General data protection

I. Data controller

The data controller within the meaning of article 4, paragraph 7 of the GDPR is: Optimum Automotive SAS 190 Rue Marcelle Isoard, 13090 Aix-en-Provence E-Mail: contact@optimum-automotive.com Telephone: +33 (0) 1 70 20 02 64 If you have any questions or concerns about the processing of your personal data or the exercise of your rights, you can contact us via the contact information provided above.

II. Data protection officer

You can contact our data protection officer at donneespersonnelles@optimum-automotive.com or by post to the address mentioned above, adding the words “Data Protection Officer”.

III. Access to our website

During your visit to our website, we process personal data in order to ensure its proper functioning, stability and security. The following data may be collected (log files):

• Operating system and current IP address of the terminal used
• Browser (type, version and language)
• Volume of data transferred
• Date and time of access
• URL of the page visited previously (referrer)
• URL of the (sub) page consulted on our site
• Internet service provider of the accessing system

The collection of these log files is technically necessary for displaying the site and ensuring its security. This constitutes our legitimate interest in accordance with Article 6, paragraph 1, point f) of the GDPR. This site is hosted by GANDI SAS, 63 BOULEVARD MASSENA 75013 PARIS, FRANCE, with which we have concluded a data processing contract. Your data is processed in a French data center.

IV. Contact

You can send us commercial and support requests via the contact form or the contact details provided. When submitting a form, mandatory fields must be filled in. We can process your name, surname, email address, email address, company, telephone number, and any other information related to your request. The processing of this data is based on Article 6, paragraph 1, point b) of the GDPR as part of pre-contractual or contractual measures, or on our legitimate interest in responding to your request in accordance with Article 6, paragraph 1, point f) of the GDPR. Optional information is provided on the basis of your consent (Article 6, paragraph 1, point a) of the GDPR). Your personal data will be deleted as soon as their storage is no longer necessary, subject to legal retention obligations.

Management of commercial and support requests

Commercial requests are handled via our internal customer relationship management system (CRM) developed by Optimum Automotive SAS. The data is processed exclusively in data centers in France. However, requests for assistance may involve a transfer of data to a subsidiary of the Optimum Automotive Group in Morocco. A data processing contract based on EU standard contractual clauses has been concluded with the entity MAPPING CONTROL Morocco SARL.AU, a subsidiary of the Optimum Automotive group, and Optimum Automotive SAS. Support requests are managed via our internal tool Zendesk, operated by Zendesk Inc., 181 S. Fremont St., San Francisco, CA 94105, USA. A data processing contract has been concluded with Zendesk, based on EU standard contractual clauses. Zendesk is certified according to the EU-US Data Privacy Framework.

V. Advertising and analytics software

1. Google Analytics/Google Analytics 4/Universal Analytics We use Google Analytics (provider: Google Ireland Ltd). This tool makes it possible to measure and analyze the traffic on our website. The data collected includes information about users, such as their behavior, geographic location, and device. This processing is based on your consent (article 6, paragraph 1, point a) of the GDPR) for tracking cookies. A data processing contract based on the EU standard contractual clauses has been concluded with Google. Google is EU-US Data Privacy Framework certified.
2. Google Tag Manager We use Google Tag Manager (provider: Google Ireland Ltd). This tool makes it possible to manage and deploy JavaScript tags on our site, facilitating the integration of various tracking tools. Google Tag Manager does not collect personal data directly, but it can activate tracking services like Google Analytics or Google Ads. The processing is based on your consent (article 6, paragraph 1, point a) of the GDPR), and a data processing contract has been signed with Google.
3. Google AdWords Conversion/Google Remarketing/Google Ads-DoubleClick We use Google AdWords Conversion, Google Ads (Doubleclick), and Google Remarketing (provider: Google Ireland Ltd) to analyze the effectiveness of our advertising campaigns and to deliver targeted ads to users. These tools collect information about how you interact with our ads. The processing is based on your consent (article 6, paragraph 1, point a) of the GDPR), and a data processing contract has been signed with Google.
4. CookieYes We use CookieYes (provider: CookieYes Ltd) to manage user cookie consent. This tool allows user cookie preferences to be collected and stored to ensure compliance with privacy regulations. The processing is based on your consent (Article 6, paragraph 1, point a) of the GDPR).
5. MonsterInsights We use MonsterInsights (provider: MonsterInsights, LLC) to connect our WordPress site to Google Analytics and facilitate the collection of analytical data. This tool allows us to track user interactions on our site. The processing is based on your consent (Article 6, paragraph 1, point a) of the GDPR).

