Privacy Policy

Preamble

œnobiote is a brand owned and operated by BforCure. As the data controller, œnobiote is committed to ensuring the protection and

confidentiality of the personal information of users and customers of the œnobiote brand. This privacy policy aims to inform users about the practices adopted by BforCure for the collection, processing, and protection of personal data in connection with the use of the services and products offered under the œnobiote brand.

1. Definitions

Consent: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

​

Recipient: the natural or legal person, public authority, agency, or any other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the context of a particular task in accordance with Union or Member State law are not considered recipients. The processing of such data by the public authorities concerned shall comply with the applicable data protection rules according to the purposes of the processing.

(Personal) data: “Personal data” means “any information relating to an identified or identifiable natural person.”

A person can be identified:

• directly (e.g., surname, first name)

• or indirectly (by an identifier (customer number), a number (telephone number), biometric data, several specific elements of their physical, physiological, genetic, psychological, economic, cultural, or social identity, but also by their voice or image).

A natural person can be identified from a single piece of data (e.g., social security number, DNA) or from a combination of several pieces of data (e.g., a woman living at a certain address, born on a certain date, subscribing to a certain magazine, and active in a certain association).

​

Sensitive data: Sensitive data is a specific category of personal data. This is information revealing racial or ethnic origin,

political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

​

Data controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing. Where the purposes and means of processing are determined by Union or Member State law, the controller may be designated or the specific criteria for its designation may be laid down by Union or Member State law.

GDPR: The acronym GDPR refers to the General Data Protection Regulation. The GDPR governs the processing of personal data within the European Union.

Processor: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

​

Processing: “Processing of personal data” means any operation or set of operations which is performed on personal data, regardless of the means used (collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment).

(a) processing of personal data carried out in the Union in the context of the activities of establishments in several Member States of a controller or processor, where the controller or processor is established

in several Member States; or

(b) processing of personal data which is carried out in the Union in the context of the activities of a single establishment of a controller or processor, but which substantially affects or is likely to substantially affect data subjects in several Member States.

​

2. Purpose and scope of the Policy

œnobiote attaches the utmost importance to the protection of privacy and personal data, as well as to compliance with applicable legal provisions.

Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) stipulates that personal data must be processed in a lawful, fair, and transparent manner. Consequently, the purpose of this privacy policy (hereinafter the “Policy”) is to provide you with simple and clear information about the processing of your personal data in the context of your browsing, the operations carried out on our website, and the applications sent to our job offers.

3. Data controller

In the context of your activity on the œnobiote.com website, we collect and use personal data about you as a natural person (hereinafter referred to as the “Data Subject”).

For all processing operations, œnobiote, [BforCure - SAS with capital of €1,290,920, registered with the Trade and Companies Register under number 834261307 in Bobigny and having its registered office at 14 rue de la Beaune in Montreuil, 93100], determines the means and purposes of the processing. We therefore act as the Data Controller within the meaning of the Personal Data Regulation, and in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

​

4. What personal data do we collect and how?

By using our website or by being a customer and user of our online space, you provide us with certain information about yourself, some of which may identify you (“Personal Data”). This is the case when you browse our sites, fill out online forms, or simply when you become a customer. The nature and quality of the Personal Data collected about you varies depending on your relationship with œnobiote:

• Identification data: this includes all information that identifies you, such as your first and last name and telephone number. We may also collect your email address and postal address (in the case of payment, the postal address will be required to generate an invoice).

• Login data: this includes all information necessary to access your personal account, such as your password (encrypted), and other information necessary to authenticate and access an account. We also collect your IP address for maintenance and statistical purposes.

• Financial data: this corresponds to bank details, such as your bank account number.

• Documents of various types (PDF, Office format, Image) with titles, content, folder names, or information related to a document, such as comments written in the documents, alert and reminder dates.

• Browsing information: when you browse our website, you interact with it. As a result, certain information about your browsing is collected.

• Data collected from third parties: this is personal data that you have agreed to share with us or that is available on public social networks and/or that we may collect from other public databases.

• HR application data: this is the data specified in a resume and/or cover letter (skills assessment, career and training history, interests, etc.).

All data collected is strictly compliant with current regulations. As such, Œnobiote ensures that it complies with the various principles of the GDPR, including the principle of data minimization. All data collected or requested in our forms is limited to what is strictly necessary for the processing in question. This data is marked with an asterisk. Any other information requested that is not strictly necessary for processing is therefore optional.

​

5. Why do we collect your personal data and how?

We collect your personal data for specific purposes and on various legal bases. Based on your consent, your data is processed for the following purposes:

• Carrying out commercial and marketing prospecting operations;

• Managing newsletters;

• Managing cookies requiring your consent;

• Managing events organized by œnobiote.

In the context of the performance of the contract or pre-contractual measures, your data is processed for the following purposes:

• Order and purchase management;

• Commercial contract management;

• Management of your customer account;

• Complaint and after-sales service management;

• Application management.

​

Within the framework of œnobiote's legitimate interests, your data is processed for the following purposes:

• Compilation of statistics for the improvement of products and services;

• Conducting satisfaction surveys and polls;

• Pre-litigation and litigation management.

