1. Payinnov Privacy Policy

1.1. Payinnov, its affiliates and subsidiaries (hereinafter together referred to as “PAYINNOV”, “we/our”) are committed to preserving the privacy of our customers and users (“you/your”) who interact with PAYINNOV. You may provide us with information about yourself by completing forms on our website (the “Website”) or by corresponding with us by mail, telephone, e-mail or otherwise. This privacy policy (the “Privacy Policy”) sets out our practices in relation to the collection and sharing of personal information and is intended to inform you of the ways in which we collect such information, the uses we make of it and the ways in which we will share any personal information you choose to provide to us.

1.2 If you are an existing customer, further details of how we use your personal information are set out in your customer contract with us. Other notices highlighting certain uses we intend to make of your personal information and your ability to consent or withdraw consent to certain uses may also be provided when we collect personal information from you.

1.3. The Website may contain links to other websites belonging to third parties (for example, for the purposes of registering for events organized by third parties). If you follow a link to such websites, please note that they have their own privacy policies and that we are not responsible for their policies or for the treatment of your personal information. Please check these policies before providing any personal information to these third-party websites.

1.4. This Privacy Policy is intended to introduce you to our privacy practices and addresses the following:

(a) Personal information we may collect about you;

(b) Possible uses of your personal information;

(c) Protection of your personal information;

(d) Contacting us and your rights to prevent marketing communications and to access and update your personal information;

(e) Our Cookie Policy;

(f) How this Privacy Policy and the Cookies Policy may be modified.

2. Information we may collect about you

2.1 We will collect and process some or all of the following personal information about you:

Information you provide to us: personal information you provide to us, for example when you fill in a form on our Website, including, in particular, your name, e-mail address, telephone number, country and company (and/or professional sector). You may also provide us with your contact details, address and bank details to enable us to perform a contract you have entered into with us and to make payments to you in relation to products or services you provide to us;

Correspondence and other communications: if you contact us by telephone, post or e-mail, we will keep a record of this;

Information collected for surveys and feedback: we may also ask you to respond to a survey we conduct for research purposes or to provide us with feedback that will enable us to develop and improve our product and service offering. In this case, we will collect the information provided in the survey/feedback request to which you have responded;

Website usage and communications: detailed information about your visits to the Websites as well as information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, browser and operating system version, browser language, access time, traffic data, web logs, website movements, referring website addresses and other communications data. We may also collect information about the pages you visit within the Website and other actions you take when visiting our websites.

Information collected from third parties: We may also receive information about you from other sources, for example from our affiliates or business partners in connection with business opportunities, or through search engines, credit reference companies or government agencies in connection with our due diligence processes.

3. Use of your personal information

3.1. This section sets out the purposes for which we use the personal information we collect and hold and, under our obligations under European Union law, identifies the “legal basis” for processing such information.

3.2 These “legal grounds” are defined in the European Data Protection Act, which authorizes companies to process personal data only when this processing is based on the “legal grounds” specifically defined by this Act (an exhaustive presentation of each of these grounds is available in Appendix A).

3.3. Please note that, in addition to the disclosures identified above, we may disclose personal information for the purposes stipulated in this notice to Payinnov’s service providers, co-contractors, agents, advisors (for example: legal, financial, commercial or other advisors) and affiliates who carry out activities on our behalf, as well as to other members of the Payinnov group.

(a) In order to effectively communicate with you and conduct our business, including responding to your requests: In order to respond to your contact requests, your requests to register for events organized by Payinnov or your requests for an appointment with one of our experts, to respond to your requests for a proposal or offer if you wish to do business with us or we may contact you if we wish to do business with you, in order to respond to your application or, more generally, to communicate with you and/or other internal and external parties about you, or to perform our obligations arising from agreements entered into with you;
Reason for use: performance of contract, legitimate interests (to enable us to perform our obligations and provide you with our services).

(b) To provide you with access to restricted areas of the Website.
Reason for use: performance of contract.

