Privacy policy
SARL CUBE TRACK (GOTEK 7)
Privacy Policy
The General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, requires transparent, clear, and concise information when collecting your personal data.
The purpose of this policy is to inform you about the processing of personal data carried out by the company CUBE TRACK, both as Data Controller and Data Processor.
I) CUBE TRACK as Data Controller
- Identity of the Data Controller
- Treatments, purposes, and legal bases of the treatments
- Applicable retention period
- Recipients of personal data
- Securing your data
- Rights and remedies
II) CUBE TRACK as Data Processor
- Description of the processing subject to subcontracting
- Obligations of the processor towards the data controller
- Obligations of the data controller towards the processor
CUBE TRACK as Data Controller
Identity of the Data Controller
The personal data collected are processed by the company CUBE TRACK as the data controller.
The complete contact details of the organization are:
Name of the organization: SARL CUBE TRACK
Name of the legal representative: Mrs. Pascale ROUSSEL
Postal address: 12 rue de Rabat 62100 CALAIS
Phone number: 03 21 97 49 30
Email: gregoire@gotek7.com
The data protection officer of the organization is:
Name of the organization: ACS RGPD – BAUDE DATA PROTECTION
Name of the legal representative: Mr. Pierre-Antoine BAUDE
Postal address: 7 bis rue du Virval 62100 CALAIS
Phone number: 06 69 98 33 48
Email: pa.baude@baudedataprotection.com
Treatments, purposes, and legal bases of the treatments
Accounting management of the establishment
Affected audience: clients, suppliers
The personal data collected are used and kept for:
- Establish the company's balance sheet
- Establish the VAT declaration
- Carry out receipts and disbursements
- Recording of accounting documents
- Payment of taxes
The legal basis for this processing is compliance with a legal obligation to which the Data Controller is subject (Article 6-c of the GDPR).
In this context, CUBE TRACK may collect the following personal data concerning you:
- Data relating to your identity: name, first name, professional contact details (email address, telephone number, postal address), personal contact details (postal address, email address, telephone number).
Supplier management
Audience concerned: suppliers
The personal data collected is used and kept for:
- Supplier management (management of orders, receipt, execution of the service or provision of the goods, invoices and payments)
The legal basis for this processing is the performance of a contract (Article 6-b of the GDPR).
Within this framework, CUBE TRACK may collect the following personal data concerning you:
- Data relating to your identity: name, first name, professional contact details (email, telephone number, postal address);
- Economic and financial information: bank account details.
Customer management
Audience concerned: customers
The personal data collected is used and kept for:
- Contract management (management of orders, delivery, execution of the service or provision of the goods, invoices and payments)
- After-sales service management
The legal basis for this processing is the performance of a contract (Article 6-b of the GDPR).
Within this framework, CUBE TRACK may collect the following personal data concerning you:
- Data relating to your identity: name, first name, professional contact details (email, telephone number, postal address), personal contact details (postal address, email address, telephone number).
(where applicable) Video surveillance management
Audience concerned: employees, visitors
The personal data collected is used and kept for:
- Ensuring the security of property and people
The legal basis for this processing is legitimate interest (Article 6-f of the GDPR) justified by the need to ensure the security of property and people within and around the premises.
Within this framework, CUBE TRACK may collect the following personal data concerning you:
- Data relating to your identity: image of the employee and visitor.
Website management
The company CUBE TRACK is committed to ensuring that the processing of personal data carried out on https://gotek7.fr/ complies with the General Data Protection Regulation (GDPR) and the Data Protection Act.
This data protection policy applies to the processing of data carried out via the website of the company CUBE TRACK. It informs you about the purpose(s) of the processing carried out, the legal basis for the processing, the recipients of the data as well as their retention period, security measures (general description), the possible existence of data transfers outside the European Union or automated decision-making, the use and management of cookies, your computer rights and freedoms and how to exercise them.
Does this site collect personal data?
According to Article 4.1 of the GDPR, personal data is any information that allows you to be identified either directly or indirectly. The data collected is adequate, useful, necessary, and limited to the strict minimum.