VI. Shelf life

Unless otherwise specified, we process your data only for as long as is necessary for the purpose of processing. Legal conservation obligations are respected.

VII. International data transfers

Data transfers outside the EU/EEA are carried out only if adequate guarantees are put in place, in particular via an adequacy decision by the European Commission or the EU standard contractual clauses with additional security measures.

VIII. Your rights

You have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to limitation of treatment (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

If the treatment is based on your consent, you can withdraw at any time (Art. 7, paragraph 3 GDPR). To exercise your rights, contact us at donneespersonnelles@optimum-automotive.com. You also have the right to file a complaint with a supervisory authority (Art. 77 GDPR).

I. Data controller

The data controller within the meaning of article 4, paragraph 7 of the GDPR is: Optimum Automotive SAS 190 Rue Marcelle Isoard, 13090 Aix-en-Provence E-Mail: contact@optimum-automotive.com Telephone: +33 (0) 1 70 20 02 64 If you have any questions or concerns about the processing of your personal data or the exercise of your rights, you can contact us via the contact information provided above.

II. Data protection officer

You can contact our data protection officer at donneespersonnelles@optimum-automotive.com or by post to the address mentioned above, adding the words “Data Protection Officer”.

III. Cookies and Third-Party Services Used

1. Purposes and Legal Bases

1.1 Essential Cookies

• Cookies used : ASP.NET_SessionID, ApplicationGatewayAffinity, lang, lango.
• Purpose : Authentication, session maintenance, load balancing.
• Legal Basis : Contractual necessity (Art. 6 (1) (b) RGPD).
• Shelf life : Duration of the session or according to technical parameters.

1.2 Audience Analysis (Google Analytics)

• Cookies used : _ga, _gid, _gcl_au, _secure-ipapisID, _secure-ipsid, SSID.
• Processed Data : User behavior, advertising identifiers.
• Purpose : Traffic measurement, campaign personalization.
• Legal Basis : Consent (Art. 6 (1) (a) GDPR).
• Supplier : Google LLC (United States), in compliance with EU-U.S. Data Privacy Framework.
• Shelf life : Up to 24 months (depending on configuration settings).

1.3 Consent Management

• Cookies used : cookieyes-consent.
• Processed Data : Consent preferences, truncated IP address.
• Purpose : GDPR compliance and storage of user choices.
• Legal Basis : Legal obligation (Art. 6 (1) (c) RGPD).
• Supplier : CookieYes (EU/United States), protected by Standard Contractual Clauses (CCT).
• Shelf life : 12 months.

1.4 Technical Features

• Cookies used : gig_bootstrap_3, env, HSID, SAPISID.
• Purpose : Optimizing performance, customizing the user interface.
• Legal Basis : Legitimate interest (Art. 6 (1) (f) GDPR).
• Shelf life : Session or up to 30 days.

1.5 Authentication and security

Gigya (SAP Customer Data Cloud): Purpose: Management of user identities (login, registration, account recovery). Data processed: Email address, password (hashed), IP address, connection logs. Legal basis: Contractual execution (Art. 6 (1) (b) RGPD). Supplier: SAP (United States), secure transfers via Data Privacy Framework. reCAPTCHA (Google) : Purpose: Prevention of bots and fraud (verification of human interactions). Data processed: IP address, browsing behavior (mouse movements, time spent). Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR). Retention: Up to 30 days by Google.

IV. International Data Transfers

• Relevant Services : Google Analytics, CookieYes.
• Guarantees put in place :
  • Standard Contractual Clauses (CCT) approved by the European Commission.
  • EU-U.S. certification Data Privacy Framework for data transfers to the United States.

