(compliant with GDPR – General Data Protection Regulation)
PAYPERSAFE certifies that it implements in good faith the means necessary to respect your privacy, to collect and process data in a lawful, fair and transparent manner, and to act in accordance with all applicable regulations.
The Website: the Website and the web application accessible at the address www.paypersafe.com, all possible sub-domain(s) included.
PAYPERSAFE: refers to YSYONE SAS, owner, publisher and sole representative of the Website, of the commercial sign and trademark “PAYPERSAFE”, as identified in the Legal Notices.
Users: means any natural or legal person who consults the Website without necessarily registering or subscribing to PAYPERSAFE‘s Services, and/or Subscriber Users when it is not necessary to make a distinction between Users’ categories.
Subscribers: means any User, holding full legal capacity, who registers on the Website and uses its functionalities, to open and manage a digital safe.
The Safe: refers to the online space rented to the Subscriber by PAYPERSAFE.
The Recipient: any natural or legal person receiving Content from a Subscriber’s safe.
The Parties: means together PAYPERSAFE and the Users, Subscribers or not, who have consented to these GCS.
The GCS: the entire indivisible contract governing entirely and exclusively the registration and use of the Website as a whole, by all Users. The GCS are as well here referred to as “General Conditions of Services”, and are accessible by clicking here.
Third party: any person who is not a party to the GCS.
The Service(s): refers to all the services offered by PAYPERSAFE through the Website.
Information: all information published on the Website by PAYPERSAFE.
Content: all content, information and data provided by Users, intended to fill their digital safe.
Data: all the management data provided by the User to use the Website and its features.
. The collection and processing of personal data carried out within the framework of the use of the Website, required for the achievement of the common contractual objectives, and for the respect of its obligations by PAYPERSAFE within the framework of its remote commercial activities are carried out in accordance with the rules in force in the European Union (GDPR) as well as the amended Data Protection Act, under the responsibility of Mr. Yamine Benabdellah, designated in the Legal Notice .
. The collection of data carried out on or via the Website is limited to what is necessary, in accordance with the principle of data minimization.
. The collection and processing of data carried out via the Website is carried out for:
1 – allow PAYPERSAFE to better know its audience to optimize the management of its relations with its Users, through the analysis and measurement of the Website’s audience, as well as the development of commercial statistics and statistics on possible publicity;
2 – ensure the technical efficiency of the Website’s use, allow Subscribers to open and manage their Safe(s), as well as to share their Content, which may include consultation, subscription and/or registration (management of personal accounts), execution of orders, written exchanges, publication of opinions and comments, making contacts, provision of Services, downloading and sharing of Content, management of personal accounts, various notifications and communications from PAYPERSAFE;
3 – allow PAYPERSAFE to send Users newsletters (intended in particular at informing them about the use and development of the Website, the coming releases of Products and Services, specific advice from PAYPERSAFE, etc.); prospecting and/or sending information (newsletters), which includes relaunching prospects, managing technical prospecting operations, selecting people to carry out loyalty, prospecting, survey, product testing and promotion as well as carrying out solicitation operations;
4 – allow PAYPERSAFE to send Users commercial solicitations, for offers similar to those existing on the Website, and to improve the Website as well as its commercial offers; are included in this purpose, managing PAYPERSAFE’s relationship with prospects and customers; collection and management of people’s opinions on products, services or content; possible participation in special events (such as contests, games, prize draws, offers) and participation in the loyalty program (excluding online gambling and games of chance subject to the approval of the Online Gaming Regulatory Authority);
5 – ensure the good performance of its obligations towards Users by PAYPERSAFE , via several Services and Products which involve by their nature the voluntary providing of personal information, which may include: identifying the persons using the Website to order Products and/or Services; carrying out operations relating to the files’ management of contracts, orders, deliveries, invoices, accounting and monitoring of the commercial relationship; allowing the proper execution of payments, but also the prevention and fight against fraud and means of payment and in particular against bank card fraud; managing outstanding payments and disputes; dealing with questions and possible complaints from people and managing requests for the right of access, rectification and opposition.
. In accordance with article 6 of the GDPR, PAYPERSAFE may proceed with the collection and processing of data, to perform its obligations in the context of the purchase of its Products and Services in accordance with its GCS, as well as to protect its legitimate interests.
. If the law provides for it, or if not necessary in one of the two previous cases, PAYPERSAFE will request the express consent of the Users.
