Privacy policy
Mexens (hereinafter “the Company”) is committed to ensuring that the processing of your personal data (collection, use and sharing) complies with applicable laws and regulations on the protection of personal data, in particular:
- Law No. 78-17 of 6 January 1978 on data processing, files and individual liberties, and Law No. 2018-493 of 20 June 2018 on the protection of personal data;
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”), which entered into force on 25 May 2018; and
- any other normative act, decree, regulation or provision issued by a competent national or European personal data protection authority;
The privacy charter and personal data protection policy are described below and set out the conditions for the collection, processing, use and sharing of personal data concerning you. The Company is the Data Controller for the personal data you may provide through the Company’s website (hereinafter “the Site”) and the use of associated services (hereinafter “the Services”). The Personal Data Policy applies to all users, including those who use the Site and Services without being registered or subscribed to a specific service. The Company has appointed a data protection officer (DPO) whom you may contact for any questions relating to the processing of your personal data and to exercise your rights. The DPO ensures compliance with personal data protection rules and is the primary point of contact for all individuals affected by the collection or processing of personal data. Contact details for this officer: vie-privee@mexens.com.
General information on the collection of personal data
When you visit the Mexens website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone and some of the cookies installed on your device. Additionally, as you browse the site, we collect information about the individual web pages or products you view, the websites or search terms that referred you to the site, and how you interact with the site. We refer to this automatically-collected information as “device information”. We may also collect the personal data you provide to us (including but not limited to name, first name, address, payment information, etc.) upon registration in order to fulfil the contract.
Why do we process your data?
The security of customer data is our absolute priority, and as such we can only process minimal data about users, and only to the extent that it is absolutely necessary to maintain the website. The automatically collected information is used solely to identify potential cases of abuse and to establish statistical information regarding the use of the website. This statistical information is not otherwise aggregated in a way that would identify a particular user of the system. You can visit the website without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. However, if you wish to use certain features of the website, or if you wish to receive our newsletter or provide other details by filling in a form, you may provide us with personal data such as your email, first name, last name, city of residence, organisation, and phone number. You may choose not to provide us with your personal data, but you may then be unable to take advantage of certain features of the website. For example, you will not be able to receive our newsletter or contact us directly from the website. Users who are unsure which information is mandatory are invited to contact us via vie-privee@mexens.com.
Your rights
You may, at any time, exercise your rights of access, rectification, objection, erasure, restriction and portability of personal data concerning you, by submitting your request in writing, accompanied by a copy of your identity document and specifying the address to which the Data Controller’s response should be sent. Any request should be sent to:
JLT Invest/Mexens 26, rue Annet Ségeron 86580 POITIERS BIARD vie-privee@mexens.com
You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL, https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment) in the event of a breach of applicable personal data protection regulations, in particular the GDPR.
Links to other websites
Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for these other websites or the privacy practices of third parties. We encourage you to be attentive when leaving our website and to read the privacy statements of each website that may collect personal information.
Information security
We secure the information you provide on computer servers in a controlled and secure environment, protected against unauthorised access, use or disclosure. We maintain reasonable administrative, technical and physical safeguards to protect against unauthorised access, use, modification and disclosure of personal data under its control and custody. However, no data transmission over the Internet or a wireless network can be guaranteed.
Legal disclosure
We will disclose any information we collect, use or receive if required or permitted by law, for example to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
Contact information
If you would like to contact us to better understand this policy or if you wish to contact us regarding any matter relating to individual rights and your personal information, you may send an email to vie-privee@mexens.com.
