PRIVACY POLICY & CHARTER CONCERNING THE PROTECTION OF USERS’ PERSONAL DATA



Website Owner

SARL Open Up
Siret : 337 871 636 00029
48 rue Michel Ange 75016 Paris
Email: info@openup.paris
Tél : +33(0)6 715 018 45
Directeur de publication/ Publication director :Juliette LAURENS


Host

Planet Hoster 4416 Louis B. Mayer Laval (Grand Montréal) Québec H7P 0 G1 Canada

Data center in Paris


1. Definition and nature of personal data

When providing you with concierge and home staging services subscribed to under our General Conditions of Sale and/or when you use our website, that can be accessed at www.openup.paris (hereinafter referred to as the "Platform"), we may ask you to provide us with personal data relating to you, in other words any data which make it possible to directly or indirectly identify an individual.
Within this framework, we collect the following data:

1.1 Information that you provide us with

In order for the services we provide to operate correctly, and in particular the payment services, we collect the following data:
  • Information to identify you when subscribing to the services, opening an account on the Platform or making a payment: surname, first name, e-mail address of the person authorized to open the account on the Platform, postal address of your place of residence or registered office, telephone number, SIRET number for sole proprietorship businesses.
  • Payment information: bank card numbers, BIC and IBAN numbers for SEPA direct debits, where appropriate.
  • Any other information you choose to share with us.

1.2 Information that we collect automatically when you use the Platform

If you use the Platform, and for the services we provide to operate correctly, we are also likely to collect personal data concerning you, in an automated fashion through the tools and services offered on the Platform.
We collect the following data:
  • Information on the use of the tools and functionalities of the Platform: we collect information concerning your interactions with the Platform and in particular, the pages or content viewed and the links you click on the Platform.
  • Information relating to the equipment and devices that you use to connect to the Platform: we collect device connection data when you access and use the Platform, including whether or not you have opened an account on our Platform, and in particular, your IP address, connection dates and times, data relating to the computer hardware and software used to connect, unique identifiers, crash data, pages viewed or displayed before or after logging into the Platform.
  • Information on payment transactions: date and time of payment, means of payment used, expiry date of the means of payment and payment amount.

2. Purpose of this charter

The purpose of this charter is to inform you of the means by which we collect and process your personal data, with the strictest respect for your rights.
In this regard, we would like to point out that when collecting and managing your personal data, we comply with the current version of the French law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as well as with the General Data Protection Regulation (hereinafter referred to as the "GDPR").


3. Identity of the entity responsible for collecting and processing data

Responsibility for the collection and processing of your personal data lies with the company Open Up, a limited liability company, registered under number 337 871 636 with the Registry of Trade and Companies of Paris, whose head office is located at 48 rue Michel-Ange, 75016 Paris, France, (referred to within the framework of this charter as "Us" or "We").


4. Collecting and processing personal data

Your personal data is collected and processed for one or more of the following purposes:
  • 1. To manage orders and the proper provision of the services, as well as to respond to any request concerning such services.s,
  • 2. To manage your access to the Platform and the services that can be accessed on the Platform and your use thereof, as well as to respond to any requests you may have concerning your use of the services.
  • 3. To perform operations regarding the management and monitoring of our relations with our customers, when they use our services.
  • 4. To compile a list of customers and prospective customers.
  • 5. To send newsletters or any informational messages relating to our news and/or any developments of our services. Should you not wish to receive these, we offer you the option to refuse them at the moment your data is being collected.
  • 6. To send advertisements, including targeted advertisements. Should you not wish to receive these, we offer you the option to refuse them at the moment your data is being collected.
  • 7. To compile usage and web traffic statistics for our services.
  • 8. To optimize the operation and efficiency of the products and services we offer.
  • 9. To manage reviews on products, services or content.
  • 10. To respect our legal and regulatory obligations, in particular with regard to combating bank fraud. In this respect, we are obliged to check or authenticate your information collected during payment operations.
We will inform you, when requesting your personal data, if certain information must be provided or if it is optional. We will also inform you of the consequences should you not wish to provide this information.