. In a perspective of transparency and respect for individuals’ rights over their personal data, PAYPERSAFE has implemented a compliance process relating to the automatic use of so-called required cookies and so-called basic audience measurement cookies upon access of the User on the Website, so that neither the latter nor PAYPERSAFE needs to intervene to guarantee the conformity of this process.
No audience measurement cookie allows the collection of personal and identifiable data.
. An informative banner appearing while accessing the Website reminds Users that the deposit of cookies and the collection of certain information resulting therefrom during their use of the Website is automatic, of which the User is aware of.
. It is understood that the icons’ tags on the Website may be replaced by other equivalent tags having the same meaning.
. The Users’ consent is systematically and explicitly collected by a physical or digital signature, and/or the filling in of a checkbox and/or any other means of obtaining consent, understood as the manifestation of a clear and unambiguous will (optin), when using any features that by nature require the use of data entered and/or collected.
. In particular, the information banner displayed while accessing the Website allows Users to select the types of cookies, and therefore the type of computer tracking, whether they accept or not, by ticking the boxes corresponding to their choice, which will be retained by PAYPERSAFE .
. In all cases for which consent has been provided by the User, PAYPERSAFE gives Users the effective possibility of revoking their consent to current and/or future processing, by any appropriate means (such as in particular “optout” and unsubscription in emails, privacy settings, formal written request, etc.).
. Data collected and eventually processed by PAYPERSAFE as a result of cookies are governed by article 6 hereof (Cookies Charter).
. The content of the data processing carried out via the Website when using its functionalities and/or the Services varies according to the uses of the latter, and may include the following information:
User management data, for orders/registrations:
– Username (valid e-mail address, possible user name).
– Password (the passwords of the Subscribers are chosen by the latter and are never kept in clear text; they are the subject of a hash intended for encryption in order to ensure their security and are not visible to PAYPERSAFE ; Users have a recovery procedure in the event of loss or theft) ;
– Additional data and supporting documents when PAYPERSAFE carries out a legitimate security check requiring them to be provided.
– Connection logs (IP address, date and time of connection, executed actions).
– Any logo of the company / brand / commercial sign of the Subscriber who wishes to personalize his Safe.
The Contents of Subscribers’ Safes are under their exclusive control.
PAYPERSAFE is strictly prohibited from accessing it. By way of exception, PAYPERSAFE may open the Safes in the context of disputes and any legal proceedings, as well as for evidentiary purposes.
PAYPERSAFE can always identify the type of Content inserted in the Safes (text, video, image, etc.) as well as the movements made by the Subscribers (deposit, deletion, sharing).
Billing data and commercial relationship:
– Bank details for making payments and debiting commissions, via the third-party provider PayPal.
The credit card numbers used to validate subscriptions as well as to share paid Content are never kept by PAYPERSAFE, which are entirely managed by PayPal.
PAYPERSAFE can only view notifications from PayPal informing it of the success or failure of payments.
Audience measurement data :
See article 6.
Browsing data :
– Movements and navigation patterns relating to the consultation’s steps, up to the possible registration of Users.
– The collected data is anonymous or anonymized and is not subject to any processing dedicated to any direct prospecting, but to the measurement and analysis of the design and use of the platform.
Survey data :
– Data voluntarily provided by users in the polls and surveys offered to them, for the purpose of knowing their level of satisfaction, their needs, and their suggestions;
– Information explicitly provided by Users during live events, online or not.
. The mandatory or optional nature of providing information varies according to the use of the Website, and is indicated online directly if necessary, or in the document(s) in question.
. Users undertake to only provide complete, accurate and valid information, and agree to discharge PAYPERSAFE from liability in case of damage(s) resulting from their own failure in this area.
. In the same way, Users admit that their failure in filling in the mandatory information validly allows PAYPERSAFE to refuse, suspend or stop any Service and/or Product order that may be provided to the latter on the basis of said information.
. By virtue of its authority of moderation and control over all the activities of the Website, PAYPERSAFE reserves the right to carry out any useful verifications relating the data provided by Users, including requesting additional supporting documents.
No tracing is performed on the Safes’ contents.
. Cookies are used by PAYPERSAFE to provide the User with a customized experience and to memorize some of his customization choices.
. Cookies can be used for statistical purposes, in particular to optimize the services provided, from the processing of information concerning the frequency of access, the personalization of the pages, the operations carried as well as the consulted information.
. The collected information will only be used to monitor usage habits, the volume, type and configuration of traffic passing through the Website, to develop its design and layout and more generally to improve navigation and use of the Website.
