of the mão boa Platform
1. Preamble and scope of application
The Organization is concerned about respecting your privacy and the confidentiality of your Personal Data when you use the Platform. The latter is thus committed to processing your Personal Data in compliance with applicable laws and regulations, and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the "GDPR"), and Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms, in its current version (hereinafter, together the "Applicable Regulations").
the Organization's employees wishing to register on the Platform in order to take part in Actions (the "Users") ;
the Organization's referents following the proposed initiatives and the actions of the Users involved (the "Admin Users");
the representatives of the partners listed on the Platform (the "Partner Users").
2. Data collected and purpose
Users' Personal Data are collected and processed for specific purposes and in accordance with the Applicable Regulations, under the conditions detailed below:
2.1 Personal information collected from third parties:
For a better experience, and in order to provide our service, we may collect personal information from other sources.
3. Recipients of the Personal Data
As a matter of principle, the Organization undertakes not to disclose to third parties the Personal Data communicated by Users. These Personal Data are exclusively used by its internal services and will not be transferred or sold to third parties under any circumstances.
However, in the context of the use of the Platform, your Personal Data may be shared with other Users. In particular, when as a User you participate in a proposed action (challenge, routine), your Personal Information is shared with other Users of your Organization.
In addition, Personal Data may, if necessary, be transmitted to third party subcontractors involved in the provision of the Platform (technical and hosting service providers, customer follow-up and satisfaction surveys, management of security incidents or fraudulent activity, etc.).
Finally, Personal Data may be disclosed to a third party if the Organization is required to do so by law, regulation, or court order, or if such disclosure is necessary for the purposes of an investigation, injunction, or legal proceeding, whether domestic or foreign.
4. Retention of Personal Data
The Personal Data associated with your User Account is kept for the duration of the activity of the User Account. It will be deleted as soon as you request it or at the end of a three (3) year period of inactivity.
The Personal Data related to the actions performed are kept for a maximum of five (5) years from the date of the end of the action (challenge, routine).
Personal Data collected in the context of satisfaction surveys and User feedback are kept for a maximum period of one (1) year after their analysis by the Organization.
In any case, the Organization will only keep your Personal Data for the time strictly necessary to achieve the purpose for which it was collected.
Furthermore, the above-mentioned periods are without prejudice to the right of the Organization to keep the Personal Data in intermediate archives beyond these periods, for the applicable prescription periods, on the basis of its legitimate interest in managing possible disputes, or if it is subject to legal obligations to keep the Personal Data in question.
5. Security of Personal Data
The Organization implements all technical and organizational security measures necessary to protect Users' Personal Data from unauthorized or unlawful access, disclosure, modification, damage or destruction of the Personal Data it holds.
To this end, the Organization and its technical and hosting service providers have deployed appropriate measures to ensure the integrity, confidentiality and security of the Personal Data (in particular through the implementation of a security procedure and penetration tests of the Platform). However, the Organization cannot guarantee that Personal Data will not be intercepted or disclosed by a third party.
6. Transfer of Personal Data
Users' Personal Data is stored on servers located within the European Union and in particular in France via our partner Online SAS. In this context, the Organization does not transfer any Personal Data outside the European Union.
7. Respect and exercise of Users' rights
Under the conditions of the Applicable Regulations, you may exercise, at any time, the rights detailed below:
right of access: you may obtain information on the nature, origin and use of your Personal Data. In case of transmission of your Personal Data to third parties, you can also obtain information concerning the identity or the categories of the recipients;
right of rectification: you can request that inaccurate or incomplete Personal Data be rectified or completed;
right to erasure: you may request the erasure of your Personal Data, in particular if the Personal Data are no longer necessary for the processing carried out. The Organization shall proceed to the deletion of the Personal Data
right to limitation of processing: you may request that your Personal Data be made temporarily inaccessible in order to limit their future processing in the situations provided for by the Applicable Regulations;
right to object: you may object to certain processing of your Personal Data on grounds relating to your particular situation unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may also object to the processing of your Personal Data at any time and without reason for commercial prospecting purposes.
right to portability: in applicable cases, you may request to receive communication of the Personal Data you have provided to the Organization, in a structured and commonly used computer format.
right to communicate instructions as to the fate of your Personal Data in the event of your death.
You can exercise these rights by contacting the Data Protection Officer (DPO) of Mao boa at the following email address: email@example.com.
If you exercise these rights, we will endeavor to respond to your requests as soon as possible, at least within 3 working days of receipt of your request. If necessary, due to the complexity and number of requests, this period may be extended by two months. You will be informed in advance of this extension and the reasons for the postponement.
You may also address a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL), whose headquarters are located at 3 Place de Fontenoy - 75007 Paris, in the event that you consider that a processing of Personal Data does not comply with the Applicable Regulations.
9. Identity of the Data Protection Officer
The Data Protection Officer appointed by Mao boa can be reached at the following address: firstname.lastname@example.org