Privacy and data protection policy
This Privacy Policy governs how Fair&Smart processes the Personal Data of Users of the platform, accessible from the websites www.fairandsmart.com and www.myfairdata.com, in accordance with Law No. 78-17 of January 6, 1978 on information technology and civil liberties (French Data Protection Act) as amended and the European Regulation on the protection of personal data 679/2016 of 27 April 2016 (“GDPR”), and any national transposition text (together, the “Applicable Regulations”).
1 General provisions and identity of the data controller
This privacy policy is applicable between:
on the one hand,
- SAS FAIR & SMART, 11 Rempart Saint Thiebault, 57000 METZ, RCS METZ 820 924 678 00015, hereinafter “Fair&Smart” or “we”,
on the other hand,
- Any person accessing the platform or connecting to the website fairandsmart.com, hereinafter the “User” or “you”.
For the purposes of this Privacy Policy, and for the purposes of the Processing described below, Fair&Smart is considered to be the Data Controller.
2 Definitions
- « Customer »: means the organisation using the Platform and having access to the Services.
- « Account »: means the Customer’s account on the Platform allowing access to the ordered Services. Access to the Account is made through the Customer’s Identifiers.
- « Data »: means the personal data that is Processed in accordance with this Privacy Policy.
- « Personal Data »: means personal data as defined in Article 4 (1) of the GDPR.
- « Identifiers »: means the confidential identification codes and passwords allowing access to the Account. These Identifiers are chosen by the Customer. They are for the exclusive use of the Customer who is solely responsible for them.
- « Platform »: means the web application to which the Customer must connect from a browser to access the Fair&Smart Services.
- « General Data Protection Regulation » ou « GDPR »: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- « Service »: means all the services offered by Fair&Smart via the Platform: Cookies Consents, Right Consents, Right Requests, Right Data, Myfairdata.
- « Site »: means the websites accessible at fairandsmart.com and www.myfairdata.com; the Site includes all web pages, services and functionalities provided to Users.
- « Processor »: means the natural or legal person, public authority, department or other body that Processes Personal Data on behalf of and under the instructions of Fair&Smart in accordance with Article 4 (8) of the GDPR.
- « Processing »: means any of the operations referred to in Article 4 (2) of the GDPR, carried out on Personal Data in the context of the execution of this Privacy Policy.
- « User »: means any person who logs on to the Site or has an Account.
- « Personal Data Breach »: means security breaches as referred to in Article 4 (12) of the GDPR.
3 Purposes of processing and legal bases
Fair&Smart collects only the Data necessary for the purposes explicitly stated below:
a . Provision of the Platform Services
b. Managing the proper functioning of the Site
c. Making contact
d. Sending documentation (white papers, computer graphics, etc.)
e. Sending newsletters
f. Managing the exercise of your rights
4 Data collected
The mandatory or optional nature of the Personal Data collected and the possible consequences of a failure to reply are indicated during the various contacts with the persons concerned.
Details of the Personal Information we may hold about you are set out below.
5 Login data and cookies
Fair&Smart uses connection data and cookies to identify you, to memorise your visits, and to benefit from audience measurement and statistics, particularly relating to the pages consulted, for the proper functioning of the Site and the Services.
6 Data recipients
Only the authorised and persons specifically mentioned below may have access to User Data.
- Authorised Fair&Smart personnel;
- The Site host;
- The publisher and host of our CRM solution;
- Where appropriate, the authorised personnel of our processors ;
- Where appropriate, Fair&Smart’s DPO
- Where appropriate, supervisory bodies, relevant courts, mediators, accountants, auditors, lawyers, bailiffs;
- Third parties who may place cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent to them.
Your data will not be passed on, exchanged, sold or rented to anyone other than those mentioned above.
7 Data retention period
Fair&Smart undertakes to ensure that the Data collected is kept in a form that allows your identification for no longer than is necessary for the purposes for which the Data is collected and processed.
8 Your rights
In accordance with the Data Protection Act and the GDPR, you have the following rights:
- Right of access (article 15 GDPR), rectification (article 16 GDPR) and update;
- Right to block or erase your personal data (article 17 GDPR), when it is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited;
- Right to withdraw your consent at any time (article 13-2c GDPR) ;
- Right to restrict the processing of your data (article 18 GDPR) ;
- Right to object to the processing of your data (article 21 GDPR) ;
- Right to the portability of the data you have provided to us, when your data is subject to automated processing based on your consent or on a contract (article 20 GDPR) ;
- Right to lodge a complaint with the CNIL (article 77 GDPR) ;
- Right to define the fate of your data after your death and to choose whether or not we communicate your data to a third party that you have previously designated.
In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.
These rights can be exercised by post: DPO FAIR & SMART, HAAS Avocats, 32 Rue La Boétie 75008 Paris, by email to dpo@fairandsmart.com or vial the Myfairdata application (Apple iOS : Click here ou Android : Click here),by proving your identity by any mean.
To find out more, consult our Rights Management Charter
To find out more about your rights, you can also consult the website of the French Data Protection Authority (CNIL) at the following address: http://cnil.fr.
9 Security
Fair&Smart and its possible Processors undertake to implement all technical and organisational measures in order to ensure the security of the Processing of Personal Data and the confidentiality of your Data, according to current technical means and in application of the French Data Protection Act as amended, the European Data Protection Regulation (GDPR) and Law No. 2018-133 of 26 February 2018 « laying down various provisions for adaptation to European Union law in the field of security ».
Your data relating to the use of the platform and the navigation of our websites is stored in a secure manner, through our hosting service providers OVH and Scaleway.
Fair&Smart takes the necessary precautions, with regard to the nature of your Data and the risks presented by our Processing, to preserve the security of the Data and, in particular, to prevent it from being deformed, damaged or accessed by unauthorised third parties (physical protection of the premises, authentication process for our customers with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
10 No transfers outside the EU
The Personal Data collected by Fair&Smart is stored and processed in the European Union, where Fair&Smart or its Processors are located or operate facilities.
The data from our CRM solution (Hubspot) is hosted in the European Union. Any transfers outside the EU (https://legal.hubspot.com/fr/dpa) are governed by different mechanisms implementing appropriate safeguards:
- the development by Hubspot of approved Binding Corporate Rules;
- the conclusion of Standard Contractual Clauses with Hubspot.
The data of our technical support solution (JIRA Service Management) is hosted within and outside the European Union. Any transfers outside the EU (https://www.atlassian.com/fr/trust/privacy/country/europe-and-gdpr) are governed by different mechanisms implementing appropriate safeguards:
- the development by Atlassian of approved Binding Corporate Rules;
- the conclusion of Standard Contractual Clauses with Atlassian.
11 Update of our privacy policy
This Privacy Policy is subject to change, in particular in accordance with various legislative and regulatory developments. To this end, the User may consult the update directly on the Site.