PRIVACY POLICY FOR THE USE OF THE Y2M PLATFORM

his privacy policy applies to the use, through your customer account, of the web or mobile platform made available to you by Y2M (hereinafter “Y2M”) at URL https://app.y2m.io/cgu (hereinafter the “Platform”) as well as of the services provided to you by Y2M.

In connection with our business, we are likely to process information about you.

Your privacy and the security and confidentiality of your personal data (hereinafter the “personal data”) are important to us.

Consequently, we hereby undertake to process your personal data in compliance with French and European regulations on the protection of personal data, in particular: Law No. 78-17 of January 6, 1978 relating to information technology, files and liberty as amended, EU Regulation 2016/679 of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, directly applicable since May 25, 2018, as well as any other French or European regulation that would come to apply in relation to personal data protection.

This privacy policy provides details on how we process your personal data.

Our cookie policy, available at https://y2m.link/cookie-policy, details how your personal data is processed through the use of tracers (mainly cookies) placed on the Platform.

Please read this privacy policy and the above-mentioned cookie policy carefully.

1. How do we collect the personal data that we process?

The personal data that we may process is derived from the data that you provide when you use the Platform and/or when we confer with you by telephone, e-mail or otherwise.

This includes, for example, the data you entered in the form for creating your customer account when you first logged onto the Platform.

2. What data do we process?

Nous traitons tout ou partie des données suivantes :

We process all or part of the following data:

  • Information relating to your identity (your title, last name(s), first name(s), postal address, personal e-mail address, fixed and/or mobile phone number, etc.);
  • Information on your professional activity, such as the position or duties that you hold within the entity that employs you, or your professional contact information: professional e-mail address, phone number, etc.;
  • Information that we receive in connection with an order for service and payment of the corresponding price (details of the service purchased, purpose and number of the transaction, data relating to the payment method(s) you used, balances and outstanding payments, etc.); and
  • Data for following-up our customer relations (your billing address, purchase history, etc.).

We do not process sensitive data relating to you (such as your religion, political opinions, health, trade union membership, sexual orientation, etc.).

We make every effort not to collect and process and to prevent the collection and processing of personal data of minors under the age of 15.

3. For what purposes is your data processed?

We collect and/or process your personal data for the following purposes:

  • To manage our customer relations with you (and thus allow you to subscribe to services, obtain an invoice for your order, ask us questions, etc.);
  • To manage our direct marketing operations (and thus allow you to receive by e-mail, postal mail, text message, MMS or telephone, news or offers relating to our products and/or services, activity, promotional operations etc.);
  • To submit to you polls and surveys;
  • To manage your feedback on our products and/or services;
  • To inform you of any changes to the Platform;
  • To manage your requests to exercise your rights under Article 9 hereof;
  • To manage any unpaid invoices and litigation;
  • To allow for anti-fraud operations.

4. What is the legal basis for processing your data?

The processing of your data is generally based on our legitimate interest in performing, improving and improving our customer relations. It may also be based on the performance of the agreement that governs the relations between you and Y2M, in particular the Terms of Use, the latest updated version of which is available at: https://y2m.io/cgu (hereinafter the “Agreement”). Lastly, some of the processing we carry out is based on our legal obligations. Nevertheless, in the following cases in particular, the processing of your personal data is based on your express and specific consent (which will be requested through a check-box for example, or any other relevant positive action on your part, which will be indicated to you):

  • The use of your data for direct marketing purposes (by e-mail, text message, MMS, telephone, etc.). However, direct marketing by e-mail will not require your consent if the prospecting message we send you concerns products or services similar to those that we have already provided to you or if we write to you at your professional e-mail address and if the subject of our solicitation is related to your professional activity;
  • Reuse of your data for purposes other than those set forth in Article 3 hereof.

As indicated in Article 9 below, you may revoke such consent at any time. For example, if you no longer wish to receive direct marketing e-mails from us, you may inform us thereof as described in Article 9 below, or use the unsubscribe function provided for such purpose in the e-mail that we send you (generally, a clickable link to unsubscribe at the end of the message). We will make sure that your request is processed as soon as possible and that the recipients of your personal data are also informed.

5. Who processes your data?

The data controller in charge of processing your personal data is:

Y2M, a French simplified joint stock company (société par actions simplifiée), registered with the Trade and Companies’ Register of Saint-Brieuc under number 901 305 680, having its registered office at 29 avenue du Léon, 22190 Plérin, FRANCE.

The recipients of this data are:

  • Authorized personnel from Y2M’s marketing, sales, customer service and IT departments, as well as their line managers;
  • Authorized personnel of the departments in charge auditing (auditors, departments in charge of internal audit procedures, etc.);
  • Authorized personnel of our business partners, our subcontractors, as well as any person involved in the performance of the Agreement entered into with you (such as the service providers supplying us with hosting services for your data), it being specified that we ensure that such persons provide solid guarantees of security and confidentiality for the personal data that we provide them;
  • Bodies, judicial auxiliaries, ministerial officers, and judicial and administrative authorities, under the conditions provided for by Law;
  • Any authorized person, where we are required to disclose and/or share your personal data in order to comply with our legal obligations.

The use of your personal data by third parties to our company is governed by their own privacy policy.