5. Recipients of the collected and processed data

Our company's staff, any authorities in charge of audits (external auditors in particular) and our subcontractors (third-party providers) intervening within the framework of the provision of our services, will have access to your personal data.
Government agencies or representatives of the law, ministerial officers or organisations responsible for the collection of debts may also be recipients of your personal data, for the sole purposes of meeting our legal obligations.


6. Assignment of personal data

Your personal data will not be assigned, transferred or rented to, or exchanged with, any third party.
However, you are hereby informed that we reserve the right to share your data with third parties in an aggregated form and rendered anonymous, that is to say in a form which does not allow you to be identified in any way whatsoever.


7. Duration that personal data is stored

1. Regarding data relating to the management and monitoring of relations with our customers:
Your personal data will not be retained any longer than is strictly necessary for the management of our business with you. However, data proving the existence of a right or a contract must be kept in order to adhere to legal obligations and will be stored for the term stipulated by the applicable law.
We will keep your data for a maximum period of three (3) years from the first collection of your data or from the last contact received from the user of your account, or from the closure of your account on the Platform where appropriate.
At the end of this period of three (3) years, we may contact you again in order to find out if you wish to continue to receive information about our services.
2. Regarding bank card data:
Within the context of carrying out financial transactions and for the payment of fees, we are required to ask you for your personal data relating to your bank details, which can include your bank card details, your IBAN or bank transfer information.
This data is only kept for the time that is necessary to carry out the transaction.
In any event, certain data relating to this may be retained for the purposes of providing proof in the event of a transaction subsequently being contested, in intermediary archives, for the period stipulated in Article L 133-24 of the French Monetary and Financial Code, namely thirteen (13) months following the debit date. This period may be extended to fifteen (15) months in order to account for the possibility of deferred debit cards being used for payment.
3. Regarding the management of opt-out lists compiled during prospecting activities:
Information enabling recognition of your right to opt-out is retained for a minimum of three (3) years following the exercising of your opt-out right.
4. Regarding web audience tracking statistics:
Information stored in users' terminals, or any other means used to identify users and enabling them to be tracked or to measure the frequency of their visits, shall be retained for no longer than thirteen (13) months.
5. Regarding the archiving of bank card data :
At the end of the storage period of your data, as specified above, we hereby inform you that we will archive your data for a period of two (2) years in respect of our legal obligations, especially in terms of combating bank fraud and money laundering.


8 Security

For your information, we take all necessary precautions and appropriate organisational and technical measures to maintain the security, integrity and confidentiality of your personal data, and especially to prevent it from being deformed or damaged and to prevent any third party from accessing it.


9. Hosting

We also hereby inform you that your data is stored solely on the servers of Open Up, located in France, within the European Union.
Your data will not be transferred outside the European Union when you use our services


10. Cookies

Cookies are text files that are often encrypted and that your web browser stores. They are created when a user's browser loads any given website: the site sends information to the browser, which then creates a text file. Each time the user comes back to the same site, the browser retrieves the file and sends it to the website server.
There are three types of cookie with differing purposes - technical cookies, social network cookies and advertising cookies:

  • Technical cookies are used throughout your browsing in order to facilitate and carry out certain functions. A technical cookie can be used, for example, to memorise responses submitted in a form or even user language or website presentation preferences, whenever such options are available.
  • Social network cookies can be created by social networking platforms to allow web designers to share the content of their sites on these platforms. These cookies may in particular be used by social networking platforms to trace the browsing of Internet users on the website in question, whether or not they use these cookies.
  • Advertising cookies can be created not only by the website which the user is browsing but also by other internet websites displaying advertising, ad banners, widgets or other elements on the page that is being displayed. These cookies can be used to carry out targeted advertising in particular, that being advertising which is determined by user browsing.
We use technical cookies. These are stored in your browser for a period of thirteen (13) months.
We do not use social network cookies. Should we decide to use them, these cookies would only be stored on your computer with your consent. You would have the option to learn more about them, accept them or refuse them.
We use advertising cookies. These cookies are only stored on your computer if you give your consent. You can deactivate these cookies in the settings of your web browser.
We use Google Analytics, which is a statistical audience analysis tool that generates cookies to measure the number of visits to the Platform, the number of page views and visitors' activity on the Platform. Your IP address is also collected to determine the city you are connecting from. The storage duration of this cookie is indicated above.
We would like to remind you that you may refuse technical cookies and cookies generated by Google Analytics by configuring your browser to this end. However, such a refusal may prevent the Platform from functioning correctly.

