1. Definition and nature of personal data
Whenever you use the platform, that can be accessed from www.swapcard.com website and/or on the "Swapcard" mobile application, (hereinafter referred to as the "Platform"), for the purposes of using the provided networking services that enable you to increase your professional network, we may request some personal information about you.
We also collect some of your personal data when you register directly on our Platform to participate in a professional event, or when an event organizer wishes to provide you with our services within the context of the event for which you are registered and sends us your contact details in order that we may contact you.
The term "personal data" designates all data that allows an individual to be identified directly or indirectly, which corresponds in particular to your surname, first names, postal and e-mail addresses, telephone numbers, country of origin, time zone, and data relating to your transactions on the Platform, your bank card numbers, your profiles on social networks, the name of your company, a photo of you, your job title and areas of expertise, the type of people you wish to meet, the themes which you are interested in, your IP address, navigation data, data from recordings of calls with our teams (for example: the content and dates of the calls), as well as any other information you provide to us about yourself.
2. Purpose of this Charter
The purpose of this charter (hereinafter referred to as the "Charter ") is to inform you of the means by which we collect and process your personal data, with the strictest respect for your rights.
3. Identity of the entity responsible for collecting and processing data
Responsibility for the collection and processing of your personal data lies with the company Swapcard Corporation, a simplified joint stock company, registered with the Registry of Trade and Companies of Paris under number 790 356 760, whose head office is located at Chez Spaces Bonne Nouvelle, 17 - 21 Rue Saint Fiacre, 75002 Paris, France, (referred to within the framework of this Charter as "Us" or "We").
4. Collecting and processing personal data
Your personal data is collected and processed for one or more of the following purposes:
- To manage your access to and use of the services available on the Platform.
- To carry out customer management operations relating to contracts, invoices, follow-ups with customers, etc.
- To compile a list of registered members, users, customers and prospective customers.
- To issue newsletters, invitations and promotional advertisements. Should you not wish to receive these, we offer you the option to refuse them at the moment your data is being collected.
- To sent you suggestions for networking connections with other users of the Platform. Should you not wish to receive these, we offer you the option to refuse them at the moment your data is being collected.
- To compile commercial and web traffic statistics for our services.
- To manage reviews on products, services or content.
- To record your calls with our teams for the purposes of training and improving our services.
- To manage unpaid invoices and potential disputes regarding the use of our products and services.
- To adhere to our legal and regulatory obligations.
We shall inform you, when requesting your personal data, if certain information must be provided or if it is optional. We shall also inform you of the consequences should you not wish to provide this information.
We also inform you that we are likely to collect your data indirectly, either from organizers of events which you are attending, and thus enabling you to use our services, or from other users of our services.
In this respect, you are hereby informed that we may reuse your personal data that is stored in the address book of another user of our services who has expressly authorized us to access their contacts to put you in contact with each other.
5. Recipients of the collected and processed data
Our company's staff, monitoring or control services (auditors in particular) and our subcontractors (hosting service provider, newsletter publishing tool, telephone call monitoring and recording service provider, audience measurement tool) will have access to your personal data.
For the purposes of the networking service, we will also provide your personal data to the organizers of professional events for which you are registered and for which you have used the services of the Platform. The event organizer may use this data for the same purposes and under the same conditions as those referred to in this Charter. The event organizer remains solely responsible for their respect of their own legal and declarative obligations with regard to their processing of your personal data, which they carry out themselves, with their own means and for their own requirements. We are only responsible for our use of your personal data, this excluding any other use by the event organizer.
Government agencies or representatives of the law, ministerial officers or organizations responsible for the collection of debts may also be recipients of your personal data, for the sole purposes of meeting our legal obligations.
We may transfer your information to service providers, advisers, potential transaction partners or other third parties within the scope of any review, negotiation or completion of a business acquisition should our company be sold to or merge with another company, or should we sell, liquidate or transfer all or part of our assets.
6. Assignment of personal data
Your personal data will not be assigned to, rented to or exchanged with any third party, with the exception of the organizers of events for which you are registered and to whom we provide data concerning you, in relation with their events.
We may generate, and share with organizers of events for which you are registered, usage statistics collected by individuals during an event, in order to calculate the rate of use of our services and have a clear understanding of interactions within their community. This data includes both anonymous generic usage data (e.g. number of users, average number of user contacts, percentage of user additions, number of active users) and personal data related to events organized by the organizer and for which you are registered.
7. Data retention period
[fs-toc-omit] (i) Regarding data relating to customer and prospect management:
Your personal data shall not be retained any longer than is strictly necessary for the management of our business with you. However, data proving the existence of a right or a contract must be kept in order to adhere to legal obligations and shall be held for the term stipulated by the applicable law.
Regarding potential prospecting operations for customers, their data may be held for a period of four (4) years after the termination of the business relationship in question.
Personal data relating to a prospective customer, who is not already a customer, may be held for a period of three (3) years from the moment it is collected or from the last contact with the prospective customer.
At the end of this period of four (4) years, we may contact you again in order to find out if you wish to continue to receive commercial solicitation.
[fs-toc-omit] (ii) Regarding user data:
Your personal data is kept for a period of 3 (three) years from the date of your last use of the application.
[fs-toc-omit] (iii) Regarding bank card data:
Financial transactions relating to payments for purchases and fees on the Platform are entrusted to a payment service provider who ensures the smooth processing and security of these transactions.
For the purposes of the services, this payment service provider may require us to send them your personal data relating to your bank card numbers, which it collects and stores in our name and on our behalf.
We do not have access to this data.
