1. Data Controller
Init ML, Simplified joint stock company RCS Bobigny n°885 384 289 Head Office: 40 rue Alexandre Dumas (hereinafter: « Us » or "we")
2. What is the purpose of the data collected?
Your personal data is processed to meet one or several of the following purposes:
- To provide you with our services
- To improve our services
- To follow up with our customers
- To constitute a record of customers and prospects
- To answer your information requests
- To send newsletters, requests and promotional advertisements
- To build up our statistics
- To manage unpaid invoices and possible disputes related to the use of our services
- To respect our legal and regulatory requirements
3. What is the legal basis for the processing?
- The performance of the contract you have entered into with us
- Our legitimate interest in developing and promoting our business
- To comply with our legal and regulatory obligations
4. What personal data do we collect?
The word "personal data" refers to any data that enables a person to be identified. We may collect the following data:
- Identification data (e.g. name, surname, email, phone number)
- Browsing data (e.g. IP address, logs)
- Economic and financial data (e.g. bank details)
- Photos taken by using the Application
Mandatory data are indicated when you provide us with your data. They are necessary to provide you with our services.
If you choose to sign in using a third-party authentication service (e.g. Google or Facebook), some data such as your name and your email can be collected by this service. By choosing this option, you agree that the said service provides us with these data.
5. With who do we share your data?
- Our team
- Our processors: web hosting provider, cloud provider, background removal tool
- If applicable: monitoring services (i.e. auditors), public authorities, exclusively to comply with our legal obligations, court officials, ministerial officers and other authorities in charge of debt collection.
6. How long are your data retained?
Data collected in order to provide our services, to follow up with customers and to prospect to current customers:
- Retention throughout the duration of the commercial relationship and 3 years beyond
Data collected for prospecting purposes:
- 3 years from data collection or from the last contact with the prospect
Data required for evidentiary purposes:
Retention throughout the duration of the statutory limitation period (generally 5 years)
Retention of photos throughout the duration of the commercial relationship
- 10 years
Credit card data:
- Retention pending the completion of the transaction
- Retention in intermediate archives during a 13-months period after the transaction for evidentiary purposes (15 months in case of a deferred debit card)
- If you have given your consent: retention throughout the duration of use of services in consideration of subsequent payments.
When you exercise your rights:
- If we ask for a proof of identity: we only retain it pending the verification of your identity.
- If you exercise your right of opposition to receive prospection: we retain this information during a 3-years period.
7. Are your data likely to be transferred outside the European Union?
Your data are hosted by the servers of Google Cloud Platform, USA.
They may be transferred outside the European Union while managing our tools and our relationships with our processors (see article 5 "With who do we share your data?").
This transfer is secured by the following safeguards:
- Either these data are transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission;
- Or we have entered into a specific contract with our subcontractors related to the transfer of your data outside the European Union, based on standard contractual clauses between a data controller and a data processor approved by the European Commission.
8. What rights do you have over your data?
You have the following rights with regard to your personal data:
- Right of access: You have the right to access all your personal data at any time.
- Right of rectification: You have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.
- Right to restriction of processing: You have the right to restrict the processing of your personal data in certain cases stated in art.18 of the GDPR.
- Right to erasure (‘right to be forgotten’): You have the right to demand that your personal data be deleted and to prohibit any future collection.
- Right to file a complaint to a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of applicable regulations.
- Right to define instructions related to the retention, deletion and communication of your personal data after your death.
- Right to data portability: You have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.
- Right to object: You have the right to object to the processing of your personal data. Please note however that we may continue to process your personal data despite this opposition for legitimate reasons or for the defense of legal claims.
You can exercise these rights by writing us using the contact details below. We may ask you on this occasion to provide us with additional information or documents to prove your identity.
9. Contact information for data privacy matters
Contact email: email@example.com Contact address: 40 rue Alexandre Dumas
Entry into force: October 17th 2020