Effective date: 23 October 2018
The user data manager
The customer who has subscribed to the service is responsible for the data he provides. Graaly acts as agent of the customer for the processing of its data through the Graaly service and as such, jointly endorses the responsibility for data processing in the strict scope of service usage.
Collection of your personal data
According to the law, we may use your data only for one or more of the following reasons:
- to execute an agreement concluded with you, or
- if a legal obligation compels us to use your data for a particular reason, or
- with your consent, or
- where such use corresponds to our legitimate interests.
Our Products or Services may collect your personal data in two ways:
- directly, when you freely provide your personal data to us;
- automatically, through the Product or Service technology.
In both cases, the legal bases allowing personal data usage are:
- The fulfillment of the service agreement binding us;
- Your consent ;
- Our legal obligations ;
- Our legitimate interests ;
- The data you give us
Personal data collected directly from you by the Product or Service may include the following data as well as any other type of information that we specifically request to provide through the Product or Service, such as:
- Data such as your name, first name and email address ;
- Usernames (email address) ;
- Your age ;
- Your sexual gender ;
- Your postal code ;
- Your comments, feedback, questions and contributions ;
- Your interests and preferences in commercial prospecting ;
- Other data that you want to share voluntarily ;
- The data collected automatically
The Product or Service automatically collects data related to your usage of the Product or Service. Automatically collected information includes:
- The IP address of your computer
- Information about your computer and your connection, such as the type and version of your internet browser, your operating system, the OS of your mobile or tablet, as well as the unique device identifier (“UDID”) and other technical identifiers;
- The URLs of your connections, including the date and time, and the content you access on the Product or Service.
Geolocation information and other information extracted from your Devices.
Once you use an Application on your Device, we collect and use information about you. In addition, we may collect location information with your consent if your Device has been configured to send such information to the App (see Device privacy settings), we may collect information about your device image gallery to save photos taken in the application. We can collect images about your camera to insert virtual objects. You may change the privacy settings of your Device at any time by disabling the features of geolocation, camera, microphone and image gallery information sharing with the App. However, be aware that disabling sharing of geolocation or image gallery information may affect some features of the App. For help with your device’s privacy settings, please contact your device manufacturer or mobile service provider.
Cookies and Web Beacons
A cookie is a small amount of data in the form of a text file, which often includes a unique identifier. Through your web browser, the cookie is sent by the website visited to your computer or mobile phone and is then stored on your hard drive.
Most websites use the following types of cookies:
- session cookies that are temporary and deleted when you close your browser;
- persistent cookies that remain until you delete them or expire;
- Web beacons, which are electronic images also called invisible pixels.
Generally, cookies and web beacons and similar technologies do not contain any personal data, but when you provide your personal data through the Product or Service, such personal data may be linked to Cookies.
Graaly and its service providers use the personal data collected for various purposes including: ease access to your account (LogIn account), administration and customization of the Service.
Graaly uses different types of cookies:
Cookies strictly necessary for your navigation on our site. They allow you to use the service. You may delete these cookies using your browser settings, however this will prevent you from using our website properly. The following strictly necessary cookies are used on our site:
- Session cookie (to keep the connected user’s session while browsing)
- Performance cookies that collect information about how you use our site including the most viewed pages or the error messages received. This helps Graaly to improve the performance of its website and its application. The performance cookies we use are provided by third parties:
- Google analytics
- Google maps
- Customization cookies that allow you to remember your preferences for interaction with our website and to offer improved and customized features.
No advertising cookies are used by Graaly.
The cookie retention time is 13 (thirteen) months after having collected it.
You have several ways to manage cookies. As each browser is different, we invite you to read the “Help” menu of your browser preferences rules concerning cookies. If you block cookies, you may not be able to register, log in or make full use of the Product or Service. You can also use your mobile phone settings to manage privacy options.
Our HTML emails can contain a web beacon to tell us if our emails are open and check all clicks through links in the email. We may use this information to determine which of our emails have caught your attention. The web beacon will be deleted when you delete the email. Plain text emails do not include a web beacon.