What are the purposes and legal bases for collecting data?
For personal data collected via the contact form: personal data is freely communicated to the company CUBE TRACK by the individuals concerned by consenting to the processing. The legal basis for this processing is the consent of the data subject (Article 6-a of the GDPR). The data collected are identification data (name, first name, email, phone).
For personal data collected via the support form: personal data is freely communicated to the company CUBE TRACK by the individuals concerned by consenting to the processing. The legal basis for this processing is the consent of the data subject (Article 6-a of the GDPR). The data collected are identification data (email, phone).
For data collected during purchases on our site, see above (iii. Customer management).
Who are the recipients of the data processed by this site?
Your personal data are primarily intended for the company CUBE TRACK, publisher of the site and data controller. They are processed by staff from various services concerned by your requests such as the marketing, web, after-sales service, and personal data protection service. They are processed only for the purposes indicated above. Personal data concerning you may be processed occasionally by subcontractors of the company CUBE TRACK (within the meaning of Article 4.8 of the GDPR) in a strictly controlled framework. They are never communicated to third parties for commercial purposes.
Are personal data transferred outside the European Union?
The personal data collected by this website are not transferred to entities located outside the European Union. In the event of contractual transfer of personal data, the company CUBE TRACK ensures that the recipients are based in the European Union. The company CUBE TRACK also verifies the GDPR compliance of all data recipients.
Does this site use cookies?
Visitor's free choice
All our registrations respect the principle of active Opt-In and always require voluntary action on your part. If you choose to register, the information you provide will be accessible to our entity's staff, who will use it in the context of the commercial relationship.
What is a cookie?
A cookie is a small text file deposited on your terminal (computer, tablet, smartphone, etc.) when you visit a website. It allows its issuer to identify your terminal on which it is registered, during the validity period of the cookie concerned. Only the issuer of the cookie is able to read or modify the information it contains.
What cookies are used by this site?
We collect anonymous information that allows us to better serve our users. The cookies issued on our site are used for the purposes described below, subject to the choices you have made regarding cookies.
Cookies issued on the CUBE TRACK site:
We use 2 categories of cookies whose purposes are described below:
Cookies necessary for the operation of the site:
These are cookies essential for browsing our site (such as session identifiers) which allow you to use the main features of the site and secure your connection. For example, these cookies allow you to securely send us a message via the appropriate form.
Functional cookies:
These cookies are not essential for browsing our site but allow us to optimize the operation of our site and facilitate your navigation.
For example, they allow us to adapt the presentation of our site to the display preferences of your terminal (language used, display resolution, operating system used, etc.), and to memorize information related to a form you filled out on our site.
You can disable the use of cookies by selecting the appropriate settings in your browser
Retention period
Subject to your intervention to delete them before these deadlines, the cookies we deposit on your terminals as well as those deposited by third parties are kept for a period of 6 months for the conservation of cookie choices. At the end of this period, when you visit our website, you will be invited to express your consent again for the deposit of cookies or to configure your preferences.
However, you have the possibility to withdraw your consent or delete cookies before the end of the legal retention period by following the procedures listed below. Please note that withdrawing your consent or deleting cookies on one terminal does not apply to all of your terminals. The action must be taken on each terminal where cookies are stored.
How to set your cookie preferences?
You have several options for managing and modifying the use of cookies at any time, it being understood that the settings you make may modify your browsing on the Internet and your conditions of access and use of certain services on our site that require the use of cookies. You can set the deposit of cookies through your Internet browser. The settings made in this way can also be modified at any time.
Depending on the type of browser, you have the following options: accept or reject cookies from any source or from a given source, or program the display of a message asking for your agreement each time a cookie is deposited on your terminal. To express or change your choices, refer to the help menu or the dedicated section of your browser.