. However, cookies that are not strictly crucial are specified by PAYPERSAFE.
. Cookies do not collect any personal data that can identify Users, either on hard drive or online, and the collected information is anonymous or anonymized.
. Cookies give PAYPERSAFE access to standard information (time of browsing, approximate location, etc.) about Users. Users understand that their IP address is partially collected by Google Analytics (i.e. without the last two characters), which does not disclose it for confidentiality reasons. PAYPERSAFE cannot therefore, strictly speaking, read the IP address, and therefore cannot use it as such.
Essential cookies for the functioning of the Website in all cases:
Connection and authentication cookies : allowing to know the entries and exits of the User, the IP address of the User, the date and time of the connection, the operating system, the browser and the type of device used by the User.
Specific cookie to verify that the information banner has been consented to (management of the consents issued on the banner itself, allowing it to no longer be displayed on each page load).
PayPal cookies to operate the service if needed.
Non-mandatory cookies for the operation of the Website:
Google Analytics to measure the audience in a classic way. These cookies are automatically deleted after 14 months, and do not allow the identification of people.
° Specific cookies from Google Analytics
When browsing the Website, PAYPERSAFE collects by default only the data allowing the analysis and measurement of the Website’s audience: data relating to the IP address (identification of the internet connection and the terminal), the consulted pages, as well as all types of data accessible via a Google Basic Analytics, concerning the possible interactions between Users and the Website:
– Number of page views;
– Origins of traffic;
– Dates and times;
– Places to visit (geolocation no more precise than the city);
– Duration of visits.
. None of this data, processed separately or together, can identify a person, and are all therefore considered anonymous or anonymized data.
° Facebook Pixel (as well valid for targeting from Instagram)
The Facebook Pixel, when explicitly accepted by Users via the cookie banner, potentially gives access to the following information:
. visits of pages and Articles of pages
. performed actions, buttons clicked
. registrations and orders finalized or not
. carry out research
. display content
. making contact
. Users can interact with the Website by clicking on buttons representing third-party Websites and applications (in particular via social network buttons, the various Websites belonging to PAYPERSAFE, etc.).
. In particular, if the Users connect their account to an another service’s account, such as a social network, said service may communicate to PAYPERSAFE its profile information, connection information, as well as any other information whose disclosure has been so authorized.
. Users acknowledge that the use of these buttons has the effect of transferring information to PAYPERSAFE, as well as to the concerned third party Websites.
. Under no circumstances PAYPERSAFE can bear the responsibility for any damage resulting from the use of this process with regard to the Users as well as the said third parties, and is exclusively responsible for the data processing for which it is responsible.
. PAYPERSAFE excludes all liability due to the sharing of Content by Users to Recipients, and for any damage that may result (in particular, loss, misappropriation, destruction, etc.).
PAYPERSAFE is committed to the highest level of IT security and to implementing all measures appropriate to the level of risk and confidentiality involved by the nature of the Services, which are Digital Safes fully managed by Subscribers.
PAYPERSAFE strictly prohibits, for itself and for its entire staff, access to User Safes, with the exception of disputes, prohibited uses of Safes of which he is aware, and possible legal proceedings resulting from these specific cases.
The Content is exclusively inserted, managed, shared, and deleted by the Users themselves. Therefore, the Content is not collected or processed by PAYPERSAFE.
. PAYPERSAFE undertakes to take all necessary and/or useful precautions to preserve the security of the processing and of the data collected, by respecting the physical and logical security standards (protection of premises and devices used, protection of servers, etc.) which are within its jurisdiction, concerning navigation, registration, subscription and use of the Website in general, and without prejudice to any security obligation placed under the responsibility of the service provider in charge of hosting the Website.
. Security measures are adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of Users’ personal data.
. Any information accessible on the Internet via an outgoing link from the Website, with the exception of the other PAYPERSAFE Website(s), is not placed under the control of PAYPERSAFE, which declines all responsibility for said information and possible breaches of computer security, as well as the consequences that would result.
– IT security provided directly by PAYPERSAFE:
° Identifier (unique e-mail) and “hash” of passwords (never displayed in clear text) + procedure for recovering stolen or lost passwords
° Encryption of Content at the input and output of databases
° Limitation of connections and filtering of IP addresses
° Dedicated security plugin (firewall and protection against hackers)
° Implementation of protections for professional devices (encryption and password policies)
° Daily automatic backups
° Logging of logs and events
° Anti-noise force system
° Antivirus to check all items uploaded to safes
° Self-destruction of Content in case of sharing when the Subscriber himself decides so
° Security measures on the servers (filters, anti-intrusion, blocking of multiple connection attempts).
