- The way in which their personal data are collected and processed. The term “personal data” refers to all data related to the identification, direct or indirect, of a user. These include the first and last name, age and sex, email address, mobile phone number, location of the user or their IP address; and all the information that can be associated with them;
- The rights that users enjoy in relation to these data, and how they can exercise them;
- Responsibilities regarding the processing of personal data held by Movin’Smart;
- The recipients of these data;
- The site’s policy regarding cookies and other tracers.
II. COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with the provisions of Article 5 of the European Data Protection Regulation 2016/679 (GDPR), the collection and processing of data of the users of the device comply with the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Whenever personal data will be collected, the user will be informed that his / her data are collected, and for which reasons his / her data is collected;
- Minimizing the collection and processing of data: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Conservation of data reduced in time: the data are kept for a limited time, of which the user is informed. If the shelf life can not be communicated to the user;
- Integrity and confidentiality of the data collected and processed: the Data Controller is committed to ensuring the integrity and confidentiality of the data collected.
The lawfulness of the processing of personal data carried out in the framework of the implementation of the device, in accordance with the requirements of Article 6 of the European Regulation 2016/679, is based on the free and informed consent of the user to described in this document.
III. NATURE OF THE DATA
1. DATA PROCESSED, PURPOSES, DURATION OF CONSERVATION
The personal data collected by the device are as follows.
Customer Account and User Account Data
- Identity of the user (name, first name, age, sex);
- User details (email, mobile phone number, mailing address);
- Identity of 3 horses (name);
- Bank details.
NB : the SIRE number of the horses is not collected by the device.
These data are collected at the creation of the account, and can be modified at any time by the user. The choice of subscriptions to the various newsletters that are proposed can also be changed at any time by the user, through the interface “My account”.
The bank details are processed for the duration of the transaction, when they are communicated to our payment partner (Crédit Agricole) through its secure interface. This is an instant transit, they are not stored on the Movin’Smart website.
Dynamic data of the sessions
- Real-time geolocation of the rider (latitude and longitude);
- Altitude (berometry);
- Accelerometry, magnetometry, gyrometry;
- Atmosphere (hygrometry, temperature);
- Heart rate of the horse;
- Distance traveled, altitude difference;
- Study rider-mount (gait, hand, techniques, coupling, regularity).
These last data are collected when the user puts the device into service, that is to say, disposes the sensors on his horse and on himself and activates them in his mobile phone, during the duration of a session of training or competition.
The collection and processing of the data described above serves the following purposes:
Customer account and user account
- Enable the proper functioning of the device and check the validity of the user’s account;
- Give access to general information about Movin’Smart and the world of horse riding, through newsletters, e-mailings and information offered in push on the dashboard.
- Calculate rider-mount couple performance indices, allowing the user of the Movin’Smart device to improve equestrian practice;
- Allow the realization of anonymized statistical aggregates for trading partners.
The data controller will keep the data collected in his computer systems for the duration of the user account activity.
As soon as the account is no longer active (end of subscription, cessation of activity for more than one year), the dynamic data of the sessions (raw data and calculated data) will be destroyed.
The customer account and user account data will be kept for an additional three years for commercial offers, excluding bank details that will be destroyed.
The data set is kept under optimal security conditions in view of their limited sensitivity (see 3. Hosting data).
2. THIRD DATA RECIPIENTS
The personal data collected by the site are transmitted to third parties, the list of which is as follows.
- Our subcontractor Roxy Pony, developer of the mobile version of the algorithm (data accessible to this third party: all the dynamic data of the sessions);
- Our Or-Com subcontractor, in charge of marketing and management of the commercial site (data accessible to this third party: user account data);
- Our research partner, Ecole des Mines de Saint-Etienne (data accessible to this third party: all);
- The ESAT, the subcontractor entrusted with sending the products to our customers (data accessible to this third party: electronic system identity number (hardware), name and postal address of the customer).
No data is currently outsourced outside the European Union, whether for hosting or for any other treatment, or for outsourcing.
3. HING DATA
The commercial website www.movinsmart.com, which contains the data of the customer account, is hosted by the company Alwaysdata, whose head office is 62 rue Tiquetonne 75002 Paris, FRANCE, telephone number +33 (0) 1 84 16 23 40.
The device’s web platform (“My Movin’Smart”) and the calculated data from the sessions are hosted by Alwaysdata.
The raw data, which are used as a support for the calculated data, are transiently hosted by Alwaysdata, at the moment they are downloaded from the user’s mobile phone (during or after a session). They are then kept on a secure server located in the premises of Movin’Smart, whose head office is located at Campus Georges Charpak, 880 Mimet Road, 13541 Gardanne Cedex, FRANCE, telephone number +33 (0) 4 42 61 68 05. This server is secured by restricted access (strong authentication principle) and connectivity limited to the Internet, as well as encryption of its hard disks. The data are transferred in encrypted form.
IV. TREATMENT MANAGER AND DPO
1. TREATMENT MANAGER
The data controller is Michel LAURENT, President of Movin’Smart SAS. He can be contacted by e-mail: firstname.lastname@example.org, or by phone: +33 (0) 4 42 61 68 05.
2. OBLIGATIONS OF THE TREATMENT OFFICER
The person in charge of the processing of personal data determines the purpose of the treatments and the means implemented to achieve them.
It undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.
He undertakes to notify the user in the event of rectification or deletion of the data, unless this entails for him disproportionate formalities, costs and procedures.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the controller commits to inform the user by any means.
