Last updated: 04/2019
* * *
YOU MUST READ THE POLICY IN FULL BEFORE CLICKING ON THE “I HAVE READ AND ACCEPTED THE PERSONAL DATA PROCESSING POLICY” ICON AT THE END OF THIS DOCUMENT.
THIS PERSONAL DATA PROCESSING POLICY FORMS PART OF FIDME APP’S TRANSPARENCY PROCESS VIS-A-VIS THE USER IN THE WAY IN WHICH IT HANDLES PERSONAL DATA.
FIDME RESERVES THE RIGHT TO AMEND THIS CHARTER, TO REMOVE IT, OR TO MODIFY OR ADD CERTAIN CLAUSES. AMENDMENTS MAY BE MADE AT FIDME’S DISCRETION (I) EITHER BY WAY OF A NOTIFICATION IN THE APPLICATION AND/OR USER AREA, PROVIDED THAT THE USER HAS BEEN PREVIOUSLY INFORMED THEREOF WITH REASONABLE NOTICE; (II) OR ONCE THE USER HAS SPECIFICALLY ACCEPTED THE AMENDED VERSION OF THE CHARTER BY CHECKING A BOX OR CLICKING A BUTTON IN THE APPLICATION OR USER AREA.
* * *
ANY QUESTIONS THAT THE USER MAY HAVE ABOUT THIS PERSONAL DATA PROCESSING POLICY CAN BE SENT BY EMAIL TO CONTACT@FIDME.COM
In the interests of consistency, the definitions set out in the “Definitions” Clause of the GTCU shall also apply to this Personal Data Processing Policy.
The purpose of this Personal Data Processing Policy is to inform the User on how Fidme manages their personal data.
FidMe complies with Article 5 of the European Data Protection Regulation (GDPR), especially:
– the mobile user’s right to information;
– the obligation to obtain independent, specific, informed and unequivocal consent from mobile users prior to any data processing, with the consent given via clear declaration or intentional act;
– the mobile user’s right to access, right to rectification, right to object, right to data portability, right to restriction of processing, right to make a complaint to the French Data Protection Authority, and right to be forgotten;
– confidentiality and integrity of data collected.
According to the French Data Protection Act (loi Informatique, Fichiers et Libertés), it “covers any information on a private individual identified or who may be identified, whether directly or indirectly, by referring to an identification number or to one or several pieces of information specific to this individual”.
The “Account Data” refers to the following data: The User’s title, forename, surname, date of birth, postcode, email address, password and telephone number.
Account Data is collected in order to enable the User to create their User Account and to access and use the Services, the Website and the Application. The User can therefore manage the Loyalty Schemes that they hold using the Features of the Application and of their User Area. The User’s actions via the Application (e.g. creating a User Account, adding an Electronic Loyalty Card) are stored in order to enable data to be restored (e.g. Electronic Loyalty Cards stored in the Application, accumulated Loyalty Points etc.) in the event of the loss, theft of or change to the User’s Mobile Device.
Recipients of the data include: (i) The relevant employees and departments of Fidme (in particular the IT department and sales and marketing), and (ii) the service providers who assist Fidme in the operation and/or running of the Website and the Application, in particular the employees and departments of OVH SAS, based in Roubaix, France, the webhost provider for the Website and the Application.
The User may access their Account Data and change it at any time in the Profile section of the Application or User Area. They may delete all of their Account Data via the Profile section of the Website.
Some Professionals with a Barcode Card offer customers with their Loyalty Card the opportunity to create an online loyalty account on their own website or application. This loyalty account is defined by certain data such as: the User’s email address, and/or password, and/or the User’s date of birth, and/or their surname, and/or their postcode, and/or the relevant Electronic Barcode Loyalty card number.
Fidme collects the data listed above in the Application and uses it to “connect” the User’s Electronic Barcode Loyalty Card with the information in the online loyalty card account that they hold. This connection can only be made using Electronic Barcode Loyalty Cards where the relevant Professionals have agreed to their cardholders being covered by this feature in the Application.
Given that such data (i) has been provided by the User via a medium belonging to the Professional with a Barcode Card (usually their website or application), and (ii) is linked to the Electronic Barcode Loyalty Card registered with that Professional, any changes to data must be made through the Professional in question, usually via its website.
This data processing method makes it easier for the User to link their Loyalty Schemes for Professionals with a Barcode Card. For example, it means that information on the Loyalty Schemes that the User holds with Professionals with a Barcode will be updated in the Application, primarily by displaying the Loyalty Points balance with the Professional in question. This method also enables the User to receive personalised sales/promotional offers issued by the Professional with a Barcode Card for which they hold a Card, via in-app notifications.
