Personal Data Protection Policy

Date of effect: 19-03-2025

CLS and all of its subsidiaries (hereinafter referred to as "the CLS Group") respect your rights regarding the privacy and protection of your personal data. The purpose of this "Personal Data Protection Policy" (hereinafter the "Policy") is to inform all the individuals (natural persons) concerned (hereinafter referred to as "You" or "Your") about the way in which the CLS Group collects, uses and discloses Your Personal Data and about the rights You have regarding this data.

This version of the Policy reflects the latest legal and factual developments known on the date of its entry into force. This Policy complies with the General Data Protection Regulation (Regulation EC 679/2016 – "GDPR") and Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms.

Any mention of the term "CLS Group" refers to the CLS entity and its subsidiaries that act as a controller or processor of your information.

 

1. Scope

This Policy applies to the CLS product and service marketing websites operated by Shopify (hereinafter referred to as the "Media", which includes all CLS Group "Shopify" marketing sites). Consequently, this Policy does not apply to the websites of third parties, including those that may be mentioned on our Media via a web link.

"Personal Data" corresponds to any information relating to an identified or identifiable natural person, directly or indirectly, and which is protected by the GDPR and all regulations applicable to its protection.

"Processing" means any operation, or set of operations, relating to such Data, regardless of the process used (collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, alignment or interconnection, blocking, erasure or destruction, etc.).

 

2. Data Controller

The Data controller of Your Personal Data is by default:

COLLECTE LOCATION SATELLITES

Simplified joint-stock company with a capital of €2,440,503, whose registered office is at the Parc Technologique du Canal, 11 rue Hermès, 31 520 Ramonville Saint Agne, registered with the Toulouse Trade and Companies Register under number 338 034 390, represented by Mrs. Stéphanie LIMOUZIN, President.

 

3. Main Subprocessor

CLS marketing Media are operated and hosted by:

Shopify Inc.

126 York St. Ottawa, ON K1N 5T5, Canada

The host can be contacted on the following telephone number: 1-888-746-7439.

IMPORTANT: by browsing our Media, you acknowledge the involvement of Shopify. You therefore acknowledge and consent to the collection and processing of Your personal data by this company and to their transfer to Canada.

 

4. Data Collected

When you use our Media, we may collect and process some or all of the following data:

Support navigation

• Cookies
• Logs
• IP address
• Localization
• Time zone

User account

• First and last name
• Email address
• Phone Number(s)

Purchase and delivery

• Banking information
• Physical address(es): billing and/or delivery
• Geolocation
• Orders history

The collection of this collected Personal Data is always limited to the data necessary for the purposes set out below.

ATTENTION: Please note that certain functionalities and characteristics of the Media can only be used if You provide certain Personal Data. You are free to provide or not provide all or part of Your Personal Data. However, if You choose not to provide them, such a decision may prevent the achievement or satisfactory achievement of certain purposes described below. For these reasons, the completion of a sale cannot be done without the processing of some of your personal data.

Protection of minors' data

Our Media are not directed to minors under the age of 18. We do not intentionally collect personal data from minors without the verifiable consent of a parent or legal guardian.

If you are a parent or guardian and you find that your child has provided us with personal information without your permission, please contact us at dpo@groupcls.com. We will take steps to remove such information from our systems.

 

5. Purposes of the Collection of Personal Data

Personal Data is collected solely for the purposes of the operation of the Media and their respective functionalities.

More specifically, the CLS Group and the Shopify company collect and use your Personal Data for the following purposes:

• To enable you to acquire CLS products and services;
• To allow you to create a user account;
• To enable you to request and obtain information about the CLS Group, our products and services;
• To allow you an interactive and personalized use of the Media;
• To allow you to get in touch with the CLS Group;
• To enable the CLS Group to manage its commercial relations;
• To allow Shopify to administer the sale of CLS products and services on behalf of CLS
• To allow CLS's delivery provider to make said delivery.

