1. Definition and nature of personal data
When you use the website accessible at the address www.veracash.com (hereinafter the “Platform”), we may ask you for personal data about yourself and/or a minor under your guardianship, which allow for the direct or indirect identification of the data subject.
Within this context, we may collect the following personal data from you.
1.1 Information which you provide to us
We collect the following data for the purpose of performing the services we offer via the Platform:
1.2 Information which we automatically collect when you use the Platform
When you use the Platform, and for the purpose of the performance of our services, we may also collect your personal data automatically by means of the tools and services offered on the Platform, including the following data in particular:
2. Object of this policy
The purpose of this policy is to inform you of the means we use to collect and process your personal data, in strict accordance with your rights.
On that subject, you are informed that we collect and manage your personal data in accordance with the current version of the French Data Protection Act no. 78-17 of 6 January 1978, as well as with the General Data Protection Regulation (hereinafter the “GDPR”).
3. Identity of the data controller
The data controller which is responsible for collecting and processing your data is the company VeraCash, a simplified joint stock company registered with the Bordeaux Trade & Companies Register (RCS) under number 808 689 657, with head offices located at 42 rue Tauzia, 33800 Bordeaux, France (referred to herein as “we” or “us”).
4. Personal data collection and processing
Your personal data are collected and processed for one or several of the following purposes:
(i) Management of your access to the Platform and to the services available on the Platform, along with use thereof, as well as for responses to any requests concerning your use of the services;
(ii) Performance of operations relating to the management and monitoring of our relations with our users when they make use of our services;
(iii) Establishment of a record of registered members and other users;
(iv) Transmission of newsletters and other informational messages about our latest news and/or any changes to our services. If you do not wish to receive these, you can choose to opt out at the time of data collection;
(v) Transmission of advertisements, particularly targeted advertisements. If you do not wish to receive these, you can choose to opt out at the time of data collection;
(vi) Production of statistics on the use of and traffic to our services;
(vii) Optimization of how our products and services work and how effective they are;
(viii) Management of people’s reviews of our products, services and content;
(ix) Compliance with our legal and regulatory obligations, namely as concerns the prevention of bank fraud. In that respect, we are required to verify or authenticate the information collected from you for payment transactions.
When we collect your personal data, you are informed of which information is required and which is optional. At the same time, you are also informed of any consequences, should you choose not to provide certain information.
5. Data recipients
The personnel at our company, our auditing services (namely, our statutory auditors) and our processors will have access to your personal data.
Other potential recipients of your personal data are public authorities (exclusively in order to meet our legal obligations), representatives of the law, ministerial officials and collections agencies, as the case may be.
All these recipients will maintain the strictest confidentiality in relation to any of your personal data in their possession.
6. Personal data transfers
Your personal data will not be sold, leased, exchanged or otherwise transferred to any third party.
You are however informed that we reserve the right to transmit your data to third parties in a fully anonymized and aggregated form, meaning in a form which does not allow for your identification in any way whatsoever.
7. Personal data storage period
(i) For data relating to the management and monitoring of our relations with users of our services
Your personal data will not be kept for longer than is strictly necessary to manage our relationship with you. However, data which establish proof of a right or contract and which must be retained in the name of a legal obligation will be stored for the period stipulated by current law.
We will keep your data for a maximum of three (3) years from the later of the dates of their collection, of the last contact initiated by you or of closure of your account on the Platform.
At the end of those three (3) years, we may reach out to you to ask if you would like to continue to receive information about our services.
(ii) For data relating to bank cards
Financial transactions for the payment of financing operations and fees via the Platform are entrusted to a payment service provider which ensures they are conducted smoothly and securely.
As needed for the performance of the services, that payment service provider may receive your personal data in connection with your bank details, namely your bank card numbers, IBAN or bank account information, which it will gather and store in our name and on our behalf.
We do not have access to those data, with the exception of the IBAN and/or bank account information you provide to us as part of the account registration process.
To enable you to regularly carry out financial transactions and pay the associated fees via the Platform, your bank card data will be stored for the duration of your registration on the Platform and, at the very least, up until the time of your final transaction.
By checking the box provided expressly for this purpose on the Platform, you are giving your express consent to that data storage.
