VeraCash Customer Privacy Policy
1. Definition and nature of personal data
When you use the website accessible at the address www.veracash.com (hereinafter the “Platform”), we may ask you for personal data about yourself and/or a minor under your guardianship, which allow for the direct or indirect identification of the data subject. Within this context, we may collect the following personal data from you.
1.1 Information which you provide to us
We collect the following data for the purpose of performing the services we offer via the Platform:
- Information permitting your identification: full name, email address, telephone number, postal address and username;
- Information needed to verify your identity: a copy of your government issued ID card or passport and proof of address;
- Payment information: bank card numbers, and IBAN and BIC/SWIFT numbers in the case of SEPA transfers;
- Any information you choose to communicate to us.
1.2 Information which we automatically collect when you use the Platform
When you use the Platform, and for the purpose of the performance of our services, we may also collect your personal data automatically by means of the tools and services offered on the Platform, including the following data in particular:
- Information about use of the Platform’s tools and features: we collect information about your interactions with the Platform, namely the pages and content you view and the links on which you click;
- Connection data and information about the equipment and devices you use to log into the Platform: we collect device connection data whenever you access and use the Platform, including if you do not have an account with us, namely including your IP address, the dates and times of your visits, data about the hardware and software you are using, unique identifiers, crash data, and the pages viewed or displayed before and after you connect to the Platform;
- Information about payment transactions: payment dates and times, payment methods used, payment method expiry dates and payment amounts.
2. Object of this policy
The purpose of this policy is to inform you of the means we use to collect and process your personal data, in strict accordance with your rights.
On that subject, you are informed that we collect and manage your personal data in accordance with the current version of the French Data Protection Act no. 78-17 of 6 January 1978, as well as with the General Data Protection Regulation (hereinafter the “GDPR”).
3. Identity of the data controller
The data controller which is responsible for collecting and processing your data is the company VeraCash, a simplified joint stock company registered with the Bordeaux Trade & Companies Register (RCS) under number 808 689 657, with head offices located at 42 rue Tauzia, 33800 Bordeaux, France (referred to herein as “we” or “us”).
4. Personal data collection and processing
Your personal data are collected and processed for one or several of the following purposes:
(i) Management of your access to the Platform and to the services available on the Platform, along with use thereof, as well as for responses to any requests concerning your use of the services;
(ii) Performance of operations relating to the management and monitoring of our relations with our users when they make use of our services;
(iii) Establishment of a record of registered members and other users;
(iv) Transmission of newsletters and other informational messages about our latest news and/or any changes to our services. If you do not wish to receive these, you can choose to opt out at the time of data collection;
(v) Transmission of advertisements, particularly targeted advertisements. If you do not wish to receive these, you can choose to opt out at the time of data collection;
(vi) Production of statistics on the use of and traffic to our services;
(vii) Optimization of how our products and services work and how effective they are;
(viii) Management of people’s reviews of our products, services and content;
(ix) Compliance with our legal and regulatory obligations, namely as concerns the prevention of bank fraud. In that respect, we are required to verify or authenticate the information collected from you for payment transactions.
When we collect your personal data, you are informed of which information is required and which is optional. At the same time, you are also informed of any consequences, should you choose not to provide certain information.
5. Data recipients
The personnel at our company, our auditing services (namely, our statutory auditors) and our subcontractors, especially Treezor, will have access to your personal data. For more information on Treezor’s privacy policy, please click here: Treezor Privacy Policy.
Other potential recipients of your personal data are public authorities (exclusively in order to meet our legal obligations), representatives of the law, ministerial officials and collections agencies, as the case may be.
All recipients undertake to ensure the strictest confidentiality of your personal data in their possession.
6. Personal data transfers
Your personal data will not be sold, leased, exchanged or otherwise transferred to any third party.
You are however informed that we reserve the right to transmit your data to third parties in a fully anonymized and aggregated form, meaning in a form which does not allow for your identification in any way whatsoever.
7. Personal data storage period
The European General Data Protection Regulation 2016/19 of 27 April 2016, subject to legal restrictions, grants data subjects the following rights:
- Right of access: this is your right to obtain confirmation as to whether or not your data is being processed, and if so, to access that data.
- Right of rectification: this is your right to have your inaccurate data corrected and your incomplete data completed as soon as possible.
- Right of withdrawal: this is your right to withdraw at any time and in a simple way, your consent to process data.
- Right of deletion “Right to be forgotten”: this is your right to obtain, as soon as possible, the deletion of your data, subject to our legal obligation the fight against money laundering and terrorist financing.
- Right of limitation: it is possible to request the limitation of the processing of personal data according to the cases provided for in Article 18 of the European Regulation 2016/19 of 27 April 2016 on the protection of personal data.
- Right to object: this is your right to object at any time to the processing of your data by VeraCash for reasons relating to your particular situation provided for in Article 21 of the European Regulation 2016/19 of 27 April 2016, except in the case of legitimate and compelling reasons of VeraCash.
- Right to portability: this is your right to receive your data in a structured, commonly used, machine-readable and interoperable format, in particular for the purposes of transmission to another controller.
- Claims: ou have the right to lodge a complaint with a competent supervisory authority in the Member State in which you are habitually resident. In France: La Commission Nationale de l’Informatique et des Libertés, 3 Place de Fontenoy 75334 France. Useful link: https://www.cnil.fr/fr/webform/adresser-une-plainte
(i) Data relating to the management and monitoring of our relations with users of our services
Your personal data will not be kept for longer than strictly necessary to manage our relationship with you. However, the data establishing proof of a right or contract and which must be retained in the name of a legal obligation will be stored for the period stipulated by current law.