 

6. Cookies & Metadata

When you browse our website, cookies and other trackers may be placed on your device (computer, tablet, smartphone). This section explains what cookies are, how we use them, and how you can manage your preferences.

A cookie is a small text file that is stored on your device when you visit a website. In particular, it allows you to remember your preferences, improve your user experience and analyze the site's audience.

6.1 Cookie Management by Axept.io

For the management of its cookies, CLS has chosen the Axeptio solution. Axeptio ensures transparent and compliant management of Your consent with regard to cookies and other trackers. Axeptio is a specialized platform recognized by the CNIL that allows users to choose, accept or refuse the cookies placed on their device, in compliance with the applicable regulations, in particular the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

How Axeptio works

When you visit our site for the first time, a cookie management banner will be displayed, allowing you to:

• Accept or reject all cookies.
• Customize your preferences by selecting the categories of cookies allowed (necessary, analytical, advertising, etc.).
• Change your choices at any time via a link accessible at the bottom of the page ("Manage my cookies").

Axeptio stores your preferences for a limited period of time and will ask for your consent periodically, in accordance with legal requirements.

Types of Cookies Managed by Axept.io

Thanks to Axept.io, you have full control over the following cookies:

• Strictly necessary cookies: Essential for the proper functioning of the site (not subject to consent).
• Analytical cookies: Used to measure the audience and improve the user experience.
• Marketing and advertising cookies: Enable us to offer you targeted content based on your preferences.

Exercising your rights

You can change or withdraw your consent at any time via the Axeptio interface integrated into our site. For more information on how Axeptio works, you can consult their Privacy Policy here.

6.2 Cookie and metadata management by Shopify

In addition, as you browse the Site, we collect information about the individual web pages or products you view, the websites or search terms that led you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as "Device Information."

We collect Device Information using the following technologies:

The following is a list of cookies we use. We have listed them here so that you have the option to choose whether you want to allow them or not.

• session_id, a unique session identifier, allows Shopify to store information about your session (referrer, landing page, etc.).
• shopify_visit, no data retained, persists for 30 minutes since the last visit. Used by the internal statistics tracking system of our website provider to record the number of visits.
• shopify_uniq, no data retained, expires at midnight (depending on the visitor's location) the following day. Calculates the number of visits to a store per unique customer.
• CART, unique identifier, persists for 2 weeks, stores information related to your shopping cart.
• secure_session_id session unique identifier
• storefront_digest, unique identifier, indefinite if the store has a password, it is used to find out if the current visitor has access.
• "Log files" track Site activity and collect data such as your IP address, the type of browser you are using, your Internet service provider, your referring and exit pages, and your timestamp data (date and time).
• "Web beacons," "tags," and "pixels" are electronic files that record information about how you navigate the Site.

If You wish to manage the use of Cookies during your use of our site, or if You wish to find out about the Management of Cookies on our other Support, we invite You to click on the "Cookie Policy" tab or to contact our DPO by email at the following address: dpo@groupcls.com.

6.3 Metadata

When you use our website, certain metadata may be collected automatically. Metadata is information that is generated in the background as you browse and interact with our services.

What metadata do we collect?

The metadata we may collect includes:

• Technical data: IP address, browser type, operating system, screen resolution, preferred language.
• Browsing data: Pages visited, duration of consultation, origin of the connection (referrer), actions carried out on the site.
• Device data: Type of device used (computer, mobile, tablet), unique device identifier (if applicable).

Why do we collect this metadata?

Metadata allows us to:

• To improve the performance and security of our website.
• To analyse the audience and use of our site in order to optimise the user experience.
• Detect and prevent possible fraud, abuse, or malicious activity.
• Personalize content and services based on user preferences.

Metadata sharing and retention

The metadata collected is mainly used internally and may be shared with technical service providers (e.g. analytical tools) in compliance with the regulations in force. It is kept for a period of time in accordance with legal requirements and defined purposes, generally 6 to 13 months for analytical data.

