1. Deﬁnition and nature of personal data
The following terms and key deﬁnitions, when capitalised, have the meaning assigned to them in the General Conditions of Service.
When you use the Services oﬀered on the site www.wisembly.com (hereafter: the "Site"), we may ask you to provide us with your personal data.
In the context of this policy, the term "personal data" refers to all data that identiﬁes an individual, in particular: your name, ﬁrst names, postal and e-mail addresses, telephone numbers, date of birth, company name, job title, data relating to your transactions on the Site, details of your purchases and subscriptions, credit card numbers, as well as any other information that you choose to share with us.
2. Purpose of this Policy
The purpose of this Policy is to inform you about how we collect your personal data, with the strictest respect for your rights.
We inform you that we comply, in the collection and the management of your personal data, with the law Act n°78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, in its current version (hereafter: the “Data Protection Act”), as well as Regulation (EU) 2016/679 of 27 April 27 2016 on the protection of individuals with regard to the processing of personal data and the free movement of this data (hereafter: the "GDPR").
3. Identity of the data controller
The company responsible for collecting your personal data is WISEMBLY, SAS, a registered society under the Paris RCS, number 523 455 566, with its headquarters at 66 Avenue des Champs-Elysées, 75008 Paris, France (hereafter: “We").
4. Collection of personal data
The legal basis for our collection of your personal data is as follows:
- The performance of a contract when you purchase a Licence, register on our Site and use our Services.
- The legitimate interest when you voluntarily provide us with personal data during your visit to our Site, the data then being collected to enable us to better respond to your requests about our Services.
- Your consent for the Google Analytics cookies referred to in Article 9.
Your personal data is collected to fulﬁl one or more of the following purposes:
- To manage your access to the Services accessible on the Site and their use;
- To manage Customers and Beneﬁciaries concerning contracts, orders, invoices, loyalty programs, monitoring of the relationship with Customers;
- To create a record in our Customers, Beneﬁciaries and marketing database;
- To send newsletters and promotional messages. If you do not wish it, we will give you the option of refusal on this subject when collecting your data;
- To use trade and traﬃc analytics for our Services;
- To manage our customers’ feedback on products, Services or content;
- To deal with unpaid bills and possible disputes regarding the use of our Services;
- To personalise answers to your enquiries;
- To comply with our legal and regulatory obligations.
We will inform you, when collecting your personal data, whether certain data must be entered or when they are optional. Mandatory data is necessary for the operation of the Services. Regarding optional data, you are entirely free to provide it or not. We will also advise you of the possible consequences of a failure to respond.
5. Processors of the collected data
The following recipients will have access to your personal data:
- the staﬀ of our company,
- the departments responsible for control (external auditors in particular) and,
- our subcontractors.
Public bodies may also be recipients of your personal data, exclusively to meet our legal obligations: these include court oﬃcials, civil servants and debt recovery agencies.
6. Transfer of personal data
Your personal data will not be the subject of transfers, rentals or exchanges for the beneﬁt of third parties.
7. Retention period of personal data
- Management of Customers, Beneﬁciaries and marketing database:
Your personal data are kept for the period strictly necessary for the management of our commercial relationship with you.
Regarding any marketing operations intended for you, your data may be kept for a period of 3 (three) years from the end of the commercial relationship.
The data making it possible to establish proof of a right or a contract, to be kept for compliance with a legal obligation, will be kept for the period provided for by the law in force.
Personal data relating to a subject of marketing, who is not a client, may be kept for a period of 3 (three) years from their collection or from the last contact with the subject.
At the end of this 3 (three) year period, we may contact you again to ﬁnd out if you wish to continue to receive commercial communications.
- Identity documents:
In the event of exercise of the right of access or rectiﬁcation, data relating to identity documents may be kept for the period provided for in Article 9 of the Code of Criminal Procedure (the French law), i.e. 1 (one) year. In the event of the exercise of the right to opt-out, this data may be archived during the limitation period provided for by Article 8 of the Code of Criminal Procedure (the French law), i.e. 3 (three) years.
