Privacy Policy
Processing of the Customer’s personal data Andromède processes the Customer’s personal
data that the Customer communicates to it or to which the Customer gives it access. These
data are :
• relating to the identity of the Customer (surname, first name, home address, email
address, telephone number, etc.)
• relating to the management of the Customer ‘s account (login, password, language
spoken, etc.);
• relating to the Customer’s profile that the Customer publishes on the DONIA
application and shares with other users of the DONIA application (pseudonym, profile
photo, etc.);
• relating to the Customer’s connection to the DONIA application and the DONIA Service
and their use (Internet Protocol (IP) address, Internet connection data, navigation
data, traffic data, etc.);
• on the Customer’s hardware or terminal equipment with which he connects to the
DONIA application (type of equipment, browser, etc.);
• relating to the Customer’s Equipment (in particular, information on the boat that is
associated by the Customer with the use of the DONIA application and on all on-board
equipment, including electronic and computer equipment that may be fitted to the
said boat);
• relating to the use of the electronic communication service made available to the
Customer on the DONIA application, and which relate in particular to :
o electronic messages sent by the Customer on the DONIA application to other users
o files sent on the DONIA application to other users, such as photographs, videos and
audio content
o in general, any content shared by the Customer on the DONIA application with other
users of the application;
o Andromède respects the confidentiality of the Customer’s electronic communications
(i.e. messages) and therefore limits itself to forwarding them to other users of the
DONIA application upon request by the Customer. Exceptionally, Andromède may
process this personal data for other purposes in the event of an express request from
the legal authorities, or for the purposes of proof of a commercial transaction;
• relating to the Customer’s location (latitude, longitude, speed of movement, date of
position) at each connection to the DONIA application, and for the duration of this
connection;
• relating to the Customer’s financial data, in the event of a purchase on the DONIA
application (bank card number, expiry date of the bank card, etc.);
This data is provided to Andromède via a collection form voluntarily filled in by the Customer
on the DONIA application, as well as by the hardware or terminal equipment used and
configured by the Customer when he/she connects to the DONIA application, but also by the
installation of the DONIA Software and cookies on the Customer’s equipment. In particular, it
is specified that the Customer’s location data is provided to Andromède by the Customer’s
equipment with which he connects to the DONIA application (in particular his terminal on
which the DONIA application is installed, but also the Customer’s Equipment which works with
the DONIA application).
Andromède processes such personal data as data controller for the following purposes:
• In order to execute these GTC and the inherent Software licence included;
• In order to execute the DONIA application, the DONIA Service, and in particular the
electronic communications service made available to the Customer within the DONIA
application;
• In order to manage the relationship with the Customer and to communicate with the
Customer, in particular by sending him electronic messages, alerts and push
notifications relating to the DONIA application (for example to notify him of updates
or the receipt of a message);
• In order to enrich the DONIA application’s collaborative database, by :
o Sharing the Customer’s location in real time with other users of the DONIA application,
in particular by means of an interactive map;
o Creating DONIA Data from the Customer’s location information;
o Allowing other users to consult the profile published by the Customer on the DONIA
application and allowing them to interact with the Customer;
• For canvassing purposes and to offer advertising campaigns to the Customer which
may be personalised, on the DONIA application or on the e-mail address provided by
the Customer (newsletter etc.);
• In order to improve the DONIA Service and the DONIA application by analysing the
behaviour of the Customer during their use;
• In order to comply with the legal and regulatory obligations imposed by the activity of
Andromède and the nature of the DONIA Service;
• For purposes of proof and identification of the Customer, in the event of possible
criminal behaviour on the part of the latter, or in the event of a contractual breach, or
to provide proof of a commercial transaction;
• To implement preventive and security measures in the interests of protecting the
DONIA application and its data;
• In order to use the Customer ‘s location data in oceanographic maps, within the
framework of the DONIA application or outside of it, by Andromède alone or with third
parties, subject to the prior anonymisation of this location data;
• To allow Andromède’s partners to view the Customer’s location data, when these third
parties have subscribed to such a paying option with Andromède.
These processing operations are based on several lawful processing bases used by Andromède
which are :
• the execution of the GTC and the Software license included with the Customer;
• the legitimate interest of Andromède and its partners, unless the interests or
fundamental rights and freedoms of the Customer prevail;
• the consent of the Customer;
• compliance with legal obligations incumbent on Andromède.