In order to enable the User to benefit from its Loyalty Schemes with Professionals with a Stamp Card as well as the sales/promotional offers issued by these Professionals via the Application, or by email and/or SMS, Fidme collects and processes the following data: the User’s forename, surname, email address and telephone number.
The User may access their data and change it at any time in the Profile section of the Application or Website. They may delete all of their data via the Profile section of the Website.
To recap, the term “Professional Partner” refers to a commercial company which provides the User with sales/promotional offers or Discount Coupons for products and services, even if the User does not hold an Electronic Loyalty Card with them.
Fidme may be required to collect and process certain bank details for the User, in order to enable them to receive (if they so wish) Discounts (subject to conditions) issued by Professional Partners via the Application.
Fidme’s accounts department receives these bank details. Fidme sends the forename, surname, IBAN or Paypal email address to its technical service providers in charge of refunds to the User’s Bank Account.
The User’s bank details are not sent to any recipient other than the technical service providers listed above, who have undertaken via Fidme to process such data confidentially and securely.
The User may access, change or delete this banking data at any time in the relevant Banking Information section of the Application.
None of the User’s personal details will be sent to the Professional Partner with whom they receive the Discount.
With the user’s consent collected in FidMe app, Fidme, as data controller, collects and shares the location data and the mobile advertising identifier with its Geomarketing Partners listed below, for advertising and marketing purposes on behalf of their clients.
- Teemo SA, represented by Benoit Grouchko. For more information, go on https://teemo.co/fr/confidentialite/ or contact their DPO: firstname.lastname@example.org ;
- Vectaury SAS registered at RCS de Paris sous le n°799 256 730. For more information, go on https://www.vectaury.io/fr/personal-data or contact their DPO: email@example.com
- Singlespot, SAS, registered at RCS de Paris sous le n°809 644 347. For more information, go on https://www.singlespot.com/privacy_policy?locale=en or contact their DPO: firstname.lastname@example.org
- Adsquare GmbH located at Saarbrücker Str. 36 10405 Berlin Germany. For more information, go on https://www.adsquare.com/privacy or contact their DPO email@example.com
- Fidzup, SAS, registered at RCS de Nanterre sous le n°532 228 939, collect Mac address for more information, go on https://www.fidzup.com/vie-privee/
The retention period for location data
The location data is deleted within a maximum of 6 to 12 months, reduced to 1 month for all raw geolocation data not associated with points of interest. The location data is not stored by Fidme.
How to modify or/ and refuse consent?
The user may refuse the consent or modify his choice at any time, by going to” Data settings” and then “Manage my data settings”, accessible from his “Profile” on the app. If the User refuses to give his consent, Fidme will not share to its geomarketing partners.
The User has, with regard to data collected and processed by Fidme when it has the status of the controller, the following rights:
-Right of access to his personal data collected on the Website and via the Application,
-Right to modify them,
-Right to remove them
-Right to export them,
-Right to oppose their use for legitimate reasons,
-Right to oppose their treatment by removing your consents, accessible from the section “Data Settings” and “My Authorizations” of the “Profile” section of the User,
-Right to benefit from the portability of your data, under request email,
-Right to lodge a complaint with the CNIL.
The User may exercise his rights of access, rectification, deletion, portability, limitation, opposition, under the conditions provided by the applicable data protection regulations, as follows: by going in the data settings of his Profile, “Manage my data settings”.
The User may at any time exercise his rights by sending an email accompanied by a copy of his identity document to the Data Protection Officer (DPO) Damien Mollard at the email address: firstname.lastname@example.org
As a data controller, Fidme works and is committed to making the security of collected data a priority. In particular by applying the following methods to ensure the protection of our databases.
- Software security (IS protected against physical and computer intrusions from outside and against malicious acts);
- Regular use and update of antivirus and installation of a software “firewall”;
- Logging connections: all connections are saved in log files that are logged and kept;
- Protection against SQL injection, moreover the data sent by the users are secured and verified before insertion, and cannot be injected directly into the content of our SQL queries;
- All transactions that involve our databases are encrypted with the latest SSL encryption methods.
- Employee confidentiality agreement;
- Our employees are made aware of the security measures (obligation for each employee to turn off his computer or set up a screen saver password protected in case of absence even a few seconds, the introduction of individual passwords specific to each employee in order to protect access to computer equipment, etc.);
- Protection of access to our premises;
- Physical security (data center protected against intrusions and break-ins);
- Access to the server is reserved for authorized persons;
- Only our IT & data development teams can access IT;
- Only our sales, marketing and IT teams have individual access with personal ID and password, to the back office of the application.
