Privacy Policy

Updated on October 31, 2022

Central IA OÜ (hereinafter referred to as “the Company” or “we”) is a private limited company, headquartered at Sepapaja tn 6, 15551 Tallinn, Estonia, registered under identification number 16595656.

The Company is responsible for processing the data of its clients and, more generally, internet users (hereinafter referred to as “you”) who browse the websites it operates as part of its activities, such as https://www.trading-system.fr/, including the online training platform and/or private group on a social network offered to its clients (hereinafter collectively referred to as the “Site”).

We are committed to ensuring that the collection and processing of personal data are carried out lawfully, fairly, and transparently, in accordance with the General Data Protection Regulation (“GDPR”).

Failure to provide mandatory information may prevent the processing of your request (e.g., registration or online order, information request) or delay its processing.

For any clarification or complaints, please feel free to contact us by email at contact@central-ia.com.

I. DEFINITIONS – PREAMBLE

For a proper understanding of this Privacy Policy, the following terms are defined:

• “Personal data” refers to any information relating to an identified or identifiable natural person (the “data subject”), particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their identity.

• “Processing” refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available, alignment or combination, restriction, erasure, or destruction.

• “Data controller” refers to the entity that determines the purposes and means of data processing, either alone or jointly with others. A “processor” is an entity that processes personal data on behalf of the data controller.

• “Recipient” refers to a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether or not it is a third party.

II. WARNINGS

We encourage you to be cautious about what you choose to make public on the internet.

Regarding personal data, including information related to your private life or sensitive data (such as political and philosophical opinions, union membership, health information, sexual orientation, religious beliefs), made public at your initiative or inferred from your contributions, comments, and statements on social networks (Facebook, YouTube, etc.), please note that the processing of personal data made public by the data subject is not subject to the general prohibition on processing sensitive data.

If a capitalized word is used, the Client may refer to the applicable General Terms and Conditions of Sale on the Site.

III. MANAGEMENT OF CLIENTS AND PROSPECTS DATABASE

Through the Site, you provide the following categories of information by filling out forms and communicating with us:

• Identity data (e.g., title, last name, first name), contact details (e.g., email address, postal address, city, country, phone number).

• Login information for your user account: username, password.

If you place an order, we will also process information related to the contractual and commercial relationship, including the details of your order for a training program or coaching reserved for members of the training. Since orders are paid, we will also process payment and transaction-related information (e.g., transaction date, amount, payment method, order number).

We also collect information when you complete a satisfaction form or subscribe to a free product or service (name, email). Subscribing to a free service implies consent to receive marketing information, which the user can unsubscribe from at any time.

Additionally, we collect login and usage data related to the tools provided in the virtual space dedicated to users (e.g., IP address, login time, session duration, account settings, tool management, videos watched, progress indicators).

Accuracy of Provided Information: You must not provide false personal information or create an account on behalf of another person without their permission. The contact details you provide must always be accurate and up to date.

Personal Identifiers: Any account holder who accesses a virtual space (training, video watching, etc.) has strictly personal, confidential, and non-transferable access rights. Account holders must take the necessary security measures to protect their login credentials (username, password) to prevent third parties from accessing their accounts. The account holder will be held responsible for any fraudulent or abusive use of their credentials if it results from their negligence.

In any case, the account holder must promptly notify us in case of loss or theft of their login credentials.

IV. PROVISION OF A VIRTUAL ACCESS SPACE FOR SERVICES

Training content is delivered via an online platform accessible through a URL link provided to the Client upon order. Coaching is provided through private groups on social networks, such as Discord.

Email Notifications: Clients can opt-in to receive notifications by email (e.g., product updates, responses to messages or comments). These notifications can be disabled at any time.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​​​

​​

V. SOCIAL NETWORKS AND THIRD-PARTY SITES

Groups, Accounts, and Pages: Coaching may be conducted via a private group created on Facebook, where content is shared, and clients can interact. We may also contact you or respond to your questions via social networks if you initially reach out to us through this channel.

Additionally, we maintain various public pages and accounts that you can follow.

For any information you provide on social networks such as Facebook (liking a video, watching a video, sending messages to coaches), Instagram (commenting, liking, sharing), or any other social platform, please note that we are not responsible for the personal data processing carried out by these third-party sites. We recommend consulting their privacy policies for more information.

Public Information: Information you provide to us may be enriched for commercial, marketing, or communication purposes using other publicly available sources, such as social networks.

Links to Third-Party Sites: The Site may include links to other websites, applications, and services operated by third-party companies. Clicking on these links may allow third parties to collect or share data about you. We are not responsible for how third-party sites handle personal data. Users should review their privacy policies for further details.

Links to the Site: Conversely, if a third-party site links to our Site, this does not imply that its privacy policy applies to our activities, nor does it guarantee that the third party complies with personal data protection obligations.

​

​

​

​

​

​

​

​

​

​

VI. COOKIES

Collection of Technical Data for Advertising, Commercial, and Statistical Purposes: The Site automatically collects and records technical data from your device for advertising, commercial, and statistical purposes. These data help personalize and improve your experience on the Site. We do not collect or store personally identifiable information (e.g., name, surname, address) associated with technical data. However, these data may be sold to third parties by cookie providers.

