Updated 4 month ago
Purpose and scope of the data protection policy
Libeo is committed to a policy of ensuring the security, confidentiality and continuous protection of personal data (“data") belonging to the users of its services, in compliance with French and European regulations in force, in particular with the French Data Protection Act of 6 January 1978 (amended) and with the General Data Protection Regulation (GDPR) of 27 April 2016.
The purpose of this policy is to inform you of the data protection rules that we apply. In particular, it describes how we collect and process your personal data and how you can exercise your rights over such data.
We apply a strict policy to ensure the protection of your data.
- We do not sell your data to third parties;
- We ensure that your data is always secure.
This policy supplements the payment service framework contract. It covers the use of:
- our libeo.io website and services which can be accessed from this website;
- our mobile apps as soon as you download them onto your mobile device.
Status of Libeo and its clients
The Client legal entity undertakes to send this information to any natural person likely to be concerned by the processing operations performed on their data.
Libeo undertakes to ensure compliance with the provisions applicable to all its partners or subcontractors.
The information we collect
Legal basis for collection
We collect your data on the basis of a legal obligation, a legitimate interest or your consent.
We collect your data through forms that you fill in on our website or via mobile apps which you use to subscribe to our services or those of our partners. We also collect your data when you correspond with us, including with our client service department, or when you contact us by email or telephone. When you do this, we keep a copy of the exchange. We may also collect your data when you interact with us on social media.
When you use our services, we receive information from you, such as information about your company, your invoices and your financial status. We may also collect additional information from you when you register or otherwise use our services. For example, you may choose to synchronise your account with other third-party accounts, such as your financial institutions. In order to synchronise information about your financial institutions, we need to access your financial account data.
The categories of data that we process are as follows:
- Data identifying natural persons (surname, first name, place and date of birth, identity card and passport number, postal address and business email address, telephone number, signature)
- Data related to the assets that you own
- Data related to operations and transactions carried out by the user account using the service (receipt and issuance of payments, bank transfer)
- Bank details (IBAN, bank contact details, card number)
- Identification and authentication data for using Libeo's services (username, password, IP address)
- Data about how you have contacted and interacted with us: messages, emails, calls, interaction on our sites, mobile app and social networks.
In such cases, you may specifically request that a “human being” intervene in order to process your data, and oppose any automated data processing decisions implemented by LIBEO.
You may also specifically request a copy of all information you might consider useful regarding the functioning of the algorithm used for the purposes of automated processing, and ask LIBEO about the effects that such processing has on the data collected.
We also automatically collect your data when you log on to our website or use our mobile apps. The data collected is as follows:
- Technical login information, in particular your IP address, your browser type and version, your time zone, any plugins you have installed, the type of device you are using to log on, your device identification number, your operating system.
- Information about your visits: number of logins, login times, pages visited, login durations, searches performed, your response time, the links on which you have clicked.
- Data from subcontractors: in order to improve our service quality, we also collect data from our subcontractors, including advertising agencies and business databases.
- Data from third-party apps: when you give us your consent, we may, for example, access the list of contacts you have on Facebook or on your Google profile.
We do not undertake any processing operations on personal data such as race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, nor do we process any biometric or genetic data, pursuant to Article 9 of the European General Regulation 2016/679 of 27 April 2016 on Data Protection. However, this undertaking may cease to apply if the legal or regulatory provisions require that the aforementioned personal data be processed.
Use of collected data
We collect and process your personal data for specified, explicit and legitimate purposes. As such, we use your data in connection with the performance of the payment services framework agreement into which you enter with us and Treezor. The objectives are as follows:
- Manage your access to and use of certain services accessible via the Libeo website
- Perform operations pertaining to client management in relation to contracts, orders, deliveries, invoices, loyalty programmes and the monitoring of client relations
- Create a file of registered members, users, clients and prospects
- Send out newsletters, requests and promotional messages. If you do not wish to receive such material, we give you the option to say so when we collect your data
- Produce sales statistics and statistics about the use of our services
- Organise contests, sweepstakes and all promotional campaigns excluding online gambling, subject to the approval of the French Online Gambling Regulatory Authority
- Manage the way people's opinions about products, services or content are processed
- Manage any outstanding payments and disputes regarding the use of our products and services
- Customise responses to your requests for information
- Comply with our legal and regulatory obligations.
LIBEO undertakes not to process your data in a manner incompatible with the aforementioned purposes without your express prior consent.
When we collect your personal data, we will inform you if certain information is required or if it is optional. Mandatory data is required in order for us to operate the services. With regard to optional data, it is entirely up to you whether or not you decide to provide it. We also inform you of any possible consequences of your failing to provide it.
The recipients of the data collected
The data collected is intended for us and, where strictly necessary, for our subcontractors and partners involved in the provision of our services.
