The company MODE, registered in France under the number 844858027, whose head office is located 32, rue de Fessart – 92100 Boulogne – FRANCE (“the Company”), is the controller of the personal data processing of the mobile application BACKSTAGE (“the Application”).
For such processing the Company complies with the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) as well as French law n°78-17 of 6 January 1978.
The Company has appointed Mr Maxime DUMAS as Data Protection Officer (“DPO”), who can be contacted:
- by email: firstname.lastname@example.org
- by post: DPO – Société MODE – 32, rue de Fessart – 92100 Boulogne–FRANCE.
Article 1 – Controller of the processing
The Company is the controller of the personal data processing, such as defined in article 4 of GDPR. For any question or for the exercise of the rights as listed in article 7 herebelow, the User can contact Maxime DUMAS to the addresses mentioned in preamble.
The provision by the User of his personal data is based on the contractual relation established between the Company and him, as a result of his subscription and the creation of his User account. The User is informed that failing to provide such information he will not be able to benefit the Services offered by the Company which will not be able to verify his identity if necessary.
Article 2 – Categories of personal data processed, categories of data subjects and purposes of the data processing
The Company collects, stores and processes the User personal data only for the purpose of the commercial activity of the Application, based on the User account subscription, legally framed by the Terms & Conditions of the Application.
Categories of personal data processed are:
-first and last name
-date and place of birth
-connexion hours on the Application
-username and password of the User account
In addition, upon User’s former authorization, his phone-contact data may be interconnected with data of the Application, in order to allow the User, on one hand, to identify in his contacts those who use the Application and, on the other hand, to send a notification to those who do not use it.
Purposes of the data processing are:
-management of the Application;
-management of the Users
–customer relationship management;
-commercial, prospection and marketing purposes.
Categories of data subjects are the Users who subscribed on the Application.
Article 3 –Recipients, processors and transfers of personal data to third parts
The recipients of data are the processors hereafter listed and the partner companies of the Company, such as, in particular, advertisers or local service providers (restaurants, beauty salons, hairdressers, sports halls, etc. located where the User is geolocated), it being specified that the data transferred does not allow the Users to be identified individually, unless the User authorizes otherwise.
The User is informed that all or part of his personal data may be communicated by the Company to the following processors (as defined in the GDPR):
-Data are hosted by Google Cloud Platform (https://cloud.google.com) on the EU territory.
-In addition, data are entirely stored and processed on the platform Google Firebase, for which data processing security measures are indicated: https://firebase.google.com/support/privacy/.
-Platform Sendgrid (https://sendgrid.com/) is recipient of the processing for newsletter and emailing purposes; it complies with EU-US Privacy Shield dispositions regarding personal data protection.
Any change in this list will be transmitted to the User. The User will be able to object it by writing to the DPO at the addresses mentioned in preamble.
Article 4 – Technical and organisational protection measures
Any person who accesses the processing has committed to strictly respect its confidentiality. The access is nominative and controlled by access codes. Headquarters are locked.
The User on his side has to identify himself through his personal and nominative User account, accessible with personal and confidential username and password.
This authentication process guarantees a traceability and a restricted access, complying with security and confidentiality rules and applicable legislation.
The User commits to take all necessary measures to ensure strict confidentiality for its identifying codes and password uses and warrants to not communicate, assign nor make them available to a third party.
Article 5 – Transferof personal data outside EU
The Company does not transfer personal data to any third party outside EU, except the processors and recipients listed hereabove and within the UK.
In case of any change of this provision, the Company will inform the User so as to allow him to object by writing to the DPO at the addresses mentioned in preamble.
Article 6 – Storage period
Personal data processed by the Company are stored for the whole duration of the User’s subscription on the Application.
The User is informed the Company may store his personal data beyond the aforementioned period if it appears to be necessary for the Company to establish proof or to exercise or defend its rights.
Article 7 – Rights of data subjects
Right of access
The User has the right to obtain from the Company all information regarding the processing. The User can also ask the Company to provide him with all the third parties to whom personal data have been transferred to.
The User has the right to obtain from the Company one copy of personal data undergoing processing, provided it does not affect rights and freedoms of third parties.
Right of rectification
The User has the right to obtain from the Company the rectification of his processed personal data if they are inaccurate or incomplete. The Company may ask for substantiating documents if need be.
Rightof erasure – right to be forgotten
The User has the right to obtain from the Company to erase his personal datawhen (i) they are no longer necessary for the processing in relation to its purposes; (ii) when the User has withdrawn his consent for the processing and there is no legal grounds for the processing; (iii) when the User has exercised his right to object and there is no overriding legitimate grounds for the processing; (iv) when the User personal data have been unlawfully processed; or (v) the User personal data must be erased due to legal obligations of the Company.
The Company may however store the User personal data if the Company has to comply with a legal obligation or in case it appears necessary to establish proof or to exercise or defendits rights.
Right to restriction of processing
The User has the right to exercise its restriction right of processing. In such case, the Company will not process the personal data without the User’s consent except for the establishment, exercise or defence of legal claims or for public interests.
In case of obtention of restriction of the User’s personal data pursuant this provision, the User shall be informed by the Company before the restriction of processing is lifted.
Right to data portability
The User has the right to receive from the Company the personal data processed in a structured, commonly used and machine-readable format and has also to right to transmit such personal data to another controller without hindrance from the Company, where technically feasible, provided it does not affect rights and freedoms of third parties.
Right to object
The User has the right to object processing of his personal data for prospection purposes.
Contact: to exercise these rights, the User shall write tothe DPO at the addresses indicated in preamble.
Article 8 – Supervisory authority
Any claim or lodge a complaint regarding the processing of personal data can be addressed to the supervisory authority of France: CNIL (Commission Nationale Information et Libertés).