The Data Controller offers a platform PETROLETTES (hereafter, the “Platform”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). The Platform is available at the following url address https://petrolettes.app/.
The Data Controller is particularly aware and sensitive with regards to the respect of its Users privacy and personal data protection. The Data Controller commits to ensure the compliance of the processing it carries out as data controller in accordance with the Data Protection Law. Data Protection Law is the EU Regulation n°2016/679 regarding data protection dated April 27, 2016 named General Data Protection Regulation or “GDPR”.
The Data Controller has appointed a Data Protection Officer (hereinafter “DPO”) you may contact at the following address: [email protected]
Date of last update: 2021/09/17.
1. COLLECTED PERSONAL DATA
1.1 When subscribing on the Platform When subscribing to the Platform, the User is informed that their following personal data is collected for the purpose of creating a user account:
• First name
• Last name
• Email address
• banking details
• social media accounts
• phone number
The User is informed that it is not possible to access the Platform without providing the mandatory data strictly necessary to create an account and authenticate the User.
1.2 During the use of the Platform
The User may validly publish, at its own initiative, any content on the Platform which shall be kept by Data Controller:
2. THE PURPOSE OF THE DATA PROCESSING
The Data Controller and its subcontractors process personal data that are freely transferred by the User when accessing the services proposed by the Platform for the following purpose:
Creation and management of a user account
Management of data subjects rights according to the Personal Data Legislation
Storage of User personal data
Management of transactions through the Platform
Management of delinquencies and claims
Management of prospection operations
• Sending email prospect campaigns in the Name of the Data Controller and/or their commercial partners
• Sending newsletters in the Name of the Data Controller and/or their commercial partners
3. DATA RETENTION PERIOD
The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform. Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted after a period of 6 months.
4. DATA TRANSFERS
The Users’ data are stored in the European Economic Area (EEA) by the Data Controller, its non-profit association, and its trusted service providers. However, depending on the processing, the Users’ data may also be transferred in a country outside the EEA, to our trusted service providers.
When transferring data outside the EEA, the Data Controller ensures that the data are transferred in a secured manner and with respect to the Data Protection Law. When the country where the data are transferred does not have a protection comparable to that of the EU, the Data Controller uses “appropriate or suitable safeguards”.
When the service providers to whom personal data are transferred, are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission.
5. COMMITMENT OF THE DATA CONTROLLER
The Data Controller commits to process the User’s personal data in compliance with the Data Protection Law and undertake to, notably, respect the following principles:
• Process the User’s personal data lawfully, fairly, and in a transparent manner;
• Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• Do the best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date and take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
• Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
• Limit the access to the Users’ data to the persons duly authorized to this effect;
• Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.
6. EXERCISE OF THE USERS’ RIGHTS
The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability, and to object.
When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
The User can exercise its rights by sending an email to the following email address [email protected] provided that the User justifies their identity.
In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent supervisory authority. For any additional information, you can review your rights on the websites of the competent authorities.
The competent supervisory authorities are listed on the following website: http://ec.europa.eu/justice/article-29/structure/data-protectionauthorities/index_en.htm.
8. RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA
Only authorized persons working for the Data Controller and, in some cases, their subsidiaries, can access the User’s personal data. The Data Controller makes their best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of the User’s personal data.
The Data Controller also uses trusted service providers to carry out a set of operations on their behalf for hosting and payment services. The Data Controller can also use service providers in the tech industry, editors of specific tools integrated in the Platform for technical purposes.
The Data Controller only provides service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. The Data Controller does their best to ensure that all these trusted service providers only process the personal data on the Data Controller’s documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing.
List of the main service providers:
KIT UNITED 44 rue la Fayette 75009 Paris France | HIVEBRITE solution | https://hivebrite.com/privacy-policy
Stripe 510 Townsend Street San Francisco CA 94103 USA | Payment Service | https://stripe.com/fr/privacy
Paypal 21 rue Banque 75002 Paris France | Payment Service | https://www.paypal.com/us/webapps/mpp/ua/privacyfull
Google Cloud Platform Gordon House 4 Barrow St Dublin Ireland | Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups | https://cloud.google.com/security/privacy/
Amazon AWS 38 avenue John F. Kennedy L-1855 Luxembourg | Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups | https://aws.amazon.com/de/compliance/gdpr-center/
Sentry 132 Hawthorne Street San Francisco CA 94107 USA | Production and storage of error logs enabling our developers to correct the code | https://sentry.io/privacy/
Sendgrid 375 Beale Street, Suite 300 San Francisco CA 94105 USA | Sending of emailsfrom the Platform | https://api.sendgrid.com/privacy.html
Hivebrite, Inc. 16 Nassau St New York NY 10038 USA | Customer support for the Platform | https://hivebrite.com/privacy-policy