Privacy Policy

1. Preamble

1.1 This Privacy Policy is an integral part of the General Conditions, so that the definitions used in the latter are used in this Privacy Policy.

1.2 The purpose of this Privacy Policy is to inform Members about how their Personal Data is collected from the Platform, how it is processed by the Data Controller and finally the rights enjoyed by Members with respect to this Processing. as they are defined below.

2. Definitions

The following terms, whether used in the singular or plural in this Privacy Policy, will have the following definition:

Archiving
Refers to the movement of Personal Data which still presents an administrative interest for the Data Controller, (such as for example in the event of litigation and/or in the event of a legal obligation) in a separate database, logically or physically separated and from which, in any event, access is restricted. This archive is an intermediate step before the deletion of the Personal Data concerned or their anonymization.

Privacy Policy
Refers to this policy of confidentiality and protection of the Personal Data of Members implemented by the Data Controller which is an integral part of the CGSU.

CGSU
Refers to the General Conditions of Service and Use of [domain]

Personal data)
Means the Member’s personal data, within the meaning of the Personal Data Regulations, collected and processed by the Data Controller in the context of the creation and management of his Personal Profile and the use of the Services by him.

Personal Data Regulations
Refers to Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms and amended on October 7, 2016, as well as any regulations that may apply to personal data, in particular in application of the Community Regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data.

Data Controller
Name the company

[legal]

Platform
Refers to the technical platform.

Terminal(s)
Means the material equipment (computer, tablet, smartphone, telephone, etc.) used by the Member and/or the Internet user to consult or view the Platform and/or any other digital medium published by a third party.

Treatment
Refers, within the meaning of the Personal Data Regulations, to any operation or set of operations whether or not carried out using automated processes and applied to Personal Data such as the collection, recording, organization, the structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.

3. The legal bases of the Processing

General Data Protection Regulation.

4. The purposes of the Processing

The Member’s Personal Data is necessary to allow him access to the Services, their use and their improvement, and to allow the Data Controller to:
– Carry out operations relating to its commercial relationship with the Member, i.e. concerning invoices, accounting, monitoring the “customer relationship” with a Member, such as carrying out satisfaction surveys, management of complaints, use of the Platform and more generally of the Services, etc.;
– Select Members to carry out studies, surveys and product tests, as well as loyalty, prospecting and promotion actions;
– Personalize its communication for Members, in particular by information e-mails, according to its observed preferences, its use of the Services;
– Perform prospecting-related operations, i.e. the management of technical prospecting operations (which notably includes technical operations such as standardization, enrichment and deduplication);
– Carrying out commercial solicitation operations;
– The development of trade statistics; analysis and marketing tools (including classification, score, etc.);
– The organization of contests, lotteries or any promotional operation, excluding online gambling and games of chance subject to the approval of the Online Gaming Regulatory Authority;
– Management of requests to exercise rights;
– Management of outstanding payments and litigation;
– The management of Members’ comments on the Platform and/or on the web pages published by the Data Controllers such as the pages of social networks;
– The fight against fraud.

5. Storage of Personal Data

5.1 The Platform is hosted by companies whose names and contact details are available below: AWS

5.2 All precautions have been taken to store Members’ Personal Data in a secure environment and to prevent them from being distorted, damaged or accessed by unauthorized third parties. The information transmitted by the care of the Member will never be transmitted to third parties for commercial purposes or sold or exchanged.

6. Collection of Personal Data on the Platform

6.1 The Data Controller collects, when creating an Account and then when it is gradually completed, the following Personal Data that the Member enters or that he communicates during his navigation and which is kept for a period of three (2) years, on an active basis, from the Member’s last connection to the Platform:
– Email address
– Identifier used on the Platform
– Payment ID
– If applicable, the reason(s) for the exclusion (all the elements making it possible to demonstrate the actions which date from less than a month and which justify the exclusion)
– The connection data (date, time, IP address, pages viewed) of the Member when browsing the Platform.
The Personal Data above is also kept in Intermediate Archiving for an additional period of two (2) years in accordance with the common limitation period.
– Payment receipts
– Amount of transactions carried out as well as the date and time of these transactions
The Personal Data above is also kept in Intermediate Archiving for an additional period of ten (10) years, in accordance with the tax and accounting obligations of the Data Controller.

6.2 Only the Personal Data designated on the Platform as mandatory are essential to benefit from an Account.

7. Recipients or categories of recipient

Country of establishment of the recipient of the dataNature of the data transferredPurpose of the proposed transferData recipient categories Level of protection offered by the country or exception provided for by the Personal Data Regulations
MALTApaymentPayment ProcessingPayment ProviderEU GDPR
IRELANDTrackingAnalysis of TrafficAnalytics ProviderEU GDPR

8. Internet Transaction Security
– In accordance with the T&Cs, the Platform uses the technology of an external service provider to secure Members’ banking transactions.
– Thus, when paying on the Platform, the Member’s bank details are transmitted encrypted to the service provider, without the Data Controller being able to read them.
– The Data Controller does not collect the full number of the Member’s bank card, nor its cryptogram.

