Privacy Policy

Introduction

The document below presents the following terms, defined thusly:

“Cabinet Henderson”, “we”, “our” and “ours” designate the Compagnie Fiduciaire, French limited company governed by a Board of Directors with a share capital of 9 200 000 euros, registered with the Bordeaux Trade and Companies Register under the number 320 153 984 with its registered address 68 quai de Paludate – 33800 Bordeaux, as well as the entirety of its different branches and subsidiaries.

When you browse any of our websites, and notably https://www.cf-henderson.us (hereafter referred to as “the Site”), and/or sign a contract for services related to accounting, auditing, tax services, consulting or advisory, or any other mission with our firm, you give your explicit agreement to the processing of your personal data, hereafter referred to as the “Policy” in the following lines of this notice, as is explained in this “Policy”.

The protection of your personal data is important to us. For this reason, our data privacy policy has been redrafted and updated in order to take into account the requirements resulting from the European General Data Protection Regulation. It may be advisable to download and save the current “Policy”.

Useful definitions :

“Personal data” : Any information allowing to identify, directly or indirectly, a private individual (ex: name, personal identification number, telephone number, photograph, date of birth, place of residence, digital thumbprint…);

“Processing”:  Any operation, or group of operations, related to such data, whatever the process used may be (collection, download, organization, storage, adaptation, modification, extraction, consultation, use, communication or sharing or any other form of provision, reconciliation or interconnection, locking, deletion or destruction);

“File”: Any structured group of personal data made accessible by determined criteria, whether it be centralized, decentralized, or distributed according to functional or geographical criteria;

“Manager/Handler”: The manager or handler of processing personal data is, except in the case of specific designation by legal or regulatory dispositions regarding the processing of such data, the person, the public authority, the service or the entity that determines the purposes and means regarding the processing of the data in question. In practice and generally speaking, it is the legal entity incarnated by its lawful representative;

“Subcontractor”: The legal entity or private individual, the public authority, the service or other entity that processes personal data on behalf of the processing manager/handler;

“Personal data breach”: a security breach causing, in an accidental or illicit manner, the destruction, loss, alteration, unauthorized disclosure of the personal data transmitted, conserved or processed in another manner, or the unauthorized access to such data;

“Consent” of the interested party: any manifestation of free will, specific, informed and unequivocal by which the interested party accepts, by a declaration or a clear positive act, that their personal data may be processed;

“Third party”: a private individual or legal entity, public authority, service or entity other than the interested party, the personal data manager/handler, the subcontractor and the person or persons who, placed under the direct authority of the personal data manager/handler or the subcontractor, are authorized to process personal data.

  1. What type of information do we collect and how is it used?

1.1 Visitor data

1.2 Client data

1.3 Cookies

1.4 IP address, browser settings and geographic location

1.5 Subscription information regarding newsletters

1.6 How do we use your information?

1.7 Data retention

1.7.1 Visitor data

1.7.2 Prospective client data

1.7.3 Client data

  1. Disclosure of personal information

2.1.1 Client data

2.1.2 Visitor data

2.2 Client reviews

2.3 Other disclosure

  1. Responsibility with regards to data processing

3.1 Information processed by us

3.2 Information processed by the user

  1. Safety measures
  2. Cookies

5.1 Types of cookies that we use

5.2 Our use of cookies

5.3 Third-party cookies

5.4 Deletion of cookies

  1. Interested party rights

6.1 Access and information rights

6.2 Right of rectification

6.3 Right to object

6.4 Right to erase data

6.5 Right to limit processing of data

6.6 Right to transfer/portability

6.7 Right to refuse automatic individual decisions, including for profiling purposes

  1. Rules governing the exercise of interested parties’ rights
  2. Claims to the supervising authority
  3. Notification of a personal data security breach

1. What type of information do we collect and how is it used?

1.1  Visitor data

When you visit our websites and/or sign up for our newsletter or a webinar, we may ask you to provide the following information:

  • A first and last name
  • A telephone number
  • An email address

1.2  Client data

We collect certain data (hereby referred to as “client data”) related to our clients when they sign an accounting or other contract with our firm. This data corresponds to any or all of the elements in the following list below:

  • First name
  • Last name
  • Email address
  • Telephone number
  • Social security number
  • The information present on your identity document

Depending on the type of mission that we carry out for our clients, it is possible that we may have to ask for additional information.