 

7. Setting up the Deposit of Cookies, Tags and Trackers

In accordance with Directive 2002/58/EC of 12 July 2002, CLS collects your prior consent to the deposit of advertising, audience measurement, personalisation and social network sharing cookies.

You can choose to express and change your cookie wishes at any time by the means described below.

Setting up your browser software

You can configure your browser software so that cookies are stored on your device or, on the contrary, that they are rejected, either systematically or according to their issuer. You can also configure your browser software so that you are offered the option of accepting or rejecting cookies from time to time, before a cookie is likely to be stored on your device.

How to exercise your choices, depending on the browser you use?

For the management of cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to change your cookie wishes.

• For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies,
• For Safari™: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html,
• For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647,
• For Firefox™: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies,
• For Opera™: http://help.opera.com/Windows/10.20/fr/cookies.html.

Opposition list to manage the deposit of cookies

You also have the option of opposing the deposit of cookies by accessing the http://www.youronlinechoices.com/fr/controler-ses-cookies/ website.

 

8. Processing and Storage of Personal Data

The "processing" of Personal Data includes, in particular, the use, retention, recording, transfer, adaptation, analysis, modification, disclosure, sharing and destruction of Personal Data as necessary in light of the circumstances or legal requirements.

The CLS Group takes all necessary precautions to preserve the security and confidentiality of Personal Data and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties.

8.1 Legal basis for processing

The processing of your personal data is based on:

• Your consent, in particular for the contact between you and CLS,
• Contractual performance for the sale of CLS's products and services,
• Our legitimate interest, in particular to ensure effective follow-up of requests, to optimise our website and to ensure its security.
• Our legal obligations, where the law requires the retention of certain information.

8.2 Data retention period

Prospect and customer data:

The data of prospects (person who has never purchased) is kept for 3 years after the last contact from the prospect.

Customer data is kept for 3 years from the last purchase.

Metadata:

• Cookies and analytical trackers are kept for 6 to 13 months depending on their nature.
• Login and activity logs are stored for 12 months, unless necessary for security or investigative reasons.

Once these periods have expired, the data is securely deleted or anonymized.

8.3 Data Security

We put in place technical and organisational measures to ensure that your data is protected against unauthorised access, alteration, loss or destruction.

 

9. Links to Websites not Controlled by the CLS Group

This Policy applies only to CLS Group's technologies and services. Our Online Media may include links to websites and online services that are operated by other companies that are not under the control or direction of CLS Group. If you provide or submit personal information to these websites or online services, the privacy policies of those websites or online services apply to your personal information. We encourage you to carefully read the privacy policies of any website you visit.

 

10. Transfer of Personal Data

The CLS Group, a subsidiary of the C.N.E.S. (Centre National d'Etudes Spatiales), includes entities located outside the European Union. Consequently, the CLS Group reserves the right, depending on the nature of the service provided, to share and/or transfer your personal data to the entities and/or subsidiaries of the CLS Group. All of these intra-group transfers are secured and carried out within the framework of the standard contractual clauses proposed by the European Union.

In addition, the CLS Group may share your personal data with third-party technical service providers to carry out certain processing activities on behalf of the CLS Group in the context of managing the Support and the sale of CLS products and services:

• Hosting (Shopify, AWS)
• Maintenance (Shopify, AWS)
• Statistical Analysis (Shopify)
• Selling and Paying (Shopify)
• Fraud Control (Shopify)
• Sales Administration (Microsoft)
• Shipping (UPS)

We require these third parties to conscientiously process and protect your personal data at the same level as provided for in this Policy and the General Data Protection Regulation (EC Regulation 679/2016).

In addition, we will only disclose your personal data if required or permitted by law, to the extent necessary to prevent or combat fraud, to resolve a dispute, or for any other legitimate necessity where circumstances would outweigh your private interests, such as the safety of our business or that of our staff.

