VeraCash Customer Privacy Policy

1. Definition and nature of personal data

When you use the website accessible at the address www.veracash.com (hereinafter the “Platform”), we may ask you for personal data about yourself and/or a minor under your guardianship, which allow for the direct or indirect identification of the data subject.
Within this context, we may collect the following personal data from you.


1.1 Information which you provide to us

We collect the following data for the purpose of performing the services we offer via the Platform:

  • Information permitting your identification: full name, email address, telephone number, postal address and username;
  • Information needed to verify your identity: a copy of your government issued ID card or passport and proof of address;
  • Payment information: bank card numbers, and IBAN and BIC/SWIFT numbers in the case of SEPA transfers;
  • Any information you choose to communicate to us.



  • 1.2 Information which we automatically collect when you use the Platform

    When you use the Platform, and for the purpose of the performance of our services, we may also collect your personal data automatically by means of the tools and services offered on the Platform, including the following data in particular:

  • Information about use of the Platform’s tools and features: we collect information about your interactions with the Platform, namely the pages and content you view and the links on which you click;
  • Connection data and information about the equipment and devices you use to log into the Platform: we collect device connection data whenever you access and use the Platform, including if you do not have an account with us, namely including your IP address, the dates and times of your visits, data about the hardware and software you are using, unique identifiers, crash data, and the pages viewed or displayed before and after you connect to the Platform;
  • Information about payment transactions: payment dates and times, payment methods used, payment method expiry dates and payment amounts.



  • 2. Object of this policy

    The purpose of this policy is to inform you of the means we use to collect and process your personal data, in strict accordance with your rights.
    On that subject, you are informed that we collect and manage your personal data in accordance with the current version of the French Data Protection Act no. 78-17 of 6 January 1978, as well as with the General Data Protection Regulation (hereinafter the “GDPR”).


    3. Identity of the data controller

    The data controller which is responsible for collecting and processing your data is the company VeraCash, a simplified joint stock company registered with the Bordeaux Trade & Companies Register (RCS) under number 808 689 657, with head offices located at 42 rue Tauzia, 33800 Bordeaux, France (referred to herein as “we” or “us”).


    4. Personal data collection and processing

    Your personal data are collected and processed for one or several of the following purposes:

    (i) Management of your access to the Platform and to the services available on the Platform, along with use thereof, as well as for responses to any requests concerning your use of the services;
    (ii) Performance of operations relating to the management and monitoring of our relations with our users when they make use of our services;
    (iii) Establishment of a record of registered members and other users;
    (iv) Transmission of newsletters and other informational messages about our latest news and/or any changes to our services. If you do not wish to receive these, you can choose to opt out at the time of data collection;
    (v) Transmission of advertisements, particularly targeted advertisements. If you do not wish to receive these, you can choose to opt out at the time of data collection;
    (vi) Production of statistics on the use of and traffic to our services;
    (vii) Optimization of how our products and services work and how effective they are;
    (viii) Management of people’s reviews of our products, services and content;
    (ix) Compliance with our legal and regulatory obligations, namely as concerns the prevention of bank fraud. In that respect, we are required to verify or authenticate the information collected from you for payment transactions.

    When we collect your personal data, you are informed of which information is required and which is optional. At the same time, you are also informed of any consequences, should you choose not to provide certain information.


    5. Data recipients

    The personnel at our company, our auditing services (namely, our statutory auditors) and our processors will have access to your personal data.
    Other potential recipients of your personal data are public authorities (exclusively in order to meet our legal obligations), representatives of the law, ministerial officials and collections agencies, as the case may be.
    All these recipients will maintain the strictest confidentiality in relation to any of your personal data in their possession.


    6. Personal data transfers

    Your personal data will not be sold, leased, exchanged or otherwise transferred to any third party.
    You are however informed that we reserve the right to transmit your data to third parties in a fully anonymized and aggregated form, meaning in a form which does not allow for your identification in any way whatsoever.


    7. Personal data storage period

    (i) For data relating to the management and monitoring of our relations with users of our services

    Your personal data will not be kept for longer than is strictly necessary to manage our relationship with you. However, data which establish proof of a right or contract and which must be retained in the name of a legal obligation will be stored for the period stipulated by current law.
    We will keep your data for a maximum of three (3) years from the later of the dates of their collection, of the last contact initiated by you or of closure of your account on the Platform.
    At the end of those three (3) years, we may reach out to you to ask if you would like to continue to receive information about our services.

    (ii) For data relating to bank cards

    Financial transactions for the payment of financing operations and fees via the Platform are entrusted to a payment service provider which ensures they are conducted smoothly and securely.
    As needed for the performance of the services, that payment service provider may receive your personal data in connection with your bank details, namely your bank card numbers, IBAN or bank account information, which it will gather and store in our name and on our behalf.
    We do not have access to those data, with the exception of the IBAN and/or bank account information you provide to us as part of the account registration process.
    To enable you to regularly carry out financial transactions and pay the associated fees via the Platform, your bank card data will be stored for the duration of your registration on the Platform and, at the very least, up until the time of your final transaction.
    By checking the box provided expressly for this purpose on the Platform, you are giving your express consent to that data storage.
    Data relating to your security code or CVC2, printed on your bank card, are not stored.
    If you refuse to have the personal data relating to your bank card number(s) stored under the conditions stated above, we will not retain them for longer than the time needed to carry out the transaction.
    In any case, transactional data may be retained in intermediate archives, for the purpose of proof in the event of any dispute of the transaction and for the period of time stipulated in Article L 13324 of the French Monetary and Financial Code, in this case thirteen (13) months from the date of the debit. That period may be extended to fifteen (15) months in order to account for the possibility of use of deferred debit cards.