For example:
Internet Explorer™ : https://bit.ly/3is1xf2
Safari™ : https://apple.co/3gL5sDd
Chrome™ : https://bit.ly/3iqnMSj
Firefox™: https://mzl.la/3iq71GV
Opera™ : https://bit.ly/3aiU2Eb
Attention :
Les cookies améliorent votre confort de navigation sur notre site et sont indispensables pour accéder à certains espaces sécurisés. Nous attirons votre attention sur le fait que si vous utilisez différents terminaux pour accéder à notre site (smartphone, tablette, ordinateur etc.), le paramétrage de vos préférences doit être effectué sur chacun d’eux.
What are the rights of individuals concerned by the processing carried out by this site?
You can visit our website without having to disclose your identity and provide personal information about yourself. We collect individual data that you provide to us in the context of the contact form as well as in the emails you send us.
Applicable retention period
Your data is only kept for the time strictly necessary for the accomplishment of the purpose for which it was collected, increased, if necessary, by the legal retention periods.
If the processing concerned is based on your prior consent, you have the right to withdraw it at any time, without prejudice to the lawfulness of the processing based on the consent given before its withdrawal.
Recipients of personal data
The company CUBE TRACK may transmit your data to its subcontractors for the realization of its activities, to its partners, and to legal entities.
In the event of data processing for the benefit of the company CUBE TRACK, the establishment ensures beforehand that its subcontractors comply with the GDPR obligations.
Any request for information for a statistical study will result in the prior transmission of anonymized data.
No data transfer is made outside the European Union.
No automated decision-making is carried out.
Security of your data
The company CUBE TRACK is committed to protecting the personal data processed. To do this, the company CUBE TRACK has committed to securing its processing of personal data, following the recommendations of the CNIL and the ANSSI.
Rights and remedies
We are very committed to complying with this regulation, and you can at any time request to enforce your rights in accordance with Articles 15 to 21 of the GDPR (right of access, rectification, forgetting/erasure, limitation, opposition, portability).
This request can be made either by contacting the company CUBE TRACK at the following address: gregoire@gotek7.com, or by contacting the Data Protection Officer at the following address: pa.baude@baudedataprotection.com or directly with the French supervisory authority (CNIL) at the following address: https://www.cnil.fr/ or by phone at 03 21 97 49 30. Your request will be processed within the deadlines imposed by the National Commission for Data Protection and Liberties (CNIL) and the GDPR.
CUBE TRACK as a Sub-processor
Under the aforementioned regulations, the client is responsible for the processing of said data, and CUBE TRACK acts as a subcontractor of the client.
Description of the processing subject to subcontracting
Nature of the operations performed on the data
Management of geolocation on behalf of a client. The processing is characterized by the collection of personal data necessary for carrying out geolocation for a client.
Purpose(s) of the processing
- Offer geolocation means to clients;
- (if applicable) Allow hosting and backup of geolocation information;
- Enable technical support for the geolocation means.
Personal data processed
- Identity data: Additional personal information provided by the client to identify the beacon (e.g., name and/or surname).
Categories of individuals concerned
The individuals concerned by this processing are clients of CUBE TRACK. Therefore, the data concerned are the data of CUBE TRACK's clients.
Information provided by the data controller to the subprocessor for the performance of the contracted service
Any information useful for the performance of the service.
Obligations of the subprocessor vis-à-vis the data controller
The subprocessor undertakes to:
- Process the data only for the purposes of the subcontracting;
- Process the data in accordance with the documented instructions of the data controller. If the subprocessor considers that an instruction constitutes a violation of the European Regulation on the protection of personal data or any other provision of Union law or of the Member States relating to data protection, it shall immediately inform the data controller. Furthermore, if the subprocessor is required to transfer data to a third country or international organization, under Union law or the law of the Member State to which it is subject, it must inform the data controller of this legal obligation before processing, unless the law concerned prohibits such information for important reasons of public interest;
- Ensure the confidentiality of the personal data processed under this contract;
- Ensure that individuals authorized to process personal data under this contract:
- Undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality;
- Receive necessary training in personal data protection;
- Take into account, with regard to its tools, products, applications or services, the principles of data protection by design and by default;
- Subcontracting:
- The subprocessor may engage another subprocessor (hereinafter, "the subsequent subprocessor") to carry out specific processing activities. In this case, it shall inform the data controller in writing in advance of any intended change concerning the addition or replacement of other subprocessors. This information must clearly indicate the subcontracted processing activities, the identity and contact details of the subprocessor, and the dates of the subcontracting agreement.
