Privacy Policy

The purpose of MADIASOFT's Privacy Policy is to inform the Customer about the conditions under which KAFINEA services collect, process, and store their personal information ("personal data"). The Privacy Policy is part of the Terms and Conditions of Use of the Service (TCU) and each term defined in the TCU has the same meaning in the Privacy Policy.

By accessing and using the KAFINEA website, the Customer agrees to comply with and be bound by this Privacy Policy, which may be modified or updated at any time without notice. Any changes will be posted on the website.

1. Data collected by MADIASOFT

The parties agree that, depending on the services subscribed to, the Customer's database(s) may contain personal data. The Customer is the data controller for this data. This data will be processed by the Service Provider at the Customer's request, through the Customer's use of the Service Provider's services requiring a database, or when the Customer requests the Service Provider to perform operations on its data.

When the Customer uses KAFINEA services and products, the following data is collected and processed: title, first name, last name, company name, country, intra-community VAT number if applicable, password, postal address, telephone number, email address, IP address(es) and domain name, connection data and browsing data when the Customer authorizes it, order history, complaints, incidents, and correspondence on the website. Some data is collected automatically when visiting the website https://www.kafinea.com (see the paragraph on cookies below).

MADIASOFT will never collect or process sensitive personal data as defined by regulations, such as data relating to the Customer's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, or full credit card or personal bank account numbers.

2. Purposes and legal basis of processing

The processing will be carried out in accordance with data protection legislation. In particular, the Service Provider undertakes to process personal data only when and as requested by the Customer, and for the purpose of performing one of the services under the Contract, unless required by law, in which case the Service Provider shall notify the Customer in advance, unless prohibited by law.

MADIASOFT only uses the Customer's personal data in the cases provided for by the regulations in force, which are:

• the performance of the service agreement entered into by the Customer with MADIASOFT;

• invoice and accounting management; 

• resolving any issues in order to improve the use of its website and services; 

• monitoring customer relations, such as conducting satisfaction surveys (with the customer's consent, which is optional), managing complaints, and analyzing the volume and history of the customer's use of its services;

• sending newsletters and information about its services and those of its partner companies,

• managing requests for access, rectification, and opposition rights;

• management of unpaid bills and disputes;

• the existence of a legitimate interest in using the data;

• preventing, detecting, and investigating any activities that may be prohibited, illegal, or contrary to best practices, and ensuring compliance with its terms and conditions of use;

• compliance with its legal and regulatory obligations. 

3. Identity and contact details of the data controller

Personal data is collected by MADIASOFT, a limited liability company registered with the Fort-de-France Trade and Companies Register under Siret number 482 302 213 00012.

MADIASOFT collects and processes the Customer's personal data in a fair and lawful manner, in accordance with the principles of European Regulation 2016/679 of April 27, 2016 (GDPR).

MADIASOFT is responsible for processing the Customer's personal data within the meaning of the GDPR.

4. Consent 

By subscribing to KAFINEA services and products and visiting its website, the Customer agrees and accepts that MADIASOFT may collect, process, store, and/or use the personal data submitted in accordance with the rules set out in this Privacy Policy.

5. Recipients of personal data 

The Customer's personal data is intended for the sole use of MADIASOFT and may be transmitted to subcontractors that MADIASOFT may use in the performance of its services and products. In accordance with Article 28 of the GDPR, access to data by MADIASOFT's subcontractors is governed by a contract signed between MADIASOFT and the subcontractor, which specifies the subcontractor's obligations regarding the protection of the personal data entrusted to it. MADIASOFT ensures compliance with data protection requirements for all its subcontractors.

MADIASOFT does not sell or rent the Customer's personal data to third parties for marketing purposes.

Employees in the support, administrative, accounting, technical, marketing, and sales departments may have access to the Customer's personal data. The Service Provider undertakes to ensure that all personnel authorized to process personal data are subject to a duty of confidentiality.

MADIASOFT does not disclose the Customer's personal data to third parties, except in the following cases:

• the Customer requests or authorizes the disclosure; 

• disclosure is required to process transactions or provide services requested by the Customer; 

• MADIASOFT is compelled to do so by a government authority or regulatory body, in the event of a court order, subpoena, or any other similar governmental or judicial requirement, or to establish or defend a legal claim; 

• the third party acts as an agent or subcontractor of MADIASOFT in the performance of services (e.g., hosting providers, postal or digital mail delivery providers, maintenance and technical development providers).