We will keep your data for a maximum of three (3) years from the later of the dates of their collection, of the last contact initiated by you or of closure of your account on the Platform.
At the end of those three (3) years, we may reach out to you to ask if you would like to continue to receive information about our services.
(ii) For data relating to bank cards
Financial transactions for the payment of financing operations and fees via the Platform are entrusted to a payment service provider which ensures they are conducted smoothly and securely.
As needed for the performance of the services, that payment service provider may receive your personal data in connection with your bank details, namely your bank card numbers, IBAN or bank account information, which it will gather and store in our name and on our behalf.
We do not have access to those data, with the exception of the IBAN and/or bank account information you provide to us as part of the account registration process.
To enable you to regularly carry out financial transactions and pay the associated fees via the Platform, your bank card data will be stored for the duration of your registration on the Platform and, at the very least, up until the time of your final transaction.
By checking the box provided expressly for this purpose on the Platform, you are giving your express consent to that data storage.
Data relating to your security code or CVC2, printed on your bank card, are not stored.
If you refuse to have the personal data relating to your bank card number(s) stored under the conditions stated above, we will not retain them for longer than the time needed to carry out the transaction.
In any case, transactional data may be retained in intermediate archives, for the purpose of proof in the event of any dispute of the transaction and for the period of time stipulated in Article L 13324 of the French Monetary and Financial Code, in this case thirteen (13) months from the date of the debit. That period may be extended to fifteen (15) months in order to account for the possibility of use of deferred debit cards.
(iii) For the management of unsolicited advertising mail opt-out lists
The information needed to handle your right to object is retained for at least three (3) years from the date of exercise of the said right.
(iv) For audience metrics
The information stored on users’ computers and devices, and any other elements used to identify and trace users and their visits to the Platform, are not retained for more than thirteen (13) months.(v) For the archiving of data relating to bank transactions
At the end of your data’s storage period as stipulated above, we will archive your data for a period of two (2) years in accordance with our legal obligations, particularly in relation to the prevention of bank fraud and money laundering.
8. Security
We take every necessary precaution, as well as appropriate organizational and technical measures, to protect the security, integrity and confidentiality of your personal data, and in particular to prevent them from being altered, damaged or accessed by an unauthorized third party.
9. Hosting
Through their storage period, your data will be retained and stored on the servers of the company VeraCash (which leases servers from the company OVH), located in France.
Your data will not be transferred outside the European Union within the context of your use of our services.
10. Consent
When you choose to apply for a position with our company, you expressly agree to provide your personal data to us under the conditions set out above and expressly give your consent to their collection and processing in accordance with the stipulations of this Privacy Policy and current legislation.
11. Cookies
Cookies are text files – often encrypted – which are stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser which then generates a text file. Every time the user returns to that website, the browser retrieves the file and sends it to the site’s server. There are four types of cookies (each with different purposes): technical cookies, functional cookies, performance cookies and targeting cookies.
You can inform yourself, accept or refuse these cookies by consulting the list of cookies.
[Important] If you use advertising blockers or a browser such as “Brave”, you will not be able to access the management of cookies that will be blocked by default. Your navigation on the site may be altered.
12. Access to your personal data
Pursuant to the French Data Protection Act no. 78-17 of 6 January 1978 and to the GDPR, you have the right to access your data (Article 15 of the GDPR), to have it communicated to you and if necessary to have it rectified or erased (Articles 16 and 17 of the GDPR). You can also contact our Data Protection Officer (DPO).
Data Protection Officer
Antoine Vincent
email: [email protected]
postal address: VeraCash – CS 81948 – 33800 Bordeaux Cedex
As a reminder, anyone with a legitimate reason for doing so may request a restriction of the processing of their personal data (Article 18 of the GDPR) or object to the said processing (Articles 21 and 22 of the GDPR).
You are informed that, in the event of the rectification or erasure of your personal data, or the restriction of their processing, as a result of a request made by yourself, we will notify the recipients to whom we have disclosed your data of those changes, unless such a notification should prove to be impossible (Article 19 of the GDPR).
13. Personal data portability
You have the right to the portability of the personal data you provide to us, understood as referring to the data which you actively and consciously communicated to us in accessing and using our services, as well as the data generated by your activity when using our services (Article 20 of the GDPR). As a reminder, this right does not pertain to data collected and processed on a legal basis other than consent or performance of the contract between us.
You may exercise this right at any time, free of charge, for the retrieval and storage of your personal data.
In that case, we will send you your personal data by any means which we may deem appropriate, in a standard, commonly used open source, machine-readable format, in accordance with current industry practice.
14. Submission of a complaint to a supervisory authority
You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the CNIL – French Data Protection Authority – for France) in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data as stated in this Privacy Policy infringes any applicable legislation or regulation.
You may exercise this right without prejudice to any other administrative or judicial remedy. In fact, you also have the right to effective administrative or judicial remedy if you consider that the processing of your personal data as stated in this Privacy Policy infringes any applicable legislation or regulation.
15. Communication of a personal data breach
If we detect a security breach in the processing of your personal data which is likely to result in a high risk to your rights and freedoms, we will notify you as soon as possible (Article 34 of the GDPR). At that time, we will explain the nature of the breach and the measures implemented to put an end to it.
16. Modifications
We reserve the right to modify this Privacy Policy at any time, in whole or in part, and at our sole discretion. Those changes will come into effect upon publication of the new policy.
17. Effective date
This Privacy Policy came into effect on October 1st, 2021.