POLICY ON THE USE OF PERSONAL DATA
APIZEE intends to make control of your data and respect for your privacy a fundamental concern that is part of our values of trust and transparency.
In compliance with the General Data Protection Regulation (GDPR) No. 2016/679 came into force on May 25, 2018, we are committed to applying a very strict policy of your personal data.
Our policy is bound to evolve, due to legislative and regulatory developments, and we therefore invite you to consult it regularly.
1. TYPE OF DATA COLLECTED
A. THE DATA YOU PROVIDE:
- On our websites
To access the resources of the Apizee websites and contact the sales department, we may collect your email address, your first and last name, the name of the company on behalf of which you access our resources, your telephone number, your country, and if applicable, the content of the message you send us.
- For your account/subscription
To benefit from the services as a customer, you must be registered with APIZEE, either through our websites or under a contract with you.
APIZEE collects all the personal data that you provide when you register as a customer, namely your surname, first name, and if applicable postal address, mobile number, email address, and in some special cases your title, date of birth.
- For the realization of transactions
To place orders or transactions with APIZEE, you must provide your payment information (credit card number) and your surname, first name, country, telephone number and email address, which will be processed securely by our partner STRIPE®.
- To contact customer support
When you contact our customer support, we may collect:
Your email address if you send us an email and/or your surname, first name, address and possibly the telephone and the email or fax if you send us a form.
The content of the messages you send us, by email, by form or via our customer support chat. (We may also collect technical data about your internet connection and ip address in some cases, your browser, and devices).
B. DATA WE COLLECT AUTOMATICALLY THROUGH YOUR USE OF OUR SERVICES
We record usage data when you access our service (or use it in any way).
In particular, APIZEE may collect, store or even use the following data: IP address, visitor number of the user’s website, statistics on the pages displayed, conversation histories, browsing histories, history of downloaded resources, physical contact details (city for example), and any other information provided by the user (name, the email address) or resulting in a possible identification of the latter.
We use login credentials and cookies to improve your browsing experience and to analyze your use of our services.
Information about cookies used on our website is available below in our COOKIES GESTION POLICY.
2. USE OF YOUR DATA
We process your personal data for the following purposes and on the basis of the following legal bases:
No transfer of data to third parties is carried out by APIZEE. We do not share your personal data with third parties without informing you and obtaining your consent.
3. DATA CONTROLLER
APIZEE is exclusively responsible for the processing of the personal data of its users.
APIZEE, registered in Saint-Brieuc under the number 790503973, having its registered office Espace Corinne Erhel – Building W9, 4 Rue Louis de Broglie – 22300 Lannion, represented by Mr. Michel L’Hostis, in his capacity as Chief Executive Officer, is responsible for the processing of the data it collects.
In certain circumstances, the controller of users’ personal data is constituted by the Service Provider who uses the services of APIZEE, which then intervenes in this case as a subcontractor.
4. RECIPIENTS OF THE DATA
The Personal Data collected is intended for APIZEE, the Data Controller. Only persons involved in the processing of data for one of the above purposes will be able to access your data only for this purpose.
The following may have access to some of your data:
- APIZEE’s subcontractors as specified in Article 5 below, who provide software and services essential to APIZEE’s activity. As soon as APIZEE acts as a subcontractor of the processing of your personal data, these subcontractors have the status of “sub-processors”.
They provide services on behalf of APIZEE, including:
- Performance of services and benefits,
- Management of solicitations and requests,
- Personalization of content,
- Carrying out maintenance operations and technical developments,
- Securing online payments and fighting fraud,
- Collection of customer reviews,
- Provision of analytical solutions or audience measurement statistics.
The access of subcontractors to your data is made on the basis of signed contracts mentioning the obligations incumbent on them in terms of protection of the security and confidentiality of the data.
- Social media platforms
The use of social networks to interact with our sites and applications (including the “Share” buttons of Facebook, Twitter) is likely to lead to data exchanges. For example, if you are logged in to the social network Facebook and visit a page of the site, Facebook may collect this information. Similarly, if you view an article on the site and click on the “Tweet” button, Twitter will collect this information. We therefore invite you to consult the personal data management policies of the various social networks to be aware of the collections and processing they carry out on your data.
- Our business partners
They promote products or services on their own behalf or on behalf of advertisers. We draw your attention to the fact that if you decide to subscribe to the products or services of our business partners and you let them access some of your information, in particular by connecting to their sites or applications, their privacy policies and their cookie deposits are enforceable against you. We have no control over the collection or processing of your data implemented by our business partners on their own platform.
- Police, judicial or administrative authorities
When we have a legal obligation to do so or in order to guarantee the rights, property and safety of APIZEE.
The data may also be transferred to public bodies and institutions in the event of a legal obligation (e.g. at the request of tax authorities or judicial authorities).