(c) To provide you with marketing materials: to send you, by e-mail, additional information, alerts, offers and invitations to Payinnov events, if you have opted to receive them. We may also use your information to market to you our own products and services and those of our selected business partners by [post, e-mail, SMS, telephone and fax] and, if required by law, we will ask for your consent at the time we collect your data to carry out any of these types of marketing. We will give you the opportunity to unsubscribe or withdraw your consent to further communications in any electronic marketing communications we send to you, or you may withdraw your consent by contacting us as set out in the “Contact us” section below.
Reason for use: consent, legitimate interests (to keep you informed of new products and services).

(d) Research and development purposes: to analyze your personal information to better understand you and the service and prospecting requirements of our other customers, to better understand our business and to develop our products and services;
Reason for use: legitimate interests (to enable us to improve our services).

(e) To personalize your experience on our Websites: to collect statistics about your use of our Websites and their effectiveness through various technologies, and to personalize your experience when you browse our Websites and customize our interactions with you (see Section 6 below for more information).
Reason for use: consent, legitimate interests (improving your user experience).

(f) To monitor certain activities: to monitor certain requests and operations in order to guarantee service quality, compliance with procedures and to combat fraud;
Reason for use: legal obligations, legal claims, legitimate interests (ensuring the quality and lawfulness of our services).

(g) To inform you of changes: to inform you of changes to our services and products;
Reason for use: legitimate interests (to inform you of changes to our services).

(h) To ensure the relevance of our Website: to ensure that the content of our Websites is presented in the most effective way for you and your device, which may involve us passing on data about you to business partners, suppliers and/or service providers;
Reason for use: legitimate interests (to enable us to provide you with content and services on the Websites).

(i) In order to reorganize or modify our business: in the event that we:

(i) enter into negotiations with a view to selling our business or part of it to a third party;

(ii) are being restructured, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process to review any proposed sale or restructuring. We may also need to transfer your personal information to such reorganized entity or third party after the sale or reorganization so that they can use it for the same purposes as set out in this policy.

Reason for use: legitimate interests (to enable us to develop our business).

(j) In connection with legal or regulatory obligations: We may process personal information about you in order to comply with our regulatory obligations or to interact with regulators where appropriate, which may result in us disclosing personal information about you to third parties, the judiciary and/or regulators or law enforcement agencies in connection with requests, proceedings or investigations by such parties, anywhere in the world or if we are compelled to do so. If we are authorized and have the means to do so, we will address any such request to you or, alternatively, we will notify you before responding, unless doing so would be detrimental to the prevention or detection of an offence.
Reason for use: legal obligations, legal claims, legitimate interests (cooperating with law enforcement authorities).

4. Transmission, storage and security of your personal data

Recipients

4.1. In order to respond to your requests, we may need to share or, more generally, transfer your personal information within Payinnov, for example to Payinnov’s Sales, Communication or Marketing teams based in France or responsible for your professional sector. If necessary, we may also transfer your personal information to third parties, such as external event organizers or partner companies who may be in a better position to respond to your request.

4.2. We may also share your personal information with our service providers who perform services on our behalf, for the purposes described in this Privacy Policy. We contractually require these service providers to use or disclose personal information only to the extent necessary to perform services on our behalf.

Internet security

4.3. We cannot guarantee that data transmissions over the Internet or to a website will be secure against intrusion. However, we apply commercially reasonable physical, electronic and procedural security measures to protect your personal information in accordance with data protection legislative requirements.

4.4. All information you provide to us is stored on our secure servers or those of our subcontractors and access to and use of these servers is subject to our security policies and rules.

Exports outside the EEA

4.5. Staff or suppliers located in a country other than yours, whose data protection laws may be less stringent than those of your country, may access your personal information and such data may be transferred to such a destination and/or stored in such a country. In all circumstances, we will safeguard personal information in the manner set out in this Privacy Policy.

4.6. If we transfer personal information from a member country of the European Economic Area (the “EEA”) to a country outside the EEA, we may be required to take specific additional measures to protect such information. Some countries outside the EEA have been approved by the European Commission as providing substantially equivalent safeguards to those covered by European data protection laws, and therefore no additional safeguards are required to export personal information to these territories. In countries that have not been approved (the full list of which is available here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfers, such as standard contractual clauses approved by the European Commission or other legal grounds permitted by applicable legal requirements.

4.7. Please contact us if you would like to see a copy of the specific safeguards applied to the export of your personal information.

