How useful is this policy?

VRROOM, attaches great importance to the protection and confidentiality of your personal data, which represent for us a pledge of seriousness and trust.

The Privacy Policy specifically demonstrates our commitment to ensuring compliance within applicable data protection rules and, in particular, with the General Data Protection Regulation (“GDPR”).

In particular, the privacy policy aims to inform you about how and why we process your data in connection with the services we provide.

Who is this policy for?

The policy applies to you, regardless of where you live, as long as you are users of our VRROOM service.

Why do we process your data?

To provide our services, we are necessarily led to process your personal data for the following reasons and grounds:

  • To use and benefit from our service and all its functionalities on the basis of our general terms of use.
  • To manage user accounts (e.g. account creation, access to the service and account deletion) on the basis of our general terms of use.
  • To pay online on the basis of our general terms and conditions of sale.
  • To receive our technical emails (e.g.: modification of passwords, etc.) essential to the proper functioning of our service on the basis of our general terms of use.
  • To guarantee and reinforce the security and quality of our day-to-day services (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms of use and our legitimate interest in ensuring the smooth operation of our services.

Your data is collected directly from you when you use our service, and we undertake to process your data only for the purposes described above.

For cookies, please consult our dedicated Cookie Policy accessible on our platform.

What data do we process and for how long?

We have summarized the categories of personal data that we collect and their respective duration of retention.

If you wish to obtain further details on the retention periods applicable to your data, you can contact us at: [email protected].

  • For private individuals, personal identification data (e.g. surname, first name, etc.) is kept for the duration of the service, plus the legal statute of limitations, which is generally 5 years.
  • For professionals, personal identification data (e.g. surname, first name, position, company, department, etc.) and contact details (e.g. e-mail address and business telephone number, etc.) are kept for the entire duration of the service, plus the statutory limitation periods, which are generally 5 years.
  • For private individuals, economic and financial data (e.g. bank account number, verification code, etc.) is kept for the time required to complete the transaction and manage billing and payments, plus the statutory limitation periods, which are generally 5 to 10 years.
  • For professionals, when there is confusion between the name of your organization and your personal name (e.g.: auto-entrepreneur, VSE, etc.), economic and financial data (e.g.: bank account number, verification code, etc.) kept for the time required to complete the transaction and manage invoicing and payments, plus the statutory limitation periods, which are generally 5 to 10 years.
  • Connection data (e.g. logs, IP address, etc.) stored for 1 year.
  • Email address to receive our technical messages, kept until your account is deleted.

Once the retention periods described above have expired, the deletion of your personal data is irreversible and we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in the event of litigation, we are required to retain all of your data for the duration of the processing of the case even after the expiration of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control how we use your data.

  • Right of access and to obtain a copy of your personal data as long as this request is not in opposition with business secrecy, confidentiality, or the secrecy of correspondence.
  • Right of rectification of personal data that are incorrect, obsolete or incomplete.
  • Right to request erasure (“right to be forgotten”) of your personal data that are not essential to the proper functioning of our services.
  • Right to the restriction of processing your personal data which allows you to freeze the use of your personal data in case of dispute about the lawfulness of a processing.
  • Right to ask for the portability of your data which allows you to download part of your personal data in order to store it or transmit it easily from one information system to another.
  • Right to provide guidelines on the fate of your data in the event of your death either by you, a trusted third party or an heir.

To be considered, your request has to be done by you only at the address [email protected]. Any request that does not follow this process cannot be treated.

Requests cannot be made by anyone other than you. Therefore, we may ask you to provide proof of identity if there is any doubt about your identity.

We will respond to your request as quickly as possible, within one month of receipt, unless the request is complex or repeated. In this case, the response time may be up to three months.

Please note that we may always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

Who can access your data?

WE NEVER TRANSFER OR SELL YOUR PERSONAL DATA TO THIRD PARTIES OR BUSINESS PARTNERS. ALL OF YOUR PERSONAL DATA ARE USED EXCLUSIVELY BY OUR STAFF OR BY OUR IT SERVICE PROVIDERS.

More specifically, we only pass on your data to persons duly authorized to use it to provide you with our service, such as our IT department or our customer relations department.

Your personal data is also transferred to our IT service providers, who are used solely to operate our service, such as our data host or our technical e-mailing tool.

We would like to point out that we check all our IT service providers before hiring them, to ensure that they comply scrupulously with the rules applicable to the protection of personal data.

How do we protect your data?

We implement all the technical and organizational means required to guarantee the security of your data and, in particular, to fight against any risk of destruction, loss, alteration or unauthorized disclosure of your data (e.g. training, access control, passwords, etc.).

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we undertake to make our best to recruit only service providers who host your data within the European Union.

In case we are using service providers that need to transfer your personal data outside the European Union, we undertake to verify that they are implementing appropriate safeguards to ensure the confidentiality and protection of your personal data.

Who can you contact for more information?

We have officially appointed an outsource and independant Data Protection Officer (“DPO”) to our supervisory authority in order to ensure the safety and confidentiality of your personal data, .

You can contact our DPO at any time and free of charge at [email protected] in order to obtain more information or details on how we process your personal data.

How can you contact the CNIL?

You may at any time contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by phone at 01.53.73.22.22.

Can the policy be modified?

We may change our Privacy Policy at any time to adapt it to new legal requirements as well as to new processing that we may implement in the future.

 


 Compliant certified by Dipeeo ®