POLICY ON THE PROTECTION OF PERSONAL DATA OF USERS
1. Definition and nature of personal data
When using the mobile service “Bunch’m” and/or the website accessible at the address bunchm.com (hereinafter the “Platform“), which allows people organising events of any kind to manage the organisation of these events and to communicate with guests, we may ask you to provide us with personal data concerning you, designating all data that make it possible to identify an individual directly or indirectly.
This data will be exported to our API at the following address: https://api.bunchm.com
In this context, we collect the following data:
- Information you provide us with
For the proper execution of the services we offer through the Platform, and in particular the payment services, we collect the following data:
- Information allowing your identification when opening your account or making a payment: name, surname, e-mail address, postal address, telephone number will be sent to our API at the following address: https://api.bunchm.com;
- Payment information: credit card numbers. We do not collect your BIC or IBAN when paying by bank transfer.
- Any information you choose to provide us with, including photos.
- Information that we automatically collect when you use the Platform
When you use the Platform and for the proper execution of the services, we may also collect personal data about you automatically through the tools and services offered on the Platform. In particular, we collect the following data:
- Information on how to use the Platform’s tools and functionalities: we collect information about your interactions with the Platform, including the pages or content viewed on the Platform, the links you clicked on;
- Connection information and information about the equipment and devices you use to connect to the Platform: we collect device connection data when you access and use the Platform, including if you have not opened an account on our Platform, including your IP address, connection dates and times, data about the hardware and software used, unique identifiers, crash data, pages viewed or displayed before or after connecting to the Platform;
- Information on payment transactions: date and time of payment in the case of payment by credit card, payment method used, expiry date of the payment method, amount of payment.
2. Purpose of this policy
The purpose of this document is to inform you about the means we use to collect and process your personal data, in strict compliance with your rights.
In this regard, we inform you that we comply, in the collection and management of your personal data, with Law No. 78-17 of 6 January 1978 on data processing, files and individual liberties, in its current version, as well as the General Data Protection Regulation.
3. Identity of the person responsible for data collection and processing
The company responsible for collecting and processing your personal data is Bunch’m, a simplified joint stock company, registered in the Nanterre Trade and Companies Register under number 834 216 228, whose registered office is located at 73 rue de Paris – 92 100 Boulogne-Billancourt (referred to hereafter as “We”).
4. Collection and processing of personal data
Your personal data is collected and processed for one or more of the following purposes:
- Manage your access to and use of the Platform and the services accessible on the Platform, as well as respond to any requests regarding your use of the services,
- Carry out operations relating to the management of our customers, when using our services, concerning contracts, orders, invoices, loyalty programs, followed by customer relations,
- Create a database of registered members, users, customers and prospects, resellers,
- Organise contests, lotteries and all promotional operations excluding online gambling and games of chance subject to the approval of the Regulatory authority for online games;
- Send newsletters or any informative messages relating to our news and/or any evolution of our services. In the event that you do not wish this to occur, we give you the opportunity to express your refusal when collecting your data;
- Advertise, including advertising of our products and services. In the event that you do not wish this to occur, we give you the opportunity to express your refusal at the time of collection of your data.
- Develop statistics on the use and use of our services,
- Handle the management of people’s opinions on products, services or content,
- Manage unpaid bills and potential disputes regarding the use of our products and services,
- Comply with our legal and regulatory obligations.
When collecting your personal data, we inform you whether certain data must be provided or whether it is optional. We also inform you of the possible consequences of a lack of response.
5. Recipients of the data collected and processed
Our company’s staff, the departments in charge of control (auditors in particular) and our subcontractors will have access to your personal data.
Through the Platform, you may communicate personal data about yourself to other Platform users. Each user remains solely and exclusively responsible for the use he/she makes of your data and for complying with any legal obligations he/she may have in connection with the processing of your personal data for professional purposes by him/herself, with his/her own means and for his/her own purposes. We are only responsible for our use of your personal data, to the exclusion of any other use by a user.
Public organisations may also be recipients of your personal data, exclusively to meet our legal obligations, court officers, ministerial officers and bodies responsible for debt recovery.
6. Transfer of personal data
Your personal data will not be transferred, rented or exchanged for the benefit of third parties, with the exception of our resellers who will be responsible for the processing of your orders.
However, you are informed that we reserve the right to disclose your data to third parties in completely anonymous and aggregated form, i.e. in a form that does not allow you to be identified in any way whatsoever.
7. Duration of storage of personal data
- Concerning data related to the management and follow-up of relations with users of our services:
Your personal data will not be stored for longer than is strictly necessary to manage our relationship with you. However, the data used to establish proof of a right or contract, which must be kept in order to comply with a legal obligation, will be kept for the period provided for by the law in force, i.e. a period of five (5) years.
We retain your data for a maximum period of three (3) years from the date of collection of your data or from the last contact made by the user or from the closure of your account on the Platform.
At the end of this three (3) year period, we may contact you again to find out if you wish to continue to receive information about our services.
- Concerning credit card data:
Financial transactions related to the payment of credit card transactions via the Platform are entrusted to a payment service provider who ensures the smooth running and security of the transactions.
For the purposes of the services, this payment service provider may receive your personal data concerning your credit card numbers, which it collects and stores in our name and on our behalf.
We do not have access to this data.
To allow you to make regular payments on the Platform, your credit card data is kept for the duration of your registration on the Platform and at least until you complete your last transaction.
By checking the box expressly provided for this purpose on the Platform, you give us your express consent for this storage.