- Bank card data
Financial transactions relating to payment for purchases and fees via the Site are entrusted to the payment service provider Stripe (https://stripe.com/fr/privacy) which ensures their smooth running and security.
For service requirements, this payment service provider may be the recipient of your personal data relating to your bank card numbers, which it collects and stores in our name and on our behalf.
We do not have access to this data.
To enable you to make regular purchases or to pay the related costs of the Site, your bank cards data are kept for the time of your registration on the Site and at the very least, until the moment you complete your last transaction.
By checking the box provided for this purpose on the Site, you give us your consent for this storage. The visual cryptogram or CVV2 data, printed on your bank card, are not stored.
If you refuse to have your personal data relating to your bank card numbers stored under the conditions speciﬁed above, we will not keep this data beyond the time necessary to allow the transaction to be carried out.
In any case, the data relating to these may be kept, for the purpose of proof in the event of a possible dispute of the transaction, in intermediate archives, for the period provided for by article L 133-24 of the monetary and ﬁnancial Code, in this case 13 (thirteen) months following the debit date.
This period can be extended to 15 (ﬁKeen) months in order to take into account deferred payments.
- Management of the lists of opt-outs to receiving marketing enquiries.
The information conﬁrming your decision to opt-out is kept for at least 3 (three) years from the exercise of opt-out rights
As referred to in Article 10, we retain cookie data for 13 (thirteen) months.
We will advise you to take all useful precautions, whether organisational and technical, to protect the security, integrity and conﬁdentiality of your personal data; and, in particular, to prevent them from being distorted, damaged or accessed by unauthorised third parties. We will also use secure payment systems that comply with the relevant regulations.
We recommend that you observe the security measures put in place by our data hosting service providers, the company Oxalide and the company MicrosoK Azure, whose measures are accessible at the following websites:
- Oxalide: https://www.oxalide.com/politique-de-conﬁdentialite/.
- MicrosoK Azure: https://azure.microsoK.com/fr-fr/privacy-data-management/.
Your data is collected and stored, for the duration of its safe keeping, on Oxalide's and Microsoft Azure's servers, located in the European Union.
Your data is also likely to be hosted on servers of Trello Inc., Zendesk Inc., Intercom Inc., and Google LLC, companies all located in the US.
Your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured using the following tools:
- Either your data are transferred to a country that has been deemed to oﬀer an adequate level of protection by a decision of the European Commission;
- Or we have agreed a speciﬁc contract with our subcontractors governing the transfer of your data outside the European Union, on the basis of standard contractual clauses between a data controller and a subcontractor approved by the European Commission.
The cookies are text ﬁles, oKen encrypted, stored in your browser. They are created when a user's browser loads a given website: the site sends information to the browser, which then creates a text ﬁle. Each time the user returns to the same site, the browser retrieves this ﬁle and sends it to the website's server.
We use several diﬀerent types of cookies, which do not have the same purpose:
- Technical cookies are used throughout your browsing, to make browsing easier and to perform certain functions. A technical cookie can, for example, be used to retain the responses provided in a form or the user's preferences regarding the language or presentation of a website, when such options are available.
We use technical cookies.
- Social media cookies can be set by social plaporms to allow web designers to share their site content on such plaporms. These cookies can in particular be used by social plaporms to track the navigation of Internet users on the concerned website, whether or not they use these cookies.
We do not use social media cookies. If we decide to do so later, we will ask for your consent before depositing them. You will also be given the opportunity to learn more about them before accepting or refusing them.
- Advertising cookies can be created not only by the website the user is browsing, but also by other websites displaying advertisements, announcements, widgets or other elements on the displayed page. These cookies can in particular be used to carry out targeted advertising, that is to say advertising determined according to the user's navigation.
We do not use advertising cookies. If we decide to do so later, we will ask for your consent before applying them. You will also be given the opportunity to learn more about them before accepting or refusing them.