    (iii) For the management of unsolicited advertising mail opt-out lists

    The information needed to handle your right to object is retained for at least three (3) years from the date of exercise of the said right.

    (iv) For audience metrics

    The information stored on users’ computers and devices, and any other elements used to identify and trace users and their visits to the Platform, are not retained for more than thirteen (13) months.

    (v) For the archiving of data relating to bank transactions

    At the end of your data’s storage period as stipulated above, we will archive your data for a period of two (2) years in accordance with our legal obligations, particularly in relation to the prevention of bank fraud and money laundering.


    8. Security

    We take every necessary precaution, as well as appropriate organizational and technical measures, to protect the security, integrity and confidentiality of your personal data, and in particular to prevent them from being altered, damaged or accessed by an unauthorized third party.


    9. Hosting

    Through their storage period, your data will be retained and stored on the servers of the company VeraCash (which leases dedicated servers from the company Coreix), located in the United Kingdom.
    Your data will not be transferred outside the European Union within the context of your use of our services.


    10. Consent

    When you choose to apply for a position with our company, you expressly agree to provide your personal data to us under the conditions set out above and expressly give your consent to their collection and processing in accordance with the stipulations of this Privacy Policy and current legislation.


    11. Cookies

    Cookies are text files – often encrypted – which are stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser which then generates a text file. Every time the user returns to that website, the browser retrieves the file and sends it to the site’s server.
    There are three types of cookies (each with different purposes), technical cookies, social networking cookies and advertising cookies:

  • Technical cookies are used throughout your visit to a website, to facilitate and run certain functions. For example, a technical cookie could be used to remember the information you input into a form or your preferences in terms of a website’s language or display, where such options are available;
  • Social networking cookies may be generated by social media sites to allow their web designers to share their sites’ content on those platforms. Those cookies may for example be used by social networks to trace their users’ navigation on the website in question, whether or not they use those cookies;
  • Advertising cookies can be created not only by the website you are visiting, but also by other sites serving commercials, adverts, widgets and other elements on the displayed page. By way of example, such cookies may be used for targeted advertising, meaning advertising which is determined by your past browsing activity.
  • We use technical cookies. They are stored in your browser for a period of thirteen (13) months.
    We also use social networking cookies. Those cookies are only installed on your hardware with your agreement. You can read about what they do and either allow or block them.
    You can review the privacy policies of the social media sites which created these cookies so you can review the intended use of the browsing information they may collect by means of these cookies and how you can exercise your rights with those platforms.
    We use advertising cookies, as well. Those cookies are only installed on your hardware with your agreement. You can disable them in your browser’s settings.
    We use Google Analytics, a statistical audience analysis tool which generates cookies designed to measure the number of visits to the Platform, the number of pages viewed and the activity of our visitors. We also collect your IP address to identify the city from which you are connecting to the Platform. These cookies are stored for the period stated in Article 7(v) above.
    As a reminder, you can block the installation of technical cookies and of cookies generated by Google Analytics via your browser settings. This could however prevent the Platform from functioning normally.


    12. Access to your personal data

    Pursuant to the French Data Protection Act no. 78-17 of 6 January 1978 and to the GDPR, you have the right to access your data (Article 15 of the GDPR), to have it communicated to you and if necessary to have it rectified or erased (Articles 16 and 17 of the GDPR). You can also contact us by the following means:

  • Email: contact@veracash.com
  • Post: VERACASH - 42, rue Tauzia 33800 BORDEAUX
  • As a reminder, anyone with a legitimate reason for doing so may request a restriction of the processing of their personal data (Article 18 of the GDPR) or object to the said processing (Articles 21 and 22 of the GDPR).
    You are informed that, in the event of the rectification or erasure of your personal data, or the restriction of their processing, as a result of a request made by yourself, we will notify the recipients to whom we have disclosed your data of those changes, unless such a notification should prove to be impossible (Article 19 of the GDPR).


    13. Personal data portability

    You have the right to the portability of the personal data you provide to us, understood as referring to the data which you actively and consciously communicated to us in accessing and using our services, as well as the data generated by your activity when using our services (Article 20 of the GDPR). As a reminder, this right does not pertain to data collected and processed on a legal basis other than consent or performance of the contract between us.
    You may exercise this right at any time, free of charge, for the retrieval and storage of your personal data.
    In that case, we will send you your personal data by any means which we may deem appropriate, in a standard, commonly used open source, machine-readable format, in accordance with current industry practice.


    14. Submission of a complaint to a supervisory authority

    You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the CNIL – French Data Protection Authority – for France) in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data as stated in this Privacy Policy infringes any applicable legislation or regulation.
    You may exercise this right without prejudice to any other administrative or judicial remedy. In fact, you also have the right to effective administrative or judicial remedy if you consider that the processing of your personal data as stated in this Privacy Policy infringes any applicable legislation or regulation.


    15. Communication of a personal data breach

    If we detect a security breach in the processing of your personal data which is likely to result in a high risk to your rights and freedoms, we will notify you as soon as possible (Article 34 of the GDPR). At that time, we will explain the nature of the breach and the measures implemented to put an end to it.


    16. Modifications

    We reserve the right to modify this Privacy Policy at any time, in whole or in part, and at our sole discretion. Those changes will come into effect upon publication of the new policy.


    17. Effective date

    This Privacy Policy came into effect on 25 June 2019.