Confidentiality and data protection policy

Regate complies with its privacy policy obligations and its DPO (Laura Pallier) can be contacted at privacy@regate.io
We take the protection of your personal data very seriously and will do our utmost to protect it. Please find below our commitment to data protection and our data protection policy.

OUR COMMITMENT TO THE PROTECTION OF PERSONAL DATA
  • The Customer and the Users are hereby informed that, in accordance with French regulations, their personal data is hosted by a certified hosting provider in Europe.Your data is used solely for explicit, legitimate and defined purposes in connection with our various offerings and the services you have selected.
  • Your personal data is confidential.
  • Only the data required in order to perform our services is collected.
  • We respect your rights as Users and Customers, which is why we make every effort to enable you to exercise them.
  • We respect your privacy and your choices, which is why the communications you receive from us may be terminated at any time.

1. Identity of the controller

Personal data is collected by REGATE, a simplified joint stock company with a capital of €9,052.00 registered in the Paris Trade and Companies Register under number 877 566 018 and whose registered office is located at: 17 rue Saint Fiacre 75002 Paris France. We provide our Clients with a platform available in SaaS mode called REGATE, accessible from a website as well as a downloadable mobile application compatible for smartphones and tablets on IOS and Android. To deliver our services we collect personal data on individuals and companies.

In the data collection forms on the website and app, users are informed whether or not data collection is mandatory.

If a mandatory data field is not provided, we will unfortunately not be able to provide our services and meet our commitments. We are concerned about the protection of the personal data entrusted to us. We are committed to ensuring the highest level of protection of your personal data in compliance with the RGPD 'General Data Protection Regulation' Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Loi Informatique et Libertés law no. 2018-493 of 20 June 2018, promulgated on 21 June 2018, which amended the Loi Informatique et Libertés of 6 January 1978. For any information on the protection of personal data, you can also consult the website of the Commission Nationale de l'Informatique et des Libertés www.cnil.fr.

2. Your rights

Pursuant to the French Data Protection Act, Law 78-17 of 6 January 1978, as amended, and the General Data Protection Regulation (GDPR), any natural person using the service is entitled to exercise the following rights:

  • A right of access: As a data subject, you can inform yourself about the nature of the personal data stored or processed about you. Access to your personal data will be provided on request.

    In accordance with the French Data Protection Act 78-17 of 6 January 1978 as amended and the General Data Protection Regulation 'RGPD', any individual using the service has the right to exercise the following rights:
  • A right to object: You have the right to object at any time to the processing of your personal data where REGATE processes your data for reasons of legitimate interest to them or for direct marketing purposes.
  • A right to be forgotten: The User may obtain from the Company, under certain conditions, the deletion as soon as possible of certain personal data concerning him/her. This right to oblivion cannot be obtained in certain cases, in particular for reasons of public interest, for archival purposes or to comply with legal obligations that require the processing of personal data by the Company.
  • A right to limit the processing of your data: The User may obtain from REGATE that REGATE limits the processing of his/her personal data, in particular when the User objects to such processing, disputes the accuracy of the data or when he/she believes that the use is unlawful.
  • A right to the portability of your personal data: Under certain conditions, the User may request to receive all of his personal data so that he can transfer them to another data controller without the company being able to object to this.
  • What happens to your data when you die: The company will respect the directives given by any user concerning the conservation, deletion and communication of his personal data after his death. In the absence of such instructions, the company will comply with the requests of the heirs as set out in the applicable provisions of the Data Protection Act.

2.1 How to exercise your rights

To exercise your rights, please write to Regate, 17-21 rue saint Fiacre, 75002 Paris France, indicating your name, first name, e-mail address, or by e-mail: privacy@regate.io
Your requests must be accompanied by a copy of your identity. We have a period of 30 working days from receipt of your request to reply. Some binding requests may take longer, in which case the time limit will be extended and you will be informed. If you feel that your rights have not been respected, you may also file a complaint with the Commission Nationale de l'Informatique et Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or via the website: www.cnil.fr

3. The purposes for which we collect your personal data and the legal bases on which we rely

Under the General Data Protection Regulation and the French Data Protection Act, Regate France is authorised to use the personal data of its Users and Customers solely if it has a valid legal basis for doing so. Your personal data is disclosed deliberately in most cases. Whenever your information is essential for us to process your requests, we indicate this information with a (*).

