Privacy Policy
Privacy Policy for MSE SAS France
Effective Date: [Insert Date]
Last Updated: [Insert Date]
MSE SAS France (“the Company,” “we,” “us,” or “our”) is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (“Loi Informatique et Libertés”). This Privacy Policy explains how we collect, process, store, and protect your personal data when you visit our website (mse-sas.com) or otherwise interact with us.
1. Identification & Data Controller
-
Company Name: MSE SAS France
-
Registered Address: 15 Rue du Mans, 49300 Cholet, France
-
Phone: +33 (0) 2 41 64 73 41
-
Email: sales@mse-sas.fr
-
Website: https://mse-sas.com
-
SIRET Number: 878 725 563 00026
-
VAT Number: FR 38 878 725 563
As Data Controller, MSE SAS France is responsible for determining the purposes and means of processing your personal data.
2. Personal Data We Collect
We collect and process the following categories of personal data, depending on your interactions with us:
-
Identity & Contact Information
-
Full name, title, email address, postal address, telephone number, company name, job title.
-
Collected when you fill in a contact form, request a quote, register for a newsletter, or otherwise correspond with us.
-
-
Account & Transaction Data
-
Customer or partner account references, order history, invoices, payment details (last four digits of a credit card, billing address).
-
Collected when you place an order, register a user account (if applicable), or request a demonstration.
-
-
Communications Data
-
Emails, chat transcripts, call recordings (if any), and other correspondence relating to enquiries, quotes, support requests, or marketing preferences.
-
Collected when you contact us via email, phone, live chat, or contact form.
-
-
Technical & Usage Data
-
IP address, device type, browser type/version, operating system, pages visited, referring URLs, clickstream, date/time stamps, and time spent on particular pages.
-
Collected automatically via cookies and server logs when you visit our website.
-
-
Marketing & Preferences Data
-
Your consent status, subscription preferences, segments/interests (if you sign up for our newsletter or marketing communications).
-
Collected when you subscribe to newsletters, opt in/out of marketing, or adjust your cookie-consent settings.
-
3. Purposes of Processing & Legal Bases
We process your personal data for the following purposes. The legal basis for each processing activity under Article 6 of the GDPR is indicated in parentheses:
-
Website & Service Delivery
-
To operate, maintain, and improve our website, verify data integrity, and manage user sessions.
-
Legal basis: Legitimate interests (Art 6(1)(f)), i.e., ensuring our website functions securely and efficiently.
-
-
Account Creation & Order Fulfilment
-
To create and manage your customer account (if applicable), process your orders, send invoices, arrange shipping, and provide customer support.
-
Legal basis: Performance of a contract (Art 6(1)(b)).
-
-
Customer & Technical Support
-
To respond to your enquiries, troubleshoot technical issues, and provide product or service support.
-
Legal basis: Legitimate interests (Art 6(1)(f)), i.e., enhancing and maintaining customer satisfaction.
-
-
Communications & Notifications
-
To send service-related communications, order confirmations, delivery updates, and administrative notices.
-
Legal basis: Performance of a contract (Art 6(1)(b)).
-
-
Marketing & Promotional Activities
-
To send newsletters, promotional offers, event invitations, or other marketing communications (if you have opted in).
-
Legal basis: Consent (Art 6(1)(a)).
-
You may withdraw your consent at any time by clicking “unsubscribe” or contacting us via sales@mse-sas.fr.
-
-
Analytics & Website Improvement
-
To analyse website usage patterns, improve our content, products, and services, and conduct A/B tests.
-
Legal basis: Legitimate interests (Art 6(1)(f)), i.e., improving user experience.
-
-
Legal & Regulatory Compliance
-
To comply with applicable laws, regulations, or legal process, for example, accounting and tax obligations.
-
Legal basis: Legal obligation (Art 6(1)(c)).
-
4. Recipients & Data Sharing
We do not sell or rent your personal data to third parties. We may share your data with:
-
Internal Teams
-
Sales, marketing, customer support, finance, and IT teams on a strict “need-to-know” basis to perform the above purposes.
-
-
Service Providers & Subprocessors
-
Hosting Provider & IT Infrastructure: Our website and databases are hosted with a GDPR-compliant provider that acts as a data processor.
-
Payment Processor (e.g., Stripe, PayPal, etc.): Handles payment transactions; only last four digits of a card and billing address may be shared for payment processing.
-
Email Marketing Platforms (e.g., Mailchimp, Sendinblue): Used to send newsletters and marketing emails—data shared includes email address, name, and subscription status.
-
Analytics & Tag Management: Matomo, Microsoft Clarity, etc. We use our own Matomo instance at
matomo.mse-sas.com
to track website usage.
All subprocessors are bound by GDPR-compliant data-processor agreements that restrict their use of personal data strictly to performing services on our behalf.
-
-
Legal or Regulatory Authorities
-
If required by law, court order, or government authority (e.g., tax authorities, GDPR supervisory authorities), to comply with a legal obligation or a valid legal process.