3. THE DELEGATE OF DATA PROTECTION (DPO)
In order to ensure that it complies with the legal and regulatory provisions, national and European, in force, and to optimally protect the data and the privacy of its users, Movin’Smart has appointed to the National Commission Informatique et Liberté (CNIL) a Data Protection Officer (DPO), in the person of Mr. Jean-Marie NAZARENKO.
The DPO can be contacted by e-mail: email@example.com.
V. RIGHTS OF THE USER
In accordance with the provisions of Articles 15 to 22 of the European Regulation 2016/679, the user has the rights listed below.
1. RIGHTS OF THE USER LOOK AT DATA PROCESSING
a. Right of access, rectification and right to erasure
The user can read, update, modify or request the deletion of data concerning him.
If he has one, the user has the right to request the removal of his personal space.
b. Right to data portability
The user can request the portability of his personal data, held by Movin’Smart, to another site, requesting the supply of an archive in a standard format market.
c. Right to limitation and opposition of data processing
The user has the right to request the limitation or to oppose the treatment of his data by the site, without the site can refuse, except to demonstrate the existence of legitimate and compelling reasons that may prevail over the interests and the rights and freedoms of the user.
d. Right not to be the subject of a decision based exclusively on an automated process
The user has the right not to be the subject of a decision based exclusively on an automated process if the decision has legal effects affecting him or significantly affects him in a similar way.
e. Right to determine the fate of data after death
The user is reminded that he can organize the future of his data collected and processed if he dies, in accordance with the law n ° 2016-1321 of October 7, 2016. If he wishes it, he must send to Movin’Smart a notification of its advance directive.
f. Right to seize the competent supervisory authority
If the data controller decides not to respond to the request of the user, and the user wishes to contest the decision, or if he thinks that one of the rights listed above, it is entitled to refer to the CNIL (National Commission for Computing and Freedoms, https://www.cnil.fr) or any competent judge.
2. CONDITIONS FOR THE EXERCISE OF ITS RIGHTS BY THE USER
Each of these rights can be exercised by e-mail to the DPO of Movin’Smart (firstname.lastname@example.org), or by post to the following address :
Movin’Smart – Confidentialité, Campus Georges Charpak, 880 route de Mimet, 13541 Gardanne Cedex, FRANCE.
So that these rights can not be exerted to the detriment of a third party and in order to prohibit any usurpation of identity, the user is obliged to communicate to Movin’Smart his first and last name as well as his e-mail address, his account number or personal or subscriber space, and a copy of an identity document.
The data controller is responsible for responding to the user within a maximum of 30 (thirty) days.
VI. USE OF TRACERS
The site, the platform “dashboard” and the application constituting the device may use the use of external plotters (fingerprinting) or internal (invisible pixels, cookies) to the terminal of the user.
A cookie is a micro-file that we install on the user’s hard drive. It contains information about the user’s browsing habits.
These files allow us to process statistics and traffic information, facilitate navigation and memorize certain device usage preferences.
To do this, the consent of the user is necessarily requested. A consent panel is displayed during the first visit of the user, and allows him to choose whether he consents to the installation of cookies and the use of tracers.
This consent of the user is considered valid for a duration of 13 (thirteen) months maximum. At the end of this period, the site will request again the user’s permission to save cookies on his hard drive.
It is brought to the attention of the user that he can oppose the registration of these cookies by configuring his browser software.
For information, the user can find at the following addresses the steps to follow in order to configure his browser to oppose the registration of cookies, whether on a computer, Android or iOS :
- Chrome : https://support.google.com/accounts/answer/61416?hl=fr
- Firefox : https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
- Safari : http://www.apple.com/legal/privacy/fr-ww/
- Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
- Opera : http://www.opera.com/help/tutorials/security/cookies/
In the case where the user decides to disable cookies, he can continue browsing the site. However, any dysfunction of the site caused by this manipulation could not be considered as being due to the editor of the site.
b. Description of cookies used by the site
The website editor draws the attention of the user to the fact that the following cookies are used when browsing :
- PHPSESSID : cookie identifying the current browsing session;
- SERVERID : identification cookie of the remote server used by the host to manage the session;
- MATOMO : hird-party cookies for collecting statistics. The cookies of Matomo (ex-Piwik) have been set to not trace users and respect their privacy. They are exempt from consent by the CNIL.
In addition, the device integrates social network buttons, allowing the user to share his activity. Cookies from these social networks are therefore likely to be stored on the user’s computer when using these features.
The user’s attention is drawn to the fact that these sites have their own privacy policies and general conditions of use that may differ from the site. The publisher of the site invites users to consult the privacy policies and general conditions of use of these sites.
c. Cookies used by third party services
- Google reCaptcha (google.com, www.google.com) : permet d’intégrer un antispam puissant (captcha) dans le formulaire de contact de notre site, afin de limiter drastiquement l’envoi de messages indésirables (spam) sur notre adresse e-mail par des robots spammeurs.
- Google Fonts (google.com, www.google.com) : permet d’utiliser la base de polices de caractères proposées gratuitement par le service Google Font.
- Facebook (facebook.com) : permet d’utiliser le service de partage en un clic de Facebook.
- Twitter (platform.twitter.com) : permet d’utiliser le service de partage en un clic de Twitter.
Vous pouvez choisir de désactiver ces cookies tiers si vous ne souhaitez pas figurer dans ces statistiques d’audience et d’utiliser le mode “navigation privée” de votre navigateur afin de ne pas conserver de cookie tiers après la fermeture de votre navigateur.
However, in the event of a major modification, the latter will be brought to the attention of the users by various means: push notifications on the dashboard and the commercial website, as well as on the smarphone application; SMS on the phone number mentioned by the user; e-mail on the address mentioned by the user.