Data relating to your security code or CVC2, printed on your bank card, are not stored.
If you refuse to have the personal data relating to your bank card number(s) stored under the conditions stated above, we will not retain them for longer than the time needed to carry out the transaction.
In any case, transactional data may be retained in intermediate archives, for the purpose of proof in the event of any dispute of the transaction and for the period of time stipulated in Article L 13324 of the French Monetary and Financial Code, in this case thirteen (13) months from the date of the debit. That period may be extended to fifteen (15) months in order to account for the possibility of use of deferred debit cards.
(iii) For the management of unsolicited advertising mail opt-out lists
The information needed to handle your right to object is retained for at least three (3) years from the date of exercise of the said right.
(iv) For audience metrics
The information stored on users’ computers and devices, and any other elements used to identify and trace users and their visits to the Platform, are not retained for more than thirteen (13) months.
(v) For the archiving of data relating to bank transactions
At the end of your data’s storage period as stipulated above, we will archive your data for a period of two (2) years in accordance with our legal obligations, particularly in relation to the prevention of bank fraud and money laundering.
We take every necessary precaution, as well as appropriate organizational and technical measures, to protect the security, integrity and confidentiality of your personal data, and in particular to prevent them from being altered, damaged or accessed by an unauthorized third party.
Through their storage period, your data will be retained and stored on the servers of the company VeraCash (which leases dedicated servers from the company Coreix), located in the United Kingdom.
Your data will not be transferred outside the European Union within the context of your use of our services.
Cookies are text files – often encrypted – which are stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser which then generates a text file. Every time the user returns to that website, the browser retrieves the file and sends it to the site’s server.
There are three types of cookies (each with different purposes), technical cookies, social networking cookies and advertising cookies:
We use technical cookies. They are stored in your browser for a period of thirteen (13) months.
We also use social networking cookies. Those cookies are only installed on your hardware with your agreement. You can read about what they do and either allow or block them.
You can review the privacy policies of the social media sites which created these cookies so you can review the intended use of the browsing information they may collect by means of these cookies and how you can exercise your rights with those platforms.
We use advertising cookies, as well. Those cookies are only installed on your hardware with your agreement. You can disable them in your browser’s settings.
We use Google Analytics, a statistical audience analysis tool which generates cookies designed to measure the number of visits to the Platform, the number of pages viewed and the activity of our visitors. We also collect your IP address to identify the city from which you are connecting to the Platform. These cookies are stored for the period stated in Article 7(v) above.
As a reminder, you can block the installation of technical cookies and of cookies generated by Google Analytics via your browser settings. This could however prevent the Platform from functioning normally.
12. Access to your personal data
Pursuant to the French Data Protection Act no. 78-17 of 6 January 1978 and to the GDPR, you have the right to access your data (Article 15 of the GDPR), to have it communicated to you and if necessary to have it rectified or erased (Articles 16 and 17 of the GDPR). You can also contact us by the following means:
As a reminder, anyone with a legitimate reason for doing so may request a restriction of the processing of their personal data (Article 18 of the GDPR) or object to the said processing (Articles 21 and 22 of the GDPR).
You are informed that, in the event of the rectification or erasure of your personal data, or the restriction of their processing, as a result of a request made by yourself, we will notify the recipients to whom we have disclosed your data of those changes, unless such a notification should prove to be impossible (Article 19 of the GDPR).
13. Personal data portability
You have the right to the portability of the personal data you provide to us, understood as referring to the data which you actively and consciously communicated to us in accessing and using our services, as well as the data generated by your activity when using our services (Article 20 of the GDPR). As a reminder, this right does not pertain to data collected and processed on a legal basis other than consent or performance of the contract between us.
You may exercise this right at any time, free of charge, for the retrieval and storage of your personal data.
In that case, we will send you your personal data by any means which we may deem appropriate, in a standard, commonly used open source, machine-readable format, in accordance with current industry practice.
14. Submission of a complaint to a supervisory authority
15. Communication of a personal data breach
If we detect a security breach in the processing of your personal data which is likely to result in a high risk to your rights and freedoms, we will notify you as soon as possible (Article 34 of the GDPR). At that time, we will explain the nature of the breach and the measures implemented to put an end to it.
17. Effective date