Data retention

4.8. Our retention periods for personal data depend on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information in question was collected, as well as for any other related permissible purposes. For example, we may retain the information you have provided to us for as long as necessary to provide you with the services you have requested through our Websites and until the expiry of the period allowed for the formulation of claims that may arise from such services, or to comply with regulatory requirements relating to the retention of such data. Accordingly, if we use your personal information for more than one purpose, we will retain it until the longer retention period expires, but we will cease to use it for the purposes for which the shorter retention period has expired.

4.9. Once personal data is no longer of use to us, we either anonymize it irreversibly (and can then continue to store and use it) or destroy it securely.

5. Your rights and how to contact us

Prospecting

5.1. You have the right to ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your personal information for such purposes or if we wish to disclose your information to any third party for such purposes. You may exercise your right to prevent this type of processing by refraining from checking certain boxes on the forms we use to collect personal information about you. You may also exercise this right at any time by contacting us as set out in the “Contact us” section below.

Updating information

5.2. We will make reasonable efforts to ensure that your personal information is accurate. To help us do this, you should notify us of any changes to the personal information you have provided to us by contacting us as set out in the “Contact Us” section below.

Your rights

5.3. If you have any questions about our use of your personal information, you should first contact our Data Protection Officer.

Under certain conditions, you may be entitled to request that:

(a) we provide you with further information about our use of your personal information;

(b) provide you with a copy of the personal information we hold about you;

(c) correct any inaccuracies in the personal information we hold about you (please see paragraph 5.2);

(d) delete any personal information that we are no longer legally entitled to use;

(e) if the processing is based on your consent, you may withdraw your consent in order for us to cease the processing concerned (see paragraph 5.1 on prospecting);

(f) you may object to any processing based on our legitimate interests unless our reasons for undertaking the processing outweigh any prejudice to your data protection rights; and

(g) limit the way in which we use information about you while a complaint is being investigated.

5.4. Please note that certain exceptions apply to the exercise of these rights and that you will not be able to exercise them in all cases. In addition, these vary slightly between different EU member states. For example, in France, in addition to the rights listed above, you are also entitled to define directives concerning the way in which you wish your personal data to be used after your death. If you wish to exercise any of these rights, we will verify your entitlement to do so and respond within the applicable time limits.

5.5. If you are dissatisfied with our use of your personal information or with our response to any exercise of these rights, you are entitled to make a complaint to the Supervisory Authority in your place of habitual residence or in the place where the alleged breach of the law occurred. Please click here to consult the list and contact details of the EU Supervisory Authorities.

5.6. How to contact us

If you have any questions whatsoever in relation to this policy or if you wish to exercise any of your rights mentioned above, please contact our Data Protection Officer at the following e-mail address: contact@payinnov.io

6. Cookie Policy

6.1. We use cookies on the websites. For more information on how we use cookies, please see our Cookie Policy.

7. Changes to our Privacy Policy and/or Cookies Policy

7.1 We may change the content of our websites and the way we use cookies. Consequently, our Privacy Policy and Cookie Policy may change from time to time in the future. If we change this Privacy Policy or our Cookie Policy, we will update the last modification date below. In the event of substantial changes, we will clearly indicate this on our Website.

7.2 This Privacy Policy was last updated on July 21, 2021.

Appendix A: Purpose of use

The use of personal information within the meaning of European data protection laws must be justified by one of several legal “grounds” and we are required to define these grounds in respect of each use in this policy. You will find an overview of the scope of these grounds [here][link]. We indicate the grounds we use to justify each use of your personal information next to the relevant use in the “Uses of your personal information” section of this policy.

The main legal grounds for our use of your personal information are as follows:

Consent: if you have consented to the use of your personal information (you will have received a consent form in connection with any such use and may withdraw your consent using the “unsubscribe” option contained in the e-mail you received or by using the “Contact Us” form).
Performance of a contract: if your personal information is required to enter into or perform a contract with you.
Legal obligation: if we need to use your personal information to comply with our legal obligations.
Legitimate interests: if we use your personal information to serve a legitimate interest and the purposes for which we use the information outweigh any prejudice to your data protection rights.
Legal claims: if we need your personal information to defend ourselves against you or a third party, to take legal action against you or a third party, or to make a claim against you or a third party, or in the event of a claim against us.