This information is used solely for the aforementioned purposes and no other.

1.3  Cookies

We use cookies on our website. A cookie is a digital file given ID tags that is used to identify your computer.

For more information regarding our use of cookies, you can refer to the following sections of this notice.

1.4  IP address, browser settings and geographic location

When you browse our website, we identify your IP address, as well as the settings of your browser. An IP address is a digital address given to the device that you use to browse the Internet. Browser settings allow for identifying the affiliated language and time zone. An IP address also allows for approximative geolocalization (city and state), with your consent, of your device. This information also allows for identifying the computer used in case of abuse or illicit action following the visit to, or the use of, our websites.

1.5  Subscription information regarding newsletters

When you sign up to receive one of our newsletters, we collect the information that you provide to us (notably your name and an email address). If you no longer wish to receive our newsletters, you have the possibility to unsubscribe by clicking on the link to that effect that appears at the bottom of each newsletter.

1.6  How do we use your information? 

The information that you provide us with may be used:

  • For the purpose of allowing you to access our website and to better inform you of the services we offer;
  • In order to recognize you as a user when you connect to our website;
  • In order to identify, if you are already one of our clients, your profile, and thus personalize the information and services recommended to you;
  • In order to improve our website and the services we offer;
  • In order to allow you to receive information from us (regarding our products, our partners, or our newsletters);
  • In order to send you requests for online feedback and/or customer satisfaction surveys;
  • For various professional and internal reasons, such as data analysis, the development of new services and products, the modification or improvement of our services and our website, fraud prevention and control, identifying user tendencies, the analysis of the efficiency of our advertising campaigns and the expansion and utilization of our business-related activities;
  • In order to be fully compliant with any applicable legal dispositions or procedures, pertinent sectorial regulations or internal policies, and requests from public entities;
  • In order to facilitate the application of our Terms and Conditions;
  • The information that you provide us with may also be used in other ways. In those cases, we will give you the details of the use at the moment the data is collected. We may also divulge or use non-personal information for any other reason, as long as the utilization in question is permitted by applicable laws and regulations.

1.7 Data retention

1.7.1 Visitor data

When we collect data by means of the utilization of cookies, these cookies are stored for 13 months in order to measure our audience and tailor the browsing experience of our website’s users.

1.7.2 Prospective client data

When we collect data from a prospective client following a business contact such as a quote request via our website, this data is stored for a maximum duration of 3 years starting from the moment it was collected, or from the last contact with the prospective client or the end of the business relationship.

1.7.3 Client data

We store the data of our clients in compliance with the archiving and storage period as defined by French law and our general terms and conditions of use as defined by the professional norms regarding the activity of certified public accountants in France, depending on the duration of the mission as defined by the engagement letter signed by the client.

If applicable French law does not fix any maximum storage time, Cabinet Henderson commits to storing the data collected only for the time necessary for its use, this time period being set out notably with regard to the stipulations contained in the engagement letter. In the eventuality that Cabinet Henderson would need to store and use previously collected data for other purposes, the retention period for the data in question will be notified to the users at a later date.

2. Disclosure of personal information


2.1.1. Client data

We do not share personal data with any third parties without the previous clear and informed consent of the data owner.

2.1.2. Visitor data
We do not share personal data with any third parties without the previous clear and informed consent of the data owner.

2.3  Client reviews
If you publish an online review regarding the services we offer (for example on Facebook, Google Reviews, “Avis Vérifiés”…), the shared review and the transmission of personal data that may occur as a result is the user’s sole responsibility. The general terms and conditions regarding the use of these services that govern the aforementioned data transmission do not incur the liability of Cabinet Henderson.