3.1 Why do we collect your data?

In order to answer your requests and needs, we collect your personal data at different stages:

  • When the Service is purchased
  • When creating the administrator and user accounts
  • During allocation and when recording and allocating data (invoices and expense reports)
  • When approving and paying invoices and reimbursing expense claims
  • To provide an audit trail of all actions performed by administrator and user accounts, for generating reports
  • To enable a dialogue and archive the data
  • Combating fraud when the order is paid and managing outstanding payments

3.2 We collect your data on the following legal basis:

  • Performance of a contract between Regate and its Customers
  • Performance of a legal obligation When this is in Regate’s legitimate interest
  • When the user has given his or her consent
  • Performance of a contract between Regate and its Customers
  • Performance of a legal obligation When this is in Regate’s legitimate interest
  • When the user has given his or her consent
Purpose
Managing the customer’s account and orders
Managing payment transactions
Managing the Customer relationship, after-sales service, complaints and refunds and tracking orders
Collecting customer opinions on the Platform
Allocating, recording and apportioning the data (invoices and expense reports)
Providing an audit trail of all actions performed by administrator and user accounts, for generating reports
Enabling a dialogue and archiving the data
Combating fraud when the order is paid and managing outstanding payments
Sending targeted sales offers electronically and via mobile phone notifications
Analysis and statistics to improve our customer knowledge
Measuring visits to the sites and mobile applications
Legal basis
Executing the contract between Regate and the Customer
Executing the contract between Regate and the Customer
Performance of the contract between REGATE and the Client

Regate’s legitimate interest in order to improve the Service
Performance of the contract between REGATE and the Client
Performance of the contract between REGATE and the Client

Executing the contract between Regate and the Customer
Regate’s legitimate interest in order to improve the Service and execute the contract between Regate and the Customer
Customer and User Consent
Legitimate interest of REGATE
Customer and User Consent

4. To whom is your data transmitted?

The personal data of Users and Clients are collected and processed by :
-The following departments: sales, support, development and administration.
-Banking institutions.

5. Subcontractors

For certain services described below, we use Data Processors to do the following:

  • Make secure payments on the websites and mobile applications
  • Host the data
  • Extract data using OCR
  • Receive email addresses and invoices
  • Import data into the Solution
  • Collect and process data and information for the purpose of setting up a search module
  • Process the data for the purpose of aggregation or bank reconciliation
  • Perform technical maintenance and development on the website, internal applications and information system
  • Monitor errors
  • Collect Customer opinions
  • Treezor is the issuer of Regate IBANs and Regate Cards (Mastercard). Treezor's Privacy Policy is available here.

6. Transfer out of play

We do not transfer your data outside the European Union. If this policy changes, this section will be modified accordingly.

7. How long your data will be kept

REGATE has defined different retention periods for each case. We ensure that the retention periods are relevant and comply with the legal time limits. In order to establish the retention period of personal data, the company applies the following criteria:

  • Prospect data: data is kept for 3 years. The starting point of the retention period is the last exchange we had or the last interactivity you had with one of our programmes.
  • Customer and User data: data is kept for the duration of the contractual relationship and for three years after the end of the contractual relationship.
  • Connection data: data is kept for 10 years from the end of the accounting year.
  • Data relating to the persons concerned by the expense reports: the data is kept for the duration of the contractual relationship and for a period of three years after the end of the contractual relationship.

The Users and Customers of Regate are hereby informed that if the permanent deletion of their account is requested, the data will be anonymised and will be used by Regate for subsequent transactions. The company may retain certain data in order to fulfil its legal or regulatory obligations and enable it to exercise its rights. In this respect, the Company retains the invoices relating to the services for ten (10) years.

