When you use the Stormz platform (hereinafter the “Platform”), which enables you, as professionals, to conduct collaborative workshops, we may ask you to provide us with personal data concerning you, meaning all data allowing to identify an individual either directly or indirectly.
Within this framework, we collect the following data:
For the proper performance of the services offered through the Platform, we collect the following data:
The financial transactions concerning the payment of our services are entrusted to a payment service provider which ensures the smooth running and safety of these transactions.
For the proper performance of the services offered through the Platform and for the purposes of payment services, this service provider collects the following data, in our name and on our behalf:
We have access to this data; however, your bank details are only accessible in pseudonymised form (only the last 4 numbers are visible).
When you use the Platform and for the proper performance of the services, we may also collect personal data concerning you, automatically through the tools and services offered on the Platform.
Within this framework, we collect the following data:
The purpose of this policy is to inform you about the means we use to collect and process your personal data, in the strictest respect of your rights.
In this context, we inform you that, when collecting and managing your personal data, we comply with Law n° 78-17 dated January 6th, 1978 relative à l'informatique, aux fichiers et aux libertés, in its current version, as well as with the General Data Protection Regulation (hereinafter the “GDPR”).
Your personal data is collected and processed by Stormz, a French simplified joint stock company (société par actions simplifiée) registered with the Trade Registry of Pontoise under number 750 296 741, the registered office of which is located 122 T rue Pierre Brossolette – 95590 Presles, France (hereainafter “We”).
Your personal data is collected and processed for one or more of the following purposes:
When collecting your personal data, we inform you if certain information to be provided is compulsory or optional. We also inform you of the possible consequences of a failure to provide said information.
Our company’s staff, services in charge of control (auditors in particular), and our subcontractors will have access to your personal data.
Your personal data may also be provided to public organizations, exclusively to comply with our legal obligations, court officers and bodies in charge of debt recovery.
Your personal data will not be assigned, rented or exchanged to the benefit of third parties.
However, you are informed that we reserve the right to communicate your data to third parties in fully anonymised an aggregated form, i.e. in a form that does not allow to identify you in any way.
Your personal data will not be stored for a period exceeding what is strictly necessary to manage our relationship with you. However, any data that enables us to evidence the existence of a right or an agreement, which must be kept to comply with a legal obligation, will be stored for the period provided for under the law in force.
We keep your data for a maximum period of three (3) years from the date it was collected, the last contact from the user or the closing of your account on the Platform.
At the end of this three (3) year period, we may contact you again in order to know if you wish to keep receiving information concerning our services.
Your data relating to your credit cards are kept for the time necessary to complete the transaction.
In any case, these data may be kept for evidence purposes in case of a dispute concerning the transaction, in interim archives, for the duration provided for under article L. 133-24 of the French Monetary Code (Code monétaire et financier), i.e. thirteen (13) months from the debit date. This period may be extended to fifteen (15) months in order to take into account the possibility to use deferred debit cards.
The information allowing to take into account your right to object are kept for a minimum period of three (3) years from the date this right was exercised.
The information stored in the users’ terminal or any other element used to identify the users and allowing their traceability or attendance will not be kept for more than thirteen (13) months.
We inform you that we take all useful precautions, and appropriate operational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular to prevent them from being distorted, damaged or accessed by unauthorised third parties.
We inform you that your data is kept and stored, throughout their conservation period, on Bearstech’s servers located in France, in the European Union.
Your data will not be transferred outside the European Union in connection with the use of the services we offer you.
Cookies are text files, often crypted, stored in your browser. They are created when the browser of a user loads a given website: the website sends information to the browser, which then creates a text file. Each time the user returns on the same website, the browser retrieves such file and sends it to the website’s server.
Three types of cookies can be distinguished, which do not have the same purposes: technical cookies, social networks cookies and advertising cookies:
We use technical cookies. These cookies are stored in your browser for a period of thirteen (13) months.
We do not use social networks cookies or advertising cookies. Should we use such cookies, they will only be placed if you give our consent. You will be able to obtain information on their nature, to accept or refuse them.
These cookies are kept for the duration mentioned in article 7(iv) of this policy.
For all intents and purposes, we inform you that it is possible to object to the placement of technical cookies and cookies generated by third parties’ solutions, by configuring your browser. However, such a refusal could prevent the proper functioning of the Platform.
When you choose to communicate your personal data for the purpose of the services we offer through our Platform, you expressly consent to their collection and processing in accordance with this policy and the law in force.
In accordance with the GDPR, you have the right to access your data (article 15 of the GDPR) in order to obtain its communication and, as the case may be, to obtain its rectification or erasure (articles 16 and 17 of the GDPR) through an online access to your file. You may also contact:
It is reminded that any person may, for legitimate reasons, request that the processing of his/her data be restricted (article 18 of the GDPR) or object to said processing (articles 21 and 22 of the GDPR).
In case of a rectification or erasure of your personal data, as well as in case of restriction of processing, following a request from you, we will notify these modifications to the persons to whom we have disclosed your data, unless such communication proves impossible (article 19 of the GDPR).
You have a right to portability of the personal data you have provided us, understood as the data you have actively and consciously declared when accessing and using the services as well as the data generated by your activity when using the services (article 20 of the GDPR). We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the performance of the contract between us.
This right can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to retrieve and keep your personal data.
In this context, we will send you your personal data, by any means deemed useful, in a standard commonly used and machine-readable open format, in accordance with the state of the art.
You are also informed of your right to lodge a complaint with a competent supervisory authority (the Commission Nationale Informatique et Libertés for France), in the Member state within which you have your habitual residence, your place of work, or within which the violation of your rights was committed, if you consider that the processing of your personal data subject to this policy constitutes an infringement of applicable provisions.
This complaint may be lodged without prejudice to any other administrative or judicial remedy. Indeed, you also have a right to obtain effective administrative or judicial redress if you consider that the processing of your personal data subject to this policy constitutes an infringement of applicable provisions.
If we find a security breach in the processing of your personal data likely to result in a high risk to your rights and freedoms, we will inform you without undue delay (article 34 of the GDPR). We will detail the nature of the breach encountered as well as the measures implemented to put an end to it.
We reserve the right, at our sole discretion, to modify this policy at any time, in whole or in part. These modifications will come into force upon publication of the new policy. Your use of the Platform following the coming into force of said modifications will be deemed to constitute an acknowledgment and acceptance of the new policy. Failing this, and if this new policy does not suit, you must no longer access the Platform.
This policy comes into force on September 28th, 2020.