5. PERSONAL DATA PROCESSORS
List of sub-processors of personal data for APIZEE :
Exchanges with SMS/email/payment providers are done via the Rest APIs made available by the providers, using the https protocol and an authentication key.
6. IS THE DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?
A transfer of personal data to organizations located outside the European Union (referred to as “third countries”) may occur if (a) such a transfer is necessary for the use of functionality and the performance of the service, (b) the law requires it, (c) or you have given your consent. In this case, we ensure that this transfer is carried out in compliance with the legislation on the transfer of personal data and in particular, that a sufficient level of protection of your personal data is guaranteed.
7. SHELF LIFE
Your personal data is kept as long as it remains necessary for the performance of contractual and legal obligations. When the data are no longer necessary for the performance of contractual obligations, they are regularly erased or anonymized, except where commercial or tax legal obligations require further processing involving an extended retention period.
The retention period of your personal data varies according to the purpose of their collection:
Active customer data
Data about an inactive customer
8. YOUR RIGHTS
In accordance with the regulations on personal data, and in particular Law No. 78-17 of 6 January 1978, amended by Law No. 2002-801 of 6 August 2004 known as the “Data Protection Act” and the European Data Protection Regulation No. 2016/670, known as “GDPR”, you have the following rights regarding your personal data:
- ACCESS: this is your right to obtain confirmation as to whether or not your data is being processed, and if so, to access this data (under the conditions of Art. 15 GDPR);
- RECTIFICATION: this is your right to obtain, as soon as possible, that your inaccurate data be rectified, and that your incomplete data be completed. In addition, you can modify the personal data at any time (under the conditions of Art. 16 GDPR);
- DELETION/ERASURE: this is your right to obtain, as soon as possible, the erasure of your data, with the exception of those that are necessary for APIZEE in accordance with the indications in section 6 (under the conditions of Art. 17 GDPR);
- LIMITATION: this is your right to obtain the restriction of processing when you object, when you dispute the accuracy of your data, when you believe that their processing is unlawful, or when you need it for the establishment, exercise or defence of your legal claims (under the conditions of Art. 18 GDPR);
- OBJECTION: this is your right to object at any time to the processing of your data by APIZEE, when this is necessary for the purposes of APIZEE’s legitimate interests. In particular, you can object to the processing for direct marketing purposes (under the conditions of Art. 21 GDPR);
- Where the processing of your personal data is based on a consent you have granted, you have the right to withdraw your consent at any time, without altering the lawfulness of the processing based on the consent carried out before such withdrawal (under the conditions of Articles 6, §1, a), and 7 GDPR);
- PORTABILITY: this is your right to receive your data in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller without hindrance from us (under the conditions of Art. 20 GDPR);
Finally, you also have the following rights:
- Right to be informed within one month of the measures taken following a request (under the conditions of Art. 12 GDPR);
- Right to be informed of acts of rectification, erasure or limitation (under the conditions of Art. 19 GDPR);
- Right to be informed as soon as possible in the event of a data breach that could result in a high risk to rights or freedoms (under the conditions of Art. 34 GDPR).
- In the event of a dispute over the conditions relating to the collection and processing of your personal data, you also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (www.cnil.fr);
- You can also give instructions regarding the retention, erasure and communication of your data after your death. In the absence of instructions from you, you are informed that your heirs have a right to oppose the further processing of your personal data or to have them updated.
The exercise of your rights with APIZEE must be carried out by contacting APIZEE at the contact details below.
9. DATA PROTECTION
- By email: firstname.lastname@example.org
- By using this online form: https://www.apizee.com/contact-us/
- By sending a letter to: APIZEE – Data Protection – Espace Corinne Erhel – Bâtiment W9, 4 Rue Louis de Broglie – 22300 Lannion
You must justify your identity and provide the context in which you provided us with your Personal Character Data (the date of the claim and/or reason).
10. SECURITY OF YOUR DATA
As a data controller and processor of our customers, we implement appropriate technical and organisational measures in accordance with the applicable legal provisions, to protect your personal data against alteration, accidental or unlawful loss, unauthorized use, disclosure or access, and in particular:
- The appointment of a data protection officer;
- Monitoring our security of information systems;
- Raising awareness of the confidentiality requirements of our employees who have access to your personal data;
- Securing access to our premises and IT platforms;
- The implementation of a general IT security policy of the company;
- Securing access, sharing and transfer of data;
- The high level of data protection requirements when selecting our subcontractors and partners.
Our protection measures include firewalls, organizational measures (such as a username/password system, physical protection means, etc.).
In addition, when you transmit your credit card information during a transaction, SSL (Secure Socket Layer) encryption technology helps secure your exchanges. Our partner STRIPE® in charge of transaction management is PCI DSS (Payment Card Industry Data Security Standard) certified data security standard applicable to the payment card industry. This PCI DSS standard aims to reduce online fraud.