8. Rules applicable to credit card payments and data protection

For payments made by Customers in return for the Service In order to ensure the security of your payments, we use the services of external service providers. They guarantee secure processing of all sensitive data such as bank details and customer identity, in accordance with the directives and standards: DSP2, RGPD and PCI-DSS.When payment for your order is made by bank card, our order-taking system connects in real time with the system of our service providers, who collect your data and carry out various checks to prevent abuse and fraud. The data is stored on the servers of our service providers and is not transmitted to our servers at any time.

Our service providers make the authorisation request to the bank and send us only the transaction number. In order to debit the account at the time of invoicing or to credit it, our service providers keep the bank data associated with the authorisation number for the time necessary to carry out the transaction and to process any complaints.

For payments made by Users when using the Platform
In order to ensure the security of payments made via the Platform, we use the services of external providers. They guarantee secure processing of all sensitive data such as bank details and the identity of Customers, Users and Suppliers, in accordance with the directives and standards: DSP2, RGPD and PCI-DSS.When a payment is made by bank card, our system connects in real time with the system of our service providers, who collect your data and carry out various checks to prevent abuse and fraud. The data is stored on the servers of our service providers and is not transmitted to our servers at any time.

Our service providers make the authorisation request to the bank and send us only the transaction number. In order to debit the account at the time of invoicing or to credit it, our service providers keep the bank data associated with the authorisation number for the time necessary to carry out the transaction and to process any complaints.

8.1 How is the banking data recorded?

To enable staggered payments, the third-party payment service provider may store the Customer’s banking data so that it is not necessary to state them at each new payment due date.

9. The security measures we put in place to protect your data

As a Data Processor, Regate takes all necessary precautions to protect the security and confidentiality of your data. This includes the physical security of the buildings housing our systems and the security of the computer system to prevent any external access to your data. Access to your data is limited to only those needing to know it.

10. Third party websites and social networks

The website and the applications allowing access to the Platform may contain hyperlinks to other websites published and managed by third parties and not by REGATE. REGATE shall not be held directly or indirectly liable in the event that such third party websites do not comply with the legal provisions. The creation of hypertext links to the website and the applications allowing access to the Platform may only be made with the prior written authorisation of REGATE.

We draw your attention to the social networks we use and with which you may interact to support us and/or share one of our publications. REGATE cannot be held responsible for any problems arising from your interaction. Please be aware that when you use these links, information about you may be collected or shared. We encourage you to review the privacy policies and settings of the social networks with which you interact to see what information may be collected, used or shared by those sites.

11. Cookies and other trackers policy

11.1 What is a cookie?

Cookies are small data files placed on your computer or mobile device by your browser when you visit a website. Typically, a cookie contains the name of the website that uses it and a text string or "unique identifier" that allows websites to recognise that cookie on each subsequent visit throughout its lifetime. Cookies can collect and store a wide range of information, such as the type of browser or operating system used, the language or other browser settings, or your interactions with the website. Usually, cookies are not used to collect data that identifies an individual. However, information collected with cookies can be associated with an individual if combined with personally identifiable information such as an individual's e-mail address. Your consent to the placement of certain cookies is required. You can accept or refuse the deposit of cookies on your computer or your mobile terminal. If you choose not to use cookies, you may not be able to use some of the features on the site. In general, we use two different types of cookies on this site

-Session cookies are used to store information about your activities on this site for the duration of your visit. They are deleted when you close your browser.

-Persistent cookies are stored in one of your browser's sub-folders for one or more sessions. They expire after a certain period (defined in the file) or can be deleted manually.

