Privacy Policy

About us

Welcome to the MODILAC website!

This section allows you to find out more about the origin and use of the browsing information that is processed when you consult our website and your rights.

This Policy is therefore important both for you – to ensure a secure and positive experience of our services – and for us – so that we can respond fully and accurately to any questions you may have about your browsing activity on our website and respect your preferences.

Depending on the services you subscribe to, you may be asked to provide personal data, some of which is mandatory and some optional. Each of the forms on this website specifies whether the data is mandatory or optional. The information collected is processed electronically for the purposes indicated in the forms.

The information collected is intended for use by Sodilac, the Group to which it belongs and its partners.ion.


1.1 Data controller

The following information is sent to you so that you can read the commitments in relation to personal data protection taken by, which is published by SODILAC SAS whose registered office is located at 68 rue de Villiers in Levallois-Perret 92300 and which acts as data controller for the processing of the personal data mentioned in this document, hereinafter referred to as ‘the Controller’ or ‘we’.


1.2 Our data protection officer (DPO)

The Controller has appointed a person responsible for the IT and civil liberties policy, whom you can contact by email at the following address:   
by post at the following address: Sodilac, Mes données personnelles, 68 rue de Villiers 92300 Levallois-Perret, France.

The data protection officer can be contacted at the following address:


2. The personal data we process

As part of the processing of personal data, the Controller collects and processes the following data:

- title, surname, first name, telephone number, email address, postal address (including postcode, city, country), expected date of birth or date of birth of the child.


3. The purposes and legal notions underpinning our data processing

3.1 The purposes of our processing

We carry out processing for the following purposes:

- to compile statistics and information about the traffic and use of the various elements that make up our website (sections and content visited, typical path), so that we can then improve the interest and ergonomics of our services;

- to adapt the presentation of our website to the display preferences of your device (language used, display resolution, operating system used, etc.) during your browsing of our website according to the hardware and software used to view or read content on your device;

- to memorise information relating to a form that you have completed on our website;

- to implement security measures.


The advertising space on our website may be used by a third party (e.g. external advertising networks) and, where applicable, may contain cookies issued by one of them. Where applicable, cookies issued by these third parties allow them, during the period of validity of these cookies, to:

- count the total number of advertisements displayed by them on our advertising space, to identify these advertisements, their number of respective displays, the number of users who clicked on each advertisement and, if applicable, any further actions taken by these users on the pages to which these adverts lead, in order to calculate the sums due to the stakeholders in the advertising distribution chain (advertiser, communication agency, advertising agency, website/distribution medium) and to establish statistics;

- tailor the advertising spaces that they operate to the display preferences of your device (language used, display resolution, operating system used, etc.), according to the hardware and software used to view or read content on your device;

- tailor the advertising content displayed on your device via our advertising space to the ways in which your device browses our website;

- tailor the advertising content displayed on your device via our advertising spaces to previous or subsequent browsing of your device on third-party websites on which the advertising network concerned also issues cookies, provided that these cookies have been saved on your device in accordance with the choices that you have expressed in relation to this network;

- tailor the advertising content displayed on your device via our advertising spaces to the location data (longitude and latitude) transmitted by your device with your prior agreement;

- tailor the advertising content displayed on your device via our advertising space to the personal data that you may have supplied to this advertising network.


3.2 The legal notions underpinning our processing

We only carry out data processing if at least one of the following conditions is met:

- your consent to processing operations has been collected;

- the existence of our legitimate interest, or that of a third party, justifies our processing of the personal data concerned;

- the execution of a contract between us and you requires our processing of the personal data concerned;

- we are bound by legal and regulatory obligations that require the processing of the personal data concerned to be carried out.


3.3. Legitimate interests pursued

The legitimate interests pursued by the Controller may, notably, consist of enabling the continuity of its activities, improving the consumer experience, retaining the consumer and understanding consumer expectations.



4. Recipients of your data

The personal data that we collect, as well as any data subsequently collected, is intended for us in our capacity as Controller.

We ensure that only authorised people have access to this data. Our subcontractors/service providers may receive this data to carry out the services we assign to them.

Your personal data may be reconciled, pooled or shared between all the parent, sister and subsidiary entities associated with the Controller.

It may be communicated to these entities for the purposes set out in this information notice. These transactions are carried out on the basis of instruments that comply with applicable regulations and are able to ensure that your rights are protected and respected.



5. Transferring your data

As part of the services offered, we transfer your personal data to recipients located in the following countries:

- France: SODILAC Consumer Department;

- United States: Mailchimp.


Each of these transfers is governed by legal instruments that comply with the applicable legal framework. 
The data transferred to our service providers in the United States is certified by Privacy Shield EU-US, thus ensuring a sufficient level of protection.

Transfers to other countries are governed by appropriate guarantee measures, such as the signature of Standard Contractual Clauses proposed by the European Commission.


5.1 Mailchimp.

If you sign up to the Laboratoire Modilac newsletter, your data is transferred to our service provider Mailchimp. Mailchimp’s servers and offices are located in the United States, so your information may be transferred, stored or processed in the United States. Mailchimp takes many measures to protect your privacy, and notably issues you with a data processing agreement.


Mailchimp participates in and has certified its compliance with both the EU-US Privacy Framework and the Swiss-US Privacy Shield Framework. Mailchimp is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, for each privacy framework, to the applicable principles of each framework. To find out more about privacy frameworks and to view these certifications, visit the US Department of Commerce’s website on privacy protection here.

A list of Privacy Shield participants is maintained by the Department of Commerce and is available here.
Mailchimp is responsible for the processing of any personal data it receives in compliance with each privacy framework as well as for any subsequent transfers to third parties acting on its behalf as agents. Mailchimp respects the principles of the Privacy Shield for all subsequent transfers of personal data from the EU and Switzerland, including the provisions related to liability for subsequent data transfers.

