1. Preamble and scope
This privacy policy (hereinafter, the "Privacy Policy") is intended to inform you how personal data concerning you (hereinafter "Personal Data") is collected, processed, and stored by WEMANITY Paris (hereinafter, "the Organization"), as the data controller, in the context of your use of the engagement platform (hereinafter, the "Platform").
The Organization is committed to respecting your privacy and the confidentiality of your Personal Data when you use the Platform. It thus undertakes to process your Personal Data in compliance with applicable laws and regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the "GDPR"), and Law No. 78-17 of 6 January 1978 on data processing, files, and freedoms, in its current version (hereinafter, collectively the "Applicable Regulations").
The Privacy Policy exclusively covers processing carried out by the Organization in the context of your use of the Platform.
For the purposes of this privacy policy, the terms "Personal Data", "Processor", and "Data Controller" have the definition given to them in the GDPR.
The Privacy Policy is an integral part of the General Terms of Use of the Platform.
- employees and volunteers of the Organization wishing to register on the Platform to take part in Actions (the "Volunteer Users");
- the representatives of the Organization following the proposed initiatives and the actions of the committed Volunteer Users (the "Organization Users");
- representatives of partners listed on the Platform (the "Partner Users").
The Privacy Policy applies to all persons using the Platform, (hereinafter collectively, the "Users") namely:
2. Data collected and purposes
The Personal Data of Users are collected and processed according to determined purposes and in accordance with the Applicable Regulations, in the detailed conditions set out below:
| DATA COLLECTED | PURPOSES | LEGAL BASIS |
|---|---|---|
| Name, First Name, Email |
For all users:
|
Execution of the contract |
| Name, First Name, Email |
If you are a Volunteer User: |
Execution of the contract |
2.1 Personal information collected from third parties:
In the case of user synchronization with an identity management service provider, here are the personal data we collect:
| DATA COLLECTED | PURPOSES | THIRD PARTY |
|---|---|---|
| Name, First Name, Email, OAuth2 Identification Information | Creation of user account and access to the Platform | Identity Providers |
3. Recipients of Personal Data
As a principle, the Organization undertakes not to disclose to third parties the Personal Data provided by the Users. This Personal Data is exclusively used by its internal services and will under no circumstances be transferred or sold to third parties. However, in the context of using the Platform, your Personal Data may be shared with other Users. In particular, when as a Volunteer User you apply for a proposed action, your Personal Data is shared with the Partner proposing the action and the concerned Partner User.
However, in the context of using the Platform, your Personal Data may be shared with other Users. In particular, when as a Volunteer User you apply for a proposed action, your Personal Data is shared with the Partner proposing the action and the concerned Partner User.
Furthermore, Personal Data may, where appropriate, be transmitted to third-party subcontractors involved in the provision of the Platform (technical and hosting providers, customer monitoring and satisfaction surveys, security incident management or fraudulent activity, etc.).
The Organization commits to communicate your Personal Data only to authorized and trustworthy providers who process it on behalf of the Organization, according to its instructions and in accordance with this Privacy Policy and in compliance with any other appropriate measure of security and confidentiality.
Finally, Personal Data may be disclosed to a third party if the Organization is compelled by law, a regulatory provision, or a court order, or if such disclosure is necessary for the needs of an investigation, injunction or a judicial procedure, nationally or abroad.
4. Retention of Personal Data
Personal Data associated with your User Account is retained for the entire duration of activity of the User Account. It will be deleted upon your request or after a period of inactivity of three (3) years.
Personal Data related to the actions carried out as well as the validation of Mission times are kept for a maximum duration of five (5) years from the end date of the Mission.
Personal Data collected in the context of satisfaction surveys and User feedback are kept for a maximum period of one (1) year after their analysis by the Organization.
In any event, the Organization will retain your Personal Data only for the duration strictly necessary for the achievement of the purpose for which they were collected.
Moreover, the durations mentioned above are without prejudice to the right of the Organization to keep the Personal Data in intermediate archives beyond these periods, for the applicable limitation periods, based on its legitimate interest in managing any disputes, or if it is subject to legal obligations to retain the Personal Data in question.
5. Security of Personal Data
The Organization implements all necessary technical and organizational security measures to protect the Personal Data of Users against any unauthorized or illicit access, disclosure, alteration, damage, or destruction of the Personal Data it holds.
To this end, the Organization and its technical and hosting providers have deployed appropriate measures to ensure the integrity, confidentiality, and security of Personal Data (notably through compliance with ISO standards). However, the Organization cannot ensure that the Personal Data will never be intercepted or disclosed by or to a third party.
6. Transfer of Personal Data
The Personal Data of Users are stored on servers located within the European Union. In this context, the Organization does not carry out any transfer of Personal Data outside the European Union.
7. Respect and exercise of Users' rights
- right of access: you can obtain information about the nature, origin, and use of the Personal Data concerning you. In the case of transmission of your Personal Data to third parties, you can also obtain information concerning the identity or categories of recipients;
- right to rectification: you can request that inaccurate or incomplete Personal Data be corrected or completed;
- right to erasure: you can request the deletion of your Personal Data, especially if the Personal Data is no longer necessary for the treatments carried out. The Organization must proceed with the deletion of Personal Data;
- right to restrict processing: you can request that your Personal Data be temporarily made inaccessible to limit their future processing in the situations provided for by the Applicable Regulations;
- right to object: you can object to certain processing of your Personal Data for reasons related to your particular situation unless there are legitimate and compelling reasons for the processing that prevail over your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You can also object to the processing of your Personal Data at any time and without reason for commercial prospecting purposes.
- right to data portability: in applicable cases, you can request to receive the Personal Data that you have provided to the Organization, in a structured, commonly used computer format.
- right to provide instructions regarding the fate of your Personal Data in the event of death.
Under the conditions of the Applicable Regulations, you can assert, at any time, the detailed rights below:
- Jonathan Dupuich
- jdupuich@wemanity.com
You can exercise these rights at the following contact details:
If you exercise these rights, we endeavor to respond to your requests as soon as possible.
You can also file a complaint with the National Commission on Informatics and Liberty (CNIL), whose headquarters are located at 3 Place de Fontenoy - 75007 Paris, in the event that you consider that a processing of Personal Data does not comply with the Applicable Regulations.
8. Acceptance and update of the Privacy Policy
By ticking online the box “I have read and accept the Privacy Policy” when creating your User Account, you confirm that you have read the Privacy Policy and accept it without reservation.
If you disagree with any of its terms, you are free not to or no longer (in the event of modification of the terms of the Privacy Policy) use the Platform.
The Privacy Policy may be amended from time to time.
Any new version of the Privacy Policy will be published and accessible on the Platform and will be notified to you by email or during your next connection to the Platform.
Generally, the Privacy Policy is always easily accessible via the different pages of the Platform.
9. Identity of the Data Protection Officer
- Jonathan Dupuich
- jdupuich@wemanity.com
The Data Protection Officer designated by WEMANITY Paris is Jonathan Dupuich, whose contact details are as follows: