1. The data controller and its data protection officer

LEASETIC is a SAS, registered with the Toulouse Trade and Companies Register under number 830 733 606, represented by Mr. Emmanuel Rousseau, in his capacity as Managing Director and whose administrative headquarters is located at 43 avenue Georges Pompidou – Héliopôle Building G – 31130 BALMA.

LEASETIC, as data controller, publishes the website www.loopix.eco and, in this capacity, makes various uses of your personal data, i.e. any information that allows you to be identified (for example, your name, your email address, your billing information) (hereinafter the "Data").

LEASETIC's Data Protection Officer (hereinafter the "DPO") ensures compliance with the processing of personal data carried out by LEASETIC. You can contact them by email at gdpr@leasetic.com.

By post addressed to LEASETIC, Data Protection Officer, 43 avenue Georges Pompidou – Héliopôle Building G – 31130 BALMA.

2. What data is used?

We process your Data for the following purposes:

2.1. Contract Management

We process your Data in connection with the management of your contracts for the purchase of goods or services on the website www.loopix.eco . This purpose includes the operations necessary for managing your orders, delivering your products, providing your services, processing payments for your orders and related invoices.

The legal basis for this processing is the performance of the contract.

The categories of data processed are: your identification data (example: name, surname, postal and electronic contact details…), your transaction data (order number, order details), your payment data (bank details), your connection data (example: IP address) your data for monitoring the commercial relationship (example: orders, invoices, order amount, purchase history…).

Your data is stored in the current database for the duration necessary to fulfill the contract concluded with LEASETIC. Your data is stored in an intermediate database for the time necessary to defend LEASETIC's rights in court and to comply with legal obligations.

Your bank card number and expiry date, for the purpose of a single payment transaction, are kept until the end of the withdrawal period (14 days from receipt of the goods or conclusion of the contract in the case of services). Your information may be kept in an intermediate archive for 13 months from the debit date as evidence in the event of a transaction dispute.

Your data may be transmitted to:

• Logistics providers (carriers, warehouses, collection points)

• Banks and payment providers

• Service providers specializing in managing communication by telephone or email

• Public and administrative authorities at their request

2.2. The fight against fraud

We process your data to combat fraud. The legal basis for this processing is our legitimate interest.

The categories of data processed are: your identification data (example: name, surname, postal and electronic contact details…), your transaction data (order number, order details), your payment data (bank details), your connection data (example: IP address) your data for monitoring the commercial relationship (example: orders, invoices, order amount, purchase history…).

If the outstanding payment is settled, your data will be kept for 48 hours from the date of settlement, or, if no payment is settled, for 3 years from the date of the outstanding payment. After this period, the data will be anonymized or deleted.

Your data may be transmitted to external service providers specializing in the development of anti-fraud solutions.

2.3. Monitoring and improving customer relations

We process your data to manage your responses to our satisfaction surveys and to improve customer relations. We use your data based either on your consent or on our legitimate interest.

Your data is processed to manage your complaints (including creating vouchers for you), to provide after-sales service, and to respond to any requests you may have regarding your contracts. The legal basis for this processing is the performance of the contract.

We process your Data to respond to your requests regarding your rights in accordance with paragraph 4, as well as requests from third-party authorities (e.g., law enforcement). The use of your Data is based on our legal obligations.

The categories of data processed are: your identification data (example: name, surname, postal and electronic contact details…), your transaction data (order number, order details), your payment data (bank details), your connection data (example: IP address) your data for monitoring the commercial relationship (example: orders, invoices, order amount, purchase history…).

Your data is stored in the current database for the duration necessary to fulfill the contract concluded with LEASETIC. Your data is stored in an intermediate database for the time necessary to defend LEASETIC's legal rights.

The identity documents requested when exercising your rights are kept for the time necessary to verify your identity, then immediately deleted.