° Anti spamming procedure by sending a security email intended to secure the safes
° Cloud data storage
° HTTPS encryption protocol throughout the Website
. PAYPERSAFE certifies that its servers themselves can only identify the type of content (image, video, text, etc.) existing in the Safes, but can never read or manipulate, modify, transfer or delete these Contents. These prerogatives are strictly reserved for Subscribers, who fully control their Safe(s).
. PAYPERSAFE implements measures to prevent the data processed from being distorted, damaged or from unauthorized third parties having access to it, in particular by controlling access to the data and by securing their possible communications.
. Users admit to being responsible for their identifiers and passwords, which they can create and modify in the event of forgetting and/or loss, via the procedures indicated directly on the Website. They abandon seeking the responsibility of PAYPERSAFE in the event of forgetting, loss, theft, misappropriation of these identifiers and passwords. PAYPERSAFE certifies that it does not even have access to plaintext passwords and cannot read them.
– Minimum IT security provided by the host:
° Logging of logs and events
Host commitments regarding data security can be accessed by clicking here.
– Computer security provided by PayPal:
. The third-party service provider in charge of managing payments on the Website (PayPal) fully encrypts bank data for any payment on the Website.
PayPal’s data protection commitments can be accessed here.
. PAYPERSAFE is committed to the greatest transparency in its communication concerning the security of its Users’ personal data.
. If PAYPERSAFE becomes aware of unauthorized or illegal access to the personal data of its Users, and in particular if this access has consequences on the realization of security risks, PAYPERSAFE undertakes to:
. PAYPERSAFE‘s commitment to promptly inform its Users in these specific cases cannot in any way be assimilated to any acknowledgment of fault or liability for the occurrence of the said incident.
. PAYPERSAFE does not communicate the confidential personal data collected during the use of the Website, to any third party whatsoever and in any form whatsoever, with the legitimate exception of the persons mentioned below:
– Any salaried staff of PAYPERSAFE (including trainees);
– The technical service provider(s) responsible for creating and maintaining the Website on the one hand, and hosting the data on the other;
– The person(s) possibly in charge of accounting, administration, and/or legal aspects of PAYPERSAFE’s business, including as a possible external service provider;
– Any suppliers, subcontractors and/or subsidiaries for the processing of orders involving the latter, who only have access to the data required for the performance of the contract which binds them to PAYPERSAFE, and subject to compliance with the obligations contractual binding them to PAYPERSAFE.
– Third parties authorized by law (in particular at the express and reasoned request of public, regulatory or judicial authorities, etc.).
– Potential assignees in the event of PAYPERSAFE’s participation in a merger, acquisition or any other form of assignment of assets, subject to guaranteeing the same level of protection and confidentiality of the Users’ personal data, which will be informed before said transfer or submission to new confidentiality rules.
. In these cases of communication of your personal data to a third party, PAYPERSAFE ensures that the latter is/are required to apply confidentiality conditions identical or equivalent to its own.
. In these cases, PAYPERSAFE undertakes to guarantee that the concerned third parties present sufficient contractual guarantees as to the implementation of appropriate technical and organizational measures, so that the processing meets in particular the requirements of the GDPR.
. PAYPERSAFE undertakes to collect any anonymous testimonials left by Users, in accordance with the stipulations of the GCS.
. When the testimonials left are not anonymous and include the image of the concerned User, authorization for image rights is systematically offered to the latter, in order to ensure that the latter respect his rights and his ability to withdraw his consent if he wishes to have his testimonial removed from the Website or to have PAYPERSAFE cease its operation.
. Under the regulations applicable to data transfers to countries outside the European Union, PAYPERSAFE undertakes to transfer, where applicable, collected personal data, only to countries recognized as offering an equivalent level of protection.
. PAYPERSAFE undertakes to refrain from transferring personal data outside the countries recognized by the CNIL as having a sufficient level of protection, unless it has obtained authorization from the CNIL to proceed with this transfer.
. The use of the Website as a whole may have the effect of transferring automatically, and without any possible intervention of PAYPERSAFE, certain connection data (visited pages, operating systems, languages, countries, etc.), to or to the service provider(s) third party responsible for the services allowing PAYPERSAFE to collect and process its own data, without the latter having any control over this transfer.