Transfers outside the European Union that can be made:

Activity	Country of destination of the data	Supervision of data transfer
Data Hosting (AWS and SHOPIFY)	USA - Canada	Standard Contractual Clauses - Adequate Country
Office Suite	USA	Standard Contractual Clauses
Fraud Management (SHOPIFY)	Canada	Adequate Country
Sales Management (Microsoft)	USA	Standard Contractual Clauses

 

Your data is not sold by CLS to third parties under any circumstances.

10.1 Special case of the use of Google Analytics solution

In order to analyze performance and improve the user experience on our Media, we reserve the right to use the Google Analytics solution, a service provided by Google LLC. This tool allows us to collect information about how visitors interact with our Media, including the pages viewed, the time spent on the site, and where traffic comes from.

Nature of the Data Transferred

Google Analytics collects and processes certain metadata and technical information, including:

• The IP address (anonymized in its standard version).
• Data relating to your device and browser (type of device, screen resolution, operating system, browser version).
• Information about your browsing (pages visited, duration of consultation, origin of traffic).

This data is analyzed in an aggregated manner to identify trends in the use of the site, without allowing the direct identification of a user.

Data Transfer Outside the European Economic Area (EEA)

Google Analytics involves a transfer of data to the United States, where Google's servers are located. Google has implemented important data protection mechanisms to ensure that this transfer complies with the General Data Protection Regulation (GDPR).

Protection Measures and Safeguards

To regulate these transfers and ensure an adequate level of protection, Google relies on:

• The Standard Contractual Clauses (SCCs) adopted by the European Commission, which impose strict data protection obligations.
• IP anonymization, which is enabled by default in our Google Analytics configuration in order to limit user identification.
• Advanced privacy settings, which reduce the retention period of the data collected.

Managing Your Consent

The use of Google Analytics on our Media is based on your prior consent, collected via our cookie management banner. You can:

• Accept or refuse the deposit of analytical cookies on your first visit.
• Change your preferences at any time via our cookie management tool (Axept.io).
• Block Google Analytics by installing the Google opt-out browser extension available here.

To learn more about Google's handling of data, you can consult Google's Privacy Policy available here.

 

11. Rules Relating to Commercial Prospecting

The CLS Group may use your contact details to send you targeted advertising by email.

The CLS Group complies with the rules laid down by the ePrivacy Directive No. 2002/58/EC of 12 July 2002, which provides for the express prior collection of the customer's consent for the sending of commercial prospecting by electronic means.

Thus, when creating your account on the site, you are expressly asked for your consent to receive the CLS Group newsletter by email. The CLS Group will not send you personalized solicitations by email if you have not consented to this.

There is an exception when the Client, without having given his prior consent, may nevertheless be canvassed if he is already a customer of the company CLS and the purpose of the prospecting is to offer similar products or services.

In any case, the customer has the possibility to object to the receipt of these requests by carrying out the following actions:

• When creating the account, do not tick the box related to prospecting;
• For email, by clicking on the unsubscribe link provided in each email;
• By contacting CLS customer service.
• The CLS Group may contact you by telephone to offer you offers on products or services. If you do not wish to be solicited, you have the option of registering on the list of opposition to telephone canvassing accessible on the www.bloctel.gouv.fr website.

 

12. Right of Access and Rectification of Data

In accordance with the General Data Protection Regulation (EC Regulation 679/2016) and the Data Protection Act of 6 January 1978 (in its applicable version), the CLS Group informs you that you have a right of access and a right to rectify the personal data we collect.

You also have the right to object to the processing of your personal data for legitimate reasons and to obtain the communication of the list of Personal Data kept by the CLS Group.

You can exercise Your rights of access and rectification by sending an email to the following address: dpo@groupcls.com.

Unsubscribing from the newsletter (also known as the "Newsletter") is done by means of a hyperlink at the bottom of each newsletter.