Your data may be transmitted to:

• Service providers for managing satisfaction questionnaires

• Public and administrative authorities at their request

2.4. Customer Review Management

We process your data in order to manage your reviews of the products offered on the site www.loopix.eco . We process your Data based on your consent or our legitimate interest.

We process your data to enable the conduct of product testing campaigns for products offered on the site. www.loopix.eco . The legal basis is the performance of the contract.

The categories of data processed are: your identification data (example: name, surname, postal and electronic contact details…), your connection data (IP address, browsing history…), your data for monitoring the commercial relationship (example: orders, delivery tracking…) and data relating to the contributions of people who post reviews on products, services or content, including their pseudonym.

Product reviews are displayed on the website for 10 years from the date of publication. After this period, LEASETIC anonymizes the reviews (meaning it becomes impossible to identify the individual who wrote the review) in order to retain them indefinitely.

Your data may be transmitted to service providers specializing in review moderation and test campaign management.

2.5. Optimizing and personalizing your browsing experience

We process your data to personalize your browsing experience on our site and to offer you products that may interest you. The legal basis for this processing is your consent or our legitimate interest.

The categories of data processed are: your identification data (example: name, surname, postal and electronic contact details…), your transaction data (order number, order details), your payment data (bank details), your connection data (example: IP address) your data for monitoring the commercial relationship (example: orders, invoices, order amount, purchase history…).

Your data is kept for a maximum of 5 years. After this period, the data is anonymized.

Your data may be transmitted to:

• Service providers specializing in optimizing your browsing experience by displaying personalized products and customizing the products presented on the site based on your browsing history and interests

• Providers enabling the sending of mobile, web and/or SMS notifications

• Service providers specializing in monitoring and measuring the performance of advertising campaigns

2.6. Statistical Reports

We process your data to compile statistics aimed at improving our understanding of your expectations regarding our products and services. The legal basis for this processing is our legitimate interest.

The categories of data processed are: your identification data (customer number) and your connection data (IP address).

The data is kept for the time necessary to achieve the purpose of the statistics or until you exercise your right to object.

Your data may be transmitted to service providers specializing in the production of statistical reports.

3. Security measures

We are committed to implementing appropriate technical and organizational measures to ensure a high level of security.

These measures are defined taking into account, in particular, the state of technological knowledge, the nature, scope, context and purposes of the processing, as well as the identified risks.

We would like to inform you that we comply with the Payment Card Industry Data Security Standard (PCI DSS), a testament to our expertise in security. As part of this commitment, LEASETIC conducts annual technical and organizational audits of its subcontractors, carried out by independent external auditors.

Furthermore, our internal procedures include a "Privacy by design" procedure ensuring that all our IT projects comply with a high level of confidentiality and security for your Data.

This procedure provides for an analysis of the maturity of all projects with regard to the issues relating to data protection and IT security.

Periodic audits and checks of our IT solutions are carried out throughout the year by the DPO and a dedicated IT security team in order to maintain this high level of requirement over time.

4. How to exercise your rights?

Below you will find a description of your rights and the technical means at your disposal to exercise them.

Regarding requests that would reach the DPO by email at gdpr@leasetic.com or (ii) by post addressed to LEASETIC, Data Protection Officer, 43 Avenue Georges Pompidou – Heliopole Building G – 31130 BALMA, please indicate the email address linked to your customer account on the Site (or use it in the case of an email) as well as your first and last names.

In the event that you are unable to find the email address associated with your customer account on the website, or in the event of serious uncertainty as to your identity, additional information relating to your identity may be requested from you in accordance with Article 12 of the GDPR.

We will respond within one (1) month of receiving your request. This period may be extended by two (2) additional months depending on the complexity and number of requests.

In accordance with current data protection legislation, you have various rights, in accordance with Articles 15 to 21 of the GDPR.

• The right to information

• The right to rectification

• The right to delete

• The right to limit

• The right to portability

• The right to object

More specifically, if you are affected by telephone marketing, you can object by registering for free on the website www.bloctel.fr.