The personal data collected by Fidme, are kept for the duration of the legal contractual relationship; from the creation and deletion of a user account in FidMe App. The data are deleted as soon as possible within 30 days from the request to delete the account.
Location data and advertising identifiers collected for advertising purposes will be deleted by our geomarketing partners, within a maximum of 6 months to 12 months, reduced to 1 month for all raw location data, not associated with points of interest. FidMe does not store geolocation data.
● Targeted offers received through in-app or out-of-app notifications
In the “Permissions” section of the Application, the User can opt to receive information on their use of the Application and sales/promotional offers via in-app or out-of-app notifications. These offers are targeted according to the Electronic Loyalty Cards held by the User as well as their geolocation. Fidme collects and processes the User’s Account Data and geolocation data for this purpose. Recipients of this data include: (i)Fidme ’s IT, sales and marketing departments, and (ii) the service providers who assist Fidme in sending targeted offers.
The User can opt to no longer receive targeted offers at any time under the “Permissions” section of the Application.
They can also contest the collection and processing of their geolocation data by changing the settings on their Mobile Device.
As indicated above, the User can suspend the collection and processing of their geolocation data by changing the settings on their Mobile Device. On iOS, the User can select “FidMe” under the Settings menu, where they can opt to “Never” share their geolocation data with the Application, or only “While Using the App”. On Android 5 and previous versions, geolocation data can be managed globally for the Mobile Device as a whole, while on Android 6 and later versions it can be managed individually for each application. The User can stop their geolocation data from being collected under “Location” in the Google settings, by selecting “Disable Google Location Reporting” or, if available, using the permissions for each application (Settings/Applications/Application Name/Permissions/Location).
Further details can be found by following the links below:
- Android 5 and earlier: https://support.google.com/googleplay/answer/6014972
- Android 6 and later: https://support.google.com/googleplay/answer/6270602
- iOS: https://support.apple.com/fr-fr/HT207092
● Offers by email
The User can agree to receive sales/promotional offers from Professional Partners by email in the “Permissions” section of the Application. In this case, Fidme will send the User’s email address to the service provider for mailing lists.
The User can change their email address at any time from the Profile section of the Application. The User can also unsubscribe from this mailing list at any time under the “Permissions” section of the Application, or by using the unsubscribe link in the emails.
The term “Cookie” refers broadly to any marker which is submitted and/or read during consultation of the Website or Application. A Cookie may contain information such as the name of the server that created it, a unique numerical username or an expiry date. This information is sometimes stored on an Access Method as a simple text file, which a server can access to read and record the information.
● “Session ID” Cookies
“SessionID” Cookies are used by the Website and Application to: (i) memorise information linked to a form that the User completes on the Website or the Application (e.g. registration forms for the Services or for access to the User Area); (ii) enable the User to access reserved or private areas of the Website such as their User Area, using usernames or data that they have previously sent to Fidme ; (iii) reconnect to content or to a Service after a certain time interval.
● “Technical” Cookies
Technical Cookies are used by the Website to: (i) adapt the Website’s editorial content to the technical configuration of the User’s computer or tablet, and to (ii) provide a download link for the Application when the internet user is browsing from a Mobile Device.
● “Security” Cookies
“Security” Cookies are used by the Application and the Website in order to improve the security of the services/sections/areas provided to the User (e.g. when logging in to the User Area or accessing the Application after entering the password).
● Visitor statistics Cookies
Visitor statistics Cookies are used by the Website and the Application to prepare statistics and numbers for visits to the Website and Application (e.g. by section, content type etc.), in order to (i) report to Professionals, Users and the general public on FidMe’s success, (ii) enable Fidme to make the Application more engaging and user-friendly, and (iii) analyse how Users use their Electronic Loyalty Cards.
The User is informed that they have the right to access their personal Cookie data at any time, and to opt whether or not to accept Cookies.
However, should the User opt not to accept Cookies, the Services cannot be used to optimum effect (in particular, browsing the Website, using the Application, the User Area, connecting to the Application and saving information in the User Area).
The User may manage, disable and enable Cookies at any time through their web browser settings. For example:
- On iOS: Go to Settings > Select the relevant browser > Accept cookies > “Never”/ “Frequently visited sites”/ “Always”.
- On Android: After launching the browser, click on the menu button (usually to the bottom left of the Mobile Device screen) > Plus > Settings > “Accept Cookies” or “Do not accept”.
- Cookies are managed and disabled in various ways according to which browser is being used. The User can also use the “Help” section of their browser to find out how to disable Cookies.
Should the User experience any problems with accessing or opting out of Cookies, they can contact Fidme by email at: email@example.com