Privacy policy

POLICY ON THE USE OF PERSONAL DATA

 

APIZEE intends to make control of your data and respect for your privacy a fundamental concern that is part of our values of trust and transparency.

 

In compliance with the General Data Protection Regulation (GDPR) No. 2016/679 came into force on May 25, 2018, we are committed to applying a very strict policy of your personal data.

 

Our policy is bound to evolve, due to legislative and regulatory developments, and we therefore invite you to consult it regularly.

 

1. TYPE OF DATA COLLECTED

 

A. THE DATA YOU PROVIDE :

  • On our websites

To access the resources of the Apizee websites and contact the sales department, we may collect your email address, your first and last name, the name of the company on behalf of which you access our resources, your telephone number, your country, and if applicable, the content of the message you send us.

 

 

  • For your account/subscription

To benefit from the services as a customer, you must be registered with APIZEE, either through our websites or under a contract with you.

APIZEE collects all the personal data that you provide when you register as a customer, namely your surname, first name, and if applicable postal address, mobile number, email address, and in some special cases your title, date of birth.

 

  •  For the realization of transactions

To place orders or transactions with APIZEE, you must provide your payment information (credit card number) and your surname, first name, country, telephone number and email address, which will be processed securely by our partner STRIPE®.

 

  • To contact customer support

When you contact our customer support, we may collect:

    • Your email address if you send us an email and/or your surname, first name, address and possibly the telephone and the email or fax if you send us a form.
    • The content of the messages you send us, by email, by form or via our customer support chat. (We may also collect technical data about your internet connection and ip address in some cases, your browser, and devices).

 

B. DATA WE COLLECT AUTOMATICALLY THROUGH YOUR USE OF OUR SERVICES

We record usage data when you access our service (or use it in any way).

 

In particular, APIZEE may collect, store or even use the following data: IP address, visitor number of the user’s website, statistics on the pages displayed, conversation histories, browsing histories, history of downloaded resources, physical contact details (city for example), and any other information provided by the user (name, the email address) or resulting in a possible identification of the latter.

 

We use login credentials and cookies to improve your browsing experience and to analyze your use of our services.

 

 

Information about cookies used on our website is available below in our COOKIES GESTION POLICY.

 

2. USE OF YOUR DATA

We process your personal data for the following purposes and on the basis of the following legal bases :

 

Type of treatment - Finality

Legal basis for treatment

Processing and management of requests and transactions, and execution of our services within the framework of the general conditions of sale and specific contracts, including for the use of functionalities and services and the execution of a possible payment.

Performance of the contract (GDPR, Article 6, §1, b).

Application of a regulation (e.g. logging of activities).

The legal obligation (GDPR Article 6, §1, c).

Sending newsletters by email, managing subscriptions to mailing lists.

Consent (GDPR, Article 6, §1, a), GDPR, Article 7)

Maintaining, guaranteeing and improving the quality of our products and services, in particular by carrying out and analysing satisfaction surveys and analysing customer feedback, and by processing personal data in a customer database, which makes it possible to identify a repeat customer, to better assess requirements and wishes, to improve the quality and personalization of communications, and to design offers specially adapted to needs.

Legitimate interest (GDPR, Article 6, §1, f)

Transfer personal data within the group for internal management purposes.

Legitimate interest (GDPR, Article 6, §1, f)

Prospecting to promote offers and service..

The legitimate interest for professionals Consent for private persons (GDPR, Article 6, §1, a), GDPR, Article 7)

Preservation of rights, for the purposes of crime prevention, for the purposes of litigation or defense against litigation, for the purposes of defending APIZEE's interests in the event of a dispute, for the purpose of preserving COMPUTER security, for the purpose of identifying risks related to fraud.

Legitimate interest (GDPR, Article 6, §1, f)

 

 

No transfer of data to third parties is carried out by APIZEE. We do not share your personal data with third parties without informing you and obtaining your consent.

 

3. DATA CONTROLLER

APIZEE is exclusively responsible for the processing of the personal data of its users.

 

APIZEE, registered in Saint-Brieuc under the number 790503973, having its registered office Espace Corinne Erhel – Building W9, 4 Rue Louis de Broglie – 22300 Lannion, represented by Mr. Michel L’Hostis, in his capacity as Chief Executive Officer, is responsible for the processing of the data it collects.

 

In certain circumstances, the controller of users’ personal data is constituted by the Service Provider who uses the services of APIZEE, which then intervenes in this case as a subcontractor.

 

4. RECIPIENTS OF THE DATA

he Personal Data collected is intended for APIZEE, the Data Controller. Only persons involved in the processing of data for one of the above purposes will be able to access your data only for this purpose.