Use of Third-Party Cookies: Cookies from third parties, such as Facebook and Google, allow for retargeting. More information:

• Facebook Ads Pixel

• Google Cookies Policy

Cookie Retention Period: In accordance with European recommendations, cookies are stored for a maximum of 13 months from the date of first placement, and user consent must be renewed after this period.

User’s Right to Object to Cookies: Users can disable cookies through their browser settings:

• Chrome: Disable Cookies

• Safari: Disable Cookies

• Firefox: Enhanced Tracking Protection

• Internet Explorer: Manage Cookies

VII. EXERCISING YOUR RIGHTS

You have the right to access, rectify, erase, query, restrict the processing of your data, and exercise data portability (more information here), within the limits set by regulations, including the GDPR.

You also have the right to object at any time, for reasons related to your particular situation, to the processing of personal data based on our legitimate interest. Additionally, you have the right to object to commercial prospecting by clicking on the unsubscribe link in the newsletter.

Requests to exercise your rights should be sent electronically to: contact@central-ia.com. If you are not satisfied with our response, you may file a complaint with the relevant data protection authority (for example, in France, the CNIL).

For practical purposes, please note that exercising your right to erasure, opposition to processing, or withdrawal of consent may disrupt or even terminate the proper functioning of the website and/or training services (including the e-learning platform). For example, if these rights are exercised at the time of ordering services, the order may not be processed.

VIII. DATA RETENTION PERIOD

Data used for commercial prospecting is retained for a maximum of three years from the last contact initiated by the prospect or from the end of the contract with the client. If you have not authenticated on the website or engaged in any activity (e.g., clicking on a link) for three years, you may receive an email inviting you to log in as soon as possible, failing which your data will be deleted from our databases.

Effective data deletion measures are implemented once the necessary retention or archiving period for the defined purposes is reached, particularly after the deletion of your account with our company.

Due to legal obligations, certain documents related to our internal operations and containing personal information (e.g., purchase orders, contracts, invoices) will be archived. Similarly, we may retain data until the expiration of applicable statutory limitation periods to defend our interests in case of future legal disputes.

In any case, personal data will not be retained beyond the time necessary to fulfill contractual obligations or legal requirements. Beyond this period, data may be anonymized and retained solely for statistical purposes.

IX. RECIPIENTS

We do not sell any personal data files. The information you provide is used internally by authorized personnel and is strictly confidential. It cannot be disclosed to third parties unless explicitly agreed upon or if you choose to make it public.

Our external service providers may receive personal data for the execution of described processing activities. This includes tools provided under the names Systeme.io (orders), IONOS (website hosting), Kajabi (training platform, access management, including passwords), and Discord (customer support).

We ensure that (i) all subcontractors provide sufficient and appropriate contractual guarantees to respect your rights and comply with GDPR requirements, and (ii) data transfers comply with applicable GDPR provisions.

Under legal obligations, your personal data may be disclosed pursuant to a law, regulation, or decision by a competent regulatory or judicial authority.

Data Transfers Outside the EU

We commit to complying with applicable regulations regarding data transfers to countries outside the European Union, specifically:

• We transfer visitors’, prospects’, and clients’ data only to countries recognized as providing an adequate level of protection. For transfers to the United States, we work with entities that have adhered to the Privacy Shield framework.

• When the destination country does not provide an adequate level of protection, we implement regulatory-compliant transfer mechanisms (e.g., European Commission standard contractual clauses).

X. DATA SECURITY

We implement all necessary technical and organizational measures, including physical and logistical security, to ensure an appropriate level of security against accidental, unauthorized, or unlawful access, disclosure, alteration, loss, or destruction of your personal data.

Secure Payment

All transactions on our website are secure. Credit card payments are processed by our trusted payment service provider, Stripe.

We use SSL encryption to protect your personal data and payment information. At no point do we directly store your banking details. The payment page address starts with "https" and is accompanied by a closed padlock or key icon, confirming a secure payment zone when your card details are entered. Stripe automatically verifies that the connection is secure before transmitting banking and transaction data.

Data Breach Response

In the event of unauthorized access to personal data stored on our servers or those of our service providers, or an unauthorized breach leading to identified risks, we commit to:

• Notifying you as soon as possible if legally required;

• Investigating the causes of the incident;

• Taking reasonable measures to mitigate negative consequences.

These commitments do not constitute an admission of fault or liability for the incident.

If you notice any security vulnerability or incident affecting the integrity of your personal data or that of others, please notify us immediately at contact@central-ia.com.

XI. APPLICABLE LAW AND LANGUAGE

This privacy policy is written in French.

If translated into other languages, the French version will prevail in the event of a dispute. Failure to enforce any provision temporarily or permanently shall not constitute a waiver of any other provisions, which will remain in effect.

We reserve the right to modify this Privacy Policy. Concerned individuals will be notified if required by GDPR or other regulations. The update date is indicated at the top of the document, and we invite you to check it regularly.