Back
Privacy policy and data protection

We attach great importance to the protection of your personal data and do our utmost to protect it. Below you will find our commitment to the protection of personal data and our data protection policy.

OUR COMMITMENT TO THE PROTECTION OF PERSONAL DATA
- •

The Client and Users are informed that in accordance with French regulations, their personal data is hosted by a certified European host. Your data is used only for explicit, legitimate and specific purposes in connection with our various offers and services that you have selected.

- •

Your personal data is confidential.

- •

Only the data necessary for the execution of our services is collected.

- •

We are respectful of your rights as Users and Customers, which is why we make every effort to ensure that you can exercise them.

- •

We respect your privacy and your choices, which is why the communications you receive from us may be terminated at any time.

Contents
1. Identity of the controller
2. Your rights
2.1 How to exercise your rights
3. The purposes for which we collect your personal data and the legal basis on which we rely
3.1 Purpose of collecting your data?
3.2 The legal bases on which we collect your data are as follows:
4. To whom will your data be transferred?
5. Subcontractor
6. Transfer outside the EU
7. How long we keep your data
8. Rules applicable to payments by credit card and protection of banking data
8.1 How are bank details stored?
9. The security measures we put in place to protect your data
10. Third party websites and social networks
11. Cookies & other trackers policy
11.1 What is a cookie?
11.2 What type of cookies do we use and for what purpose?
11.3 Setting and blocking cookies via our cookie manager
11.4 Setting and blocking cookies via your browser settings
1.5 Setting your smartphone operating system
12. Modification of this data protection policy
1. IDENTITY OF THE DATA CONTROLLER

Personal data is collected by REGATE, a simplified joint stock company with a capital of €9,052.00 registered in the Paris Trade and Companies Register under number 877 566 018 and whose registered office is located at: 17 rue Saint Fiacre 75002 Paris France. We provide our Clients with a platform available in SaaS mode called REGATE, accessible from a website as well as a downloadable mobile application compatible for smartphones and tablets on IOS and Android. To deliver our services we collect personal data on individuals and companies. In the data collection forms on the website and the app, users are informed whether or not data collection is mandatory. If a mandatory data field is not provided, we will unfortunately not be able to provide our services and meet our commitments. We are concerned about the protection of the personal data entrusted to us. We are committed to ensuring the highest level of protection of your personal data in compliance with the RGPD 'General Data Protection Regulation' Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Loi Informatique et Libertés law no. 2018-493 of 20 June 2018, promulgated on 21 June 2018, which amended the Loi Informatique et Libertés of 6 January 1978. For any information on the protection of personal data, you can also consult the website of the Commission Nationale de l'Informatique et des Libertés www.cnil.fr.

2. YOUR RIGHTS

Pursuant to the French Data Protection Act 78-17 of 6 January 1978 as amended and the General Regulation on Data Protection 'RGPD', any individual using the service has the right to exercise the following rights:

- •

A right of access : As a data subject, you can inform yourself about the nature of the personal data stored or processed about you. Access to your personal data will be provided upon request.

Pursuant to the French Data Protection Act 78-17 of 6 January 1978 as amended and the General Regulation on Data Protection 'RGPD', any individual using the service has the right to exercise the following rights:

- •

A right to object: You have the right to object at any time to the processing of your personal data where REGATE processes your data for reasons of legitimate interest to them or for direct marketing purposes.

- •

A right to be forgotten: The User may obtain from the Company, under certain conditions, the deletion as soon as possible of certain personal data concerning him/her. This right to oblivion cannot be obtained in certain cases, in particular for reasons of public interest, for archival purposes or to comply with legal obligations that require the processing of personal data by the Company.

- •

A right to limit the processing of your data : The User may obtain from REGATE that REGATE limits the processing of his/her personal data, in particular when the User objects to such processing, disputes the accuracy of the data or when he/she believes that the use is unlawful.

- •

A right to the portability of your personal data : Under certain conditions, the User may request to receive all his personal data so that he can transfer them to another data controller without the company being able to object to this.

