1 - What are the key concepts of the General Data Protection Regulation (GDPR)?
In addition to the notions already defined in the general terms and conditions, the following terms are added, the meaning of which is defined by the "General Data Protection Regulation" (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC:
Personal Data: any information that allows, in any form whatsoever, the identification of the natural persons to whom it applies. An identifiable individual is one who can be identified by reference to a name, an identification number or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Data subjects: persons who can be identified, directly or indirectly, within the framework of the Company's activities (commercial activity, marketing, customer relations, etc.), i.e. all Users, Customers and Prospects of Skyloud.
Data controller: organization that - alone or jointly with others - determines the "why" and the "how" of data processing, i.e. its purpose (objectives pursued) and its means (conditions of implementation, in particular on the technical, material and organizational level).
Subcontractor: an organization that processes data on behalf of and at the direction of another organization, the Data Controller.
Processing of Personal Data: any operation applied to data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction
2 - Who is the Data Controller of your Personal Data?
The Company Skyloud determines the purposes and means of processing your Personal Data. Within the framework of the edition of the Site and the management of the Accounts, the Company therefore acts as the Data Controller within the meaning of Article 4 of the RGPD.
3 - What are the categories of Personal Data concerned?
Identification data: first and last name; e-mail address; password; telephone number; profession; company (name, company name or SIRET).
Connection data: country of connection; IP address; log; User ID, etc.
Web data: cookies and browsing data; reviews and comments left on multiple channels, such as our websites or social networks.
Financial data: data relating to the credit card of the Person concerned within the framework of the payment of the subscription carried out via a service provider.
Banking Data: data relating to the Data Subject's bank account in the context of the bank synchronization carried out through a service provider.
4 - What are the purposes associated with the processing of Personal Data?
Customer account data: identification and connection data
- Consent when you create your account without making a payment and for data that is not strictly necessary for the execution of the contract.
- Execution of the contract
- Manage your access and use of the application through the implementation of technical support
- Implement and send you tips and tricks about our products or services electronically (blog and help center)
Loyalty data: identification data, connection data, web data.
- Execution of the contract
- Constitute and update a database of users, customers and prospects (statistics and audience measurement)
- To set up and send you by electronic means commercial and advertising information adapted to your preferences and possible needs (newsletters, solicitations and promotional messages).
Prospecting data: identification data, connection data, web data.
- Legitimate interest of the controller
- To manage the opinions and feedback of our services and content
- Optimize the operation of Georges by improving our services and website based on your experience
Customer experience data: identification data, login data, web data.
- Legitimate interest of the controller
5 - Who are the recipients of your Personal Data?
Access to Personal Data is strictly controlled. The Company ensures that the data is only accessible to authorized internal or external recipients.
The clearance policy is updated regularly and takes into account the arrival and departure of Company employees with access to data. If an employee becomes aware that he or she has access to data to which he or she should not have access, he or she is required to notify the appropriate department immediately. All accesses concerning the processing of Personal Data of Data Subjects are subject to a traceability measure.
In addition, your Personal Data may be transmitted to third-party service providers who are required to use it only for the purposes for which the Company has entrusted it to them, including :
In this context, the Company ensures that the security of your Data is preserved through strict control:
6 - How long do you keep your Personal Data?
The Company retains your data for a certain period of time in order to provide you with its services or assistance. The Company may also retain some of your information if necessary, even after you have closed your account or it no longer needs it to provide its services to you. Your Personal Information will not be transferred, rented or exchanged to third parties. The length of time the Company retains your Personal Information is determined by the Company in accordance with legal and contractual requirements and, if not, according to its needs:
Retention periods for each category of Personal Data
User and Customer data (identification data, web data, customer relationship management): The data relating to Users and Customers are kept for the entire duration of the opening of the Account and up to 90 days thereafter. This duration can be increased by 3 years for animation and prospecting purposes and by 5 years for archiving purposes as of the deletion of the Account or unsubscription.