- We use Google Analytics, which is a statistical audience analysis tool that generates a cookie to measure the number of visits to the Site, the number of page views, and visitor activity. Your IP address is also collected to determine the city from which you are connecting. This cookie is only placed if you give your consent. You can accept it or refuse it.
We will remind you that you can reject cookies by conﬁguring your browser. Such a refusal may however prevent the proper functioning of the Site.
11. Personal data access
In accordance with the Data Protection Act and the GDPR, you have the right to access and, where applicable, rectiﬁcation or erasure of data concerning you.
You can also contact us:
- By email: email@example.com
- By post : Wisembly, 66 Avenue des Champs-Elysées, 75008 Paris, France
People whose data is collected on the basis of our legitimate interest, as mentioned in Article 4, are reminded that they may at any time object to the processing of data concerning them. We may, however, be required to continue processing if there are legitimate reasons for it which prevail over your rights and freedoms or if the processing is necessary to establish, exercise or defend our legal rights.
12. Right to deﬁne guidelines for data processing aLer your death
You have the right to deﬁne guidelines for the retention, erasure and access of your personal data aKer your death.
These guidelines can be general, that is to say, they cover all the personal data that concerns you. In this case, they must be registered with a trusted digital third party certiﬁed by the CNIL in France (la Commission Nationale de l'Informatique et des Libertés - National Commission on Informatics and Liberty).
The instructions can also be speciﬁc to data processed by our company. You should then send them to us at the following address:
- By email: firstname.lastname@example.org
- By post: Wisembly, 66 Avenue des Champs-Elysées, 75008 Paris, France
By sending us such guidelines, you expressly give your consent for them to be stored, transmitted and executed in the manner provided herein. In your directives, you can appoint a person responsible for their execution. This person will then have the right, on your decease, to take note of the aforementioned directives and to ask us for their implementation. In the absence of such designation, your heirs will have the right to take cognisance of your directives on your death and ask us to implement them.
You can change or revoke your guidelines at any time by writing to us at the contact details above.
13. Portability of your personal data
You have a right to the portability of the personal data that you have provided to us, understood as the data that you have actively and consciously declared in the context of access and use of our services, as well as data generated by your activity in connection with the use of these services. We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the execution of the contract between us.
This right can be exercised free of charge, at any time, and in particular when closing your account on the Plaporm, in order to retrieve and store your personal data.
In this context, we will send you your personal data, by any means deemed preferable, in a standard open format commonly used and machine-readable, in accordance with the state of the art.
14. Filing a complaint before a supervisory authority
You have the right to lodge a complaint with a competent supervisory authority (such as La Commission Nationale de l’Informatique et des Libertés in France), in the Member State in which your usual residence is located, your place of work or the place where the violation of your rights would have been committed, if you consider that the processing of your personal data covered by this Policy constitutes a violation of the applicable laws.
The appeal may be exercised without prejudice to any other appeal to an administrative or judicial jurisdiction. Indeed, you also have a right to an eﬀective administrative or judicial appeal if you consider that the processing of your personal data covered by this Policy constitutes a violation of the applicable laws.
15. Limitation of processing
You have the right to request the restriction of the processing of your personal data, in the following cases:
- In the course of an audit period that we implement while you question the accuracy of your personal data;
- When the processing of this data is illegal, and you want to limit this processing rather than delete your data;
- When we no longer need your personal data, but you want them to be stored in order to exercise your rights;
- During the veriﬁcation period of legitimate reasons, when you have objected to the processing of your personal data.
We reserve the right, at our sole discretion, to modify this Policy at any time, in whole or in part. These amendments will come into force as of the publication of the new Policy. Your use of the Site following the entry into force of these changes will constitute recognition and acceptance of the new Policy. If you do not accept this new Policy, you will no longer have access to the Site.
17. Start date
This Policy entered into force on 2018/05/25.