6. Retention of personal data

MADIASOFT collects the Customer's personal data for the purposes of fulfilling its contractual obligations, as well as information on how and how often its services and products are used. It stores this data in active databases, log files, or other types of files for as long as the Customer uses its services.

MADIASOFT only stores the Customer's personal data for as long as is necessary to provide its services and products. MADIASOFT also retains the following personal data in accordance with legal provisions:

• Information relating to the management of the Customer account, orders, billing, and payments: 10 years after the end of the contract or the last contact from the inactive Customer;

• Information relating to the creation and management of prospecting files: 3 years from the date of data collection or the last contact from the prospect.

• the personal data of inactive Customers for the purpose of sending information about its commercial and marketing offers, within a period of 3 years after the end of the commercial relationship.

When data retention is no longer justified by the management of a Customer account, a legal obligation, disputes or litigation, or commercial requirements, and notwithstanding the exercise of rights of deletion or modification, MADIASOFT will delete the data in a secure manner.

7. Security

MADIASOFT undertakes to provide the Customer with all information necessary to demonstrate compliance with data protection legislation, and to authorize and contribute reasonably to audits, including inspections, conducted or commissioned by the Customer for this purpose.

MADIASOFT undertakes to inform the Customer immediately, to the extent that it is legally authorized to do so, in the event of a request from an administrative or judicial authority relating to their personal data. 

MADIASOFT makes every effort to prevent the loss, misuse, intrusion, unauthorized disclosure, alteration, or destruction of personal data provided by the Customer. To this end:

• The hosting servers on which MADIASOFT processes and stores databases are located exclusively within the European Union.

• All information communicated via MADIASOFT websites is protected by industry-standard security measures.

• MADIASOFT has implemented appropriate electronic, physical, and supervisory procedures to safeguard and preserve the data collected through its services.

• MADIASOFT employees are subject to confidentiality and non-disclosure obligations and have all signed a specific agreement relating to the protection of personal data.

• When MADIASOFT uses service providers to process personal data, it ensures that these service providers guarantee an equivalent level of security protection.

MADIASOFT undertakes to notify the Customer as soon as it becomes aware of and confirms any unauthorized, accidental, or illegal processing, access, or disclosure of personal data. To this end, the Customer undertakes to provide the Service Provider with valid contact information to enable any notification to be sent to the Customer.

8. Transfer of personal data 

MADIASOFT stores the Customer's personal data within the European Union.

9. Cookies/Tracking

As a general rule, MADIASOFT uses cookies and tracking to improve and personalize the site and/or measure its audience. A cookie is a small text file stored on the hard drive of the Customer's computer and sent by the website visited in their Internet browser or on the device used. A cookie does not personally identify the Customer and is not used to collect personal data without their knowledge, but serves to record information relating to their browsing on the website (memorizing technical choices, past activity), in order to facilitate this and to offer relevant offers and services. 

10. Customer Rights

In accordance with the French Data Protection Act of January 6, 1978, and European Regulation 2016/679 of April 27, 2016, the Customer has the following rights regarding their personal data:

• right of access

• right of rectification

• right to object

• right to erasure

• right to portability

• right to restriction

Customers may exercise these rights by writing to MADIASOFT: contact@madiasoft.com.

All requests must be justified, signed, and accompanied by a copy of a valid identity document.

The Customer has the right to file a complaint with the Commission Nationale Informatique et Libertés (CNIL), 3 Place de Fontenoy, 75007 Paris (https://www.cnil.fr/professionnel).

11. Changes to the Privacy Policy

MADIASOFT reserves the right to update and modify all or part of this Privacy Policy at any time, in particular in accordance with changes to the laws and regulations in force. The version published on its Website is the version currently in force. The Customer will be notified of any changes via the MADIASOFT website or by email (provided that the Customer has provided their email address), where possible at least thirty (30) days before they come into effect. 

It is recommended that you review these rules from time to time to stay informed about the procedures and rules regarding the Customer's personal information.