2.4  Other disclosure
We may also disclose person or user data (such as usernames), under the following circumstances and to the following parties, independently of the previous dispositions:

  • In order to allow consultants, third-party suppliers and other service providers to provide services in our name;
  • In order to meet demands or requests from public entities and legal procedures (including, but not limited to injunctions and court orders) or comply with applicable laws;
  • In order to cooperate with public entities and authorities and regulatory bodies, including, but not limited to trade standards, the French competition and market authority, as well as the representatives of French entities representing consumers, regarding a referred complaint or an ongoing investigation;
  • Third parties involved in the application of our General Terms and Conditions of Sale;
  • Third parties involved in the protection of our operations;
  • Third parties in order to seek available recourse or limit damage that may be caused to us;
  • Third parties in order to investigate, prevent, take measures or act with regards to illicit activities, including, but not limited to, the misappropriation of our website or fraudulent activity;
  • To communication tools via e-mail or text messages (such as Mailchimp)
  • To services provided by Google (such as Analytics, Adwords…). To find out more, we recommend visiting the website www.cookiechoices.org. Likewise, for more details about Google’s privacy policy and general terms and conditions, we recommend visiting Google’s privacy and terms page at the address http://policies.google.com/technologies/partner-sites?hl=en
  • To permit the use of other tools whose nature would be specified previous to the collection of any data
  • As part of our hiring actions. Thus, in order to offer appropriate services, and particularly services related to one or more job offers published by our firm, we may be required to ask you to provide information of a personal nature. Our firm is committed to the respect of your private life and the protection of the information you submit to us. In particular, the personal data that we collect when you apply to one or more job offers published on our website is destined to be used exclusively by our firm. Your personal data may be used by one or more headhunters, either internal to our firm or specifically mandated external recruiters, for the purpose of, for example, evaluating an application, verifying previous employer references and the information provided on the application, and contacting candidates.

3. Responsibility with regards to data processing

3.1  Information processed by us
We are in charge of processing the client data that we collect with your consent.

We are also in charge of processing the data with regards to the information that may be divulged to other service providers (see section 2.4 for details). The collection of data by Cabinet Henderson is governed by French law with regards to the protection of the data in question.

As the entity responsible for handling our client data, Cabinet Henderson guarantees that all of its subcontractors respect the technical, physical and organizational safety measures that may be necessary, pertinent and reasonable in order to guarantee the protection of the data collected and handled.

3.2  Information processed by the user
The users of the website are responsible for the processing of data regarding the content divulged by them on social networks or client review websites.

4. Safety measures

Our firm ensures the application of reasonable measures on an organizational, technical and administrative level in order to protect users’ personal information, and we regularly carry out surveillance of the system in order to detect potential problems.

Secured encoding is, however, already applied to certain transmissions of data, such as, for example, e-mail related data collected via Google Adwords.

5. Cookies

Our website uses cookies and other similar technologies. By using our website, you give your consent to our use of cookies in the way described in the following paragraphs.

5.1  Types of cookies that we use
Cookies are digitalized information that comes from a website and is stored on your computer, smartphone or tablet. This information allows for more efficient communication between the user and their browser.

Our website uses both permanent cookies and session cookies, as well as other technologies similar to cookies. Permanent cookies are durable information files that are downloaded and saved on the hard drive of your computer until they are deleted. After a certain lapse of time, these permanent cookies are automatically deleted; however, as soon as you return to the website, they are renewed. As for “session” cookies, they are temporary, and thus become deleted each time you close your browser.

Our website also uses other technologies similar to session and permanent cookies. Their purpose is to save and access information on the device or in the browser used, utilizing local units and storage.

5.2  Our use of cookies
Our website uses cookies:

  • In order to produce statistics
  • Statistics allow us to measure traffic to our website. They show, for example, the number of hits, the most-viewed pages by visitors, the domain from which the users arrive and the approximate geographical sector from which they come.
  • In order to have an idea of how our website performs and the way in which it is used by visitors, we monitor the performance of our website and our application, and the manner in which you use them.

Targeted advertising

In order to provide targeted advertising on our website, including ads related to your centers of interest, or that we believe may interest you. When you browse our website or other third-party websites, we may use the services of third parties in order to show the ads that you see. Cookies may also be used by these third parties, in addition to web beacons or other tracking technologies. This allows for the collecting of information regarding your use of our website, as well as other websites.

