Personal data charters
piinkme.fr website and marketplace
Article 1. Preamble
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter, the " RGPD "), as well as the law of January 6, 1978, as amended, set the legal framework applicable to the processing of personal data, along with other applicable texts.
These texts reinforce the rights and obligations of data controllers, processors, data subjects and data recipients. In particular, they require transparent, understandable and easily accessible information for data subjects
Within the framework of its activity, the company PIINK TEKNOLOGY, a simplified joint stock company with a capital of 21 756,47 €, whose head office is located at 113 RUE DE FONDEVILLE in TOULOUSE (31400), registered in the Toulouse Trade and Companies Register under the number B 830 298 659, (hereafter, the " Company "), Controller of the Platform, implements the processing of personal data which is described below.
In this charter (hereinafter, the "Charter"), the Charter "The terms defined below are used in the sense corresponding to the definitions given to them. They are capitalized in both the singular and plural.
- " Order(s)The term "appointment" refers to any appointment made with a Professional, reservation/purchase/pre-order of Products via the PIINK ME Platform by a User.
- " RecipientsRecipients": refers to the natural or legal persons who receive communication of personal data. The recipients of the data can therefore be both internal recipients and external bodies.
- " Personal space The "User" is a personal digital space created by a User when registering on the Platform containing personal information (mandatory and optional) allowing him/her to access the Products offered.
- " Professional area "This is a personal digital space specifically dedicated to a Professional via the Platform allowing him to consult information useful for the operation of the Service, the transactions he carries out, etc.
- " Platform(s) PIINK ME": refers to the digital platform PIINK ME or the PIINK ME application created by the Company which allows Professionals and Users to be put in contact with each other.
- " ProductsThe term "Professional" refers to all the products, services or activities listed by the Professional(s) on the Platform.
- "Professional Professional": means any professional practicing in the context of his activity (merchant, professional, craftsman, etc. ...) who offers his products and or service via the Platform.
- " Person in charge of the treatment"The entity that determines the purposes and means of the processing of personal data defined in this policy. Under this policy, the person in charge of the treatment is the company PIINK TEKNOLOGY.
- " Service"This is the connection between the User and the Professional via the Platform proposed by the Company.
- " SubcontractorProcessor": an entity that processes personal data on behalf of the Data Controller. In practice, this refers to the service providers with whom the Company works and who intervene in the personal data that it processes.
- " User(s)": refers to the natural person who makes an appointment and/or purchases Products on the Platform from the referenced Professionals.
Article 2. Object
The Company processes personal data relating to Users and Professionals when using the Service via the Platform.
This personal data policy (hereinafter " the Charter ") applies to Users and Professionals (hereinafter, " You " " Your " or " Your ") using the Service offered by the Company on the Platform.
The purpose of the present Charter is to satisfy the obligation of information incumbent on the Company as Data Controller and to formalize Your rights and obligations with regard to the processing of Your personal data.
The processing of personal data may be managed directly by the Company or through a Subcontractor specifically appointed by it.
This Charter is independent of any other document that may apply within Your contractual relationship with the Company (cookies, commercial or partnership contracts, etc...).
Article 3. General principles and commitment
Personal data processing is implemented from the moment Your personal data are collected by the Company in the context of the Service it offers on the Platform.
Article 4. Collected data
- Within the framework of the Service it offers via the Platform, the Company collects the following personal data: Identification: surname / first name / title / date of birth;
- Contact information: Telephone / e-mail address / delivery address / billing address;
- Banking data: PIINK TEKNOLOGY collects only an identifier of payment and a part of the figures of Your bank card (what allows us to recognize the card having been used for the last payment). We draw your attention to the fact that Your banking data are collected by our provider of service of payment (STRIPE) and we invite you to consult the applicable provisions accessible at the address https://stripe.com/fr/privacy ;
- More broadly, all information and/or personal data spontaneously communicated by the User in the context of the creation of a Personal Space and/or in the context of the execution of the Service;
- Geolocation data (anonymously);
- Preferences, frequency of attendance, orders placed, etc. ;
- Name of the legal representative of the Company.
The geolocation function for users :
The Platform integrates a geolocation function that allows us to know Your frequentation of the Professionals using the Service, in an anonymous way, and if You have accepted it to send You information and personalized commercial offers. By authorizing the Company to access your location data and to send you notifications, you may receive by sms, push notification, or email information on offers, products or services of the Professionals using the Service. We inform you that you may receive notifications related to your geolocation even when your application is in sleep or "cache" mode. In order to optimize the location functions, it may be necessary to also activate the Wi-Fi, Bluetooth or microphone functions of your cell phone. You will find information in the store on the technical means adapted to the optimization of the geolocation information on the application and the modalities to oppose it according to the technology concerned. When you go to the Professionals' points of sale equipped with tracking equipment, the presence of your smartphone may be detected if the search for Wi-Fi, Bluetooth or micro networks is activated. You can choose not to allow geolocation by refusing it when you download or first use the application. However, some operating systems (Android) do not allow the download of applications with geolocation if access to location data has not been authorized. You can disable access to your location data at any time in the settings of your cell phone by referring to the technical documentation of your device.