 

The following may have access to some of your data:

  • APIZEE’s subcontractors as specified in Article 5 below, who provide software and services essential to APIZEE’s activity. As soon as APIZEE acts as a subcontractor of the processing of your personal data, these subcontractors have the status of “sub-processors”.

 

They provide services on behalf of APIZEE, including:

  • Performance of services and benefits,
  • Management of solicitations and requests,
  • Personalization of content,
  • Carrying out maintenance operations and technical developments,
  • Securing online payments and fighting fraud,
  • Collection of customer reviews,
  • Provision of analytical solutions or audience measurement statistics.

 

The access of subcontractors to your data is made on the basis of signed contracts mentioning the obligations incumbent on them in terms of protection of the security and confidentiality of the data.

  

  • Social media platforms

The use of social networks to interact with our sites and applications (including the “Share” buttons of Facebook, Twitter) is likely to lead to data exchanges. For example, if you are logged in to the social network Facebook and visit a page of the site, Facebook may collect this information. Similarly, if you view an article on the site and click on the “Tweet” button, Twitter will collect this information. We therefore invite you to consult the personal data management policies of the various social networks to be aware of the collections and processing they carry out on your data.

 

 

  • Our business partners

They promote products or services on their own behalf or on behalf of advertisers. We draw your attention to the fact that if you decide to subscribe to the products or services of our business partners and you let them access some of your information, in particular by connecting to their sites or applications, their privacy policies and their cookie deposits are enforceable against you. We have no control over the collection or processing of your data implemented by our business partners on their own platform.

 

 

  • Police, judicial or administrative authorities

When we have a legal obligation to do so or in order to guarantee the rights, property and safety of APIZEE.
The data may also be transferred to public bodies and institutions in the event of a legal obligation (e.g. at the request of tax authorities or judicial authorities).

 

5. PERSONAL DATA PROCESSORS

List of sub-processors of personal data for APIZEE :

 

Full identification Nature of the service Description of the Processing Operations Carried Out Places from which the service is provided Garantees implemented to enable the transfer
Mailjet Email sending solution Sending invitation emails for remote diagnostics France https://fr.mailjet.com/rgpd/mailjet-conformite-rgpd/ https://www.mailjet.com/dpa/
Stripe Online payment solution Sending the amount and Stripe ID to allow Stripe to complete the transactions. Users are redirected to the Stripe website for entering information (bank details, civil, companies ...) necessary for the banking transaction France https://stripe.com/en-fr/privacy
CM.com SMS Sending Solution Sending invitation SMS for remote diagnostics Pays Bas, France (support) https://www.cm.com/fr-fr/securite-conformite/
OVHCloud Hosting Provision of the network and hardware infrastructure hosting the Apizee solution France https://www.ovhcloud.com/fr/enterprise/certification-conformity/

 

Exchanges with SMS/email/payment providers are done via the Rest APIs made available by the providers, using the https protocol and an authentication key.

 

6. IS THE DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?


A transfer of personal data to organizations located outside the European Union (referred to as “third countries”) may occur if (a) such a transfer is necessary for the use of functionality and the performance of the service, (b) the law requires it, (c) or you have given your consent. In this case, we ensure that this transfer is carried out in compliance with the legislation on the transfer of personal data and in particular, that a sufficient level of protection of your personal data is guaranteed.

 

7. SHELF LIFE

Your personal data is kept as long as it remains necessary for the performance of contractual and legal obligations. When the data are no longer necessary for the performance of contractual obligations, they are regularly erased or anonymized, except where commercial or tax legal obligations require further processing involving an extended retention period.

 

The retention period of your personal data varies according to the purpose of their collection :

 

Prospect data

Data categories Purposes

Retention period

Data set Building and managing a lead file

3 years from the data collection or last contact from the prospect 

 

Active customer data

Data categories

Purposes

Retention period

Data set Customer account management and transaction management

For the duration of the contractual relationship and 5 years from the end of the business relationship 

 

Data about an inactive customer

Data categories

Purposes

Retention period

Contract performance data Managing customer account, orders, deliveries, billing, payments

10 years after the end of the contract or the last contact from the inactive customer

Identification and contact data - Inactive customers Sending information on the evolution of our offer

3 years after the end of the contract or the last contact from the inactive customer

Identification and contact data - Registered newsletters Sending information on the evolution of our offer

3 years after the end of the contract or the last contact from the inactive customer

Identification and Contact Data - Registered Web Account Sending information on the evolution of our offer

3 years after the end of the contract or the last contact from the inactive customer

Identification and Contact Data - Buyers Sending information on the evolution of our offer

3 years after the end of the contract or the last contact from the inactive customer

 

Cookie-generated data

Data categories Purposes

Retention period

Customer data as part of the  

5 years from the end of the business relationship

Data related to your browsing on our online services

How services work and optimize
Attendance measures
Personalizing contents and advertisements

13 months maximum

Data on the use of the service Journaling activity and analyzing the use of services

12 months from the activity that generated their collection

Documents and accounting documents, orders, delivery or receipt, customer, and supplier invoice  Preservation of accounting evidence

10 years from the end of the fiscal year

Data relating to the bank card (by the provider STRIPE®)  

13 months after a transaction is completed(depending on the debit date or 15 months for deferred debitcards).

