Legal

Policy relating to the protection Of the users’ personal data

1. Definition and nature of the personal data

When you use the Stormz platform (hereinafter the “Platform”), which enables you, as professionals, to conduct collaborative workshops, we may ask you to provide us with personal data concerning you, meaning all data allowing to identify an individual either directly or indirectly.

Within this framework, we collect the following data:

1.1 Information that you provide to us

For the proper performance of the services offered through the Platform, we collect the following data:

  • identifying information when creating your account: e-mail address, pseudonym which can be composed of your surname(s) and first name(s), photography,
  • any information you will choose to provide us.

1.2 Information that our payment service provider collects from you, on our behalf

The financial transactions concerning the payment of our services are entrusted to a payment service provider which ensures the smooth running and safety of these transactions.

For the proper performance of the services offered through the Platform and for the purposes of payment services, this service provider collects the following data, in our name and on our behalf:

  • information on payment operations: credit card numbers, date and time of the payment, expiry date of the means of payment, amount of the payment, address associated to the means of payment
  • invoicing information: surname, first name, e-mail address, invoicing address, company number (SIRET) We have access to this data; however, your bank details are only accessible in pseudonymised form (only the last 4 numbers are visible).

1.3 Information we automatically collect when you use the Platform

When you use the Platform and for the proper performance of the services, we may also collect personal data concerning you, automatically through the tools and services offered on the Platform.

Within this framework, we collect the following data:

  • Information on the use of the Platform tools and functionalities: we collect information concerning your interactions with the Platform including the pages or contents consulted on the Platform, the links on which you have clicked;
  • Login information and information concerning the equipment and devices you use to connect to the Platform: we collect device connection information when you access and use the Platform, even if you have not created an account on our Platform, and in particular, your IP address, operating system, connection dates and times, unique identifiers, crash data, pages viewed or displayed before and after connecting to the Platform. Your IP address also allows us to determine the city from which you are connected.

2. Purpose of this policy

The purpose of this policy is to inform you about the means we use to collect and process your personal data, in the strictest respect of your rights.

In this context, we inform you that, when collecting and managing your personal data, we comply with Law n° 78-17 dated January 6th, 1978 relative à l'informatique, aux fichiers et aux libertés, in its current version, as well as with the General Data Protection Regulation (hereinafter the “GDPR”).

3. Identity of the person collecting and processing the data

Your personal data is collected and processed by Stormz, a French simplified joint stock company (société par actions simplifiée) registered with the Trade Registry of Pontoise under number 750 296 741, the registered office of which is located 122 T rue Pierre Brossolette – 95590 Presles, France (hereainafter “We”).

4. Collection and processing of personal data

Your personal data is collected and processed for one or more of the following purposes:

  • (i) Managing your access to the Platform and the services accessible on the Platform as well as their use, and responding to any request concerning your use of the services,
  • (ii) Carrying out operations concerning the management and monitoring of our relations with users when they use our services,
  • (iii) Establishing a file of registered members and users,
  • (iv) Sending newsletters or all informative messages concerning the use of the Platform, our news and/or the evolution of our services. If you do not wish to receive these newsletters and informative messages, you may formally refuse it when your data is collected,
  • (v) Developing statistics concerning the use and frequentation of our services,
  • (vi) Optimising the operation and efficiency of the services we offer you,
  • (vii) Complying with our legal and regulatory obligations, in particular with respect to the fight against bank fraud. In that respect, we are in particular bound to transmit, verify or authenticate your information collected during payment transactions.

When collecting your personal data, we inform you if certain information to be provided is compulsory or optional. We also inform you of the possible consequences of a failure to provide said information.

5. Recipients of the data collected and processed

Our company’s staff, services in charge of control (auditors in particular), and our subcontractors will have access to your personal data.

Your personal data may also be provided to public organizations, exclusively to comply with our legal obligations, court officers and bodies in charge of debt recovery.

6. Assignment of personal data

Your personal data will not be assigned, rented or exchanged to the benefit of third parties.

However, you are informed that we reserve the right to communicate your data to third parties in fully anonymised an aggregated form, i.e. in a form that does not allow to identify you in any way.

7. Period during which personal data will be stored

(i) Concerning data relating to the management and monitoring of the relations with the users of our services:

Your personal data will not be stored for a period exceeding what is strictly necessary to manage our relationship with you. However, any data that enables us to evidence the existence of a right or an agreement, which must be kept to comply with a legal obligation, will be stored for the period provided for under the law in force.

We keep your data for a maximum period of three (3) years from the date it was collected, the last contact from the user or the closing of your account on the Platform.

At the end of this three (3) year period, we may contact you again in order to know if you wish to keep receiving information concerning our services.

(ii) Concerning data relating to credit cards:

Your data relating to your credit cards are kept for the time necessary to complete the transaction.

In any case, these data may be kept for evidence purposes in case of a dispute concerning the transaction, in interim archives, for the duration provided for under article L. 133-24 of the French Monetary Code (Code monétaire et financier), i.e. thirteen (13) months from the debit date. This period may be extended to fifteen (15) months in order to take into account the possibility to use deferred debit cards.