Usage of your personal data
We use the personal data collected by the Product or Service for different purposes:
- To provide and improve the use of the Product or Service and provide you with any technical support;
- To communicate to you the evolutions of our Products or Services;
- To enable you to customize the Product or Service and allow you to select the content you want to access or share with a third party;
- To analyze your data, enabling us to improve the Product or Service, identify your usage trends and determine the effectiveness of our Product or Service;
- To prevent and detect possible threats to the security of our Products or Services, fraud or any other illegal activity;
- To comply with our legal obligations, resolve disputes and enforce our contracts.
The personal data you provide is not subject to any disclosure and / or resale to third parties (including Managers) by Graaly.
However, the judicial or administrative authorities may require the communication of data enabling the identification of users.
Access to your personal data
Your data is stored securely and access is restricted to authorized personnel only.
You can ask to have access to your personal data located in our databases. You can also exercise your right to rectify this data or ask us to delete it.
The Product or Service may allow you to access your personal data, to make corrections or updates. The clarifications made are your sole responsibility.
To protect your privacy and the security of your personal data, we also take reasonable steps to verify your identity. To view and edit your personal information, you can go back to the web page or application where you originally submitted your data and follow the instructions, or contact us at the address below.
Data retention period
We only keep your data for as long as we need it. The length of time we need this data depends on why we use it – to provide services to you, to further our legitimate interests (as described above) or to comply with the law.
We will periodically review the information we hold and when we realize that their retention is no longer justified by legal, commercial or customer-related requirements, we will remove them securely or in some cases we will make them anonymous.
If you close your Graaly account, your personal data will no longer be visible on our Services within 24 hours. We usually delete information from closed accounts within 30 (thirty) days, with the following exceptions.
Information that you have shared with third parties (such as internal mail mails, news, comments, or posts in groups) will still be visible after you close your account or delete your profile or mailbox data. We do not control the data that other Members copy outside of our Services. The content and ratings of groups or the content of comments associated with a closed account will have as source “Unknown member” Your profile may continue to appear on third-party services (such as search engine results) until the update from their cache.
Means used to protect your data
We place your personal data against unauthorized access, unlawful use, accidental loss, corruption or destruction. We use technical measures such as encryption or the use of passwords to protect your data and the systems in which it is stored. We also take operational data protection measures such as limiting the number of people with access to the databases in which the reservation information is saved. We ensure that these security measures are regularly reviewed and we rely on industry safety standards to keep us informed of best practices.
Sending data outside the European Economic Area
We will only send data outside the European Economic Area (“EEA”) to work with the agents and advisers we use to provide you with services, or to fulfill a legal obligation. If we transfer data outside the EEA, we will ensure that they are protected in the same way as if they were used in the EEA. We will take one of the following measures to ensure their protection:
- send data to a country outside the EEA with privacy legislation as protective as the current one in the EEA
- enter into a contract with the recipient of the data to protect the data on the basis of standards similar to those required in the EEA, or
- transfer them to organizations that are part of the Data Protection Shield. The Data Protection Shield is a framework that sets the rules for data to be exchanged between the United States and European countries. The Data Protection Shield ensures that data is protected in accordance with standards similar to those used in the EEA.
You may view copies of any personal data that we hold and request to modify, correct or delete your personal data. You may also limit, restrict or oppose the processing of your data. You can also log into your Graaly account to update the information on it. If you have given us your consent so that we can use your data (for example, to send you our Newsletter), you may withdraw your consent at any time thereafter.
As a user, and in accordance with the current law, you alone are entitled to access, modify and delete your personal information. You can exercise this right via the online support, firstname.lastname@example.org, or by post, to: Graaly – Personal Information, 29 Chemin du Vieux Chêne, 38240 Meylan FRANCE, France – indicating your last name, first name, email address and home address.
Once your withdrawal request has been made we will respond as soon as we are able to do so and if necessary within one month. You are informed that if your request is complex, our response times may be longer.