- •

Fate of your data at your death: The company will respect the directives given by any user relating to the conservation, deletion and communication of his personal data after his death. In the absence of such instructions, the company will comply with the requests of the heirs as set out in the applicable provisions of the Data Protection Act.

2.1 How to exercise your rights

To exercise your rights, please write to Regate, 17-21 rue saint Fiacre, 75002 Paris France, indicating your name, first name, e-mail address, or by e-mail: privacy@regate.io
Your requests must be accompanied by a copy of your identity. We have a period of 30 working days from receipt of your request to reply. Some binding requests may take longer, in which case the time limit will be extended and you will be informed. If you feel that your rights have not been respected, you may also file a complaint with the Commission Nationale de l'Informatique et Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or via the website: www.cnil.fr

3. THE PURPOSES FOR WHICH WE COLLECT YOUR PERSONAL DATA AND THE LEGAL BASES ON WHICH WE RELY

Under the General Data Protection Regulation and the French Data Protection Act, REGATE France is only allowed to use the personal data of its Users and Clients if it has a valid legal basis. The disclosure of your personal data is in most cases deliberate. When your information is essential for us to process your requests, we will indicate this with an (*).

3.1 Purpose of collecting your data?

In order to respond to your requests and needs, we collect your personal data at various stages:

- •

When purchasing the Service

- •

When creating administrator and user accounts

- •

When allocating, posting and settling data (invoices and expense reports)

- •

When approving and paying invoices and reimbursing expenses

- •

In order to ensure the traceability of the actions carried out by the administrator and user accounts to enable reporting

- •

In order to ensure conversation and data archiving

- •

Fight against fraud during the payment of the order and management of unpaid orders

3.2 The legal basis for the collection of your data is as follows:
- •

The execution of a contract between REGATE and its Clients

- •

Fulfilment of a legal obligation Where this is in REGATE's legitimate interest

- •

Where the user has given consent

- •

The execution of a contract between REGATE and its Clients

- •

Fulfilment of a legal obligation Where this is in REGATE's legitimate interest

- •

When the user has given his consent.

Purpose
Legal Bases
Customer account and order management
Payment Transaction Management
Customer relationship management, order tracking, after-sales service, complaints and refunds management
Collection of customer opinions on the Platform
Allocating, recording and posting data (invoices and expense reports)
Ensure the traceability of the actions carried out by the administrator and user accounts to enable reporting.
Ensure conversation and data archiving
Fight against fraud during the payment of the order and management of unpaid orders
Sending targeted commercial offers by electronic means and mobile notifications
Analytical and statistical operations to improve knowledge of clients
Measurement of mobile site traffic and applications
Execution of the contract between REGATE and the Customer
Execution of the contract between REGATE and the Customer
Execution of the contract between REGATE and the Customer
REGATE's legitimate interest in improving the Service
Execution of the contract between REGATE and the Customer
Execution of the contract between REGATE and the Customer
Execution of the contract between REGATE and the Customer
REGATE's legitimate interest in improving the Service, performance of the contract between REGATE and the Customer
Customer and User Consent
Legitimate interest of REGATE
Customer and User Consent
4. TO WHOM WILL YOUR DATA BE TRANSMITTED?

The personal data of Users and Customers are collected and processed by :

- •

Services: commercial, support, development and administrative.

- •

Banking institutions.

5. SUBCONTRACTORS

For some of the services described below, we use sub-contractors for :

- •

Secure payment on mobile sites and applications

- •

Data hosting

- •

Performing so-called data extraction OCR operations

- •

Receipt of email addresses and invoices

- •

Importing data from the Solution

- •

The collection and processing of data and information for the purpose of establishing a research module

- •

Data processing in the event of bank aggregation or reconciliation

- •

Carrying out technical maintenance and development operations for the website, internal applications and the information system.

- •

The realization of error monitoring

- •

The collection of customer opinions

6. TRANSFER OUTSIDE THE EU

We do not transfer your data outside the European Union. In the event of a change of policy, this section will be subject to change.

7. HOW LONG YOUR DATA WILL BE KEPT

REGATE has defined different retention periods depending on the case. We ensure that the retention periods are relevant and comply with the legal time limits.
In order to establish the retention period of personal data, the company applies the following criteria:

- •

Prospect data: data is kept for 3 years. The starting point of the retention period is the last exchange we had or the last interactivity you had with one of our programmes.