9. Members’ rights

9.1 The Member may, at any time:
– Oppose and/or delete and/or limit and/or withdraw their consent to all or part of the Processing of their Personal Data carried out within the framework of the Services provided on the Platform for legitimate reasons;
– Access all of their Personal Data processed within the framework of the Services, including for portability purposes, provided that this is specified;
– Rectify and/or update their Personal Data processed within the framework of the Services!
– Obtain an oral reading of this Privacy Policy.

9.2 In addition, the Member has the possibility of defining with the Data Controller directives relating to the storage, erasure and communication of his Personal Data after his death, which directives may also be registered with “a certified digital trusted third party”. These directives, or a kind of “digital will”, can designate a person in charge of their execution; failing this, the Member’s heirs will be designated.

9.3 In the absence of any directive, the heirs may contact the Company in order to:
– Access to data processing allowing “the organization and settlement of the estate of the deceased”;
– Receive communication of “digital assets” or “data resembling family memories, transmissible to heirs”;
– Have his Account closed and oppose the continuation of the Processing of his Personal Data.

9.4 In any case, the Member has the possibility of indicating, at any time, to the Data Controller that he does not wish, in the event of death, that his Personal Data be communicated to a third party.

9.5 These rights can be exercised, at any time, with the Data Controller:
– By e-mail on the following page: [contact]
– By post to the following address:

[legal]

9.6 For the purpose of asserting his rights under the conditions referred to above, the Member must prove his identity by mentioning his surname, first name, e-mail address and by accompanying his request with a copy of his identity card.

9.7 The Member may also lodge a complaint with the competent supervisory authority.

10. The security of your password

10.1 The Data Controller takes all useful precautions to ensure the secure storage of the Member’s password.

10.2 However, the security of this password also depends on its design.

10.3 Also, the Member is reminded that his password, to be valid, must be composed of at least 8 characters.

10.4 Blocking of multiple attempts: delay in accessing the account after several failures, “captcha”.

10.5 Mnemonic devices are used to create complex passwords, such as:
– keep only the first letters of the words of a sentence; for example, the sentence “A Password is retained!” » corresponds to the password 1mdp@sr!
– by putting a capital letter if the word is a noun (ex: word)
– keeping punctuation marks (ex: !)
– by expressing numbers using digits from 0 to 9 (ex: One -> 1)

11. Cookies placed on the Member’s Terminal following their browsing on the Platform

11.1 Cookies are used on the Platform

11.2 A cookie is information placed on the Terminal which is used by the Member to access the Platform

11.3 Cookies are related to the navigation of the Member on the Platform and which make it possible to determine the pages he has consulted, their date and time of consultation.

11.4 At no time do these cookies allow the Platform to personally identify the Member.

11.5 The shelf life of these cookies in the Internet user’s and/or Member’s Terminal does not exceed thirteen (13) months.

11.6 More specifically, the Personal Data collected from cookies issued by the Data Controller or third parties allow:

11.7 To establish statistics and volumes of visits and use of the Platform to improve the interest and ergonomics of our Services;

11.8 To adapt the presentation of the Platform to the display preferences of the Member’s Terminal (language used, display resolution, operating system used, etc.);

11.9 To memorize information relating to a form completed by the Member on the Platform (registration or access to your account);

11.10 To allow the Member to access his Personal Profile using his pre-registered identifiers;

11.11 To implement security measures, for example when the Member is asked to connect to the Platform again after a certain period of time;

11.12 Thanks to cookies, the Data Controller collects and processes for the purposes determined above, all or part of the following Data:
– Information related to the Terminal of the Member and/or the Internet user:
– Its type of Terminal (Smartphone, tablet, computer, etc.);
– His operating system of his Terminal (Mac Os, iOS, Android, Windows, BlackBerry etc.);
– The categories and plug-in versions of its Terminal,
– Its Internet service provider (Orange, SFR, Bouygues, Free, etc.);
– The browser he uses (Safari, Chrome, Internet Explorer, etc.);
– His advertising identifier linked to the operating system of his Terminal;
– The IP address of his Terminal;
– The geolocation data of its Terminal;
– His language preferences.

11.13 Information on his browsing and behavior on the Platform:

11.14 Statistics on the consultation of the different pages of the Platform;

11.15 The full URL path to, through and from the Platform;

11.16 Information concerning the Member (age or age group, sex, declared and/or presumed socio-professional category, presumed centers of interest, etc.) linked to his activity on the Internet and communicated by third parties (advertisers, advertisements, etc).