 

13. Other Rights

Natural persons whose personal data may be protected by the application of the General Data Protection Regulation have several rights as set out below.

• The right to information (in particular with regard to the purposes of the processing or the rights of natural persons).
• The right to erasure (the right to obtain the erasure of their data, when the data subject has withdrawn their consent to the processing, when they object to it, when the data are no longer necessary in relation to the purposes of the processing, when they have been unlawfully processed, or when they must be erased by virtue of a legal obligation).
• The right to restriction of processing (right to obtain the restriction of processing where the data subject has objected to it, where he/she contests the accuracy of the data, or the lawfulness of the processing).
• The right to object (the right to object to data processing at any time)
• The right to object to automated decision-making (the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the natural person or may affect him/her, except where such decision is necessary for the conclusion or performance of a contract, is legally permitted, or is based on his or her consent).

If you would like to know more about Your rights, we invite you to click here.

You can exercise your rights with the help of our DPO by sending an email to dpo@groupcls.com.

 

14. Data Security

At the CLS Group, we take care to protect and secure Your Personal Data, in order to ensure its confidentiality and prevent it from being distorted, damaged, destroyed or disclosed to unauthorized third parties.

The CLS Group has taken physical, electronic and organizational protection measures to prevent any loss, misuse, unauthorized access or dissemination, alteration or possible destruction of this Personal Data. Among these protection measures, the CLS Group integrates technologies specially designed to protect Personal Data during its possible transfer. However, despite CLS Group's efforts to protect Your Personal Data, CLS Group cannot guarantee the infallibility of this protection due to certain unavoidable risks that may arise during the transmission of Personal Data.

As all Personal Data is confidential, access to it is limited to employees, service providers and agents of the CLS Group who need it in the context of the performance of their mission. All persons with access to Your Personal Data are bound by an obligation of confidentiality.

However, it is important that You exercise caution to prevent unauthorized access to Your Personal Data.

 

15. Conflict Resolution

Although the CLS Group has taken reasonable steps to protect Personal Data, no transmission or storage technology is completely infallible.

However, the CLS Group is concerned about guaranteeing the protection of Personal Data. If You have reason to believe that the security of Your Personal Data has been compromised or that it has been misused, You are invited to contact the CLS Group at the following email address: dpo@groupcls.com.

The CLS Group will investigate complaints regarding the use and disclosure of Personal Data and will attempt to resolve them in accordance with the principles set out in this Policy.

Unauthorized access to or misuse of Personal Data may constitute an offence under applicable law in Europe.

 

16. Contact

16.1 Contact the CLS Group DPO

Please also do not hesitate to contact our Data Protection Officer (DPO) if You have any questions about this Policy, the practices of the CLS Group, or if you seek to exercise any of your legal rights. You can contact us at dpo@groupcls.com or  our mailing address below:

Collecte Location Satellite
Louis CONTE – Data Protection Officer
Canal Technology Park,
11 Rue Hermès,
31520 Ramonville-Saint-Agne
France

16.2 Contact the Competent Data Protection Authority

Subject to applicable law, you also have the right (i) to restrict the CLS Group's use of the other Information that constitutes your Personal Data and (ii) to lodge a complaint with your local data protection authority or the Commission Nationale de l'Informatique et des Libertés, which is the main supervisory authority of the CLS Group by clicking here or by writing to the address below:

NATIONAL COMMISSION FOR INFORMATION TECHNOLOGY AND CIVIL LIBERTIES
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
(Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)
Fax: 01 53 73 22 00

 

17. Changes to the Policy

The CLS Group may change this Policy from time to time. Laws, regulations and industry standards are evolving, which may make these changes necessary, or we may make changes to our operations. We will post these changes on this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially change your rights and our policies, CLS Group will notify you by email or through the Media. If you do not agree with the changes to this Privacy Policy, please contact us if you wish to request the deletion of your Personal Data.