5.3  Third-party cookies
The following third-party cookies are present on our website:

  • Google Adwords uses cookies in order to suggest targeted ads, as explained in the previous paragraphs;
  • Google Analytics uses cookies in order to proceed to audience tracking and analysis of user behavior on our website;
  • Javascript uses cookies in order to track the way our website is used.

5.4  Deletion of cookies
If you should wish to delete the cookies stored on your computer, it is possible to perform a specific operation: pressing CTRL+SHIFT+DELETE simultaneously. Should a problem arise with this shortcut, you can consult your browser’s help page or frequently asked questions. It is important to be aware that if you refuse the cookies from our website, certain problems may arise while browsing. Notably, certain aspects or functions may be partially or completely inaccessible.

6. Interested party rights


6.1 Access and information rights

In accordance with the French Data Protection Act of 1978, all personal data handled by us is at the interested party’s disposal and you therefore have a right of access and information regarding the personal data in question.

If you make the request to us, we will inform you of the reason for which your personal data was handled, the type of information that we possess concerning you, the prescribed period before this data may be deleted, and the person or persons who may be subject to receive all or part of the personal data in question. This data protection policy already provides a certain amount of information regarding the use given to your personal data.

6.2  Right of rectification 

As indicated by the French Data Protection Act of 1978, the data that we handle and process may be rectified by users. You have the right to modify your personal data handled by us.

Consequently, if we handle or process erroneous personal data regarding you, it is important that you contact us in order that we may proceed to any modification appropriate or necessary.

6.3 Right to object

It is your right, in accordance with the European General Data Protection Regulation, to object to the processing of your personal data.

In order to be receivable, your request must respect the conditions of exercise of that right (see article 21 of the GDPR).

6.4 Right to erase data

You may demand the deletion of your personal data. This “right to be forgotten” is provided by the European General Data Protection Regulation.

In order to be receivable, your request must respect the conditions of exercise of that right (see article 17 of the GDPR).

6.5 Right to limit processing of data

You may demand the limitation of the processing and/or handling of your personal data. This right is set out by the European General Data Protection Regulation.

In order to be receivable, your request must respect the conditions of exercise of that right (see article 17 of the GDPR).

6.6 Right to transfer/portability

You may demand the portability or transfer of your personal data. This right is set out by the European General Data Protection Regulation.

In order to be receivable, your request must respect the conditions of exercise of that right (see article 20 of the GDPR).

6.7 Right to refuse automatic individual decisions, including for profiling purposes

You may refuse automatic individual decisions. This right is set out by the European General Data Protection Regulation.

In order to be receivable, your request must respect the conditions of exercise of that right (see article 20 of the GDPR).

7. Rules governing the exercise of interested parties’ rights

If you are affected by the processing of your personal data and wish to exercise one or more of your rights as detailed in section 6, please contact us by email at the address dp*@co******************.com or by postal mail at the company’s registered address.

The handling of these requests may be refused by Cabinet Henderson (article 12.5 of the GDPR) in the case that they are excessive or unfounded, for example in the case of multiple and numerous repetitive requests.

8. Claims to the supervising authority

In the case that Cabinet Henderson does not respect its obligations, the interested party or parties concerned by the processing of their personal data have the right to file a claim with the CNIL (French data protection authority) at the following address : http://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil

The CNIL is the competent supervising regulatory entity in matters regarding the protection of personal data.

9. Notification of a personal data security breach

Cabinet Henderson is committed, in order to avoid any personal data security breaches, to taking any and all appropriate and pertinent measures. If a personal data security breach were to take place in spite of this, we undertake to notify the CNIL (French data protection authority) of the breach in question. In accordance with article 33 of the European General Data Protection Regulation (GDPR), this notification will be carried out as soon as possible and whenever possible, 72 hours maximum after the breach coming to light, except in the case where the breach in question would not be likely to cause any risk with regards to the rights and freedoms of the interested parties.

As indicated by article 34 of the GDPR, this duty of notification to the controlling authority may be accompanied by a personal communication addressed to the interested party or parties.