With respect to the personal data it receives or transfers pursuant to these privacy frameworks, Mailchimp is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Mailchimp may be required to disclose personal data in response to legitimate requests from public authorities, including for reasons of national security or law enforcement.



6. Duration of data retention

The retention periods that we apply to your personal data are proportionate to the purposes for which it was collected. Consequently, our data retention policy is organised as follows:


Marketing 3 years from our last contact with you or, 
where applicable, from the end of our business relationship 
plus the duration of legal requirements.
Customer In the context of concluded contracts, data is kept 
throughout the duration of our business relationship plus the duration 
of legal requirements.
Cookies 13 months from installation on your device.
Contract for an amount greater than €120 for accounting purposes. 10 years from the conclusion of the contract.
In the event that rights of access, rectification, removal or limitation are exercised, data relating to identity documents and information enabling these rights to be taken into account. 1 year from receipt of the request.
In the event that an opposition right is exercised, the data relating to identity documents and the information enabling this right to be taken into account. 6 years from receipt of the request.



7. Rights granted to you

7.1 How to exercise your rights

You can exercise your rights by contacting us by email at the following address: : 


by post at the following address: Sodilac, Mes données personnelles, 68 rue de Villiers 92300 Levallois-Perret, France.

To exercise your rights, you must clearly indicate your surname, first name(s) and the address to which you would like the response to be sent and attach proof of your identity.

As a matter of principle, you can exercise all your rights free of charge. However, with regard to your right to access data, you may be asked to pay a reasonable fee to cover administrative costs for any copies of the data you request.

With regard to your right for information, the Controller will not be obliged to follow up on this if you already have the information you are requesting.

The Controller will inform you if it is not possible to follow up on your requests.

These rights are not absolute and are subject to different conditions under:

- applicable French data protection or privacy law;

- the laws and regulations that are applicable to you.

The Controller wishes to inform you that failure to provide your data or modifications to your data may affect the processing of certain requests in the context of the execution of contractual relations and that your request to exercise your rights will be retained for monitoring purposes for 6 years when exercising your right of opposition and 1 year when exercising your other rights.

All of your rights are described below.


7.2 Your right to information

You acknowledge that this information notice informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and of the possibility of transferring data to a third-party country or an international organisation.

In addition to this information and in an effort to ensure fair and transparent data processing, you declare that you have received additional information concerning:

- the retention period of your personal data;

- the existence of certain recognised rights, and how to exercise them.

If we decide to process data for purposes other than those indicated, all information relating to these new purposes will be communicated to you.


7.3 Your right to access and rectify your data

You have the right to access and rectify your personal data, which you may exercise by contacting us by email at the following address:


by post at the following address: Sodilac, Mes données personnelles, 68 rue de Villiers 92300 Levallois-Perret, France. 

By exercising this right, you can verify whether your personal data is being processed or not, and when it is processed, you have access to your data as well as to information concerning:

- the purposes of the processing;

- the categories of personal data concerned;

- the recipients or categories of recipients, as well as the international organisations to which the personal data has been or will be sent, notably recipients operating in third-party countries;

- where possible, the envisaged personal data retention period or, where this is not possible, the criteria used to determine this period;

- the existence of the right to request that the Controller rectifies or erases your personal data, the right to request a restriction of the processing of your personal data, and the right to object to this processing;

- the right to lodge a complaint with a supervisory authority;

- information relating to the source of the data when it is not collected directly from the people concerned;

- the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and expected consequences of this processing for the people concerned.

Depending on the case, you can request that your personal data be corrected or supplemented if it is inaccurate, incomplete, ambiguous or out of date.


7.4 Your right to delete your data

You may ask us to delete your personal data in the following cases:

- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

- you withdraw the consent given previously;

- you object to the processing of your personal data when there is no legal reason for such processing;

- the processing of personal data does not comply with the provisions of the applicable legislation and regulations;

- your personal data has been collected as part of the offer of ‘information society services’ to children under the age of 16.

However, you will be unable to exercise this right if your personal data needs to be retained to fulfil legislation or regulations and, in particular, for the establishment, exercise or defence of legal rights.


7.5 Your right to limit data processing

You may request that the processing of your personal data be limited in specific cases provided for by legislation and regulations.


7.6 Your right to object to data processing

You have the right to object to the processing of your personal data where the processing is based on the legitimate interests of the Controller.

In the case of direct communication, this right can be exercised by any means, notably by clicking on the unsubscribe links at the bottom of the communications you receive. 


7.7 Your right to data portability

Since 25 May 2018, you have the right to personal data portability.
The data concerned by this right is:

- your personal data only. It therefore excludes anonymised personal data or data that does not concern you;

- declarative personal data, as well as the operating personal data mentioned above;

- personal data that does not infringe on the rights and freedoms of third parties, such as those protected by business confidentiality.

This right is limited to processing based on consent or a contract, as well as personal data that you have generated yourself.

This right does not include derived or inferred data, which is personal data created by the Controller.


7.8 Your right to withdraw your consent

When the data processing we carry out is based on your consent, you can withdraw it at any time. As a result, we stop processing your personal data without calling any previous transactions for which you had given your consent into question.


7.9 Your right to appeal

You have the right to lodge a complaint with the CNIL in France without prejudice to any other administrative or judicial appeals.


7.10 Your right to set post-mortem guidelines 

In accordance with article 63 of French law no. 2016-1321 dated 7 October 2016 for a Digital French Republic, you have the possibility to set out guidelines in relation to the retention, deletion and communication of your personal data after your death to a trusted and certified third party, who will be responsible for ensuring that the will of the deceased is respected in accordance with the requirements of the applicable legal framework.