The data concerning the visual cryptogram or CVV2, registered on your credit card, is not stored.
If you refuse to allow your personal data concerning your credit card numbers to be stored under the conditions specified above, we will not keep this data beyond the time necessary to enable the transaction to be carried out.
In any event, the data concerning it may be kept, for evidentiary purposes in the event of any dispute concerning the transaction, in intermediate archives for the period provided for in Article L 133-24 of the Monetary and Financial Code, in this case thirteen (13) months following the debit date. This period may be extended to fifteen (15) months in order to take into account the possibility of using deferred debit payment cards.
- Concerning the management of opposition lists:
The information allowing you to exercise your right of opposition is kept for a minimum of three (3) years from the date of exercise of the right of opposition.
- Concerning audience measurement statistics:
The information stored in the users’ terminal or any other element used to identify users and allowing their traceability or usage will not be stored for more than thirteen (13) months.
8. Security
We advise you to take all appropriate precautions, organisational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular to prevent it from being distorted, damaged or accessed by unauthorised third parties.
9. Hosting
We inform you that your data is stored and preserved, during the entire period of its storage on Skyeris’ servers, located at 37 rue des Joncs marins in La Ville du bois, in France, in the European Union.
Your data will not be transferred outside the European Union in the context of the use of the services we offer you.
10. Cookies
Cookies are text files, often encrypted, stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website server.
There are three types of cookies, which do not have the same purposes: technical cookies, social network cookies and advertising cookies:
- Technical cookies are used throughout your browsing experience to make it easier and to perform certain functions. For example, a technical cookie can be used to store the answers provided in a form or the user’s preferences regarding the language or presentation of a website, when such options are available.
- Social network cookies can be created by social platforms to allow website designers to share the content of their site on those platforms. These cookies may in particular be used by social platforms to track the navigation of Internet users on the website concerned, whether or not they use these cookies.
- Advertising cookies can be created not only by the website on which the user navigates, but also by other websites displaying ads, announcements, widgets or other elements on the page displayed. In particular, these cookies can be used to carry out targeted advertising, i.e. advertising determined according to the user’s navigation.
We use technical cookies. These are stored in your browser for a period of thirteen (13) months.
We do not use cookies from social networks. If we were to use them, these cookies would only be stored with your consent.
We also use advertising cookies. These cookies are only stored if you give your consent. You have the option to disable these cookies in your web browser settings.
We use a statistical audience analysis tool that generates cookies to measure the number of visits to the Platform, the number of pages viewed and visitor activity. We also use cookies to track crashes on the application. In any case, your IP address is also collected to determine the city from which you are connecting. The storage period of this cookie is mentioned in article 7 (v) of this policy.
We remind you for all intents and purposes that it is possible for you to refuse the deposit of technical cookies and cookies generated by our analysis tools, by configuring your browser. However, such a refusal could prevent the Platform from functioning properly.
11. Consent
When you choose to provide your personal data for the purpose of performing the services we offer through our Platform, you expressly consent to the collection and processing of your personal data in accordance with this Policy and applicable law.
For any use of your data that is not provided for in this policy, we will ask for your consent again before any further processing.
12. Access to your personal data
In accordance with Law No. 78-17 of 6 January 1978 on data processing, files and liberties, as well as the GDPR, you have the right to access your data to obtain, if necessary, rectification or deletion, through online access to your file. You can also contact us:
- e-mail address: contact@bunchm.com
- postal address: Bunch’m 73 rue de Paris 92100 Boulogne-Billancourt, France
It is recalled that any person may, for legitimate reasons, request a limitation to the processing of data concerning him or her or oppose such processing.
We will inform you that in the event of rectification or deletion of your personal data, as well as limitation of processing, carried out following a request from you, we will notify the persons to whom we have communicated your data, unless such communication proves impossible.
13. Portability of your personal data
You have a right to the portability of the personal data you have provided us, defined as data that you have actively and consciously declared in connection with the access and use of the services, as well as data generated by your activity in connection with the use of the services. We remind you that this right does not apply to data collected and processed on a legal basis other than the consent or performance of the contract between us.
This right can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to retrieve and store your personal data.
In this regard, we will send you your personal data, by any means deemed necessary, in an open standard format commonly used and machine-readable, in accordance with the state of the art.
14. Making a complaint to a supervisory authority
You are also informed that you have the right to submit a complaint to a competent supervisory authority (the Commission Nationale Informatique et Libertés pour la France) in the Member State in which your habitual residence, place of work or place where the violation of your rights would have been committed, if you consider that the processing of your personal data covered by this Policy constitutes a violation of applicable texts.
This appeal may be made without prejudice to any other appeal to an administrative or judicial court. Indeed, you also have the right to an effective administrative or judicial remedy if you consider that the processing of your personal data covered by this Policy constitutes a violation of the applicable texts.
15. Communication concerning a violation of personal data
If we notice a security breach in the processing of your data that could lead to a high risk to your rights and freedoms, we will inform you as soon as possible. We will detail to you on this occasion the nature of the violation encountered and the measures put in place to put an end to it.
16. Modifications
We reserve the right, at our sole discretion, to modify this policy in whole or in part at any time. These amendments will come into force as of the publication of the new policy. Your use of the Platform following the entry into force of these modifications will constitute recognition and acceptance of the new policy. Otherwise, and if this new policy does not suit you, you should no longer have access to the Platform.
17. Entry into force
This charter came into force on 01/01/2019.