1. Preamble

1.1. This Privacy Policy is an integral part of the General Conditions of Service, so that the definitions used in the latter are reused in this Privacy Policy.

1.2. The purpose of this Privacy Policy is to inform the Data Subjects about how their Personal Data is collected from the Application, how they are processed by the Data Controller and finally the rights enjoyed by the Data Subjects as to these treatments as defined below.

2. Definitions

2.1. The following terms, whether used in the singular or plural in this Privacy Policy, will have the following definition:

Application: Means the mobile application on which this Privacy Policy is hosted.

Intermediate archiving: Refers to the movement of Personal Data which is still of administrative interest to the Data Controller (as for example in the event of litigation and / or in the event of legal obligation) in a separate database, logically or physically separated and of which, in any event, access is restricted. This archive is an intermediate step before the deletion of the Personal Data concerned or their anonymization.

Privacy Charter: Refers to this privacy and data protection policy for the Data Subjects implemented by the Data Controller, which is an integral part of the CGS.

CGS: Designates the General Conditions of Service.

Personal data: Refers to the personal data of the Data Subject, within the meaning of the Personal Data Regulations, collected and processed by the Data Controller in the context of the use of the Application.

Specific Rights: Designate the rights granted by the Regulation on Personal Data to the Data Subjects concerning the processing of their Personal Data;

Concerned person: Refers to the natural person whose Personal Data is processed by the Data Controller;

Personal Data Regulations: Means the Community Regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (known as " GDPR "for General Data Protection Regulations).

Processing manager: Designate the Company;

Terminal: Refers to the material equipment (computer, tablet, smartphone, telephone, etc.) used by the Data Subject to use the Application;

3. The legal bases of the processing

3.1. In accordance with the Regulations on Personal Data, the treatments designated in this Privacy Policy are supported by a specific legal basis.

3.2. The Data Subject has consented to the processing of their Personal Data for one or more specific purposes.

3.2.1. The Application required the express consent of the Data Subject in order to carry out a specific treatment explained when obtaining the consent.

3.3. Processing is necessary for the execution of a contract to which the Data Subject is a party or for the execution of pre-contractual measures taken at the request of the latter.

3.3.1. In order to use the Application and benefit from its services, the Person concerned has accepted the CGS. These documents formalize a contractual relationship between the Data Subject and the Data Controller, serving in particular as a legal basis for the collection and processing of Personal Data of the Data Subject by the Data Controller.

3.3.2. These Data are necessary for the performance of a number of processing operations related to the execution of the contractual relationship between the Data Subject and the Data Controller, the purposes of which are detailed in paragraph 4 - The purposes of the processing.

3.4. Processing is necessary to comply with a legal obligation to which the Data Controller is subject.

3.4.1. The processing of Personal Data may also be necessary to comply with a legal obligation to which the Data Controller would be subject, for example, the conservation of logs of access to the Application.

3.5. The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, unless these prevail over the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, especially when the Data Subject is a child.

3.5.1. The Data Controller may have a legitimate interest justifying the processing of the Personal Data of the Data Subject, such as for example the processing of Data strictly necessary for the purposes of fraud prevention.

3.5.2. In this case, the Data Controller ensures that the processing in question is indeed necessary for the realization of its legitimate interest and assesses the consequences of this processing on the Data Subject, in particular taking into account the nature of the Data processed, and how they are treated.

3.5.3. The Data Controller makes sure not to disregard the interest or the fundamental rights and freedoms allowing the Data Subject, at any time, to oppose, all or part of the processing described in this Privacy Policy, as to exercise its Specific Rights, under the conditions of paragraph 9 - Specific Rights.

4. The purposes of the processing

The Personal Data of the Data Subject is necessary to allow them access to the Application, its use and its improvement, and to allow the Data Controller to:

5. Storage of Personal Data

3.1. The Application is hosted by Amazon Web Services Europe>.

3.2. All precautions have been taken to store the Personal Data of the Persons concerned in a secure environment and prevent it from being distorted, damaged or from unauthorized third parties having access to it. The information transmitted by the care of the Person Concerned will never be transmitted to third parties for a commercial purpose, neither sold nor exchanged.

6. Collection of Personal Data on the Application

4.1. The Data Controller processes the following Personal Data that the Data Subject communicates when using the Application and which is kept for a period of three (3) years, on an active basis, from the last connection of the Person Concerned with the Application:

The above Personal Data is also kept in Intermediate Archiving for an additional period of two (2) years in accordance with the common limitation period.

7. Recipients or categories of recipients if they exist

Country of establishment of the data recipient Nature of data transferred Purpose of the proposed transfer Data recipient categories Level of protection offered by the country or exception provided for by the Personal Data Regulations
AWS Europe All Host the Application Technical service Treatment in the territory of the European Union
Apple All Customer account Technical service USA (Privacy Shield)
Customer service Last name Enable customer relationship management Sales department Treatment in the territory of the European Union

8. Security of transactions

8.1.In accordance with the GTC, the Application uses technology from the Apple® company to secure the banking transactions of the Persons concerned.

8.2. Thus, when paying on the Application, the bank details of the Data Subject are transmitted encrypted to Apple® companies, without the Data Controller being able to read them.

8.3.The Data Controller does not collect either the full number of the Data Card of the Data Subject, or their cryptogram.

8.4.To exercise their rights such as those identified in paragraph 9 - Specific Rights, relating to their credit card details, the Person Concerned is invited to contact the Apple® company directly.

