POLITIQUE DE CONFIDENTIALITÉ

1. INTRODUCTION

The protection of your personal data is important to us. We are committed to collecting only the data we need to provide you with optimal service, to ensure confidentiality and security, including when we use providers and to facilitate the exercise of your rights over your data. .

We thus comply with all the provisions applicable to the protection of privacy and personal data, in particular the amended law of 6 January 1978 relating to data processing, files and freedoms as well as the EU Regulation 2016 / 679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

This privacy policy describes the personal data we collect, how it is used and your rights in this regard. It applies to any user who accesses the application and uses the services offered on the application.

We reserve the right to modify this privacy policy at any time. The most current version of this policy governs our use of your information and will always be available on the application or on request from HypnoTidoo

If we should make a substantial change to this privacy policy, we undertake to notify you via your email address.

2. DATA PROCESSING MANAGER

HypnoTidoo

Joint stock company

Headquarters: 2F Chemin des coteaux, 14123, Fleury sur Orne

Represented by Hector Bienvenu, President

3. DATA WE COLLECT

As part of the use of our services and your navigation on our application, HypnoTidoo collects several categories of data which you will find details below. Those data come from:

  • Information that you communicate to us when you register on our application, or when you exchange with HypnoTidoo. This personal information is:
  • Data allowing your identification (name, first name, email, password)
  • The connection identifier if you connect via your email
  • Messages sent via the Support function
  • Information from your registration via your email
  • Navigation data (cookies and IP address).

We use cookies to improve access to our application and the user experience. To find out more about the cookie use policy, you can consult our “cookie treatment policy” available here.

We do not process specific categories of data (sensitive data) such as the data listed in Article 9 of the GDPR which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or union membership, genetic data, biometric data, health data or data relating to people's sexual life or sexual orientation

4. PURPOSES

HypnoTidoo processes your personal data for specific, explicit and legitimate purposes.

In particular, this data is intended for:

  • creating and managing your account;
  • the use of our services;
  • send you relevant communications tailored to your needs directly related to the site services;
  • secure the site as well as the data and exchanges taking place on the site;
  • Evolve our services to offer you new functionalities and adapt to your needs;
  • Communicate with you;
  • respond to an order from the legal authorities and in particular to fight against fraud and more generally against any criminal activity.

5. LEGAL BASIS OF THE TREATMENTS

HypnoTidoo processes most of your personal data within the framework of the contract that you concluded when you registered on the application via the acceptance of our general conditions of use. However, we may process certain data relating to you on the basis of your consent, due to legal obligations or to meet our legitimate interest in processing them.

HypnoTidoo therefore offers to subscribe to its newsletter if you wish to receive relevant communications in connection with the services offered on the application

6. RECIPIENTS OR CATEGORIES OF RECIPIENTS

HypnoTidoo is the recipient of the personal data collected.

We may also be able to share certain information for legal reasons or in the event of a dispute.

Finally, we only communicate your personal data to companies or third parties in the following circumstances:

  • When necessary for external processing purposes, and only in this case, we transmit this data to our trusted service providers who process it on our behalf, according to our instructions or according to a contractual agreement, in accordance with this privacy policy and while respecting all other appropriate security and confidentiality measures We may transmit your personal data to them only for the purposes set out below. Thus, we call in particular on our service providers responsible for ensuring the hosting and security of our information systems and our site.

The list of our subcontractors can be communicated to you by sending your request to

contact@hypnotidoo.com

  • We keep or disclose your information if we believe it is reasonably necessary to comply with any legal or regulatory obligation, any legal process or administrative request, to protect the security of a person, to deal with any problem of a fraudulent, security or technical nature. , or to protect the rights or property of our users.

HypnoTidoo does not sell your data and will never transmit your personal data to any third party likely to use it for its own purposes and in particular for commercial and / or direct advertising purposes, without your express consent. Consequently, HypnoTidoo does not disclose personal information outside of the situations described in this privacy policy.

7. TRANSFER OF DATA OUTSIDE THE EU

All of our servers on which your data is stored and those of the service providers used to exchange and store this data are located in Europe.

In the event that HypnoTidoo uses subcontractors located outside the European Union, it undertakes to ensure that its subcontractors present protection measures recognized as sufficient within the meaning of the GDPR. They may in particular be subcontractors located in any other country recognized by the European Union as ensuring an adequate level of protection of personal data (“Adequacy Decision”), subject to an agreement data transfer in accordance with standard contractual clauses adopted by the European Commission or, any other protection measure recognized as sufficient by the European Commission.

8. DURATION OF DATA RETENTION

HypnoTidoo retains your information as long as your account remains active, unless you request their deletion or that of your account. In some cases, we may keep information about you because of the law or for other purposes, even if you delete your account. Thus, the data used for commercial prospecting purposes can be kept for a period of three years from the deletion of your account, unless you have decided to exercise your right to object under the conditions provided for in article 10.

Furthermore, the data used to establish proof of a right or a contract, or kept for compliance with a legal obligation, may be subject to an intermediate archiving policy for a corresponding period the statutory limitation period (and in particular the common law period of 5 years).