(iii) Concerning the management of the lists of objections to prospecting:

The information allowing to take into account your right to object are kept for a minimum period of three (3) years from the date this right was exercised.

(iv) Concerning audience measurement statistics:

The information stored in the users’ terminal or any other element used to identify the users and allowing their traceability or attendance will not be kept for more than thirteen (13) months.

8. Security

We inform you that we take all useful precautions, and appropriate operational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular to prevent them from being distorted, damaged or accessed by unauthorised third parties.

9. Hosting

We inform you that your data is kept and stored, throughout their conservation period, on Bearstech’s servers located in France, in the European Union.

Your data will not be transferred outside the European Union in connection with the use of the services we offer you.

10. Cookies

Cookies are text files, often crypted, stored in your browser. They are created when the browser of a user loads a given website: the website sends information to the browser, which then creates a text file. Each time the user returns on the same website, the browser retrieves such file and sends it to the website’s server.

Three types of cookies can be distinguished, which do not have the same purposes: technical cookies, social networks cookies and advertising cookies:

  • Technical cookies are used throughout your navigation, in order to facilitate it and to carry out certain functions. For example, a technical cookie can be used to memorise answers provided in a form or the user’s preferences regarding the language or presentation of a website, where such options are available.
  • Social networks cookies can be created by social platforms to allow website designers to share the content of their site on said platforms. In particular, these cookies can be used by social platforms to track the navigation of internet users on the concerned website, whether or not they use these cookies.
  • Advertising cookies can be created not only by the website on which the user is browsing, but also by other websites broadcasting advertisements, ads, widgets or other elements on the page displayed. These cookies can in particular be used to carry out targeted advertising, i.e. advertising determined according the user’s navigation.

We use only technical cookies. These cookies are stored in your browser for a period of thirteen (13) months.

We do not use social networks cookies or advertising cookies. Should we use such cookies, they will only be placed if you give our consent. You will be able to obtain information on their nature, to accept or refuse them.

We might also use cookies generated by third parties’ solutions, such as Google Analytics, Mixpanel or Segment, which are statistical tools for audience analysis allowing to measure the number of visits on the Platform, the number of pages viewed and the visitors’ activity, as well as to improve your browsing activity and increase the overall performances of our Platform.

These cookies are kept for the duration mentioned in article 7(iv) of this policy.

For all intents and purposes, we inform you that it is possible to object to the placement of technical cookies and cookies generated by third parties’ solutions, by configuring your browser. However, such a refusal could prevent the proper functioning of the Platform.

When you choose to communicate your personal data for the purpose of the services we offer through our Platform, you expressly consent to their collection and processing in accordance with this policy and the law in force.

12. Access to your personal data

In accordance with the GDPR, you have the right to access your data (article 15 of the GDPR) in order to obtain its communication and, as the case may be, to obtain its rectification or erasure (articles 16 and 17 of the GDPR) through an online access to your file. You may also contact:

  • E-mail address: contact@stormz.me
  • Postal address: 122 T rue Pierre Brossolette – 95 590 Presles, France

It is reminded that any person may, for legitimate reasons, request that the processing of his/her data be restricted (article 18 of the GDPR) or object to said processing (articles 21 and 22 of the GDPR).

In case of a rectification or erasure of your personal data, as well as in case of restriction of processing, following a request from you, we will notify these modifications to the persons to whom we have disclosed your data, unless such communication proves impossible (article 19 of the GDPR).

13. Portability of your personal data

You have a right to portability of the personal data you have provided us, understood as the data you have actively and consciously declared when accessing and using the services as well as the data generated by your activity when using the services (article 20 of the GDPR). We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the performance of the contract between us.

This right can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to retrieve and keep your personal data.

In this context, we will send you your personal data, by any means deemed useful, in a standard commonly used and machine-readable open format, in accordance with the state of the art.

14. Lodging a complaint before a supervisory authority

You are also informed of your right to lodge a complaint with a competent supervisory authority (the Commission Nationale Informatique et Libertés for France), in the Member state within which you have your habitual residence, your place of work, or within which the violation of your rights was committed, if you consider that the processing of your personal data subject to this policy constitutes an infringement of applicable provisions.

This complaint may be lodged without prejudice to any other administrative or judicial remedy. Indeed, you also have a right to obtain effective administrative or judicial redress if you consider that the processing of your personal data subject to this policy constitutes an infringement of applicable provisions.

15. Notification of personal data breach

If we find a security breach in the processing of your personal data likely to result in a high risk to your rights and freedoms, we will inform you without undue delay (article 34 of the GDPR). We will detail the nature of the breach encountered as well as the measures implemented to put an end to it.

16. Modifications

We reserve the right, at our sole discretion, to modify this policy at any time, in whole or in part. These modifications will come into force upon publication of the new policy. Your use of the Platform following the coming into force of said modifications will be deemed to constitute an acknowledgment and acceptance of the new policy. Failing this, and if this new policy does not suit, you must no longer access the Platform.

17. Coming into force

This policy comes into force on September 28th, 2020.