9. Specific Rights

9.1. In accordance with the Regulations on Personal Data, the Data Subject may, at any time, benefit from the following Specific Rights from / to:

9.2. Access rights

9.2.1. The Data Subject has the possibility of obtaining from the Data Controller confirmation that the Personal Data concerning them are or are not processed and, when they are, access to said Personal Data as well as the following information:

9.2.2. When Personal Data is transferred to a third country or to an international organization, the Data Subject has the right to be informed of the appropriate guarantees with regard to this transfer.

9.2.3.The Data Controller provides a copy of the Personal Data being processed

9.2.4.The Data Controller may require the payment of reasonable fees based on administrative costs for any additional copies requested by the Data Subject.

9.2.5.When the Data Subject submits his request electronically, the information is provided in a commonly used electronic form, unless he requests otherwise.

9.2.6.The right of the Data Subject to obtain a copy of their Personal Data must not infringe the rights and freedoms of others.

9.3. Right of rectification

The Data Subject has the possibility of obtaining from the Processing Manager, as soon as possible, the rectification of Personal Data concerning them which is inaccurate. It also has the possibility of obtaining the completion of incomplete Personal Data, including by providing an additional declaration.

9.4. Erasure rights

The Data Subject has the possibility of obtaining from the Data Controller the erasure, as soon as possible, of Personal Data concerning them when one of the following reasons applies:

9.5. Limitation rights

The Data Subject has the possibility of obtaining from the Data Controller the limitation of the processing of his Personal Data when one of the following reasons applies:

9.6. Right to data portability

9.6.1. The Data Subject has the possibility of receiving from the Data Controller the Personal Data concerning them, in a structured, commonly used and machine-readable format when:

9.6.2. When the Data Subject exercises their right to portability, they have the right to obtain that the Personal Data be transmitted directly by the Data Controller to another data controller that they designate when technically possible.

9.6.3.The right to the portability of the Personal Data of the Data Subject must not infringe the rights and freedoms of others.

9.7. Right to object

The Data Subject may object at any time, for reasons relating to their particular situation, to the processing of Personal Data concerning them based on the legitimate interest of the Data Controller. The latter will then no longer process Personal Data, unless it demonstrates that there are compelling and legitimate reasons for the processing which prevail over the interests and rights and freedoms of the Data Subject, or may keep them for the establishment, exercise or defense of legal claims.

9.8. Post-mortem guidelines

9.8.1. The Data Subject has the possibility of communicating to the Data Controller directives relating to the conservation, erasure and communication of his Personal Data after his death, which directives can also be registered with "a trusted third party certified";. These directives, or a sort of "digital will", can designate a person responsible for their execution; otherwise, the heirs of the Data Subject will be designated.

9.8.2.In the absence of any directive, the heirs of the Data Subject may apply to the Data Controller in order to:

9.8.3. In any event, the Data Subject has the possibility of indicating to the Data Controller, at any time, that they do not wish, in the event of death, that their Personal Data be communicated to a third party.

10. Exercise of Specific User Rights

These rights can be exercised at any time with the Data Controller:

10.1. In order to assert his rights under the conditions referred to above and in the event that the Data Controller has doubts about the requester, the Data Controller may ask the latter to prove his identity by mentioning his surname, first name, e-mail address and accompanying his request with a copy of a valid identity document.

10.2. A response will be sent to the Data Subject within one (1) month maximum following the date of receipt of the request.

10.3. If necessary, this period may be extended by two (2) months by the Data Controller who will alert the Data Subject, given the complexity and / or the number of requests.

10.4. In the event of a request from the Data Subject to delete their Personal Data and / or in the event of the exercise of their right to request the erasure of their Personal Data, the Data Controller may however keep them in the form of Intermediate Archiving, and this for the time necessary to meet its legal obligations, or for probative purposes during the applicable limitation period.

10.5.The Data Subject may also file a complaint with the supervisory authority responsible for personal data.

11. Cookies placed on the Terminal of the Data Subject after browsing the Application

11.1. Cookies are used on the Application.

11.2. A cookie is information deposited on the Terminal which is used by the Person concerned to access the Website.

11.3.Cookies are related to the navigation of the Person concerned on the Application and make it possible to determine the pages he has visited, their date and time of consultation.

11.4.At no time do these cookies allow the Data Controller to personally identify the Data Subject.

11.5.The shelf life of these cookies in the Terminal of the Data Subject does not exceed thirteen (13) months.

11.6.More specifically, the Personal Data collected from cookies issued by the Data Controller or third parties allow:

11.7. Thanks to cookies, the Data Controller collects and processes for the purposes determined above, all or part of the following Data:

Cookies

Cookie Name Purpose of the cookie (audience, advertising, profiling, social networks, necessary for the website and / or application, etc.) Support (desktop / mobile) Cookie editor Publisher's Privacy Policy Cookie lifetime Raw data collected by the cookie Storage location of the raw data collected Duration of storage of the raw data collected by the cookie Opt-out
_ga Customer Identification   Google https://policies.google.com/

13 month Navigation behavior USA (Privacy Shield) 13 month yes
admob Advertising management   Google            

12. Opposition to cookies

12.1. The Person Concerned is informed, during their first visit, that they have the right to oppose the registration of cookies which are incidental to the functioning of the Application, in particular by configuring their Internet browser or by exercising their choice on this page (see below).

12.2. When the Data Subject browses the Application, information may be recorded or read in his Terminal, subject to his choices.