PIINK ME offers the "Notification" function in order to provide you with commercial offers and information related to your previous Orders and/or your "favorite" Professionals. You may opt out of this "Notification" feature when downloading PIINK ME or remove it at any time.
Article 5. Origin of the data
The Company collects Your data during :
- the creation of the Personal Space for the Users
- the creation of the Professional Space for Professionals
- a contact request by a User via the contact form on the Platform
- the use of the Platform's services by the User
- subscription to the newsletter
Article 6. Purposes of the processing
This information is subject to computer processing intended for :
- the processing of Orders placed by Users via the Platform;
- the processing of Orders received by Professionals via their Professional Space in order to best meet Users' needs (appointment with a professional, reservation in a restaurant, etc.);
- if You have agreed, to the sending of newsletters and/or personalized commercial offers concerning Products offered by the Platform.
- to answer the questions we are asked;
- meet our legal or administrative obligations;
- to indicate you Professionals and Products by using Your geolocation;
- to offer you personalized Products according to your habits or behavior.
The Company acts as the Controller of the processing of Your personal data provided on the Platform.
Article 7. Legal basis(s)
The processing of Your personal data is based on :
- the execution of a contract to which You are a party with the Company and/or the execution of pre-contractual measures taken in the context of processing an Order via the Platform;
- the pursuit of the Company's legitimate interests such as the subscription to a newsletter and/or commercial prospecting for similar products/services;
- consent for the geolocation of the Users and the personalization of the Products offered;
- compliance with a legal obligation to which the Company is subject.
Article 8. Recipients of the data
The data is hosted in The address of its registered office is as follows: Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Ireland. The company is registered in Ireland under the number: 368047 and its SIRET is the following: 79976916100016.
The Company ensures that data is only accessible to the following authorized internal or external Recipients:
- as the case may be: corporate officers and employees of the Company;
- Professionals ;
- the Company's communications department;
- the Company's IT department;
- if necessary, employees of the Company's technical service providers involved in the operation of the Platform (in particular IT service providers, etc.):
- Payment party: Stripe. The address of its registered office is as follows: Stripe France, 10 Boulevard Haussmann, 75009 Paris. Company registered with the Toulouse Trade and Companies Register under number: 809 022 643.
- CRM Party: Axonaut. The address of its registered office is as follows: Axonaut, DIGITICA SAS, 2460 L'Occitane, 31670 Labège. Company registered at the RCS of Toulouse under the number: 809 022 643.
- Consultant : Pierre MERIC whose establishment is located 1 rue des Nénuphars 31500 Toulouse, registered under the SIREN number : 512 363 979.
- IT subcontractor: Shanxi ChunQiuHengzhi Technology Co. The address of its registered office is as follows: Shanxi Chunqiu Hengzhi Technology Co, Ltd, Fudi Jiayuan, Yimin Alley, Yuanping, Xinzhou - 034000, China. Company registered with the RCS of Shanxi Province (China) under the number: 91140981MA0L6B5M0A.
- public bodies, exclusively to meet the legal obligations of the Company, court officers, ministerial officers
Your Personal Data will not be given, rented or communicated to other persons or companies without your consent.
With the exception of communication to the persons defined above, personal data will not be communicated, transferred, rented or exchanged to any third party.
Article 9. Transfer of personal data outside the EU
If necessary, for the fulfillment of the purposes described in Article 6, the Company may transfer Your personal data collected to Recipients (as defined in Article 8) located in a country outside the European Union.
When the country concerned does not benefit from an adequacy decision (which means that it does not offer personal data a degree of protection equivalent to that in force in the territory of the European Union), the Company ensures as far as possible that the transfer is subject to one of the following appropriate safeguards
- standard contractual clauses;
- Adherence to an approved code of conduct in effect;
- compliance with a certification mechanism certified by an approved body;
- binding business rules approved by the Cnil.
You may obtain disclosure of such warranties by requesting it under the conditions defined below in Section 11.
Article 10. Duration of conservation
The duration of data retention is defined by the Company with regard to the legal and contractual constraints it is subject to.
How long we keep your Personal Data
Retention in accordance with applicable regulations for a period not exceeding 13 months
Electronic commercial prospecting
3 years from the last activity
3 years from the last activity
6 months maximum
Raw traffic data associated with an identifier
Retention of credit card data following a one-time payment
(the data are kept by a secure payment provider)
Keeping the bank card in the e-wallet to facilitate future purchases
Until the withdrawal of consent or the period of validity of the bank card
(the data are kept by a secure payment provider)
Retention for the time necessary to perform the Service (i.e. offer the Local Professionals)
At the end of this retention period and, subject to the provisions allowing an archiving strictly necessary for the exercise of a right and the proof of this right for the duration of the applicable prescription periods or by virtue of the legal obligations to which PIINK TEKNOLOGY is subjected, PIINK TEKNOLOGY destroys the Personal Data or anonymizes them in an irreversible way, so that they do not constitute any more Personal Data.
The deletion or anonymization of Your personal data are irreversible operations. The Company is no longer able to restore them.