- •

Customer and User data: data is kept for the duration of the contractual relationship and for three years after the end of the contractual relationship.

- •

Connection data: data is kept for 10 years from the end of the accounting year.

- •

Data relating to the persons concerned by the expense reports: the data is kept for the duration of the contractual relationship and for a period of three years after the end of the contractual relationship.

REGATE's Users and Clients are informed that in the event of a request for the definitive deletion of their account, the data will be anonymised and will be used by REGATE for subsequent operations. The company may keep certain data in order to fulfil its legal or regulatory obligations and to enable it to exercise its rights. In this respect, the company shall keep invoices relating to services for ten years.

8. RULES APPLICABLE TO PAYMENTS BY BANK CARD AND PROTECTION OF BANK DATA    

For payments made by Customers in return for the Service
In order to ensure the security of your payments, we use the services of external providers. They guarantee secure processing of all sensitive data such as bank details and customer identity, in accordance with the directives and standards: DSP2, RGPD and PCI-DSS.When payment for your order is made by bank card, our order-taking system connects in real time with the system of our service providers, who collect your data and carry out various checks to prevent abuse and fraud. The data is stored on the servers of our service providers and is not transmitted to our servers at any time. Our service providers make the authorisation request to the bank and send us only the transaction number. In order to debit the account at the time of invoicing or to credit it, our service providers keep the bank data associated with the authorisation number for the time necessary to carry out the transaction and to process any complaints.

For payments made by Users when using the Platform
In order to ensure the security of payments made via the Platform, we use the services of external providers. They guarantee secure processing of all sensitive data such as bank details and the identity of Customers, Users and Suppliers, in accordance with the directives and standards: DSP2, RGPD and PCI-DSS.
When a payment is made by credit card, our system connects in real time with the system of our service providers who collect your data and carry out various checks to avoid abuse and fraud. The data is stored on the servers of our service providers and is not transmitted to our servers at any time. Our service providers make the authorisation request to the bank and only send us the transaction number.
In order to be able to debit the account at the time of invoicing or to credit it, our service providers keep the bank data associated with the authorisation number for the time necessary to carry out the transaction and to process any complaints.

8.1 How is the bank data stored?

To enable payment by instalments, the third party payment service provider may store the Customer's bank details so that they do not have to be entered each time payment is due.

9. THE SECURITY MEASURES WE IMPLEMENT TO PROTECT YOUR DATA

As a subcontractor, REGATE takes all reasonable precautions to maintain the security and confidentiality of your data. This includes the physical security of the buildings housing our systems and the security of the computer system to prevent external access to your data. Access to your data is limited to those who have a need to know.

10. THIRD PARTY WEBSITES AND SOCIAL NETWORKS

The website and the applications providing access to the Platform may contain hyperlinks to other websites published and managed by third parties and not by REGATE. REGATE shall not be held directly or indirectly liable in the event that such third party websites do not comply with the legal provisions.
The creation of hyperlinks to the website and the applications allowing access to the Platform may only be made with the prior written authorisation of REGATE. We would like to draw your attention to the social networks that we use and with which you may interact to support us and/or share one of our publications. REGATE cannot be held responsible for any problems arising from your interaction. Please be aware that when you use these links, information about you may be collected or shared. We encourage you to review the privacy policies and settings of the social networks with which you interact to see what information may be collected, used or shared by those sites.

11. COOKIES & OTHER TRACKERS POLICY
11.1 What is a cookie?

Cookies are small data files placed on your computer or mobile device by your browser when you visit a website. Typically, a cookie contains the name of the website that uses it and a text string or "unique identifier" that allows websites to recognise that cookie on each subsequent visit throughout its lifetime. Cookies can collect and store a wide range of information, such as the type of browser or operating system used, the language or other browser settings, or your interactions with the website. Usually, cookies are not used to collect data that identifies an individual. However, information collected with cookies can be associated with an individual if combined with personally identifiable information such as an individual's e-mail address. Your consent to the placement of certain cookies is required. You can accept or refuse the deposit of cookies on your computer or your mobile terminal. If you choose not to use cookies, you may not be able to use some of the features on the site. In general, we use two different types of cookies on this site

- •

Session cookies are used to store information about your activities on this site for the duration of your visit. They are deleted when you close your browser.