Prospect data (identification and web data): Prospect data is kept for a maximum of 3 years from the date of collection or last contact from the Prospect.
Technical data (connection data and cookies): Connection data (IP addresses and logs of the Persons concerned) are kept for a period of one year from the last connection or last use of Skyloud. Cookies can be kept for a period of 13 months from the last manifestation of consent.
Financial data (payment methods): The financial transactions relating to the payment of subscription fees via the site are entrusted to a payment service provider who ensures the hosting, the smooth running and the security. The recipient of your Personal Data relating to your credit card numbers, it collects and stores them in our name and on our behalf during the execution of the payment operations. We never have access to your payment data.
Banking data (connection data, account synchronization and historical data): The collection of banking transactions is outsourced to a banking synchronization provider who ensures the hosting, the smooth running and the security. They collect and store login and bank transaction data on our behalf for the duration of your use of Skyloud. We never have access to the identification data of the banking interface.
The data used to establish proof of a right or a contract (customer data, etc.) or kept to comply with a legal obligation (invoicing data, etc.), are subject to an intermediate archiving policy for a period not exceeding the time required for the purposes for which they are kept, in accordance with the provisions in force.
After the set time limits, the data is either deleted or kept after being anonymized, in particular for statistical purposes. Data Subjects are reminded that the deletion or anonymization of data stored in its systems are irreversible operations and that the Company is not, thereafter, able to restore them.
7 - What security measures are applied on your Personal Data:
As a Data Controller, the Company is committed to aligning its practices to comply with European regulations and guarantee a level of security appropriate to the risk (Article 32 §1 of the GDPR).
The organizational security measures taken by the Company in the context of its processing of Personal Data include, but are not limited to, the following measures:
The technical security measures taken by the Company in connection with its processing of Personal Data include, but are not limited to, the following measures:
8 - What are your rights regarding your Personal Data and how to exercise them?
In order to allow a regular update of the personal data collected by the Company, this one will be able to solicit the Persons concerned who will have for obligation to satisfy the requests of the Company. In accordance with the regulations applicable to personal data, the Persons concerned have the following rights:
Right of access (Article 15 of the RGPD): they can exercise their right of access, to know the Personal Data concerning them.
Right of rectification (Article 16 of the RGPD): if the Personal Data held by the Company are inaccurate, they can request the update of the information; The persons concerned are informed that the Company will not proceed to any so-called "comfort" modification, these being possible from the "Profile" tab in the "Settings" section of the Skyloud account. Only substantial modifications to the civil status, identity, profession and contact details of the person concerned will be made.
Right of deletion (Article 5 of the GDPR concerning the "purging" of data and Article 17 of the GDPR concerning the deletion of data or "right to be forgotten"): Data Subjects may request the deletion (in whole or in part) of their Personal Data, in accordance with applicable data protection regulations.
Right to limit processing (Article 18 of the GDPR): Data Subjects may request the Company to limit the processing of their Personal Data in accordance with the assumptions set forth in the GDPR.
Right to object to data processing (Article 21 of the GDPR): data subjects may object to their data being processed in accordance with the assumptions set forth in the GDPR.
Right to portability (Article 20 of the GDPR): they can claim that the Company hands over the Personal Data they have provided to them for transmission to a new entity, within the strict framework of the applicable data protection regulations.
You can exercise one or more of these rights by contacting us via the dedicated module. This one-month period may be extended by two months if the complexity of the request and/or the number of requests require it. In order to protect us from any risk of data leakage or identity theft, some requests will need to be accompanied by a photocopy of a signed, valid identity document.
9 - How to contact our Data Protection Officer?
For any other more general information on the protection of Personal Data, you can consult the website of the National Commission for Information and Liberties (CNIL) at the following address: www.cnil.fr
Our policy on Personal Data (in terms of confidentiality and cookies) may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations of the CNIL (the French Data Protection Authority) or practices. Any new version of this Policy will be brought to the attention of the Persons concerned by any means defined by the Company, including electronically (e.g. distribution by e-mail or online).