You may, at any time, withdraw your consent to the processing of your Data by LEASETIC for marketing purposes or to the disclosure of your Data to selected LEASETIC partners for marketing purposes, by sending an email to gdpr@leasetic.com.

If, after contacting us, you believe that your rights have not been respected, you can file a complaint with a supervisory authority. In France, the responsible supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL) .

5. Cookies

This section is dedicated to our cookie policy on this website. It allows you to learn more about the origin and use of browsing information processed when you visit our website, as well as your rights.

5.1 What is a cookie?

A cookie is a small text file that requests permission to be placed on your computer's hard drive by the websites you visit. They are widely used to optimize website performance. Some of these cookies are essential for the website to function. Others are used to identify you and, based on your browsing activity, to help our teams improve the website.

A cookie cannot access information about you that you do not wish to share. A cookie has a limited lifespan and is deleted by your browser once that time has expired. Only the company that places the cookie can read or modify the information it contains.

5.2 Purposes and type of cookies

Different cookies are used for different purposes. The most common cookies are:

Cookies necessary for the operation of the service (or "essential") or for the functionalities of the site

These cookies are mandatory for the operation of the www.loopix.eco website and its features (for example, the cookie related to saving the shopping cart) and, as such, are exempt from the collection of consent.

So-called "audience measurement" cookies

These cookies are used to measure Loopix website traffic, or to test different versions in order to optimize editorial choices based on their respective performance. In some cases, these cookies may be considered "essential," necessary for providing the service explicitly requested by the user, and are therefore exempt from requiring consent. Those not considered "essential" are subject to your consent.

5.3 Responsibilities related to cookies

Cookies from LEASETIC and its subcontractors

LEASETIC is responsible for issuing and using cookies on the website. Certain types of cookies ("essential" or audience measurement cookies) are exempt from consent.

Cookies issued by third-party companies

The use of cookies by third parties on our site (e.g., Google, PayPal, etc.) is subject to the privacy policies of those third parties. These cookies are not essential for browsing the site.

The site integrates partner technologies that allow the recognition of your connection device and data relating to your browsing on your connection device.

LEASETIC may share Data such as your email address (encrypted in SHA-256) or any other technical identifier with our partners in order to establish a link between your different connection terminals or Internet browsers and to offer you a consistent and continuous experience on these terminals.

To learn more about the technologies used by our partners, please consult their privacy policies:

· Criteo

· Facebook

· Twitter

· Google+

5.4 Managing cookie storage

In accordance with Directive 2002/58/EC of 12 July 2002, LEASETIC collects your prior consent to the placement of cookies, except for "essential" cookies and certain audience measurement cookies, which are exempt from consent.

You can express and modify your cookie preferences at any time, using the methods described below.

Configuring cookies using the tool provided by Loopix

You are informed of the collection of this information upon your first visit to www.loopix.eco, via the cookie information banner. To comply with regulations, LEASETIC uses a tool that allows users to configure cookie settings when connecting to the site.

Configuring your browser

Each web browser has a different configuration. This is usually described in your browser's help menu. We therefore encourage you to consult it. This will allow you to learn how to modify your cookie preferences.

· Edge™ - Microsoft Support

Safari™ - Apple Support

· Chrome™ - Google Support

· Firefox™ - Mozilla Support

Any settings you configure in your browser regarding the acceptance or rejection of cookies may affect your browsing experience and your access to certain services that require the use of these cookies. For example, by rejecting certain essential cookies, you may no longer be able to place orders on our website. If you choose to refuse the storage of cookies on your device or if you delete those already stored, we disclaim all liability for any consequences related to the degraded performance of our services resulting from our inability to store or access the cookies necessary for their operation, which you have rejected or deleted.

********************

This policy will be updated as needed to meet the requirements of applicable data protection regulations.

Validated by the Data Protection Officer of Leasetic.