Data that may be subject to judicial requisition (connection data, identity, contact details, transaction data) Protecting APIZEE's interests and responding to requests from authorized third parties

12 months from collection.

 

 

8. YOUR RIGHTS

 

In accordance with the regulations on personal data, and in particular Law No. 78-17 of 6 January 1978, amended by Law No. 2002-801 of 6 August 2004 known as the “Data Protection Act” and the European Data Protection Regulation No. 2016/670, known as “GDPR”, you have the following rights regarding your personal data:

 

  • ACCESS: this is your right to obtain confirmation as to whether or not your data is being processed, and if so, to access this data (under the conditions of Art. 15 GDPR);
  • RECTIFICATION: this is your right to obtain, as soon as possible, that your inaccurate data be rectified, and that your incomplete data be completed. In addition, you can modify the personal data at any time (under the conditions of Art. 16 GDPR);
  • DELETION/ERASURE: this is your right to obtain, as soon as possible, the erasure of your data, with the exception of those that are necessary for APIZEE in accordance with the indications in section 6 (under the conditions of Art. 17 GDPR);
  • LIMITATION: this is your right to obtain the restriction of processing when you object, when you dispute the accuracy of your data, when you believe that their processing is unlawful, or when you need it for the establishment, exercise or defence of your legal claims (under the conditions of Art. 18 GDPR);
  • OBJECTION: this is your right to object at any time to the processing of your data by APIZEE, when this is necessary for the purposes of APIZEE’s legitimate interests. In particular, you can object to the processing for direct marketing purposes (under the conditions of Art. 21 GDPR);
  • Where the processing of your personal data is based on a consent you have granted, you have the right to withdraw your consent at any time, without altering the lawfulness of the processing based on the consent carried out before such withdrawal (under the conditions of Articles 6, §1, a), and 7 GDPR);
  • PORTABILITY: this is your right to receive your data in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller without hindrance from us (under the conditions of Art. 20 GDPR);

Finally, you also have the following rights:

  • Right to be informed within one month of the measures taken following a request (under the conditions of Art. 12 GDPR);
  • Right to be informed of acts of rectification, erasure or limitation (under the conditions of Art. 19 GDPR);
  • Right to be informed as soon as possible in the event of a data breach that could result in a high risk to rights or freedoms (under the conditions of Art. 34 GDPR).
  • In the event of a dispute over the conditions relating to the collection and processing of your personal data, you also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (www.cnil.fr);
  • You can also give instructions regarding the retention, erasure and communication of your data after your death. In the absence of instructions from you, you are informed that your heirs have a right to oppose the further processing of your personal data or to have them updated.

The exercise of your rights with APIZEE must be carried out by contacting APIZEE at the contact details below.

 

9. DATA PROTECTION

If you have any questions about this Privacy Policy or any request relating to your personal data, you can contact our Data Protection Officer:

By sending a letter to: APIZEE – Data Protection – Espace Corinne Erhel – Bâtiment W9, 4 Rue Louis de Broglie – 22300 Lannion

You must justify your identity and provide the context in which you provided us with your Personal Character Data (the date of the claim and/or reason).

10. SECURITY OF YOUR DATA

As a data controller and processor of our customers, we implement appropriate technical and organisational measures in accordance with the applicable legal provisions, to protect your personal data against alteration, accidental or unlawful loss, unauthorized use, disclosure or access, and in particular:

 

  • The appointment of a data protection officer;
  • Monitoring our security of information systems;
  • Raising awareness of the confidentiality requirements of our employees who have access to your personal data;
  • Securing access to our premises and IT platforms;
  • The implementation of a general IT security policy of the company;
  • Securing access, sharing and transfer of data;
  • The high level of data protection requirements when selecting our subcontractors and partners.

 

Our protection measures include firewalls, organizational measures (such as a username/password system, physical protection means, etc.).

 

In addition, when you transmit your credit card information during a transaction, SSL (Secure Socket Layer) encryption technology helps secure your exchanges. Our partner STRIPE® in charge of transaction management is PCI DSS (Payment Card Industry Data Security Standard) certified data security standard applicable to the payment card industry. This PCI DSS standard aims to reduce online fraud.