Andromède undertakes to comply with the legislation relating to the protection of personal
data, in particular the amended law of 6 January 1978, as well as the European Data Protection
Regulation of 27 April 2016.
The Customer thus benefits from a right of access, rectification, limitation, opposition on
legitimate grounds, a right of portability and deletion of data collected by Andromède, as well
as the right to define directives relating to the fate of their personal data after their death,
and to withdraw their consent when it has been given. These rights may be exercised by
written request from the Customer accompanied by proof of identity and addressed to the
Andromède representative in charge of issues relating to the protection of personal data,
whose contact details are :
• Mr Florian HOLON
contact@andromede-ocean.com / Andromede Oceanologie SAS, 7 place Cassan 34130
Carnon
The Customer may also exercise these rights to a certain extent by directly setting the
parameters of the electronic equipment he/she uses to connect to the DONIA application, or
by directly setting the parameters of the DONIA application (“my Account” section).
The Customer is informed that the exercise of his/her rights to limit, oppose or delete his/her
personal data and/or the withdrawal of his/her consent may limit or even interrupt the
provision of the DONIA Service when the latter is based on the processing of such data. In
particular, the Customer acknowledges that his opposition to the processing of his location
data would prevent the DONIA Service from being provided.
Personal data collected by Andromède is kept for the duration of the GTC and the End User
License Agreement for the execution of the DONIA Service, increased by thirty-six (36)
additional months for the purpose of managing its Customer relations and for prospecting
purposes, extended to five (5) years for the purpose of evidence and ten (10) years for the
purpose of keeping Andromède’s accounting book and for the proof of contracts concluded
by electronic means. These periods do not apply to the Customer’s personal data, which
correspond to their banking and payment data, which are not kept for more than thirteen (13)
months following the transaction, and to connection, traffic and usage data of the DONIA
application, which are not kept for more than twelve (12) months following their collection.
Andromède keeps and processes the Customer’s personal data which is anonymised without
any time limit, when this anonymised data no longer allows the Customer to be identified.
The Customer is informed that his personal data may be communicated to third parties,
strictly in order to achieve the purposes of processing pursued by Andromède and to carry out
the processing specified in this article. These third parties are, on the one hand, other users
of the DONIA application and, on the other hand, Andromède’s subcontractors, in order to
ensure the execution of the GTC and the End User License Agreement with the Customer. This
personal data may also be communicated to third parties, known as Andromède’s partners,
who have subscribed to a paying option with Andromède to view the Customer’s location data
(after an anonymisation process). Finally, this data may be communicated to the managers of
protected marine areas, as well as to judicial and administrative authorities, if the latter so
request from Andromède.
The Customer retains the right to lodge a complaint with a supervisory authority if he/she
believes that Andromède has contravened the regulations on the protection of personal data
when processing his/her personal data.
Data security
Andromède undertakes to use its best efforts to ensure the security of the Customer’s
personal data that it processes. Andromède implements several important security measures
adapted to their nature, and ensures that its subcontractors respect equivalent measures.
Nevertheless, the Customer acknowledges and accepts that Andromède cannot guarantee the
infallibility of the protection measures put in place, in particular against the illegal actions of
third parties.
In the event of a breach of the Customer’s personal data, DONIA will notify the CNIL, in
principle within 72 hours of becoming aware of the breach, unless the breach in question is
not likely to result in a risk to the rights and freedoms of natural persons. Andromède will also
notify the individual concerned of the breach unless the data affected by the breach have
been protected by appropriate safeguards to render the data unintelligible to any person not
authorised to access it, or if Andromède has taken subsequent steps to ensure that the high
risk to the Customer ‘s rights and freedoms is no longer likely to materialise.
In all cases, Andromède keeps an up-to-date inventory of the personal data breaches it has
suffered, specifying in particular their modalities, their effect and the measures taken to
remedy them. It keeps this inventory at the disposal of the CNIL. It shall also keep its records
of processing activities at the disposal of the CNIL.
Location of data within the European Union
The Customer is informed that the personal data he/she communicates to Andromède is not
transferred to a country outside the European Union. If necessary, the Customer’s consent
will be required or, if the transfer results from a legal obligation imposed on Andromède, the
Customer will be notified in advance. In all cases, appropriate guarantees for the security of
the Customer’s personal data will be taken