Data location
Data collected via the Mexens website is stored in the infrastructure of the following hosting provider:
Infomaniak
Rue Eugène Marziano 25
1227 Les Acacias (Geneva)
Switzerland
Collection and processing of personal data
Your data is primarily used to:
- Enable you to use the Site and Services
- Evaluate and improve our Services and associated features
- Improve the user experience on the Site
- Provide you with customer support and respond to your enquiries
- Comply with legal obligations
- Carry out operations relating to our business relationships
- Serve the Company’s legitimate interests: in certain cases, the Company may disclose your personal data, in particular when the Company believes in good faith that such data processing is necessary to: (i) protect, exercise, or defend the rights, privacy, safety, and property of the Company or those of its employees, agents and service providers; (ii) protect the safety, privacy and security of users of the Site, Services or the public; (iii) protect against fraud or for risk management purposes;
- Subject to your prior consent, where necessary, to carry out commercial prospecting activities with you, in accordance with your personal preferences and choices;
- Subject to your consent, to share personal data concerning you with our trusted business partners, including other group entities, in order to enable them to send you commercial messages.
Personal data is processed on the basis of the legitimate interests of the Data Controller (Article 6(1)(f) of European Regulation 2016/679 (General Data Protection Regulation – GDPR) – “processing is necessary for the purposes of the legitimate interests pursued by the controller “).
Details for the contact form
→ Data processed
The following data may be collected:
- Email address
- Last name
- First name
- Phone number
- Postal address
- IP address
→ Collection method, persons concerned and purpose
The data comes from the recording of the aforementioned data by the person wishing to contact Mexens via the contact form. Only users using the contact form are affected by this collection. The data processing allows the retrieval of the contact details and contact request of users wishing to get in touch with Mexens. The site also uses the Cloudflare Turnstile service to protect its forms from malicious bots.
Other data processing carried out by Mexens
Mexens also collects data from its suppliers, prospects and customers, and its hosting providers.
Data collected regarding suppliers is subject to processing for which Mexens is the controller,
- With the purpose of managing administrative operations related to contracts with our suppliers, orders placed with them, receipt of ordered goods and/or services and tracking of delivery notes or completed assignments, monitoring of supplier invoices, payment of supplier invoices, and accounting with regard to supplier account management.
- The recipients of the information are: personnel responsible for the purchasing department, administrative and accounting departments, public bodies, exclusively to comply with legal obligations – legal auxiliaries and ministerial officers in the context of their supervisory role.
- Supplier data is retained for 10 years after the last business relationship.
- You will be notified of any sufficiently serious breach of your personal data if the risk involved is likely to result in a high risk to your rights and freedoms.
- You have the right to access, rectify, object to, restrict, port, and erase your data by contacting Mexens’ DPO: vie-privee@mexens.com.
Data collected regarding Prospects and Customers is subject to processing for which Mexens is the controller,
- With the purpose of managing administrative operations related to contracts with our customers, orders placed by them, monitoring of issued invoices, their payment, accounting with regard to customer account management, and keeping them informed of updates to our solutions.
- The recipients of the information are: personnel responsible for business relations, customer relations, administrative and accounting departments.
- Customer data is retained for 10 years after the last business relationship.
- You will be notified of any sufficiently serious breach of your personal data if the risk involved is likely to result in a high risk to your rights and freedoms.
- You have the right to access, rectify, object to, restrict, port, and erase your data by contacting Mexens’ DPO: vie-privee@mexens.com.
Data collected regarding prospects and hosting providers is subject to processing for which Mexens is the controller,
- With the purpose of exchanging information enabling prospects to finalise their choice and keeping them informed of updates to our solutions.
- With the purpose, for hosting providers, of managing photovoltaic power plant and methanisation unit installation projects, administrative operations related to leases concluded with our hosting providers, and keeping them informed of updates to our solutions.
- The recipients of the information are: personnel responsible for project monitoring, administrative and accounting departments.
- Prospect data is retained for 5 years.
- Hosting provider data is retained for 30 years from the completion of all formalities, in particular the signing of a lease. The notarial deed and its annexes are retained for 75 years and 100 years when the deed concerns minors or protected adults.
- You will be notified of any sufficiently serious breach of your personal data if the risk involved is likely to result in a high risk to your rights and freedoms.
