Privacy policy
and data protection

    1. What is the purpose of this policy?

    We attach great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of reliability and trust.

    The data privacy policy specifically reflects our commitment to enforce compliance with applicable data protection rules and, in particular, with the General Data Protection Regulation ("GDPR").

    In particular, the privacy policy aims to inform you about how and why we process your data in connection with the services we provide.

    2. Who is this policy for?

    The policy applies to you, regardless of where you live, as a Regate customer or visitor tohttps://www.regate.io.

    If you are a candidate for a position at Regate, you can view the candidate policy on our dedicated page on standard recruitment sites (e.g. Linkedin, Indeed, etc.).

    The policy only addresses the processing that we perform ourselves and not the processing that may be performed by our customers when using the features of our service . If you would like information about the data processed by our customers using these features, please contact them directly.

    3. Why do we process your data?

    As part of the services offered, we may need to process your personal data for the following reasons and purposes:

    • To navigate our website https://www.regate.io,   pay for and benefit from our services (e.g. accounting, management of quotes and invoices, integration of RIBs, etc.) and so that we can respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our general terms and conditions of sale, our general terms and conditions of use, and our legitimate interest in providing you with the best possible service.
    • To stay informed of our latest offers and events by phone and email on the basis of our legitimate interest in building customer loyalty and prospecting for potential new customers.
    • To follow us and comment on our publications on social networks on the basis of the general terms of use of the social network concerned (e.g. Facebook) and our legitimate interest in having a dedicated page on social networks.
    • To use our instant messaging service on the basis of its publisher's terms and conditions of use and our legitimate interest in exchanging easily with you.
    • To operate the videos published on our site based on your prior consent.
    • To guarantee and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of the legal obligations incumbent on us, our general terms and conditions of sale and our legitimate interest in ensuring the proper functioning of our services.
    • Finally, we may also install "Cookies" on your terminal when you browse the showcase site. The Regate platform and our mobile application do not use cookies. For more information on the use of cookies, please see our "Cookies Policy".

    Your data is collected directly from you when you log on to our website and use our services.

    We undertake to process your data only for the purposes described above. Furthermore, we guarantee that none of your data will ever be sold to a partner or a third party. On the other hand, when you voluntarily publish content on the pages we edit on social networks, you acknowledge that you are entirely responsible for any personal information you may transmit, regardless of the nature and origin of the information provided

        4. What data do we process and how long do we keep it for?

        We have summarized the categories of personal data we collect and their respective retention periods. If you would like to obtain further details on the retention periods applicable to your data, you can contact us at: privacy@regate.io.

        • Professional identification data (e.g. name, first name, position, company, etc.) and contact information (e.g. professional email address, Linkedin, etc.) is kept for the entire duration of the account activation period, plus the legal statute of limitations, which is generally 5 years.
        • When there is a confusion between the name of your structure and your personal name (e.g.: auto-entrepreneur, VSE, etc.), economic and financial data (e.g.: bank account number, verification code, etc.) is kept for the time necessary for the transaction and the management of invoicing and payments, to which are added the legal prescription periods which are generally from 5 to 10 years
        • Data for commercial prospecting, marketing and subscription to our newsletter (e.g.: email address, etc.) is kept throughout our commercial relationship plus a maximum of 3 years from the last contact we had with you.
        • Connection data (e.g. logs, IP address, etc.) kept for a period of 1 year.
        • Cookies that are generally kept for a maximum of 13 months. For more details on how we use your cookies, you can consult our cookie policy, which can be accessed at any time on our website.

        Upon expiration of the retention periods summarized above, we delete all of your personal data to ensure your privacy for years to come.

        The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.

        Please also note that in the event of litigation, we are obliged to keep all data concerning you for the entire duration of the processing of the case, even after the expiry of the retention periods described above.

        5. What rights do you have to control the use
        of your data?

        The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data

        • Right ofaccess and to copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
        • Right to rectify personal data that is erroneous, outdated or incomplete.
        • Right to object to the processing of your personal data for commercial prospecting purposes.
        • Right to request the deletion ("right to be forgotten") of your personal data that is not essential to the proper functioning of our services.
        • Right to limit your personal data which allows you to photograph the use of your data in case of a dispute about the legitimacy of processing.
        • The right to data portability, which allows you to retrieve part of your personal data in order to store it or transmit it easily from one information system to another.
        • The right to give instructions on what to do with your data in the event of your death, either through you or through a trusted third party or successor.

        For a request to be taken into account, it is imperative that it be made directly by you at privacy@regate.io. Any request that is not made in this way cannot be processed.

        Requests cannot be made by anyone other than you. Therefore, we may ask you to provide proof of identity if there is any doubt about the identity of the applicant.

        We will respond to your request as soon as possible, within three months of receipt, if the request is technically complex or if we receive many requests at the same time.

        Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

        6. Who can access your data?

        We will only share your data with those persons who are authorized to use it to implement our services. This may include our staff in charge of service implementation, accounting, marketing or even security of our premises.

        7. How do we protect your data?

        We implement all the technical and organizationalmeansrequired to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g.: training, access control, passwords, antivirus, backup servers, "https", etc.).

        8. Can your data be transferred outside the European Union?

        Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted within the European Union. In addition, we make every effort to hire only service providers who host your data within the European Union.

        Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

        9. How can you contact the CNIL?

        You may contact the French data protection supervisory authority (the "Commission Nationale de l'Informatique et des Libertés" or "CNIL") at any time at the following address CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone at 01.53.73.22.22.

        10. Can the policy be changed?

        We may change our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any changes to this policy.

        Certified by Dipeeo ®.