Privacy policy

Privacy policy

RISING STONE attaches great importance to protecting and respecting the privacy and personal data (“Personal Data”) of the users of its website (hereinafter the “Site”).

RISING STONE undertakes to implement adequate measures for the protection, confidentiality and security of Personal Data in accordance with the regulations in force in France and the European Union, in particular the General Regulation on the Protection of Personal Data EU 2016/679 of April 27, 2016 and the rules of national law adopted for its application.

Users are informed by this charter (the “Charter”) of the practices and processing inherent in the collection and use of Personal Data by RISING STONE as data controller.
Consequently, RISING STONE invites users to read this document carefully in order to know and understand the processing of Personal Data.

It is specified that by browsing the Site, users accept the present Charter as well as the general conditions of use.

Article 1. Personal data collected

Users are required to provide their Personal Data in digital format when using the Site.

1.1 Principles applicable to the collection of Personal Data

In general, users can browse the Site without necessarily having to provide RISING STONE with Personal Data. RISING STONE only collects Personal Data that is necessary for the purposes of the processing operations it implements (“privacy by design”) and ensures a high level of protection (“privacy by default”). In this respect, the processing operations requiring the collection of data are as follows:

  • Respond to inquiries (contact forms for requests for information and/or additional photos of a property);
  • Participate in surveys to improve the RISING STONE customer relationship and experience;
  • Send newsletters, informative or commercial e-mail alerts;
  • Apply for job offers.

In this case, the personal information collected from users is at least: (i) Last name(s), (ii) First name(s), (iii) E-mail address, (iv) Telephone number, (v) Postal address, (vi) Country. These Personal Data are then kept for the time necessary to fulfill the user’s request. In the absence of concrete fulfillment, they are deleted within the time recommended by the CNIL, i.e. after three years from the date of their collection by the Site, subject to legal possibilities and obligations in terms of archiving, obligations to retain certain data and/or anonymization.

1.2 Site user browsing information

When using the Site or certain services linked to the Site, certain data is automatically collected such as: (i) IP address, (ii) reference of the browser software used, (iii) browsing data (date, time, content consulted, search terms used, etc.), (iv) operating system references.
Among the technologies used to collect this information, RISING STONE may use “php” sessions, which store each user’s data using a unique session identifier. These php sessions keep data in memory only as long as users are browsing the site.
Data collected during browsing is thus deleted when the user’s browser closes, or, where applicable, within a maximum period of thirteen months from the date of collection.

Article 2. Legal basis for the collection and processing of personal data

Personal Data are processed by RISING STONE in the cases authorized by the regulations in force and under the following conditions:

  • Obtaining users’ free, specific, informed and unambiguous consent to the processing of their Personal Data (it is specified that for minors under 18, consent must be given by the legal representative);
  • Collection of Personal Data required to fulfill users’ requests;
  • Compliance with RISING STONE’s legal and/or regulatory obligations (such as the fight against fraud and corruption);
  • Protection of RISING STONE’s legitimate interests (such as protecting the security of its computer network).

Article 3. Recipients of the personal data collected

Only authorized personnel of RISING STONE’s group and service providers may have access to the Personal Data collected and process it, without prejudice to its possible transmission to the bodies in charge of a control or inspection mission in accordance with the legislation and/or regulations in force or for the purposes of responding to a judicial or administrative decision.
Authorized personnel are subject to an obligation of discretion.
RISING STONE undertakes not to market the Personal Data collected to third parties.

Article 4. Transfer of personal data

Personal Data collected from users of the Site are stored exclusively in France and are not transferred outside the European Union.
In the event of recourse to affiliates or service providers located outside the European Union, RISING STONE undertakes to verify that appropriate measures have been put in place to ensure that users’ Personal Data benefit from an adequate level of protection.

Article 5. Data security

RISING STONE collects and processes users’ Personal Data with the utmost confidentiality and in compliance with applicable laws. Users are protected against unauthorized access, modification, disclosure or destruction of their Personal Data.
When the disclosure of Personal Data to third parties is necessary and authorized, RISING STONE ensures that these third parties guarantee the same level of protection for the Personal Data concerned as that offered to them by RISING STONE, and requires contractual guarantees so that the Personal Data is processed exclusively for the purposes accepted by the users, with the required confidentiality and security (notably thanks to European Commission standard clauses, Internal Company Rules (“BCR”) or the Data Protection Shield set up between the European Union and the United States of America).
RISING STONE implements technical and organizational measures to ensure that Personal Data is kept securely for the time necessary to fulfill the purposes for which it is to be used.
Users’ attention is drawn to the fact that no transmission or storage technology is totally infallible.
Therefore, in the event of a proven breach of Personal Data likely to give rise to a high risk for the rights and freedoms of users, RISING STONE will inform the competent supervisory authority of this breach in accordance with the procedures laid down by the applicable regulations.
Users are responsible for exercising caution to prevent any unauthorized access to their Personal Data and in particular to their computer and digital terminals (computer, smartphone, tablet in particular).