- You have the right to access, rectify, object to, restrict, port, and erase your data by contacting Mexens’ DPO: vie-privee@mexens.com.
Data processing
Mexens informs that it will process data in a lawful, fair, transparent, adequate, relevant, limited, accurate and up-to-date manner. For this reason, Mexens undertakes to take all reasonable measures to ensure that data is deleted or rectified without delay when it is inaccurate or when a request is made.
Are there any data transfers?
Mexens ensures that the data processed is not transferred outside the European Union or to countries that have not been recognised as adequate by the European Commission.
Before considering any transfer of data outside the European Union or to a country not benefiting from such recognition, Mexens implements all necessary measures and safeguards to ensure that such transfers comply with the General Data Protection Regulation.
How to exercise your rights?
In accordance with applicable legal provisions on personal data protection, you may exercise your rights of access, rectification, erasure, restriction, withdrawal of consent, objection, and portability by contacting Édifice’s data protection officer via vie-privee@mexens.com.
To find out more about your rights regarding personal data, feel free to visit the website of the Commission Nationale de l’Informatique et des Libertés (CNIL).
If you believe, even after having lodged a complaint with Mexens, that your rights regarding the protection of personal data are not being respected, you have the option of lodging a complaint with the CNIL at the following address: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07.
When exercising your rights, you must verify your identity by any means. In the event of doubt about your identity, the services responsible for the right of access and the data protection officer reserve the right to ask you for any additional information they deem necessary, including a photocopy of an identity document bearing your signature.
Cookies
Mexens uses cookies to provide an optimal user experience. You can manually disable cookies of your choice via your browser. Please be aware that blocking certain cookies may significantly affect your browsing experience. Note: Cookies are small pieces of information that websites can place and exchange with your internet browser. This can in particular allow your session to remain open during your browsing or to retain your preferences for future visits.
Cookies necessary for website operation
| Cookie name | Purpose | Retention period |
|---|---|---|
| PHPSESSID | Keep your session open for the duration of your browsing | Expires when you end the browsing session |
| tarteaucitron | Saves your cookie consent choices | 12 months |
| Local web storage | Used to remember your preferences | |
| messagesUtk | Recognise visitors who are chatting with the chatbot | 6 months |
| hs-messages-is-open | Determines whether the chat widget is open and saves that information for future visits. | 30 minutes |
Third-party cookies
The website uses certain services to improve the user experience or to measure activity on our website. These services may use cookies to function. You can at any time view and choose which cookies to allow via the Cookie Management button available at the bottom of the website.
→ Google Analytics
| Cookie name | Purpose | Retention period |
|---|---|---|
| __utma | Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookie exists. The cookie is updated each time data is sent to Google Analytics. | 2 years from creation/update |
| __utmb | Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookie exists. The cookie is updated each time data is sent to Google Analytics. | 30 minutes from setup/update |
| __utmc | Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie worked in conjunction with the cookie to determine whether the user was in a new session/visit. | Until end of browser session |
| __utmt | Used to throttle request rate. | 10 minutes |
| __utmz | Stores the traffic source or campaign that explains how the user reached the site. The cookie is created when the javascript library executes and is updated each time data is sent to Google Analytics. | 6 months from creation/update |
→ Hubspot
| Cookie name | Purpose | Retention period |
|---|---|---|
| messagesUtk * | Recognise visitors who are chatting with the chatbot | 6 months |
| hs-messages-is-open * | Determines whether the chat widget is open and saves that information for future visits. | 30 minutes |
| hubspotutk | Keeps track of a visitor’s identity. It is passed to HubSpot on form submission and is used during contact deduplication. | 6 months |
| __hssc | Tracks sessions | 30 minutes |
| __hstc | Determines whether the visitor has restarted their browser | End of browser session |
| __hssrc | Determines whether the visitor has restarted their browser | End of browser session |
Last updated on 27 March 2026.