. In particular, the hosting of the Website is provided by Amazon Web Services, which involves movement and redundancy of data to the United States, assimilated to temporary transits of the data concerned by this, in order to operate the Website, and this without possible influence on the part of PAYPERSAFE, which certifies that it has selected servers located in the territory of the European Union (Germany).
. The data collected is kept valid for the entire duration of the commercial relationship between the Parties, and as long as it serves the purpose for which it was initially legitimately collected and for which it continues to be processed, and as long as this purpose continues in a legitimate, proportionate manner, and consented to by the concerned User.
. The retention periods indicated in article 10.2 of this document therefore start from the end of the commercial relationship, or from the last interaction between the Parties, materialized by an unequivocal manifestation by the User of his desire to interact with PAYPERSAFE.
. The retention periods for the data collected vary according to the type of data, subject to different legal and regulatory requirements (authorizing longer retention or, on the contrary, requiring their deletion).
. Once the retention periods have passed, the consent may in certain cases be renewed by the User. Otherwise, the data concerned will be anonymized and kept for statistical purposes or proof of the commercial activities of PAYPERSAFE .
. Consequently, Users admit that the possible deletion of their account on the Website may result in the definitive purge of their profile data and content, excluding contractual data and orders intended for archiving by PAYPERSAFE.
. The retention of stored data is carried out for the purposes of improving the use of the Website, optimizing the commercial relationship, but also to guarantee the safety of navigation, and finally as proof of the commercial activities of PAYPERSAFE.
. The retention periods for data, excluding management data, are set at:
– fourteen (14) months concerning connection and audience measurement data (in particular, cookies, programmed to be automatically deleted after this period); The lifetime of cookies is not extended with each visit.
– fifteen (15) months for bank details, when they are collected and kept by PAYPERSAFE (in principle, the bank data necessary for the completion of orders are not kept by PAYPERSAFE – they are managed entirely by third-party payment – PayPal );
– five (5) years for invoicing and contractual data concerning amounts lower than 120 euros, and ten (10) years for amounts higher than 120 euros;
– a maximum of three (3) years for other types of data.
This three-year period runs from the initial term of the contract binding them to PAYPERSAFE, or from the last active contact by the Users.
. More specifically, if the User has not authenticated on the Website or has not exhibited active behavior (for example, by clicking on a link) for a period of three years, the latter may receive an email inviting him to log in as soon as possible, otherwise his data may be deleted from the PAYPERSAFE databases.
. After the deadlines mentioned in article 10.1, the collected data which has not been validly deleted, may be archived on a separate IT support, for the purposes of proof and with strictly limited access, except in case of procedure for requesting formal erasure of personal data collected, likely to lead to the permanent deletion of said data when provided for by law.
. In this case, the deletion of the data is effective as soon as the storage or archiving period required for the fulfillment of the determined or imposed purposes is reached, and/or as soon as the valid formal request of the User is received and processed (see clause 11).
. In this case, Users acknowledge that their personal data may be purged from PAYPERSAFE‘s IT system without the possibility of recovery.
. Users have a right of access, query, rectification, limitation, portability, opposition, and/or deletion of data concerning them.
. Users also have the right to object at any time, for reasons relating to their particular situation, to the processing of personal data having as a legal basis the legitimate interest of PAYPERSAFE, as well as a right to opposition to commercial prospecting. Consent to processing may be withdrawn without affecting the lawfulness of such processing, based on the consent given before its withdrawal.
. Users can also define general and specific directives defining the way in which they wish the rights mentioned above to be exercised after their death.
. Users can always lodge a complaint with the CNIL, if PAYPERSAFE’s responses seem unsatisfactory to them.
. User requests concerning the exercise of their rights relating to their personal data are made
– either by email to the following address: [email protected]
– or by using the dedicated form accessible by clicking here.
. PAYPERSAFE undertakes to make any reasoned request relating to said data effective, by first notifying receipt of the request, then effectively responding to these requests within thirty (30) working days of their receipt.
. For security reasons and to avoid any fraudulent request, PAYPERSAFE may validly require that this request be accompanied by proof of identity, which it will delete or destroy after processing of the request, subject to the application of a legal provision requiring its archiving.
. Users unreservedly admit that in the event of a reasoned request for the deletion of their personal data, the latter may be purged without the possibility of recovery and that this deletion may prevent the continuation of their contractual relations as well as the use of the Services, because of the need for this data to use the Site, in whole or in part. Therefore, if these rights are exercised when ordering Products or Services, said order cannot be made.
. The User not residing in France is informed that he can also seize a jurisdiction of the Member State of the European Union in which he has his main residence.