-
-
Business Transfers
-
In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the new controlling entity, provided the acquirer agrees to apply data protection policy consistent with this Privacy Policy.
-
5. Data Retention Periods
We store your personal data only for as long as necessary to fulfil the purposes described above or to comply with legal obligations:
Data Category | Retention Period |
---|---|
Account & Contact Information | Duration of the business relationship + 5 years after last activity. |
Order & Transaction Records | 10 years (tax and accounting requirement in France). |
Marketing & Communication Preferences | Until withdrawal of consent. |
Analytics & Technical Data | Up to 2 years (afterwards logs are anonymised or deleted). |
Legal & Compliance Records |
Up to 10 years as required by law (e.g., audit documentation). |
6. Your Rights & How to Exercise Them
Under the GDPR, you have the following rights regarding your personal data. To exercise any right, please contact us at sales@mse-sas.fr or by post to 15 Rue du Mans, 49300 Cholet, France. We will respond within one month (or two months if complex).
-
Right of Access
-
You may request a copy of the personal data we hold about you. We will provide a summary in a structured, machine-readable format.
-
-
Right to Rectification
-
You may request correction of inaccurate or incomplete data at any time.
-
-
Right to Erasure (“Right to be Forgotten”)
-
You may request the deletion of your personal data when:
a) It is no longer necessary for the original purpose.
b) You withdraw consent (for consent-based processing).
c) The data was unlawfully processed.
d) Legal or statutory obligations require erasure.
-
-
Right to Restrict Processing
-
You may request restriction of processing when:
a) Accuracy of data is contested by you.
b) Processing is unlawful but you oppose erasure.
c) Data is no longer needed for processing but required for a legal claim.
d) You have objected to processing pending verification of legitimate grounds.
-
-
Right to Object
-
You may object to our processing based on legitimate interests or direct marketing. We will cease processing unless we can demonstrate compelling legitimate grounds.
-
-
Right to Data Portability
-
You may request your personal data in a structured, commonly used, machine-readable format and have it transmitted directly to another controller when technically feasible.
-
-
Right to Withdraw Consent
-
You may withdraw any consent you previously gave for marketing or cookies without affecting processing based on consent before withdrawal.
-
-
Right to Lodge a Complaint
-
If you believe we have infringed your data protection rights, you may lodge a complaint with the French Data Protection Authority (CNIL) at https://www.cnil.fr/ or by post to CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France.
-
7. Cookies & Tracking Technologies
We use cookies as described in our Cookie Policy, which forms an integral part of this Privacy Policy. In summary:
-
Strictly Necessary Cookies: Required for site functionality (security, language, cookie-consent). No consent required.
-
Analytics Cookies: Matomo and Microsoft Clarity (with consent) to understand site usage and improve the user experience.
-
Marketing/Targeting Cookies: Microsoft Advertising (MUID) only if you consent to marketing cookies.
You can manage your cookie preferences via the “Cookie Settings” link in the footer of each page or by adjusting your browser’s cookie settings. Refer to our Cookie Policy for full details.
8. Data Security Measures
We implement technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction, including:
-
Encryption: TLS/SSL to encrypt data in transit between your browser and our servers.
-
Access Controls: Access to personal data is restricted to authorised personnel only; unique login credentials and multi-factor authentication are used by staff.
-
Regular Audits: We conduct periodic security audits, vulnerability scans, and penetration testing.
-
Data Minimisation: We collect only the minimum data required for each specified purpose.
-
Employee Training: Staff receive ongoing training on GDPR compliance and data security best practices.
While we strive to use advanced security measures, no system is fully impervious. If we learn of a data breach that is likely to pose a high risk to your rights, we will notify the CNIL within 72 hours and inform affected individuals without undue delay.
9. International Data Transfers
Your personal data is stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA (e.g., to a subprocessors’ server), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions from the European Commission, to protect your data in accordance with GDPR.
10. Third-Party Links & Liability
Our website may contain links to third-party websites or embedded content (e.g., maps, videos). We have no control over external sites and are not responsible for their privacy practices or content. We recommend reviewing the privacy policies of any third-party sites you visit.
Furthermore, site availability may be interrupted for maintenance or technical reasons. We disclaim liability for any interruptions or inability to access the site.
11. Intellectual Property
All content on mse-sas.com—text, images, logos, videos, code—belongs to MSE SAS France or its licensors and is protected by French and international intellectual property laws. Any reproduction, distribution, or modification without our prior written consent is prohibited.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our data practices or regulatory requirements. The “Last Updated” date at the top will reflect the most recent changes. If we make significant changes, we will post a prominent notice on our website or notify you directly if we have your contact information.
13. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
MSE SAS France
15 Rue du Mans
49300 Cholet, France
Phone: +33 (0) 2 41 64 73 41
Email: sales@mse-sas.fr
By using our website and providing your personal data, you agree to the practices described in this Privacy Policy.