V. Data Retention Period

• Technical cookies : Deleted at the end of the session.
• Analysis Cookies : Up to 24 months (unless consent is withdrawn earlier).
• User data : Retention in accordance with legal obligations (e.g. 10 years for invoices).

VI. Your rights

You have the following rights under the GDPR:

• Withdraw your consent at any time (via the cookie manager).
• Request access, correction or deletion of your personal data (contact: dpo@votreentreprise.com).
• File a complaint with a supervisory authority (e.g.: the CNIL in France).

‍

The following information explains how we process your personal data when you contact us to buy our products or when we work with external service providers as part of our Marketing campaigns.

I. Data controller

The data controller within the meaning of article 4, paragraph 7 of the GDPR is: Optimum Automotive SAS 190 Rue Marcelle Isoard, 13090 Aix-en-Provence E-Mail: contact@optimum-automotive.com Telephone: +33 (0) 1 70 20 02 64 If you have any questions or concerns about the processing of your personal data or the exercise of your rights, you can contact us via the contact information provided above.

II. Data protection officer

You can contact our data protection officer at donneespersonnelles@optimum-automotive.com or by post to the address mentioned above, adding the words “Data Protection Officer”.

III. Contact

You can use the form available on our website or the contact information provided to send us commercial or support requests. When you contact us via an online form, mandatory fields must be filled in. We can process the following data:

• Name and surname
• Email address
• Business name
• Phone number
• Any other information related to your request

The processing of this data is based on article 6 (1) (b) of the GDPR as part of pre-contractual or contractual measures, or on our legitimate interest in responding to your requests (article 6 (1) (f) GDPR). Information provided voluntarily is processed based on your consent (Article 6 (1) (a) GDPR). Your personal data will be deleted as soon as their storage is no longer necessary, subject to legal retention obligations.

IV. Commercial prospecting

We process the following data as part of our marketing actions:

• Name
• Professional contact details (email, phone)
• Function and company
• Fleet size
• Other company data

The processing is based on our legitimate interest (article 6 (1) (f) GDPR) or on your explicit consent (article 6 (1) (a) GDPR). You can object to the receipt of our commercial communications at any time. Purchase and use of external databases As part of our prospecting actions, we can acquire or rent contact databases from specialized service providers such asEllisphere, The MEG @baseB2B, DNA DATA. These databases are created according to specific criteria, including company data and professional contact details. The contractual obligations between Optimum and suppliers guarantee compliance with applicable regulations, in particular the RGPD, and ensure the legal origin and regular updating of the information provided. The processing of this data is based on our legitimate interest (article 6, paragraph 1, point f of the RGPD) to develop our commercial activity. You can object to the use of your data for prospecting purposes at any time by contacting us using the information provided in this policy.

V. Participation in webinars and online events

When you participate in a webinar or access on-demand content, we process the following data:

• Name
• Email address
• Business
• Phone number
• IP address and other technical data
• Audio, video, and text content transmitted

The processing is based on your consent (article 6 (1) (a) GDPR). We delete this data as soon as it is no longer needed, subject to legal retention obligations.

VI. Data retention period

Unless otherwise stated, we keep your data for as long as necessary to achieve the purpose of the processing and in accordance with applicable legal obligations (up to 10 years in some cases).

VII. International data transfers

Optimum by Shiftmove processes your data mainly within the European Union (EU) and the European Economic Area (EEA). If data transfers to third countries take place, they are carried out in accordance with the European Commission's Standard Contractual Clauses (SCC) or to entities certified in accordance with the EU-US data protection framework.

VIII. Your rights

In accordance with the RGPD, you have the following rights:

• Right of access (article 15 RGPD)
• Right to rectification (article 16 RGPD)
• Right to erasure (article 17 GDPR)
• Right to restriction of processing (article 18 GDPR)
• Right to data portability (article 20 RGPD)
• Right to object (Article 21 RGPD)
• Right to withdraw your consent at any time (Article 7 (3) GDPR)

To exercise your rights, please contact us at donneespersonnelles@optimum-automotive.com. You also have the right to file a complaint with the competent data protection authority (Article 77 GDPR).

