or fifteen (15) months in the case of deferred payment) following the transaction. The visual cryptogram is never stored.
    • Connection data: IP address, login logs, browser type, and other relevant connection details.

    Cookies

    Cookies are small, often encrypted, text files stored in your browser. They are created when a user’s browser loads a specific website. The website sends information to the browser, which then creates a text file. Every time the user returns to the same website, the browser retrieves the file and sends it back to the server.

    The cookies placed on the website serve the following purposes:

    • Displaying a banner on the first visit to notify users of the presence of cookies and their ability to accept or reject them;
    • Generating statistics and analyzing traffic data to improve the interest and ergonomics of the website's services;

    Users can configure their browser to notify them of the presence of cookies and give them the option to accept or reject them. Users may accept or reject cookies on a case-by-case basis or refuse them altogether. Please note that this setting may alter access to certain website services that require the use of cookies.

    Cookies are stored for a maximum of thirteen (13) months. The user’s choice regarding the acceptance or rejection of cookies is saved for no more than six (6) months.

    Cookie Management in Browsers

    To manage cookie settings and preferences, the configuration for each browser is different. Here’s how you can modify your cookie preferences:

    You can also configure your browser to send a signal to websites indicating that you do not wish to be tracked (known as the “Do Not Track” option):

    2.3. Purpose of Data Collection

    The personal data provided by users may be used for the following purposes:

    • Ensuring the proper functioning and continuous improvement of the website, its services, and its features;
    • Managing user accounts;
    • Handling contact and information requests;
    • Managing user rights regarding their personal data (access, rectification, deletion, etc.);
    • Compiling statistics to improve the site’s performance;
    • Managing commercial relationships (client follow-up, invoices, unpaid invoices, litigation, etc.);
    • Handling recruitment processes;
    • Sending newsletters.

    3. Information and Consent

    Users will be informed at the time of data collection which fields are mandatory. In principle, these fields will be indicated by an asterisk (*).

    By providing their personal data, for example, by completing forms or sending emails, the user expressly consents to the collection and use of their data in accordance with the legal requirements and the rules set forth in this privacy policy.

    It is important to note that, under Article 8 of the GDPR and Article 45 of the French Data Protection Act, a minor aged 15 or older may independently consent to the processing of their personal data for the direct offer of services.

    When a minor is under the age of 15, consent must be given by both the minor and their parent(s) or legal guardian(s) regarding the processing of their personal data.

    4. Data Recipients

    The personal data provided by users may be accessed by the following recipients:

    • Internal teams of the data controller: This includes teams from the commercial, marketing, technical, and educational departments.
    • Subcontractors acting on behalf of the data controller: For example, the hosting provider and other service providers acting under the authority of the data controller.
    • Stripe Payment Service: Personal data may be shared with the payment processor, Stripe, to facilitate transactions.

    5. Data Retention Periods

    Users' personal data is retained for the period necessary to carry out the operations for which it was collected, in compliance with current regulations and in accordance with the purposes described in this privacy policy.

    Different retention periods may apply depending on the purpose and the legal obligations, for example:

    • Client data: Retained for the duration of the contractual relationship, plus an additional five (5) years after the end of the relationship.
    • Accounting data: Archived for ten (10) years following the closure of the fiscal year, in accordance with legal requirements.
    • Cookies: Retained for a maximum period of thirteen (13) months.

    6. Security and Confidentiality

    The data controller has taken all necessary precautions, including physical, logical, and organizational security measures, to protect the security and confidentiality of personal data against accidental loss, alteration, unauthorized access, use, modification, or disclosure.

    The data controller requires the same level of security from its providers, subcontractors, and any third parties that may have access to the data.

    7. User Rights and Procedures for Exercising Rights

    In accordance with French law n° 78-17 of January 6, 1978, and Regulation n° 2016/679 General Data Protection Regulation (GDPR), individuals have the following rights:

    • Right to information: The data subject has the right to know the purposes and methods of processing their data.
    • Right of access: The data subject has the right to access their personal data collected by the data controller.
    • Right to rectification and updating: The data subject may request corrections to their data if inaccurate, incomplete, or out of date.
    • Right to restriction: The data subject may request the restriction of their data in specific cases provided by law (Article 18 GDPR).
    • Right to portability: The data subject has the right to receive their data in a readable, structured format.
    • Right to erasure: The data subject may request the deletion of their personal data under the following conditions:
      • The data is no longer necessary for the purposes for which it was collected;
      • The data subject withdraws their consent;
      • The data subject opposes the processing;
      • The personal data has been processed unlawfully;
      • The data must be erased to comply with a legal obligation;
      • The personal data was collected in relation to the offer of services to minors.

    Individuals may also object to the processing of their data for legitimate reasons by contacting the data controller at the following postal address: 60 rue François 1er 75008 Paris, or by email at: contact@audio2course.com, along with proof of identity.

    Additionally, individuals may provide general or specific instructions on the handling and use of their data after their death.

    Individuals also have the right to lodge a complaint with the CNIL under the procedures outlined on its website.

    Each user must comply with current personal data regulations, violations of which may result in criminal penalties.

    8. Privacy Policy Updates

    This privacy policy may be updated to reflect legislative, regulatory, or operational changes made by the data controller. Users are therefore encouraged to regularly review this privacy policy available on the website.