Privacy policy

Purpose of this policy

FYGR is committed to security, confidentiality and the ongoing protection of the personal data (the "Data") of the users of its services, in accordance with current French and European regulations, in particular the French Data Protection Act of January 6, 1978 as amended (LIL) and the General Data Protection Regulation of April 27, 2016 (GDPR).

The purpose of this policy is to inform you of the rules we apply in terms of Data protection. In particular, it describes how we collect and process your Personal Data and how you can exercise your rights in relation to this Data.

FYGR, represented by François Menjaud, in his capacity as President, is responsible for the processing of Personal Data collected via the website and the Fygr Tool accessible from the website as well as from the application.

This means that we determine the purpose and means of processing the Personal Data collected.

We apply a strict policy to guarantee the protection of your Data.

Policy scope

This policy covers the use of:

- our website and the services accessible from this site;
- of our services accessible on the FYGR as well as from theapplication.

Status of Fygr and its customers

The legal entity customer undertakes to pass on the present information to any natural person likely to be concerned by the Data processing carried out.

Fygr undertakes to ensure that all its partners or subcontractors comply with the applicable provisions.

The data we collect

FYGR is likely to collect your Data in the following cases:

- We collect your Data through forms that you complete on our website or to subscribe to our services or those of our partners.
‍
- We also collect your Data when you correspond with us, in particular with our customer service department, by e-mail or telephone. In this case, we keep a copy of this exchange.
‍
- We are also likely to collect your Data when you interact with us on social networks.
‍
- When you use our services we receive information relating to the services you use and the use you make of them. This includes information about your business, bank flows and cash balance.
‍
- We may also collect additional information from you when you register or otherwise use our services.
‍
The categories of Data we process are as follows:

- Data identifying the natural person (surname, first name, business e-mail address, telephone number)
‍
- Data linked to operations and transactions carried out by the user account(s) in the course of its business (receipt and issue of payments, transfers)

- Banking data (IBAN, bank details, card number)

- Identification and authentication data linked to the use of Fygr (username, password)

- Data relating to contact and interaction with us: messages, emails, calls, interaction on our site and social networks.

- Browsing data: cookies and IP address. We use cookies to enable you to access your reserved and personal areas. To find out more about our policy on the use of cookies, please consult our Cookie management policy.

We do not carry out any processing of Personal Data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of biometric data or genetic data, pursuant to Article 9 of the European General Data Protection Regulation 2016/679 of April 27, 2016.

However, this prohibition may be overridden, if legal or regulatory provisions require the processing of the aforementioned Personal Data.

Use of connected data

We collect and process your Personal Data for specific, explicit and legitimate purposes. In this respect, we use your Data in the context of the performance of the service contract you enter into with us. The purposes and legal bases are as follows:

PURPOSE

LEGAL BASES

Manage your access to and use of the services.

This processing is necessary for the performance of our respective contractual obligations.

Carry out customer management operations concerning contracts, orders, deliveries, invoices, loyalty programs and customer relations.

This processing is necessary for the performance of our respective contractual obligations and/or is carried out with your consent.

Build a file of registered members, users, customers and prospects.

This processing is based on your consent and/or our legitimate interest (providing you with relevant information).

Send newsletters, solicitations and promotional messages.

This processing is based on your consent and/or our legitimate interest (providing you with relevant information).

To compile commercial and visitor statistics for our services.

This processing is based on our legitimate interests.

Organize contests, lotteries and all kinds of promotional operations, with the exception of online gambling subject to approval by the Autorité de Régulation des Jeux en Ligne.

This processing is based on your consent and/or our legitimate interest.

Manage people's opinions on products, services or content.

This processing is based on our legitimate interests.

To manage any unpaid invoices or disputes relating to the use of our products and services.

This processing is (i) necessary for the performance of our respective contractual obligations, and/or (ii) necessary for the establishment, exercise or defense of legal claims.

Meet our legal and regulatory obligations.

Such processing is (i) necessary for the performance of our respective contractual obligations, (ii) carried out with your consent and/or (iii) necessary for the establishment, exercise or defence of legal claims.

Manage our Tool and perform internal technical operations for problem solving, testing and research.

This processing is based on our legitimate interests (ensuring the security of our Tool and improving its features).

When we collect your personal data, we inform you whether certain information is mandatory or optional. Mandatory data is required for the operation of our services. For optional data, you are entirely free to choose whether or not to provide it. We will also inform you of the possible consequences of failing to do so.

Commercial prospecting

In accordance with applicable law and with your consent where required, we may use the data you provide for marketing purposes (for example to (i) send you our newsletters, (ii) send you invitations to our events or any other communication that may be of interest to you).
You may withdraw your consent at any time by (i) clicking on the unsubscribe link provided in each of our communications or (ii) contacting us at support@fygr.io.