The personal data collected by our company on the website is for internal use only and will not be communicated, transferred or disclosed to any third parties, without your express authorisation, with the exception of any legal requisition provided for by legal provisions.
However, acceptance of these conditions implies your consent to our company being able to transmit the information collected with its clients, subcontractors and/or suppliers in order to perform the processing operations referred to in article 4 hereof.
Our partners and we ourselves use Internet cookies and tags in order to distinguish you from other users when you use our website or apps.
Indeed, when consulting our website, information pertaining to the device (computer, tablet, smartphone, etc.) you use to browse our website/application may be stored as cookies installed on your device, subject to your preferences in relation to these cookies. You may change these preferences at any time.
What are the cookies from this website used for?
Only the issuer of a cookie is likely to read or modify the information contained therein.
Cookies that we issue on our website
When you log on to our website, we may, subject to your choices, install various cookies on your device allowing us to recognise your device's browser over the course of the period during which the cookie concerned is valid. The cookies we issue are used for the purposes described below, subject to your choices, which are managed by the settings of the browser you used to visit our website. You may change these settings at any time. The retention period of this information does not exceed 13 months.
The cookies we issue allow us to:
- send you targeted advertising that reflects your interests;
- compile statistics and information about how the various components making up our website are visited and used (sections and content visited, pathways that users take), enabling us to improve the relevance and ergonomic design of our services;
- adapt the way our website looks to your device's display preferences (language used, resolution, operating system used, etc.) when you visit our website, depending on your device's viewing and reading hardware and software;
- store information about a form that you have filled in on our website (registration or access to your account) or about products, services or information that you have selected on our website (a service that you have subscribed to, the contents of an order basket, etc.);
- allow you to access reserved and personal areas on our website – such as your account details – using credentials or data that you will have previously entrusted to us;
- implement security measures, for example when you are asked to log back on in order to access content or a service after a certain period of time.
List of third-party cookies
Analysis and performance cookie
- Google Analytics | Politique Cookie - Politique de Confidentialité
- Segment.io | Politique Cookie - Politique de Confidentialité
- Google Tag Manager | Politique Cookie
- Hotjar | Politique Cookie - Politique de Confidentialité
- Intercom | Politique Cookie - Politique de Confidentialité
- Pixel Me | Politique de confidentialité
- Facebook Ads | Politique Cookie - Politique de Confidentialité
- Google Adwords | Politique Cookie - Politique de Confidentialité
- Linkedin Insight Tag | Politique Cookie - Politique de Confidentialité
- Bing Ads | Politique Cookie - Politique de Confidentialité
- Twitter Ads | Politique Cookie - Politique de Confidentialité
- Awin | Politique Cookie - Politique de Confidentialité
Other tools via third-party cookies:
- Zendesk | Politique Cookie - Politique de Confidentialité
- Hubspot | Politique Cookie - Politique de Confidentialité
Other analytics or data trackers (SDK or ServerSide):
- Mailjet | Politique de Confidentialité
Your Cookie Preferences
You can – at any time – set or change your cookie preferences by using any of the methods described below.
The options available to you are those of your browser.
The storing of a cookie on a device is essentially governed by the wishes of the user of the device. The user may set or change these wishes free of charge and at any time via their browser software. If you have agreed to have cookies stored in your device's browser, the cookies included in the pages and content that you have visited may temporarily be stored in a dedicated area on your device. They will only be readable by their issuer.
If you refuse to have cookies stored on your terminal, or if you delete any that have already been stored, you may no longer be able to enjoy access to a certain number of functions and features that are nevertheless necessary in order to browse certain areas of our website. This would apply if you tried to access any of our content or services requiring you to be identified. This would also apply if we – or our service providers – were unable to recognise, for technical compatibility purposes, the type of browser used by your device, its language and display settings or the country from which your device appeared to be connecting to the Internet.
We would accept no liability for any consequences of the reduced functionality of our services resulting from our being unable to store or consult cookies needed for them to operate properly which you have refused to accept or deleted.
Exercising your choices, depending on your browser
When it comes to managing cookies and your choices, each browser's configuration is different. It is described in your browser's help menu, which tells you how to change your cookie preferences:
- Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
- Safari: https://support.apple.com/fr-fr/HT201265
- Chrome: https://support.google.com/chrome/answer/95647?hl=fr&co=GENIE.Platform=Desktop
- Firefox: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies
Security of storage and transmission to third parties
The data we collect is stored on the servers of our Google Cloud Platform provider, which guarantees a high level of security. These servers are located within the European Union, Ireland and Belgium and allow your data to be processed exclusively within the European Union.
Transmission to third parties
In order to provide the service, we may transfer some of your personal data to our subcontractors. For the purposes of your use of the services that we provide, your data will not be transferred outside the European Union.