9. DATA SECURITY

HypnoTidoo implements the appropriate technical and organizational measures to guarantee the security, confidentiality, integrity and availability of the services and protect the data against destruction, loss, alteration, unauthorized disclosure of personal data personnel transmitted, stored or otherwise processed, or unauthorized access to such data.

HypnoTidoo undertakes to use all available means to ensure the security and confidentiality of this data, in particular:

  • We encrypt most of our services using https technology;
  • Access to your account is done using a secure username and password;
  • Access to personal data is strictly reserved for employees and providers of HypnoTidoo who need to access it in order to process it on our behalf. These people are subject to strict confidentiality obligations.

10. YOUR RIGHTS

In accordance with the regulations on personal data, you have a right:

  • access (article 15 of the GDPR),
  • rectification (article 16 of the GDPR),
  • erasure (article 17 of the GDPR),
  • limitation of processing (article 18 of the GDPR),
  • portability (article 20 of the GDPR),
  • opposition (article 21 and 22 of the GDPR),

Access rights

You have the possibility of obtaining from HypnoTidoo confirmation that the data concerning you are or are not processed and, when they are, access to said data as well as the following information:

  • the purposes of the processing;
  • data categories;
  • the recipients or categories of recipients to whom the data have been or will be communicated;
  • where possible, the envisaged data retention period or, when this is not possible, the criteria used to determine this period;
  • the existence of the right to request HypnoTidoo the rectification or erasure of data, or a limitation of the processing of your data, or the right to oppose this processing;
  • the right to lodge a complaint with the CNIL;
  • when the data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in such cases, useful information regarding the underlying logic, as well as the importance and expected consequences of this processing for you.

When the data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate guarantees, with regard to this transfer.

Your right to obtain a copy of your data must not affect the rights and freedoms of others.

Right of rectification

You have the possibility of obtaining from HypnoTidoo, as soon as possible, the rectification of the data concerning you which are inaccurate. You also have the option of having the incomplete data completed, including by providing an additional declaration

In order to allow you to exercise this right as easily as possible, we invite you to make these modifications and additions directly to your account. If you consider that other data concerning you should be modified or supplemented and you are unable to make this change by yourself, we invite you to request it directly from us by contacting us

Erasure rights

You have the possibility of obtaining from HypnoTidoo the erasure, as soon as possible, of data concerning you when one of the following reasons applies:

  • the data is no longer necessary with regard to the purposes for which it was collected or otherwise processed by HypnoTidoo;
  • you have withdrawn your consent to the processing of this data and there is no other legal basis for the processing;
  • you exercise your right to object under the conditions set out below and there are no compelling legitimate grounds for processing;
  • the data have been subject to unlawful processing;
  • the data must be erased to comply with a legal obligation;
  • the data were collected from a child.

Limitation rights

You have the possibility of obtaining from HypnoTidoo the limitation of the processing of your data when one of the following reasons applies:

  • HypnoTidoo verifies the accuracy of the data following your challenge to the accuracy of the data,
  • the processing is unlawful and you object to the erasure of the data and instead demand the limitation of their use;
  • HypnoTidoo no longer needs the data for the purposes of processing, but it is still necessary for you to establish, exercise or defend legal claims;
  • You have objected to the processing under the conditions recalled below and HypnoTidoo verifies whether the legitimate grounds pursued prevail over your alleged grounds.

Right to data portability

You have the possibility of receiving data concerning you in HypnoTidoo, in a structured, commonly used and machine-readable format when:

  • data processing is based on consent, or on a contract and
  • processing is carried out using automated processes. When you exercise your right to portability you have the right to obtain that the data be

sent directly by HypnoTidoo to a data controller who you designate when technically possible.

Your right to the portability of your data must not infringe the rights and freedoms of others.

Right to object

You have the right to object at any time, for reasons relating to your particular situation, to the processing of data concerning you based on the legitimate interest of HypnoTidoo. HypnoTidoo will no longer process the data, unless it demonstrates that there are legitimate and compelling reasons for the processing which prevail over your interests and your rights and freedoms, or may keep them for the recording, exercise or defending legal rights.

You can object to the sending of communications. To this end, we provide you with several unsubscribe links on all emails that we send to you.

*** Note that you do not need to pay any fees to access your personal data or exercise your rights. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive.

We may also need to contact you to request additional information in relation to your request in order to respond to you. Any response will be provided to you within one month. Exceptionally, we may exceed this period of one month if your request was particularly complex.

13. RIGHT TO LODGE A PROCEEDING WITH A SUPERVISORY AUTHORITY

The competent supervisory authority to deal with any request concerning us is the National Commission for Data Protection (CNIL). If you wish to enter the CNIL for any request, you will find the contact details below:

CNIL (NATIONAL COMMISSION FOR INFORMATION TECHNOLOGY AND LIBERTIES)

3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

Phone. : 01 53 73 22 22

(Monday to Thursday 9 a.m. to 6.30 p.m. / Friday 9 a.m. to 6 p.m.)

Fax: 01 53 73 22 00

If you wish to file a complaint with the CNIL, you can complete the online complaint form available at the following address: https://www.cnil.fr/fr/plaintes.

If you have a question about your IT rights and freedoms, you can consult the CNIL website: www.cnil.fr.