Within the framework of the legal and regulatory obligations to which œnobiote is subject, your data is processed for the following purposes:

• General and auxiliary accounting;

• Management of the rights of data subjects.

6. Do we share your personal data?

Your data is intended for use by authorized œnobiote employees responsible for managing and executing contracts and legal obligations, depending on the purpose of the collection and within the limits of their respective responsibilities. For certain tasks related to the purposes, and within the limits of their respective missions and authorizations, it may be transmitted to the following recipients:

​

Service providers and subcontractors that we use to perform a series of operations and tasks on our behalf, including:

• Recruitment: Recruitee (https://www.recruitee.com/fr)

• Communications: Oxymailing (https://www.oxemis.com) and Sendinblue (https://www.sendinblue.com)

• For analytical monitoring: Google Analytics (https://analytics.google.com)

• For commercial management: Pipedrive (https://www.pipedrive.com)

• Duly authorized public authorities (judicial, supervisory, etc.) in the context of our legal and regulatory obligations;

• Regulated professions (lawyers, bailiffs, etc.) who may be involved in the implementation of guarantees, recovery, or litigation. When your data is communicated to our service providers and subcontractors, they are also required not to use the data for purposes other than those initially intended by œnobiote.

We strive to ensure that these third parties maintain the confidentiality and security of your data. In all cases, only the necessary data is provided. We make every effort to ensure the secure communication or transmission of your data. We do not sell your data.

7. Is your personal data transferred to third countries?

œnobiote strives to store personal data in France, or at least within the European Economic Area (EEA). However, it is possible that the data we collect when you use our platform or services may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area. In the event of such a transfer, we guarantee that it will be carried out:

• To a country offering an adequate level of protection, i.e., a level of protection equivalent to that required by EU regulations;

• Within the framework of standard contractual clauses;

• Within the framework of internal company rules.

​

8. How long do we keep your personal data?

We only keep your personal data for as long as is necessary to fulfill the purpose for which we hold the data and to meet your needs or our legal obligations. Retention periods vary depending on several factors, such as:

• The needs of œnobiote's activities;

• Contractual requirements;

• Legal obligations;

• Recommendations from supervisory authorities.

​​

The retention periods for your data are as follows:

• Carrying out commercial and marketing prospecting operations: 3 years from the last contact

• Newsletter management: 3 years from the last contact

• Management of events organized by œnobiote: 3 years from the last contact

• Management of cookies requiring your consent: 13 months

• Management of data subjects' rights: 3 years from the last contact

• Management of HR applications: 2 years from the last contact

​

9. How do we ensure the security of your personal data?

œnobiote is committed to protecting the personal data we collect or process against loss, destruction, alteration, unauthorized access, or disclosure. We therefore implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing it.

These measures are designed to preserve the security and confidentiality of your personal data. They may include practices such as limited access to personal data by authorized persons based on their functions, pseudonymization, or encryption.

In addition, our practices and policies, as well as physical and/or logical security measures (secure access, authentication processes, backup, software, etc.) are regularly reviewed and updated as necessary.

​

10. What are your rights?

The GDPR grants data subjects certain rights that they can exercise. These include:

• Right to information: the right to receive clear, accurate, and complete information about the use of personal data by œnobiote.

• Right of access: the right to obtain a copy of the personal data that the data controller holds about the applicant.

• Right to rectification: the right to have personal data corrected if it is inaccurate or obsolete and/or to have it completed if it is incomplete.

• Right to erasure/right to be forgotten: the right, under certain conditions, to have data erased or deleted, unless œnobiote has a legitimate interest in retaining it.

• Right to object: the right to object to the processing of personal data by œnobiote for reasons relating to the applicant's particular situation (subject to conditions).

• Right to withdraw consent: the right to withdraw consent at any time when processing is based on consent.

• Right to restriction of processing: the right, under certain conditions, to request that the processing of personal data be temporarily suspended.

• Right to data portability: the right to request that personal data be transmitted in a reusable format for use in another database.

​​

To this end, œnobiote has implemented a procedure for managing individuals' rights in accordance with the requirements of applicable legislation. This procedure establishes:

• The standards to be met to ensure transparent information for data subjects;

• The legal requirements to be met;

• The means by which a request can be made for each right, depending on the category of data subjects;

• The operational processes for handling these requests in accordance with the above requirements;

• The parties involved in these processes, their roles, and responsibilities.

​

To exercise your rights, you can contact the data protection officer:

• At the following email address: privacy@bforcure.com

• At our postal address: BforCure, for the attention of the GDPR representative, 14 rue de la Beaune, 93100 Montreuil

When you send us a request to exercise a right, you are asked to specify as much as possible the scope of the request, the type of right exercised, the processing of personal data concerned, as well as any other useful information, in order to facilitate the examination of your request. In addition, in case of reasonable doubt, you may be asked to prove your identity.

You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, concerning the way in which œnobiote collects and processes your data.

​

11. Updating this policy

This policy may be updated regularly to reflect changes in personal data regulations.

Last updated: November 19, 2025.