In the course of its daily business activities, Studely collects personal information from its customers and prospective customers in order to provide them with products and services. The privacy of its customers is of the utmost importance to Studely, and this policy is intended to safeguard and respect the confidentiality of information and the privacy of individuals. It defines how Studely's products and services use and manage personal information received from the customer or a third party or that Studely collects from the use of the services and/or the application.
1. PreambleThe purpose of this policy is to present the methods of collection and processing of personal data of Studely's customers and prospects, and in particular:
- The identity of the data controller and its obligations,
- The purpose of processing personal data
- The obligatory or optional character of the answers and the consequences of a lack of answer,
- The recipients of the data,
- The possible transfers of data to countries outside the EU.
2. General principles regarding the collection and processing of data
In accordance with the provisions of Article 5 of the GDPR, the collection and processing of data of the users of the site respect the following principles:
- Legality, fairness and transparency: data are collected and processed only in the cases provided for by law. The user is systematically informed of the use that is made of his data.
- Limited purposes: data is collected and processed for one or more specific purposes.
- - Minimization of data collection and processing: only the data necessary for the good realization of the objectives pursued by Studely are collected.
- - Limitation of data retention in time: the personal data of the users are kept for a limited period of time. The user is always informed of this duration.
- Legality, fairness and transparency: data is only collected and processed in the cases provided for by the law. The user is systematically informed of the use that is made of his data. - Limited purposes: data is collected and processed for one or more specific purposes. - Minimization of the collection and processing of data: only the data necessary for the good realization of the objectives pursued by Studely are collected. - Limitation of the conservation of data in time: the personal data of the users are kept for a limited period of time. The user is always informed of this duration.
Studely is committed to respecting all these principles in the context of its compliance with the GDPR. In accordance with the requirements of Article 6 of the GDPR, Studely only processes personal data in one of the following cases:
- The user has given his consent to the processing,
- The processing is necessary for the proper execution of a contract between Studely and the user,
- The processing is required by law,
- The processing and collection of personal data is necessary for the legitimate and private interests pursued by Studely or a third party.
DATA CONTROLLER & RELATED OBLIGATIONS
The data controllerThe person in charge of the processing of personal data is Studely, located at 12 rue des Bateliers 92 110 Clichy, registered at the RCS of Nanterre under the number (SIREN) 820541449. Any person who would like to know how his personal data is treated or who would like to exercise his rights can contact the company by one of the following ways
- By e-mail to the address dpo@studely
- By courier: 12 rue des Bateliers 92 110 Clichy
Obligations of the data controller
The data controller undertakes to protect personal data, not to transmit them to third parties without the user's knowledge and to respect the purposes for which the data was collected. In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and steps for him. Finally, in case of violation of personal data presenting a risk for the rights and liberties of the persons, Studely commits itself to notify, as soon as possible, the incident to the CNIL, and, in case of high risk, to notify the persons concerned.
Data protection measures
Studely has taken all the necessary precautions to preserve the security of the personal data and, in particular, to prevent them from being deformed or damaged or from being accessed by unauthorized third parties. These measures include the following: :
- Tracing of accesses,
- Encrypted data transmission using https/VPN technology
- Encryption of sensitive data and backups,
4. Terms and conditions for the collection and processing of personal data
4.1. Duration of data storageStudely keeps in its systems, in reasonable conditions of security, the personal data it collects for a period of 5 (five) years from the closing of the customer account. These data are kept by Studely in order to manage its commercial relations and to respect its legal obligations, in particular those concerning the fight against money laundering and the financing of terrorism. For technical and service continuity reasons, Studely cannot delete certain data after this period. Nevertheless, after the 5 year period, these data are completely anonymized.
4.2 Categories of data collected
In the first place, Studely keeps data concerning the identity of its customers (name, first name, address, etc.). In order to get to know its customers better, Studely also collects data about their professional life, their economic and financial situation, etc. Studely collects and processes these types of data related to the knowledge of its customers in order to provide them with the most suitable services. It also collects them in order to comply with its regulatory obligations in the fight against money laundering and the financing of terrorism. Secondly, Studely processes personal data relating to the use that users make of its service (transaction history, account number, IBAN, etc.). This also includes connection data (IP address, logs, connection identifiers, etc.).
5. Purpose of the processing of personal dataThe collection and processing of the above-mentioned data allows Studely to carry out a number of operations related to customer management. This includes the management of contractual relations, invoicing, customer accounts, etc. This data also enables Studely to prevent fraud and illicit operations constituting money laundering. The data is also used to manage the relationships with the users, in particular with regard to requests made by customers to exercise their rights (right of access, right of opposition, etc.).
Legal basis for processing
6.1. A legal obligation
The processing of the personal data of the user of the service is carried out mainly because of a legal obligation to which Studely (as a payment service provider) is subject - the fight against money laundering and the financing of terrorism (art. L. 561-2 and following of the Monetary and Financial Code).
A legitimate interest
Studely also has a legitimate interest in the processing of personal data that it carries out. These interests lie in the prevention and treatment of fraud and customer management.
7. Compulsory collection of data and consequences of not providing data
The data that are compulsory to be provided by the user of the service are marked with an asterisk in the registration form (or contact request). If the data is not provided, the contact request cannot be processed.
8. Recipients of the dataWithin the limits of their respective needs, are recipients of all or part of the data:
- Studely's internal departments (examples: IT department, management, customer service, compliance, etc.),
- Studely's subcontractors involved in the management of the customer relationship.
9. Data hostingThe data collected and processed by the site are exclusively hosted and processed in the countries of the European Union.
10. User's rightsIn accordance with the regulation concerning the treatment of personal data (RGPD), the user has the following rights. In order for Studely to respond to the user's request, the user is required to communicate: his name, first name, as well as his e-mail address and his customer account number. Studely commits itself to answer the user within a maximum of 30 (thirty) days.
- Contain any material that is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory or otherwise objectionable.
10.1. Rights of access, rectification and deletion
Any user can :
- Access all the information concerning him,
- To know the origin of the information concerning him,
- Get a copy,
- Demand that his or her data be, as the case may be, rectified, completed, updated or deleted.
- Refuse the request for access: in this case, it must give reasons for its decision and inform the applicant of the channels and deadlines for challenging it.
- Do not respond to requests that are clearly abusive, particularly by their number, repetitive or systematic nature.
10.2. Right to data portability
The right to data portability only applies if the data is processed in an automated manner and on the basis of the prior consent of the data subject or the performance of the contract. Therefore, Studely does not have to respond to a portability request concerning personal data processed in the context of its obligation to combat money laundering and the financing of terrorism. The user can therefore, in certain cases, request the portability of his personal data, held by Studely.com, to another site, by complying with the following procedure: the user must make a request for the portability of his personal data to the person responsible for the processing of the data, by sending an email to the following address: dpo@studely.
10.3 Right to limit and oppose data processing.
The user has to make a request to limit the processing of his/her personal data to the data controller, by sending an email to the address below. dpo@studely
10.4. Right to appeal to the competent supervisory authority
In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or if he/she believes that one of the rights listed above has been infringed, he/she is entitled to refer the matter to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.