Data protection and data security are very important to our Company. Therefore, we would like to inform you about the personal data we collect during your usage of our Application and about the intended purposes. As changes to the law or changes to our corporate processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under “Privacy Policy” in the application.
Data Controller and Scope
The controller according to the EU General Data Protection Regulation (hereafter “GDPR”) and other national data protection acts of the Member States, as well as other data protection regulations, is:
Brozzo Studio SAS
149 avenue du maine
75014 Paris
France
E-mail: data@brozzo-studio.com
This Privacy Policy applies to the online presence of the Scorpet Application, which is available on the application Store of Apple and Google.
Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, or user behaviour. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.
Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.
In order to ensure the contest impartiality, you have to create an account in the Scorpet Application. When you create your account, we collect personal data that allow your identification. In the course of your account creation, reference is made to this data protection declaration and your consent in order to obtain your consent.
The following personal data are recorded to the extent necessary for your identification and the provision of a functional Platform and our contents and services:
· Name
· First name
· Adresse
· E-mail address
· Your pet’s Name
· You pet’s breed
· Your pet’s birthdate
In order to facilitate the creation of the account for the users, we use the mechanism of "Signin with Google" based on the API of Google. This mechanism gives us access to the following user data:
· Last name ;
· E-mail address ;
· Profile picture
The data processing described above for the purpose of your creation account is carried out voluntarily in accordance with Article 6 (1) lit. a) GDPR on the declaration of consent submitted by you.
The personal data that you enter for your account creation are stored for the lifetime of your account. Upon your account deletion, your personal data will be automatically deleted. Further storage may take place in individual cases if this is required by law.
For marketing operations, Scvorpet may offer you to subscribe to its partners newsletter and services (hereinafter “Partners Opt-in”) so that you have the opportunity to receive a content adapted and personalised to your needs. In the course of your subscription, reference is made to this data protection declaration and your consent in order to obtain your consent.
When you subscribe to Partners Opt-in, Scorpet may share, in all our in parts according to the marketing operation, with the chosen partner the following data:
· Name
· First name
· Adress
· E-mail address
· Your pet’s Name
· You pet’s breed
· Your pet’s birthdate
The data processing described above in the framework of a Partners Opt-in is carried out voluntarily in accordance with Article 6 (1) lit. b) GDPR on the performance of our services at your request as data subject.
Please note that our partners have their own privacy policies. Therefore, we invite you to read their privacy policy and in particular the terms and conditions for unsubscribing to the newsletter and services of the partner concerned.
Please not that we do not share your personal data with third parties, with the exception of the processing provided for in the "Opt-in Partners" section and subject to your prior consent.
The personal data are intended for our employees with regard to their respective functions and are stored on secure AWS servers.
We will only share your personal data with third parties and other recipients where we have an appropriate legal ground under the GDPR, which permits us to do so. Commonly, this could include situations:
· where we are legally obliged to provide the information (e.g. to data protection authorities),
· to comply with our contractual duties (e.g. to an affiliated company, if necessary in terms of our business relation.),
· where it is necessary in our legitimate interest (e.g. for compliance reasons), or
· where you have given your express consent to do so (e.g. to third-party Cookie providers).
We have also engaged certain service providers that process your data on our behalf and, therefore, are so-called data processors (e.g. our Cloud solution provider and agencies that help us managing our services thereof). Such data processors are contractually obliged to solely process your personal data based on our contractual agreement and in line with our predefined instructions. As data processors our service providers are also recipients of your personal data.
In general, the processing of your personal data is based inside the European Economic area (EEA). However, in terms of providing the Application and its functionalities we may use certain service providers and/or third-party service provider (in the following recipients) that receive your personal data (see under 3.), which may not process your personal data inside, but in a country outside the EEA. The transfer to service providers outside the EEA takes place on the basis of the so-called adequacy decision by the EU Commission pursuant to Art. 45 GDPR or on the basis of the Standard Data Protection Clauses of the European Union as an appropriate safeguard according to Art. 46 GDPR to ensure an adequate level of data protection in regard of the processing of your personal data.
However, when sharing your personal data with a recipient that is established in a country outside the EEA based on Standard Data Protection Clauses, it may be that the processing is not appropriately safeguarded due to the specific national laws applying to the recipient in such a country. This includes sharing your personal data with and the transfer of your personal data to recipients in the US. Such transfers of personal data may not be based on appropriate safeguards due to the fact that US authorities are allowed under US law to access and use such data transferred from the EU to the US without any specific exemptional reasons and means of a right to object to such illegitimate access for affected non-US American data subjects. Furthermore, these transfers are not regulated in such a way that would meet requirements equivalent to those existing under EU law specifically regarding the principle of proportionality as monitoring programs based on US legislation are not limited to what is strictly necessary.
Therefore, when we are aware that your personal data may be transferred to the US, e.g. to Google LLC or other recipients, we ensure to collect your express consent and inform you in this Privacy Policy about the corresponding risk that your data may not be appropriately safeguarded regarding illegitimate access or use, before such transfer takes place.
|
Recipient/Category of Recipient |
Purpose of transfer/disclosure |
Legal basis of the processing |
|
Subsidiaries and affiliated companies |
Quotes, Sales, Marketing, fraud protection, storage etc. |
Contractual relation or
pre-contractual steps |
|
National and EU Authorities and Law Enforcement Agencies |
Only as an exception, where no rights and freedoms of the affected data subjects overweigh: Ensure compliance with laws or in exceptional situations (e.g. data security incidents) |
Legal obligation; or |
|
Business partners |
Marketing campaigns |
Consent |
We use tracking and analysis tools to ensure continuous optimization and user-oriented design of our Application. With the help of tracking measures it is also possible for us to statistically record the use of our Application by visitors and to further develop our services for you with the help of the knowledge gained.
On the basis of these interests, the use of the tracking and analysis tools described below is justified in accordance with Article 6 (1) lit. f) GDPR.
The GDPR provides you as a Data Subject with the following rights in case you are subject to a data processing:
· Pursuant to Article 15 GDPR, you can request information about your personal data that we process. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organizations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
· Pursuant to Article 16 GDPR, you can immediately demand the correction of incorrect data or the completion of your personal data stored by us.
· Pursuant to Article 17 GDPR, you may request the deletion of your personal data that we store, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
· Pursuant to Article 18 GDPR, you may request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Article 18 GDPR if you have objected to the processing in accordance with Article 21 GDPR.
· Pursuant to Article 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it is transmitted to another person responsible.
· Pursuant to Article 7 (3) GDPR, you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future
· Finally, pursuant to Article 77 GDPR, you have the right to complain to the CNIL (https://cnil.fr/en/plaitnes). You can also contact a supervisory authority of your habitual residence, place of work or our company headquarters.
You may exercise free of charge your right to access, modify, rectify and deletion of your personal data, as well as your right to transfer and portability of your data by sending a request by e-mail (e-mail).
Contact: data@brozzo-studio.com
In order for us to satisfy this request, you must send us the necessary elements for your identification as account holder, a written statement of honour by which you certify that you are the account holder and a photocopy of an identity document.
In case the processing of your personal data is based on legitimate interest in accordance with Article 6 (1) lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS).
However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above mentioned security measures may not be observed by other persons or institutions for which we are not responsible.
In particular, unencrypted data - e.g. if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.