- The data controller has a maximum period of 7 days from the date of receipt of this information to raise objections. This subcontracting may only be carried out if the data controller has not raised any objections during the agreed period.
- The subsequent subprocessor is required to comply with the obligations of this contract on behalf of and according to the instructions of the data controller. It is the initial subprocessor's responsibility to ensure that the subsequent subprocessor provides the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Regulation on the protection of personal data. If the subsequent subprocessor fails to fulfill its data protection obligations, the initial subprocessor remains fully responsible to the data controller for the performance by the other subprocessor of its obligations.
- Information rights of the individuals concerned:
- It is the responsibility of the data controller to provide information to individuals concerned by the processing operations at the time of data collection.
- Exercise of individuals' rights:
- As far as possible, the subprocessor must assist the data controller in fulfilling its obligation to respond to requests to exercise individuals' rights: right of access, rectification, erasure, and objection, right to restriction of processing, right to data portability, right not to be subject to a decision based solely on automated processing (including profiling).
- When individuals concerned exercise their rights with the subprocessor, the subprocessor must forward these requests to the Data Controller upon receipt.
- Notification of personal data breaches:
- The subprocessor notifies the data controller of any personal data breach within a maximum of 24 hours after becoming aware of it and by (email). This notification is accompanied by any useful documentation to enable the data controller, if necessary, to notify this breach to the competent supervisory authority.
- Assistance of the subprocessor in the context of the data controller's compliance with its obligations:
- The subprocessor assists the data controller in carrying out data protection impact assessments.
- The subprocessor assists the data controller in carrying out prior consultation with the supervisory authority.
- Security measures:
- CUBE TRACK constantly works to protect your personal data against unauthorized access, processing, alteration, disclosure, or destruction. We continually develop new solutions to ensure the security and confidentiality of your personal data. For example: whenever necessary, we encrypt your personal data; we review our data collection, storage, and processing procedures; we limit access to personal data to our employees and partners.
- Fate of the data:
- At the end of the provision of services related to the processing of this data, the subprocessor undertakes to follow the instructions of its client, either in the destruction or return of the personal data:
- The return must be accompanied by the destruction of all existing copies in the subprocessor's information systems. Once destroyed, the subprocessor must provide written justification of the destruction.
- Data Protection Officer:
- The subprocessor communicates to the data controller the name and contact details of its Data Protection Officer, if appointed in accordance with Article 37 of the European Data Protection Regulation.
- In this case, it is the company ACS RGPD - BAUDE DATA PROTECTION, represented by its manager, Mr. Pierre-Antoine BAUDE, reachable at 06.69.98.33.48 or by email at pa.baude@baudedataprotection.com
- Register of categories of processing activities:
- The subprocessor declares to keep a written record of all categories of processing activities carried out on behalf of the data controller, including:
- The name and contact details of the data controller on whose behalf it acts, any subcontractors, and, if applicable, the Data Protection Officer;
- The categories of processing activities carried out on behalf of the data controller;
- Where applicable, transfers of personal data to a third country or international organization, including the identification of that third country or international organization and, in the case of transfers referred to in Article 49(1), second subparagraph of the European Data Protection Regulation, the documents attesting to the existence of appropriate safeguards;
- Documentation:
- The subprocessor makes available to the data controller the documentation necessary to demonstrate compliance with all its obligations and to allow audits, including inspections, by the data controller or another auditor appointed by the data controller, and to contribute to such audits.
Controller's obligations towards the subprocessor
The data controller undertakes to:
- Provide the subprocessor with the data referred to in II) a. iii;
- Document in writing any instructions regarding the processing of data by the subprocessor;
- Ensure, prior to and throughout the processing, compliance with the obligations provided for by the European Data Protection Regulation by the subprocessor;
- Supervise the processing, including conducting audits and inspections with the subprocessor.


