Confidentiality policy
1 - Preamble
This confidentiality policy applies to the following websites: smappen.fr, api.smappen.fr and smappen.com.
It completes the general terms of the website, and will expose the way in which smappen makes use of personal user data. Personal data will be defined as any data related to an identified or identifiable natural person.
2 - General principles of data collection and processing
In accordance with article 5 of the General Data Protection Regulation (EU) 2016/679 (hereinafter “the GDPR”), personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness, transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’);
In accordance with article 6 of the GDPR, smappen swears that collection and processing of personal data shall only be possible if:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3 - Personal data collected and processed while navigating the website
A – Collected data and tools of collection
The websites collect the following data:
- Account information:
When you create your account, we will ask you to communicate information which is necessary for the requested services to function.
-
- E-mail address
- Password
- When purchasing a service:
- Name, Surname
- Name of you business
- Tax number
- Payment information:
smappen will not directly collect payment data from its clients in order to ensure its safety, payment data is processed by our partner, STRIPE.
- While using our service:
- Number of requests
- Last log-in
- Data is kept for:
- 5 years after your last use of our Platforms, in accordance with the right to erasure (see below “5 – User rights”), the user can at any time ask for their account to be deleted, during which process the entirety of their stored data will also be deleted;
- In accordance with article L123-22 of the Code du Commerce, billing information will be kept for a period of 10 years;
- Data collected in this manner is used for the following purposes:
- Send you information about our services (for example, payment confirmation) by e-mail, or other forms of communication;
- Allow you to customize your profile on our Platforms;
- Grant you access to and allow you to communicate with our Website;
- Ensure adherence to relevant legislation, to our general terms of use, and to our confidentiality policy. In case of non-aderence on your part, we may suspend your account;
- With your consent, send you marketing messages, ads and promotions, information on how to use our services, reservation procedures, suggestions and advice for goods and services which may interest you, or to inform you of any modifications in our services;
B – Data transfer
Payment data is sent to our partner Stripe, who secures the collection of this data, and states that the protection they provide is compliant with the Privacy Shield, and therefore provides a level of protection suitable to send your personal data to the United States of America.
Data is transferred the ZAPIER to simplify billing, this company states that the protection they provide is compliant with the Privacy Shield, ensuring the protection of your personal data.
C – Data hosting
The websites’ host is OVH SAS, head office located at: 2, rue Kellermann – 59100 Roubaix – France.
4 - Data processing responsibility
The smappen company is responsible for processing data. They can be contacted at the following address: [email protected].
The data controller commits to gather only the data necessary to processing, and to secure this data. They commit to always inform the user of the purposes for which this data has been collected.
They commit to inform the user by all available means whether the integrity, confidentiality or security of this data are ever compromised.
5 - User rights
You have the right to ask for a copy of your personal data (right of access).
You may also ask for the erasure and/or rectification of your personal data (right to erasure and right to rectification). By law or if we have a legitimate reason to do so, we may archive some of your information. For example, if we believe that you may have committed fraud or gone against our General Terms of Use, and if we want to prevent you from bypassing the rules of our community.
You can, at any time, object to the processing of your personal data for direct marketing purposes, or for processing carried out on the basis of our legitimate interests (right to object).
You have the right to temporarily freeze the use of some of your data (right to restriction of processing).
You have the right to request the Personal Data you have sent us in a structured, commonly used and machine-readable format, and the right to send this data to another controller (right to data portability).
You have the right to lodge a complaint with a supervisory authority or to seek compensation from the relevant courts if you believe that we have infringed on your rights.
6 - Use of cookies
A cookie is text file recorded by the user’s computer when they visit a web page. These files simplify and improve navigation for the user and enable statistical studies for the web page’s host.
The use of cookies will involve informing the user and asking for their consent via a cookie overlay; once given, consent will be valid for 13 months.
The user may at any time delete the cookies which have been recorded by their Internet browser.
To learn more, follow these links:
- http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies (Internet Explorer)
- https://support.google.com/accounts/answer/61416?hl=en (Google Chrome)
- https://support.apple.com/kb/PH19214?locale=en_US&viewlocale=en_US (Safari)
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox)
- http://help.opera.com/Windows/10.20/en/cookies.html (Opera)
7 - Changes in our confidentiality policy
We may at some point modify this Confidentiality Policy, in which case we will inform you and request your consent.
We advise you to regularly check on this page to learn about possible changes.
Current version July 1st, 2019.