In order to enable you to make regular purchases or pay any related fees on the Platform, data relating to your bank cards is retained for the duration of your registration on the Platform and at the very least, up to the time you carry out your last transaction.
By checking the box on the Platform expressly reserved for this purpose, you give us your express consent to retain this data.
Your banking card's security code or CVV2 code is not stored.
If you do not want your personal data relating to your bank card numbers to be retained under the conditions specified above, we shall not keep this data beyond the time necessary for the completion of the transaction.
In any event, data relating to the card may be retained for the purposes of providing proof in the event of a transaction subsequently being contested, in intermediary archives, for the period stipulated in Article L 133-24 of the French Monetary and Financial Code, namely thirteen (13) months following the date the card is debited. This period may be extended to fifteen (15) months in order to account for the possibility of deferred debit cards being used for payment.
[fs-toc-omit] (iv) Regarding the management of opt-out lists compiled during prospecting activities:
Information enabling recognition of your right to opt-out is retained for a minimum of three (3) years following the exercising of your right to opt out.
[fs-toc-omit] (v) Regarding web audience tracking statistics:
Information stored in users' terminals, or any other means used to identify users and enabling them to be tracked or to measure the frequency of their visits, shall be retained for no longer than thirteen (13) months.
[fs-toc-omit] (vi) Regarding invoices:
Invoices are kept for a period of 10 (ten) years to comply with our accounting obligations, in application of Article L. 123-22 of the French Commercial Code.
[fs-toc-omit] (vii) Regarding call recording data:
The data collected from the recordings of telephone calls are kept for a maximum period of six (6) months.
[fs-toc-omit] (viii) Regarding the management of your requests to exercise your rights under the GDPR:
Information enabling the management of your requests to exercise your rights under the GDPR will be kept for 3 (three) years from the date of your request.
We take all necessary precautions and appropriate organizational and technical measures to maintain the security, integrity and confidentiality of your personal data, and especially to prevent it from being altered or damaged and to prevent any third party from accessing it.
In this regard, we respect the security measures put in place by our data hosting provider, Amazon, whose security measures can be accessed on this page.
Your data is stored solely on the servers of Amazon, located in Ireland, within the European Union.
Your data will not be transferred outside the European Union as part of our conditions of use of the services we offer.
10. Legal basis for processing your data
We process your data on the basis of the following legal grounds:
- Performance of the contract you have entered into with us to use our services on our Platform;
- Our legitimate interest in developing and promoting our business;
- Our legitimate interest in training our employees;
- To comply with the legal and regulatory obligations to which we may be subject.
11. Access to and rectification, restriction or erasure of your personal data
You have the right to obtain and, where appropriate, rectify or delete any data concerning you, via online access to your account. You can also get in touch with the point of contact indicated in Article 17.
You can request the restriction of processing of personal data concerning you in certain cases as defined in Article 18 of the GDPR.
Finally, we would like to remind those whose data is collected on the basis of our legitimate interests, as mentioned in the Article “Legal basis for processing your data”, that they may at any time oppose the processing of data concerning them. We may, however, be required to continue processing their data if there are legitimate reasons for this processing which may prevail over your rights and freedoms or if the processing is necessary to establish, exercise or defend our legal rights.
You can unsubscribe from our promotional emails using the link provided in our emails. Even if you choose to no longer receive promotional messages from us, you will continue to receive our administrative messages.
12. Portability of your personal data
You have data portability rights regarding the personal data that you provide us, understood as data that you have actively and consciously declared in order to access and use our services, as well as data generated from your activity using the services. We remind you that these rights do not relate to data collected and processed on any other legal basis than the consent or implementation of the contract binding us.
These rights can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to recover and keep your personal data.
In this context, we will send you your personal data, through any pertinent channels, in a commonly-used and machine-readable standard open format, in accordance with industry standards.
13. Lodging a complaint with a supervisory authority
You are also hereby informed that you have the right to lodge a complaint with a competent supervisory authority (e.g. the French National Commission for Information Technology and Liberties in France - CNIL) in the Member State in which your place of residence or your workplace is located, or the place where your rights have been violated, if you consider that the processing of your personal data within the context of this Charter constitutes a violation of the applicable legal texts.
Such a complaint may be brought before an administrative or jurisdictional court without prejudice to any other claim. In such a case, you also have the right to an effective judicial and administrative redress if you consider that the processing of your personal data within the context of this Charter constitutes a violation of the applicable legal texts.
14. Right to define guidelines for the processing of your data after your death
You have the right to define guidelines for the retention, erasure and communication of your personal data after your death. These directives can be general i.e. relating to all personal data concerning you. In this case, they must be registered with a trusted digital third party certified by the CNIL (French Data Protection Agency). Directives may also be specific to data processed by our company. In this case, you should send these directives to us at the points of contact indicated in Article 17. You can designate in your directives a person responsible for seeing to it that your directives are carried out. This person will then be authorized, after you pass away, to review the aforementioned directives and request that we carry them out. If you do not specify a particular person, your heirs will be authorized to review the aforementioned directives and request that we carry them out. You can change or revoke your guidelines at any time.
15. Data of minors
Your use of the Platform following the entry into effect of these amendments, shall constitute acknowledgement and acceptance of the new Charter. Failing that, and if you are not in agreement with the new Charter, you should refrain from accessing the Platform.
17. Point of contact for personal data
If you have any questions regarding our data processing activities, or if you wish to exercise any of your rights, you can contact us at the following points of contact:
- Email Address: legal@swapcard[.]com
- Postal Address: Chez Spaces Bonne Nouvelle, 17 - 21 Rue Saint Fiacre, 7500 Paris, France