Article 6. Links to other websites

The Site may occasionally contain links to the sites of partners or third-party companies which have their own data protection policies.
RISING STONE has no control over the content of these sites and declines all responsibility for the use made of information collected when users click on these links.
RISING STONE therefore invites users to familiarize themselves with the data protection policies implemented by the publishers of these sites before sending them any personal information.

Article 7. User rights

Users are reminded that they have the following rights, subject to the limitations provided for by current legislation:

7.1. Right to information on the processing of Personal Data

RISING STONE undertakes to use its best efforts to provide concise, transparent and accessible information on the conditions under which users’ Personal Data is processed.

7.2. Right of access to Personal Data

Each user may access the Personal Data processed by RISING STONE and has the right to receive a copy in electronic form (for any additional copies, RISING STONE will be entitled to charge a fee based on the administrative costs incurred).

7.3. Right to erasure (“right to be forgotten”) and rectification of Personal Data

Each user has the right to request the deletion and/or rectification of any Personal Data concerning him or her that is erroneous or obsolete.
RISING STONE may retain certain Personal Data when required to do so by law or for legitimate reasons.

7.4. Right to object

Users may object at any time for legitimate reasons:

  • the use of their Personal Data for direct marketing purposes, or
  • the re-use of their Personal Data for processing different from that consented, except in the event of RISING STONE fulfilling one of its legal obligations.

7.5. Right to limit the processing of Personal Data

  • Users have the right to request that processing carried out on their Personal Data be limited to what is necessary. This right applies only:
    if the user disputes the accuracy of his/her Personal Data ;
  • if the user can establish that the processing of his/her Personal Data is unlawful and requests a limitation of its use rather than its erasure;
  • if RISING STONE no longer requires the user’s Personal Data, but it is still necessary for the user to establish, exercise or defend legal claims;
  • if the user objects to processing based on the legitimate interests of the data controller, during verification as to whether the legitimate grounds pursued by the data controller prevail over those of the user.

7.6. Right of complaint to a supervisory authority

If users consider that the efforts made by RISING STONE to preserve the confidentiality of Personal Data do not guarantee respect for their rights, they may lodge a complaint with the competent supervisory authority (CNIL or any other authority mentioned on the list available from the European Commission).

7.7. Right to portability of Personal Data

Users have a right to data portability, entitling them to obtain their Personal Data from RISING STONE in a structured, commonly used and machine-readable format and to request that this Personal Data be transmitted to another data controller.

7.8. Right to decide what happens to Personal Data after death

Users also have the right to organize the fate of their Personal Data after their death by adopting general or specific directives which RISING STONE undertakes to respect.
In the absence of such directives, RISING STONE recognizes the possibility for heirs to exercise certain rights, in particular the right of access if necessary for the settlement of the deceased’s estate and the right of opposition.

7.9. Conditions for exercising rights

To exercise their rights, users are invited to contact RISING STONE’s Data Protection Officer as described in article 10.
To help them exercise their rights, the CNIL provides model letters on its website (www.cnil.fr).
Before processing the user’s request(s), RISING STONE may verify their identity by requesting proof of identity.
The Data Protection Officer will respond to the user’s request(s) as soon as possible, and in any event within one (1) month of proof of identity.
If necessary, this period may be extended by a further two (2) months in view of the complexity and number of requests, in which case RISING STONE undertakes to inform users of the extension and the reasons for the postponement.

Article 8. Modification of the personal data protection charter

RISING STONE reserves the right to make changes to this Privacy Policy at any time in order to comply with legislative and regulatory changes and/or to improve its privacy policy.
In the event of modification, a new version will be updated and put online with the date of “Last update”.

Article 9. Applicable law and competent court

The present Charter is governed by French law, including the provisions applicable to the rules of private international law.
Failing amicable agreement, jurisdiction is given to the courts within the jurisdiction of the Court of Appeal of Chambéry, notwithstanding plurality of defendants and/or warranty claims, to hear any dispute relating to the use of the site and/or the validity, execution and interpretation of these GCU.

Article 10. Contact

If you have any questions regarding this Charter and would like to correct, add to or update it, please contact RISING STONE :

  • by sending an e-mail to the Data Protection Officer at contact@rising-stone.com;
  • or by filling in the following online contact form www.rising-stone.com ;
  • or by sending a letter to the following address: RISING STONE – A l’attention du Délégué à la Protection des Données, Mme Alexia Dantigny – 200, RUE DES JEUX OLYMPIQUES – 73550 MERIBEL LES ALLUES.