11. Legal basis for processing

Your consent is not required for the collection of your data for the following purposes, as such data is necessary for the subscribed services to be provided, and this is subject to compliance with the conditions set out in this charter and current legislation :

  • To manage orders and correctly provide the services, as well as respond to any request concerning such services.
  • To manage your access to the Platform and the services that can be accessed on the Platform and your use thereof, as well as to respond to any requests you may have concerning your use of the services.
  • To perform operations regarding the management and monitoring of our relations with our customers, when they use our services.
Furthermore, we process your data for the following purposes based on the legitimate interests of our company:
  • To compile a list of customers and prospective customers.
  • To send informational messages relating to our news and/or any developments of our services.
  • To compile usage and web traffic statistics for our services.
  • To optimize the operation and efficiency of the products and services we offer.
  • To manage reviews on products, services or content.

Your consent is also not required for the following purpose, since it is a legal obligation:
  • To respect our legal and regulatory obligations, in particular with regard to combating bank fraud. In this respect, we are obliged to check or authenticate your information collected during payment operations.

Furthermore, we will request your consent prior to processing your data if we wish to:
  • Send you newsletters.
  • Send you advertisements, including targeted advertisements.
Should you not wish to receive these, we offer you the option to refuse them at the moment your data is being collected.

12. Access to your personal data

In accordance with French law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as well as the GDPR, you retain the right to access data concerning you (Article 15 of the GDPR) in order to have a copy of it sent to you and if required, to rectify or erase it (Articles 16 and 17 of the GDPR), via online access to your file. You can also contact:
E-mail address: info@openup.paris
Postal Address: 48 rue Michel-Ange, 75016 Paris, France.
By way of reminder, any individual may, on legitimate grounds, request limitation of the processing of their personal data (Article 18 of the GDPR) or oppose said processing (Articles 21 and 22 of the GDPR).
We hereby inform you that in the event that your personal data is rectified or erased, or if its processing has been restricted, further to your express request for such changes, we will inform each recipient to whom your personal data has been disclosed of said changes, unless such communication proves to be impossible (Article 19 of the GDPR).


13. Portability of your personal data

You have a right to the portability of the personal data that you provide us, understood as data that you have actively and consciously declared in order to access and use our services, as well as data generated from your activity using the services (Article 20 of the GDPR). We wish to remind you that these rights do not relate to data collected and processed on any other legal basis than the consent or implementation of the contract binding us.
This right can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to recover and keep your personal data.
In this context, we will send you your personal data, through any pertinent channels, in a commonly-used and machine-readable standard open format, in accordance with industry standards.


14. Lodging a complaint with a supervisory authority

You are also hereby informed that you have the right to lodge a complaint with a competent supervisory authority (e.g. the French National Commission for Information Technology and Liberties in France - CNIL) in the Member State that your place of residence or your workplace is located, or the place where your rights have been violated, if you consider that the processing of your personal data within the context of this charter constitutes a violation of the applicable legal texts.
Such a complaint may be brought before an administrative or jurisdictional court without prejudice to any other claim. In such a case, you also have the right to an effective judicial and administrative redress if you consider that the processing of your personal data within the context of this charter constitutes a violation of the applicable legal texts.


15. Communication regarding a personal data breach

If we find a security breach in the processing of your data that is likely to result in a high risk to your rights and freedoms, we will inform you in the shortest possible time (Article 34 of the GDPR). Should this happen, we will inform you of the details of the nature of the breach encountered and the measures put in place to ensure that it is no longer likely to materialise.


16. Amendments

We reserve the right to amend all or part of this charter at any moment, at our sole discretion. Such amendments shall come into effect once the new charter is published. Your use of the Platform following the entry into effect of these amendments, shall constitute acknowledgement and acceptance of the new charter. Failing that, and if you are not in agreement with the new charter, you should refrain from accessing the Platform.


17. Entry into Effect

This charter came into effect on november 2019.