Article 11. Right of access
You have a right of access, which is subject to the following rules:
- the request is made by the person him/herself and is accompanied by a copy of a valid identity document (passport or CNI);
- the request must be made :
- in writing to the following address PIINK TEKNOLOGY 113 rue de Fondeville 31400 Toulouse
- by email : " email@example.com "
You may at any time request a copy of Your personal data being processed from the Company. However, in the event of a request for an additional copy, the Company may require that the cost of such a copy be borne by You.
If Your request for access is sent to the Company electronically, the information requested will be provided to You in a commonly used electronic format, unless otherwise requested.
We would like to point out that this right of access cannot be exercised on confidential information/data and/or information for which the law does not authorize the communication.
Article 12. Updating of personal data - Updating and rectification
You may exercise this right by contacting your usual contact person, or failing that, the department in charge of communications at the Company.
You can update Your personal information directly via the Professional Area for the Professional or via the Personal Area for the User.
The Company cannot be held responsible for a lack of update if You do not update Your data.
Article 13. Right to erasure
The right to erasure of Your data will not be applicable in cases where the processing is carried out to meet a legal obligation.
Apart from this situation, You may request the deletion of Your data in the following limited cases:
- when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- when the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- where the data subject objects to processing that is necessary for the purposes of the legitimate interests pursued by the Company and there is no compelling legitimate reason for the processing ;
- when the data subject objects to the processing of his or her personal data for the purpose of prospecting, including profiling;
- when personal data have been processed unlawfully.
Article 14. Right to limitation
You are informed that this right is not intended to apply insofar as the processing carried out by the Company is lawful and that all personal data collected is necessary for the performance of the contract between You and the Company.
Article 15. Right to portability
The Company grants Your request for portability of personal data in the particular case of data that You have directly communicated to it - on online services offered by the Company. In this case, Your personal data will be provided in a structured, commonly used and machine-readable format.
Article 16. Automated individual decision
The Company does not make automated individual decisions.
Article 17. Fate of personal data post mortem
In accordance with the modified law of January 6, 1978, You are informed of the right to formulate directives concerning the conservation, deletion and communication of Your post-mortem data. The communication of specific post-mortem directives and the exercise of Your rights is carried out :
- by e-mail to the address : " firstname.lastname@example.org "
- or by mail at the following address PIINK TEKNOLOGY 113 rue de Fondeville 31400 Toulouse
Article 18. Justification - Manifestly excessive exercise of rights
The exercise of the above rights is individual. They can only be exercised by the data subject in relation to his/her own information. In order to comply with this obligation, the identity of the person concerned will be verified.
It is reminded that if the requests of a data subject are manifestly unfounded or excessive, in particular because of their repetitive nature, the Company may:
- require payment of a reasonable fee that reflects the administrative costs incurred in providing the information, making the disclosures or taking the actions requested; or
- refuse to act on these requests.
Article 19. Optional or mandatory nature of the answers
The answers corresponding to the fields marked with an asterisk are mandatory and failure to answer them may jeopardize the proper completion of the Orders. In other cases, they are optional and shall not affect the completion of Your Order.
Article 20. Right of use
You grant the Company the right to use and process Your personal data for the purposes defined in Article 6 of this Charter.
Article 21. Security
It is the responsibility of the Company to define and implement the technical security measures, physical or logical, that it deems appropriate to fight against the accidental or illicit destruction, loss, alteration or unauthorized disclosure of personal data.
These measures include primarily:
- the use of security measures for access to the premises (locked offices, badges, etc.);
- the attribution of a login and password for any access to the Platform Service for any User and/or Professional;
- management of access rights to data (specific to our financial, accounting and communication departments);
- the connection log to our host.
To this end, the Company may be assisted by any third party of its choice to carry out vulnerability audits or penetration tests at the intervals it deems necessary.
In any event, the Company undertakes, in the event of a change in the means of ensuring the security and confidentiality of personal data, to replace them with means of superior performance. No change may lead to a reduction in the level of security.
In the event of subcontracting all or part of the processing of personal data, the Company undertakes to contractually impose security guarantees on its subcontractors by means of technical measures for the protection of such data and the appropriate human resources.
Article 22. Data breach
In the event of a violation of Your personal data, the Company undertakes to notify the CNIL in accordance with the conditions prescribed by the RGPD.
If such breach poses a high risk and the data has not been protected, the Company :
- will notify you immediately;
- will provide you with the necessary information and recommendations as soon as possible.
Article 23. Register of treatment
The Company has a processing register.
Article 24. Right to file a complaint with the CNIL
If You believe that the processing of Your personal data does not comply with the applicable regulations, You may at any time file a complaint with a supervisory authority, namely the Cnil in France:
Cnil - Complaints Department
3, place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
Tel : 01 53 73 22 22
Article 25. Developments
This policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations of the CNIL or of practices. Any new version of the present policy will be brought to Your attention by any means chosen by the Company, including electronically (for example, by e-mail or online).
Article 26. For more information
For further information, you can contact our data protection officer at the following e-mail address " email@example.com "
For more general information on the protection of personal data, you can consult the site of the Cnil www.Cnil.fr