Recipients of collected data

Only the authorized and specified persons mentioned below may have access to some of your Data:

- FYGR's authorized personnel, who are bound by a confidentiality agreement relating to your Data;
‍
- FYGR's subcontractors who act in the name of and on behalf of FYGR;

- Budget Insight and Fintecture, who act as joint managers with Fygr regarding bank account aggregation, invoicing and payment initiation services;
‍
- Authorized third parties, such as relevant courts, mediators, chartered accountants, statutory auditors, lawyers, bailiffs, debt collection companies;

- Third parties who may place cookies on your terminals when you consent (for more details, see our Cookie Management Policy.

Your Data is not communicated, exchanged, sold or rented to anyone other than those mentioned above.

Data storage and transfer outside the EU

All our servers on which your data is stored and those of the service providers used to exchange and store this data are located in Europe.

As such, the Data we collect is stored on the servers of our service provider Amazon Web Services (AWS) in Europe, which guarantees a high level of security.

In the event that we use subcontractors located outside the European Union, we undertake to ensure that our subcontractors present protection measures recognized as sufficient within the meaning of the GDPR. This may include, in particular, subcontractors located in any other country recognized by the European Union as ensuring an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement that complies with the standard contractual clauses adopted by the European Commission or, any other protection measure recognized as sufficient by the European Commission.

Security

We inform you that we take all necessary precautions and appropriate organizational and technical measures to preserve the security, integrity and confidentiality of your Personal Data, and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties. We also use secure payment systems that comply with the state of the art and applicable regulations.

Data retention period

We retain your Data only for as long as is necessary for the purposes for which it is to be used.

FYGR retains your Data for as long as your account remains active, unless you request its deletion or the deletion of your account.

In addition, the following categories of personal data may be kept for different periods of time:

- Financial data relating to the invoicing of our services (e.g. payments) is kept for the period of time required by applicable tax and accounting laws;

- Data used for commercial prospecting purposes may be kept for a period of three years from the deletion of your account, unless you have decided to exercise your right to object under the conditions set out below.

- Data used to establish proof of a right or contract, or kept to comply with a legal obligation, may be subject to an intermediate archiving policy in order to meet our legal, accounting and tax obligations. This applies in particular to the 5-year limitation period provided for under article 2224 of the French Civil Code.

User rights

In accordance with the applicable regulations, you have the following rights when your Data is processed:

- Right of access (Article 15 of the RGPD): you have the right to obtain confirmation from us that Data concerning you is or is not being processed, as well as to receive a copy of all the Data we hold about you;

- Right of rectification (Article 16 of the RGPD): you have the right to request the correction of Data we hold about you if it is incomplete or erroneous. In this case, we may ask you to verify the new Data provided;

- Right to be forgotten (Article 17 of the RGPD): you can ask us to delete your Data when we no longer have a legitimate interest in holding it;Right to limitation (Article 18 of the RGPD): you may in certain cases obtain from us the limitation of the processing of your Data;

- Right to portability (Article 20 of the RGPD): you may receive from us the Data concerning you in a structured, commonly used and machine-readable format, for the purposes in particular of transmission to a third party. Where technically possible, you also have the right to have your Data transmitted directly to this third party;

- Right to object (Article 21 and 22 of the RGPD): you may object at any time to the processing of your Data for reasons relating to your particular situation or when your Data is processed for prospecting purposes;

- Right to withdraw your consent (Article 13-2 c of the RGPD): you have the right to withdraw your consent to the processing of your Data at any time, which will not render unlawful the previous processing based on that consent.

- Right to define the fate of your Data after your death and to choose whether or not we communicate your Data to a third party that you have previously designated. In the event of your death and in the absence of any instructions on your part, we undertake to destroy your data, unless its retention is necessary for evidentiary purposes or to meet a legal obligation.

Exercising your rights

You can exercise your rights by sending a request to our customer support at the addresses below. Any request to exercise a right must be accompanied by a copy of your identity document. A reply will be sent to you within one month of receipt of your request. To this end, we may ask you for additional information or documents.

Please note that you do not need to pay a fee to access your personal data or exercise your rights. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive.

If you have any questions about the processing of your Personal Data or if you have any comments, requests or complaints about their confidentiality, you can contact us:

By email: support@fygr.io
By post: 26 avenue Winston Churchill (La Filature, Bâtiment D), 27400 Louviers

Complaints to the Commission Nationale de l'Informatique et des Libertés (CNIL) (French Data Protection Authority)

In the event that the rights of the data subject have not been respected, and after contacting the Data Controller, the data subject may lodge a complaint with the CNIL:

Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy, 75334 PARIS

‍Making a complaint to the CNIL

Modification of the privacy policy

We reserve the right to change this privacy policy at any time.
‍
The most current version of this privacy policy governs our use of your information and will always be available on the FYGR website or upon request from FYGR.

Should we make a material change to this privacy policy, we undertake to notify you via your email address.

‍Send a complaint to the CNIL

Personal data processor

Consult our Subcontractor appendix on personal data.