INTRODUCTION
On 03 November 2023, MOBILE INTERPAY SAS updated its Privacy Policy (hereinafter referred to as the "Policy") in order to inform its customers of the means implemented to protect the privacy of persons using the Mobile InterPay platform and its mobile application (hereinafter referred to as "MIP"), accessible on the Google Play and Apple Store networks.
Privacy policy
We implement strict rules to protect customers' personal data in accordance with the European Data Protection Regulation applicable from 25 May 2018.
This Policy is intended to provide customers with an overview of MIP's practices regarding the collection, processing and protection of Personal Data. We suggest that our customers read this Policy carefully and invite them to contact us with any questions they may have when reading these elements (see Data Protection Officer section).
Scope of the Policy
This Policy concerns all individuals with whom MIP may be required to process Personal Data. However, it focuses on the platform's Customers, for whom specific functionalities have been implemented in the mobile application to give them better control over their Personal Data.
These features can be accessed after logging into the mobile application from the "profile" area of the account created by the Customer. All other categories of Individuals with whom MIP may be required to carry out Personal Data collection or processing operations - and who do not fall into the MIP Customer category - may assert their rights in terms of Personal Data protection with our services.
Personal Data
Any data relating to a natural person and likely to contribute to the identification of the latter, directly or indirectly, is considered to be Personal Data; whether this data is confidential or public ("Personal Data").
Data provided by the Customer to MIP
MIP collects and uses various data in order to provide its Services as described in the General Conditions of Use. The data used by MIP may or may not be of a personal nature.
The Personal Data collected when registering for the MIP platform is mandatory in order to create an account and thus be able to access the Services. This data is intended for MIP and is used by MIP to provide its Customers with the Services offered. Among this data, data may be collected and processed by MIP and/or its service providers and partners for the following purposes in particular:
Registration: the data required to register the Customer on the Platform and to identify the Customer on subsequent visits (email address, password, first name, surname, etc.);
Know Your Customer" process: the data required to create an account and access the Services offered by MIP, data relating to the Anti-Money Laundering and Terrorist Financing procedures carried out by MIP as well as any information required by MIP to provide the Service to the Customer (information relating to identity, personal life and financial information as well as the provision of documents such as a valid identity card, Trade Register document, etc.).
Data collected by MIP on its platform
1. Cookies and tracking technologies
Cookies" are textual information sent by a website to the user's hard disk or other web browsing device for the purpose of storing certain information.
These cookies may be stored for the duration of the user's visit to the site, in which case they are known as session cookies. They may also be stored for a longer period (this period depending on the lifetime of the cookie), in which case they are known as persistent cookies.
MIP uses cookies for analysis purposes and to personalise the experience of Individuals. Individuals and Customers acknowledge that they have been informed of this and expressly accept the use of cookies to record information relating to their browsing on the Platform. These cookies are valid for a maximum of six months after they are first placed. After this period, a new authorisation must be obtained from the Individual or Customer the next time they visit the Platform.
2. Logs
Certain information may be collected and stored in "log" files during browsing on the platform. This information includes in particular IP addresses, browser type, operating system, URLs of referring and exit pages and various system configuration information. In some cases, this information may be linked to Personal Data in order to improve the Services.
Data storage and retention period
All Personal Data collected is stored on our servers in France. The Customer's Personal Data is kept by MIP for as long as the Customer's account is maintained.
MIP administrators use strong authentication - also known as two-factor authentication - to be able to access the administration area of the Mobile InterPay platform. These administrators have restrictive rights with regard to access to Personal Data which they may consult in the context of providing a Service or in pursuit of a legitimate objective. System access to the servers is protected, also using two-factor authentication. The infrastructure relies on firewalls and encryption of storage spaces to increase the security of Personal Data.
These measures are designed to offer the highest level of protection against the loss, leakage, alteration, corruption, unauthorised access or transfer or any improper use that may be made of the Personal Data under MIP's control.
Exercise of Customer rights
Customers may at any time exercise their rights concerning the collection and processing of their Personal Data:
1. Access: access to information that has been provided to MIP;
2. Rectification: request the correction of any errors, obsolete information or omissions in the information provided to MIP;
3. Withdrawal of consent: request that certain information provided by MIP not be used for processing;
4. Portability: request that information provided to MIP be sent by MIP to a third party service within the limits of the legal grounds that justified the collection and processing of this data.
5. Deletion: request the deletion of information that has been provided to MIP within the limits of the legal grounds that justified the collection of this data.
Please note: revocation of consent is only effective for collection, storage and processing.
The Customer may unsubscribe from communications at any time by clicking on the link provided for this purpose and included in the footer of e-mails sent by MIP. They may also send their request in writing to the MIP data protection contact.
These individual requests will be processed within a reasonable period of time, not exceeding one month from receipt of the request, in accordance with the regulations in force.
Violation of Personal Data
In the event of a breach of Personal Data (article 34 of the RGPD), MIP undertakes to inform, in addition to the CNIL, the Customers concerned (i.e. the owners of the Personal Data) as soon as possible, if this presents a high risk to rights and freedoms.
Changes to the Policy
MIP reserves the right to modify this Policy at any time. This modification will take account of current data protection provisions.
Any questions concerning the collection, processing or any need for information concerning your Personal Data may be addressed to :
By post by writing to
MOBILE INTERPAY SAS
8 Rue des pirogues de Bercy
75012 Paris, France
By email to
contact@mobileinterpay.com
Complaints
If the Customer is unable to assert his/her rights with regard to the protection of Personal Data or if he/she does not wish to report a breach of the rules on the protection of Personal Data, he/she may contact the authority in charge.
In France, the Commission Nationale de Informatique et des Libertés (CNIL)
On the website: https://www.cnil.fr/fr/plaintes
By post by writing to CNI, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07