We will inform you of all the appropriate precautions and organisational and technical measures to take in order to safeguard the security, integrity and confidentiality of your personal data, and in particular to prevent it from being distorted or damaged, and to prevent any unauthorised third parties from accessing it. We also use secure, state-of-the-art payment systems that comply with applicable regulations.
Depending on the needs, risks, costs and purpose of the data processing operations, our company will take measures that may include data pseudonymisation and encryption for any impact assessment.
Our Company has a procedure in place for regularly testing, analysing and assessing the efficacy of the technical and organisational measures for ensuring the security of data processing operations.
Data retention period
Pursuant to article 32, paragraph 8 of law no. 78-17 of 6 January 2018 “on data processing, files and freedoms”, our company will only retain personal data for the period strictly necessary to fulfil the purposes defined in article 4.
In accordance with our anti-money laundering and anti-terrorist financing obligations, your transaction data will be retained for a period of five years once your account has been closed and our contractual relationship ended.
In accordance with the applicable regulations, you have rights when your data is processed:
- Right of access: you are entitled to obtain confirmation from us to the effect that your personal data is or is not being processed and to receive a copy of all the data that we hold about you.
- Right to portability: You may request your personal data from us in a structured, commonly used and machine-readable format, for, but not limited to, transmission to a third party. Where technically possible, you are also entitled to have your personal data transferred directly to that third party.
- Right to rectification: you are entitled to request that we correct your personal data if it is incomplete or incorrect. In such cases, we may ask you to verify the new data provided.
- Right to be forgotten: You may ask us to delete your data when we no longer have a legitimate interest in holding it. Note, however, that this right is not applicable where we have a legal obligation to retain some of your personal data, for example for the purposes of tackling money laundering and the financing of terrorist activities.
- Right to limitation: In some circumstances, you may obtain restrictions from us on how your personal data is processed.
- Right to object: You may object at any time to the processing of your personal data for reasons pertaining to your specific circumstances or when your personal data is processed for marketing purposes.
- Right to withdraw your consent: You are entitled to withdraw your consent to your personal data being processed at any time, it being understood that this will not make the prior processing based on such consent unlawful.
You are hereby informed that in the event of inaccurate, incomplete or unreliable data being communicated, any request based on article 32 of Law no. 78-17 of 6 January 2018 "pertaining to data processing, files and freedoms" cannot be made, such that you acknowledge that our company may not be held liable in this respect.
You also acknowledge that the collection of certain data may be required to satisfy a regulatory or contractual requirement and you may be required to provide the requested personal data.
You are also entitled to lodge a complaint with the supervisory authority of your choice and in particular with the Commission Informatique et Libertés (France's data watchdog) located at 3 place Fontenoy - 75007 Paris, if you consider that one of its rights might have been infringed by virtue of the processing of its data.
In accordance with article 40-1 of law no. 78-17 of 6 January 1978 as amended by law no. 2018-493 of 20 June 2018, you are entitled to issue instructions governing the storage, erasure and sharing of your personal data after your death.
A person may be appointed to carry out these instructions. This person shall then have the capacity, after your death, to acquaint themselves with the said instructions and ask the relevant data controllers that they be implemented.
These instructions may be:
- general, when they pertain to all data about a person or;
- specific, when they only pertain to certain specific data processing operations.
You are hereby informed that when these instructions are general and relate to all of the deceased's data, they may be entrusted to a trusted third party certified by the French data watchdog.
In the case of specific instructions, they may also be entrusted to the data controllers in the event of death. They are governed by the data subject’s specific consent and may not result simply from their approval of the general terms and conditions of use.
In the absence of instructions issued by the person during their lifetime, their heirs will have the opportunity to exercise certain rights, in particular:
the right of access, if necessary for the purposes of settling the deceased's estate; the right to object in order to close the deceased's user accounts and to object to the processing of their data.
Exercising your rights
You may exercise your rights by sending a request to our Data Protection Officer (DPO) or our Client Support department at the addresses given below. Any request to exercise a right must be accompanied by a photo of the applicant holding his/her identity document. You will receive a reply within one month of the date of receipt of your request. We may request additional information or documents from you to grant your request.
Contact us – DPO’s contact details
If you have any questions about the processing of your personal data or any comments, requests or complaints regarding its confidentiality, you may contact our Data Protection Officer:
- By post at the following address: LIBEO SAS - Data Protection Officer, 112 avenue de Paris, 94306, Vincennes
- By e-mail to the following address: [email protected]
- By contacting Libeo's client support.
Complaining to the Commission Nationale de l'Informatique et des Libertés (France's data watchdog)
If the rights of the data subject have not been respected, they may file a complaint with the CNIL (once they have contacted the data controller):
Commission Nationale de l'Informatique et des Libertés 3 Place de Fontenoy, 75334 PARIS
Useful link: https://www.cnil.fr/fr/webform/adresser-une-plainte