Security and Protection of Personal Data
This Privacy Policy applies to the personal information that Monolith KLH collects with your consent or automatically when you visit our site or use our services. We explain below why and how we process your personal information, in compliance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and Law No. 78-17 of 6 January 1978, as amended, known as the Data Protection Act (Informatique et Libertés).
We may update this Privacy Policy from time to time. In the event of a substantial change, we will inform you by any appropriate means within a reasonable period before it takes effect.
1. Definitions
- The Publisher: Monolith KLH, SAS with a share capital of €30,000, whose registered office is located at 27 rue Mogador, 75009 Paris, registered with the Paris Trade Register under number 835 121 583.
- The Site: all sites, web pages and online services offered by the Publisher, accessible from www.monolith-klh.com.
- The User: the natural person using the Site and the services offered.
2. Data Controller and Contact
The data controller for your personal data is Monolith KLH.
For any question relating to the processing of your data or to exercise your rights, you may contact us:
- By post: Monolith KLH, 27 rue Mogador, 75009 Paris
- By email: contact@monolith-klh.com
- Via our contact form.
3. Nature of Data Collected
In connection with the use of the Site, the Publisher may collect the following categories of data:
- Identification data: surname, first name, job title, company
- Contact data: postal address, email address, telephone number
- Economic and professional data: information relating to your professional activity and the context of our business relationship
- Technical and browsing data: IP address, browser type and language, operating system, pages visited, date and time of connection
- Communication data: content of exchanges made via the contact form or by email
4. Purposes and Legal Bases for Processing
Your personal data is processed for the following purposes:
Purpose
Legal Basis
Management of the commercial relationship (contracts, orders, invoicing, accounting)
Performance of a contract
Client relationship monitoring (complaints, satisfaction surveys, after-sales service)
Legitimate interest
Commercial prospecting operations
Consent / legitimate interest
Handling requests via the contact form
Consent / pre-contractual measures
Sending the newsletter
Consent
Audience measurement and Site improvement
Consent (non-essential cookies)
Compliance with legal and accounting obligations
Legal obligation
We do not process any sensitive data (racial or ethnic origins, philosophical, political, trade union or religious opinions, sexual life, health data).
5. Recipients of Data
Your personal data is intended for the internal departments of Monolith KLH authorised to process it. It may also be shared with:
- Our technical subcontractors (hosting, maintenance, analytical tools, advertising platforms, audience measurement tools), who act solely on our instructions and within the framework of a contract compliant with Article 28 of the GDPR
- The competent administrative or judicial authorities, where legally required
6. Transfers of Data Outside the European Union
In the context of using third-party tools (in particular analytical, advertising and marketing platforms), some of your personal data may be transferred to countries outside the European Union, including the United States.
These transfers are carried out in compliance with the GDPR and are based on appropriate safeguards:
- European Commission adequacy decisions where they exist (in particular the EU-US Data Privacy Framework for transfers to certified US companies)
- Standard contractual clauses adopted by the European Commission
- Additional technical and organisational measures where necessary
You may contact us at contact@monolith-klh.com for further information on these transfers and the associated safeguards.
7. Data Retention Periods
In accordance with Article 5 of the GDPR, your data is retained for a period not exceeding that necessary for the purposes for which it is processed:
- Prospect data (including newsletter): 3 years from the last contact
- Client data: for the duration of the contractual relationship, then 3 years after the end of that relationship for prospecting purposes
- Accounting data and invoices: 10 years, in accordance with legal obligations (Commercial Code)
- Legally required data: retained in accordance with the periods provided for by applicable legislation (Commercial Code, Civil Code, Consumer Code)
- Technical browsing data: maximum 13 months for cookies, in accordance with CNIL recommendations
At the end of these periods, your data is either deleted or irreversibly anonymised.
8. Cookies
8.1 What is a cookie?
A cookie is a small text file placed on your device (computer, tablet, smartphone) when you browse the Site. It allows your browser to be recognised and certain information relating to your browsing to be stored.
8.2 Purposes of cookies
The Site uses different types of cookies:
- Essential cookies: necessary for the operation of the Site
- Audience measurement cookies: allow us to understand how users interact with the Site in order to improve its performance
- Advertising and marketing cookies: allow us to measure the effectiveness of our campaigns and tailor our communications
- Social media cookies: allow content sharing and interaction with social platforms
8.3 Consent and cookie management
In accordance with CNIL recommendations, non-essential cookies are only placed on your device after your consent has been collected, expressed via the consent banner displayed on your first visit.
You may at any time modify your preferences or withdraw your consent by clicking on the dedicated link in the Site's footer, or by configuring your browser directly to refuse cookies.
8.4 Cookie retention period
The maximum retention period for cookies is 13 months after their first placement. The validity period of consent is also 13 months and must be renewed at the end of this period.
9. Your Rights
In accordance with the GDPR, you have the following rights regarding your personal data:
- Right of access: obtain confirmation that data concerning you is being processed and obtain a copy
- Right of rectification: have your data corrected if it is inaccurate or incomplete
- Right to erasure ("right to be forgotten"): request the deletion of your data in the cases provided for by the regulations
- Right to restriction of processing: request the suspension of the processing of your data
- Right to data portability: receive your data in a structured, machine-readable format, or transmit it to another data controller
- Right to object: object to the processing of your data on grounds relating to your particular situation, or unconditionally for processing carried out for commercial prospecting purposes
- Right to withdraw your consent at any time, where processing is based on consent
- Right to define directives relating to the fate of your data after your death
To exercise these rights, contact us at contact@monolith-klh.com or by post to Monolith KLH, 27 rue Mogador, 75009 Paris. A response will be provided within one month of receipt of your request.
If you consider that your rights are not being respected, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés):
- Online: www.cnil.fr
- By post: CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
10. Data Security
Monolith KLH implements appropriate technical and organisational measures to ensure a level of security suited to the risks of accidental, unauthorised or unlawful access, disclosure, alteration, loss or destruction of your personal data.
In the event of a data breach likely to result in a high risk to your rights and freedoms, we undertake to:
- Notify you of the incident as soon as possible
- Investigate its causes and inform you accordingly
- Take the necessary measures to limit the consequences of the incident
These notification commitments do not in any way constitute an acknowledgement of fault or liability with respect to the occurrence of the incident.
11. Disclosure to Authorities
Your personal data may be disclosed pursuant to a law, regulation or decision of a competent regulatory or judicial authority, in strict compliance with applicable rules.
12. Transfer or Merger
In the event that Monolith KLH takes part in a merger, acquisition or any other form of asset transfer, we undertake to maintain the level of confidentiality of your personal data to which you have consented and to inform you within a reasonable period before any such transfer.
13. Amendments to the Privacy Policy
We reserve the right to amend this Privacy Policy at any time, in particular to adapt it to regulatory developments or changes in our practices.
In the event of a substantial change, we will inform you by any appropriate means and undertake not to reduce the level of protection of your data without prior notice and, where applicable, without collecting your renewed consent.