- •

Persistent cookies are stored in one of your browser's sub-folders for one or more sessions. They expire after a certain period (defined in the file) or can be deleted manually.

Web beacons, embedded scripts and other similar technologies :  

We and our third party partners may also use similar technologies on this site, such as Web beacons (also known as pixel tags or GIFs) or scripts. Web beacons are small graphic images that may be embedded in Web sites or HTML emails that are not generally visible to the user. They allow us to track user interaction with the site or our newsletters. For example, they help us understand whether you have read our newsletter or clicked on links in it, so that we can provide you with offers tailored to your interests. An embedded script or pixel is a code designed to collect information about your interactions with this site, such as which links you click. The code is temporarily downloaded to your device from our web server or that of a third party service provider. It is active only when you are logged on to the website, and is disabled or deleted afterwards. Although you will not be able to reject or disable these technologies specifically, they work in conjunction with some cookies. As a result, disabling cookies will prevent the above technologies from working.

In accordance with Directive 2002/58/EC of 12 July 2002, we collect your prior consent to the deposit of advertising, audience measurement and social network sharing cookies.

11.2 What type of cookies do we use and for what purpose?
Cookies strictly necessary

These cookies are necessary for the operations specific to the services provided on our websites. They are used to provide the basic functionality of our websites, such as remembering information that has been entered into a form. If you prevent the installation of these cookies, you will no longer be able to use these features and the website may not function effectively.

Statistics cookies

These cookies are used to collect anonymous data for statistical purposes. They enable us to measure the website's audience and to analyse the way visitors surf the website (number of visitors to the website, number of visits per page, time spent on each page, location of clicks, advertising effectiveness measurements, etc.). They are also used to detect navigation problems and any other difficulties. These cookies help us to improve our website and your navigation.

Preferably cookies

These cookies are used to remember your choices, settings and content preferences on the website (such as your language, personalization choices...) and to provide you with a personalized browsing experience by adapting the website content for you. If you refuse these cookies we will no longer be able to offer you certain features and some pages of the website may not function properly.

Specificity of sharing cookies

These cookies are specifically linked to the use of the sharing buttons on a page of the site on social networks (Facebook, Twitter, LinkedIn, etc.). The sharing buttons allow you to directly share a page of the site on the social network concerned. When you click on the share button on the social network concerned, one or more cookies are then placed on your terminal (computer, smartphone, tablet) by the social network. We have no access to or control over these third-party cookies, which may be analytical, performance or targeting cookies.

We suggest that you consult the websites of these third parties for more information about their cookies and how to manage them:
11.3 Setting and blocking cookies via our cookie manager

The list of cookies we use can be consulted via the management tool we have set up. You have the possibility to deactivate them at any time. Nevertheless, we draw your attention to the fact that certain cookies are essential to the proper functioning of our site and that it is therefore not advisable to deactivate them.

11.4 Setting and blocking cookies via your browser settings

You can also control cookies through your browser settings. While most browsers are set by default to accept the installation of cookies, you can choose to accept all cookies, reject them systematically or choose which ones you accept depending on the sender. You can also configure your browser to accept or reject cookies on a case-by-case basis before they are installed. The use of cookies or similar technologies by any third party website or advertising content provider is subject to their own confidentiality policy with regard to cookies.The CNIL (Commission Nationale Informatique et Liberté) offers free downloadable cookie management software on its website: go to https://www.cnil.fr/vos-droits/vos-traces/les-cookies/ to find out more.To manage cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your wishes regarding cookies.
For example:

11.5 Setting up your smartphone's operating system

You can control the placement of cookies on your smartphone in the operating system rules:

12. MODIFICATION OF THIS DATA PROTECTION POLICY

The Company may amend this Data Protection Policy at any time. The Company will inform Users by any means of the changes made to this policy.

Date of issue of this policy: 21 January 2021