Thank you for your interest in our company and for applying or looking to apply for a position at Optimum by Shiftmove or its affiliated companies. We would like to provide you with the following information regarding the processing of your personal data in connection with your application.

‍I. Data controller and data protection officer:

The person responsible for processing your data is: Optimum Automotive 190 rue Marcelle Isoard, Oxydium Building In — AIX EN PROVENCE — FRANCE Tel: +33 1 70 20 02 64 E-mail: contact@optimum-automotive.com Optimum has appointed a data protection officer who you can contact at: donneespersonnelles@optimum-automotive.com.

II. Recruiting process

1. Purposes of processing and categories of data

As part of processing your application, we collect and process the data you have provided to us in order to assess your suitability for the position (or other open positions within our companies) and to conduct the recruitment process. This data generally includes:

• Coordinates : Name, address, telephone number, email address.
• Application documents : CV, cover letter, certificates, references.
• Personal data : Date and place of birth, photo (optional).
• Training and qualifications : Degrees, studies, training, additional training.
• Professional experience : Information on former employers, positions held, fields of activity.
• Language skills : Foreign languages and their level.
• Specialized skills : Computer skills, certifications, specialized knowledge.
• Social profiles : Links to professional profiles such as LinkedIn, Indeed.
• Other information : Interests, hobbies, volunteer activities, memberships.

2. Legal basis for processing

The processing of your data is based on the execution of pre-contractual measures linked to an employment contract pursuant to Article 6, paragraph 1, point b) of the GDPR. If data is required to defend legal rights after the end of the recruitment process, processing may be carried out on the basis of Article 6, paragraph 1, point f) of the GDPR, in particular to defend our legitimate interests, for example in the context of a legal claim or the Equal Treatment Act (AGG). If you have consented to the storage of your data in our application pool, the legal basis for the storage is your consent, in accordance with Article 6, paragraph 1, point a) of the GDPR. You can revoke this consent at any time with effect for the future by contacting us via the options mentioned above.

3. Data recipients

3.1 Service providers

‍To manage our applications, we use the services of LinkedIn Recruiter and Indeed, third party platforms with which we have entered into data processing agreements. Your data can be transferred and processed in these services.

3.2 Group companies

‍The data relating to your application will be examined by the human resources department after receiving your application. The successful applications will then be sent to the department heads for each position to be filled. Only people who need your data to carry out our recruitment process will have access to it. Data may be transferred to group entities insofar as this is necessary for the execution of the recruitment process.

4. Shelf life

‍Candidates' data will be deleted after 6 months in case of rejection. If you have consented to join our application pool, your data will be kept for a period of two years. If you are selected for a position, your application data will be transferred to our personnel information system.

III. Candidate satisfaction surveys

1. Purpose of processing and categories of data

To improve our recruitment process, we send satisfaction surveys at various points in the process. The results are aggregated and pseudonymized. However, in the event of a specific return, we may be able to make the link with you personally. We process the following categories of data as part of satisfaction surveys:

• Coordinates : Name, email address.
• Feedback : Comments and answers to survey questions.
• Technical data : IP address.

2. Legal basis for processing

The legal basis for the processing of your data is our legitimate interest in improving our recruitment process in accordance with Article 6, paragraph 1, point f) of the GDPR.

3. Recipients

We are working with [Survey Provider Name] to conduct our surveys. A data processing agreement has been concluded with this provider.

4. Shelf life

Survey data is pseudonymized and aggregated immediately after collection. Individual answers to questions are deleted after 6 months.

IV. Your rights

You have the following rights with respect to your personal data and in accordance with legal requirements:

• Right of access (article 15 RGPD),
• Right to rectification (article 16 RGPD),
• Right to erasure (article 17 RGPD),
• Right to limit processing (article 18 RGPD),
• Right to data portability (article 20 RGPD),
• Right to object (article 21 RGPD).

You also have the right to file a complaint with a supervisory authority under Article 77 GDPR if you believe that your data is being processed unlawfully. If data processing is based on your consent, you have the right to withdraw this consent at any time (Article 7 GDPR). The revocation does not affect the legality of the processing carried out prior to the revocation.