Web Beacons, Embedded Scripts and Similar Technologies: We and our third party partners may also use similar technologies on this site, such as web beacons (also known as pixel tags or GIFs) or scripts. Web beacons are small graphical images that may be embedded in websites or HTML emails that are not generally visible to the user. They allow us to track user interaction with the site or our newsletters. For example, they help us to understand whether you have read our newsletter or clicked on links in it, so that we can make offers tailored to your interests. An embedded script or pixel is a code designed to collect information about your interactions with this site, such as which links you click. The code is temporarily downloaded to your device from our web server or that of a third party service provider. It is active only when you are logged on to the website, and is disabled or deleted afterwards. Although you will not be able to reject or disable these technologies specifically, they work in conjunction with some cookies. Therefore, disabling cookies will prevent the above technologies from working.

In accordance with Directive 2002/58/EC of 12 July 2002, we collect your prior consent to the deposit of advertising, audience measurement and social network sharing cookies.

11.2 Which type of cookies do we use, and why?

Strictly necessary cookiesThesecookies are necessary for the operation of the services that are provided on our websites. They are used to provide basic functionality on our websites, such as remembering information that has been entered into a form. If you prevent these cookies from being set, you will not be able to use these features and the website may not function effectively.

Statistics cookiesThesecookies are used to collect anonymous data for statistical purposes. They allow us to measure the audience of the website and to analyse the way visitors surf the website (number of visitors to the website, number of visits per page, time spent on each page, location of clicks, measures of effectiveness of advertisements, etc.). They are also used to detect navigation problems and any other difficulties. These cookies help us to improve our website and your browsing experience.

Preference cookiesThesecookies are used to remember your choices, settings and content preferences on the website (such as your language, personalisation choices...) and thus provide you with a personalised browsing experience by tailoring the website content to you. If you reject these cookies we will not be able to offer you certain features and some pages of the website may not function properly.

Specificity of sharing cookiesThesecookies are specifically related to the use of sharing buttons on a page of the website on social networks (Facebook, Twitter, LinkedIn, etc.). The sharing buttons allow you to share a page of the site directly on the social network concerned. When you click on the share button on the social network concerned, one or more cookies are then placed on your terminal (computer, smartphone, tablet) by the social network. We have no access to or control over these third-party cookies, which may be analytical, performance or targeting cookies.

We suggest that you consult the websites of these third parties for more information about their cookies and how to manage them:

-Facebook:
https://fr-fr.facebook.com/policies/cookies/
-Twitter: https://help.twitter.com/fr/rules-and-policies/twitter-cookies
-LinkedIn: https: //www.linkedin.com/legal/cookie-policy?_l=fr_FR

11.3 Configuring cookie blocking via our cookie manager

The list of cookies that we use can be consulted via the management tool we have set up. You can disable them at any time. Nevertheless, we draw your attention to the fact that some cookies are essential for our website to work properly and it is therefore not recommended to disable them.

11.4 Configuring cookie blocking via your browser settings

You can also control cookies through your browser settings. While most browsers are set by default to accept the installation of cookies, you can choose to accept all cookies, reject them systematically or choose which ones you accept depending on the sender. You can also configure your browser to accept or reject cookies on a case-by-case basis before they are installed.

The use of cookies or similar technologies by any third party website or advertising content provider is subject to their own privacy policy regarding cookies.

The CNIL (Commission Nationale Informatique et Liberté) offers a free download of cookie management software on its website: go to https://www.cnil.fr/vos-droits/vos-traces/les-cookies/ to find out more.To manage cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your wishes regarding cookies.
As an example:

-For Internet Explorer™: https://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
-For Safari™: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
-For Chrome™: https://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647
-For Firefox™: https: //support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies

11.5 Configuring your smartphone’s operating system

You have the possibility to control the deposit of cookies on your smartphone in the rules of the operating system. For example:

-On iOS: https://support.apple.com/fr-fr/HT201265
-On Android: https://support.google.com/chrome/topic/3434352

You also have the possibility to oppose the deposit of cookies by accessing the website: http://www.youronlinechoices.com/fr/controler-ses-cookies/

12. modification of this data protection policy

The Company may modify this Data Protection Policy at any time. The Company will inform Users by any means of the changes made to this policy.

Date of issue of this policy:
21 January 2021