6. Where is your data processed?

Your data is processed mainly within the European Union. Where our relationships with business partners, subcontractors or third parties involve cross-border transfers of your personal data outside the European Union, you hereby consent to the processing of your personal data outside the European Union. You are hereby informed that the United States, to which some of your data will be transferred, does not offer an adequate level of protection for personal data.

7. How is your data protected and stored?

Security is at the heart of our concerns. Accordingly, we implement appropriate technical and organizational measures, including physical, hardware and software measures, to maintain the security, integrity and confidentiality of your personal data and to protect it from unauthorized access, use, misappropriation, alteration, disclosure or destruction. In addition, we require our subcontractors to provide adequate security and confidentiality safeguards.

8. How long do we store your data?

Concerning the data related to customer relation management: Your data will not be retained beyond the time strictly necessary to manage the customer relations. We may, however, retain your data for analysis or aggregate statistical purposes for longer than is necessary for the purposes for which we have processed it, after having irreversibly anonymized it. We may also retain your data for direct marketing purposes for a maximum of three (3) years from the end of our business relationship (e.g., from the date of completion of a service provided to you, the last contact from you, etc.). At the end of such three- (3) year period, we will contact you again to verify whether you wish to continue receiving commercial solicitations from us. In the absence of a positive response from you, we undertake to delete or archive your personal data. Concerning the data relating to your bank details: Once you have completed a transaction on the Platform, your credit card details will not be retained by Y2M and will be deleted. If you pay by credit card, your card number and its expiry date may be retained as evidence in case of dispute relating to the transaction, for a term of thirteen (13) months following the debit date or fifteen (15) months in the case of a deferred debit card. However, if you expressly consent thereto, we may retain your credit card information for a longer period of time, for example to facilitate payment of future purchases. In any event, you may withdraw your consent at any time. The data relating to the visual cryptogram of your card will not be retained beyond the time necessary for the completion of each transaction, including in the case of successive payments or retention of the card number for subsequent purchases. Upon the expiry date of your credit card, your credit card data will be deleted. It is nonetheless specified that Y2M’s payment service providers may retain your credit card data for longer periods than those set forth above. Data related to your Bank Account Information (RIB) including your BIC and IBAN numbers may be collected by Y2M at the end of the Agreement, if you have a credit balance in your Wallet (as defined in the Agreement), for the purpose of paying the corresponding amount to your bank account, in accordance with the terms of the Agreement. Once this payment is completed, your bank details will not be retained by Y2M and will be deleted. This data may nonetheless be retained as evidence in the event of a payment-related dispute, for thirteen (13) months following the date of said payment. Concerning the management of lists of objections to receive direct marketing: If you exercise your objection right relating to receiving direct marketing, the information used to take into account your objection right will be retained for a minimum of three (3) years from the date you exercise such right. Regarding your account data on our Site: When you create an account on our Site, the data will be deleted as soon as the account is deleted (subject to the data corresponding to the cases set forth above). Your account shall be considered inactive after two (2) years from your last use of the account. At the end of this period, your inactive account data will be deleted, after you have been notified and given the opportunity to object. In any event, should we continue to process your data regardless of the closure of your account and the deletion of your account data, you shall have the opportunity to exercise the rights set forth in Article 9 below.

9. What are your rights with respect to the processing of your data?

You have the right to access, oppose, rectify and delete your personal data. You can modify some of your data directly on the Platform, via your customer account. Moreover, you have the right to provide us with instructions on how you would like your personal data to be handled after your death (e.g., whether you would like it to be retained, deleted, or provided to a designated third party). Finally, you can require us to delete any of your personal data that was collected when you were underage. Furthermore, you may also exercise your right to limit the processing and your right to the portability of your personal data. You also have the right to withdraw your consent to the processing of your personal data (where our processing is based on your consent). Finally, you may exercise your right not to be subject to a decision based exclusively on automated processing (such as profiling, for instance) that has legal effects concerning you or that materially affects you. Lastly, you have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data (such as the CNIL). These rights may be exercised:

  • By you, with respect to your personal data;
  • By the person(s) exercising parental authority, if you are underage;
  • By your legal representative, if you are under guardianship;
  • By your heirs.

hese persons will then be the recipients of the information resulting from the exercise of these rights. These rights may be exercised by sending us your request by post to the following address: Y2M, 8 Rue Lépine, Pantin 93500, France In order to process your request, we will need to know your identity. We may therefore request a photocopy of one of your identity documents bearing your signature. We will keep this copy only for the time necessary to process your request. You will also need to specify the address to which the reply is to be sent. Your request does not need to be motivated, except in the case of your exercise of the right to object. Indeed, if exercising your right to object, you will have to justify the existence of a legitimate reason, except in the case where your data is processed for direct marketing purposes, particularly commercial.

10. Privacy Policy amendments

We reserve the right to amend this privacy policy at any time without notice. We suggest that you regularly consult this privacy policy accessible on the Platform, in order to be aware of any amendments. Where necessary, we will notify you by e-mail of any amendments to this privacy policy. Should you have any questions, please contact us by one of the following means:

  • By e-mail at: hello@y2m.io;
  • Through the contact form available on the Platform, accessible at the following address: https://y2m.io/contact;
  • By post at the following address: Y2M, 8 Rue Lépine, Pantin 93500, France

This privacy policy becomes enforceable against you as from your creation of a customer account on the Platform.