Updated 4 month ago
Purpose and scope of the data protection policy
Libeo is committed to a policy of ensuring the security, confidentiality and continuous protection of personal data (“data") belonging to the users of its services, in compliance with French and European regulations in force, in particular with the French Data Protection Act of 6 January 1978 (amended) and with the General Data Protection Regulation (GDPR) of 27 April 2016.
The purpose of this policy is to inform you of the data protection rules that we apply. In particular, it describes how we collect and process your personal data and how you can exercise your rights over such data.
We apply a strict policy to ensure the protection of your data.
This policy supplements the payment service framework contract. It covers the use of:
Status of Libeo and its clients
The Client legal entity undertakes to send this information to any natural person likely to be concerned by the processing operations performed on their data.
Libeo undertakes to ensure compliance with the provisions applicable to all its partners or subcontractors.
The information we collect
Legal basis for collection
We collect your data on the basis of a legal obligation, a legitimate interest or your consent.
We collect your data through forms that you fill in on our website or via mobile apps which you use to subscribe to our services or those of our partners. We also collect your data when you correspond with us, including with our client service department, or when you contact us by email or telephone. When you do this, we keep a copy of the exchange. We may also collect your data when you interact with us on social media.
When you use our services, we receive information from you, such as information about your company, your invoices and your financial status. We may also collect additional information from you when you register or otherwise use our services. For example, you may choose to synchronise your account with other third-party accounts, such as your financial institutions. In order to synchronise information about your financial institutions, we need to access your financial account data.
The categories of data that we process are as follows:
In such cases, you may specifically request that a “human being” intervene in order to process your data, and oppose any automated data processing decisions implemented by LIBEO.
You may also specifically request a copy of all information you might consider useful regarding the functioning of the algorithm used for the purposes of automated processing, and ask LIBEO about the effects that such processing has on the data collected.
We also automatically collect your data when you log on to our website or use our mobile apps. The data collected is as follows:
We do not undertake any processing operations on personal data such as race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, nor do we process any biometric or genetic data, pursuant to Article 9 of the European General Regulation 2016/679 of 27 April 2016 on Data Protection. However, this undertaking may cease to apply if the legal or regulatory provisions require that the aforementioned personal data be processed.
Use of collected data
We collect and process your personal data for specified, explicit and legitimate purposes. As such, we use your data in connection with the performance of the payment services framework agreement into which you enter with us and Treezor. The objectives are as follows:
LIBEO undertakes not to process your data in a manner incompatible with the aforementioned purposes without your express prior consent.
When we collect your personal data, we will inform you if certain information is required or if it is optional. Mandatory data is required in order for us to operate the services. With regard to optional data, it is entirely up to you whether or not you decide to provide it. We also inform you of any possible consequences of your failing to provide it.
The recipients of the data collected
The data collected is intended for us and, where strictly necessary, for our subcontractors and partners involved in the provision of our services.
The personal data collected by our company on the website is for internal use only and will not be communicated, transferred or disclosed to any third parties, without your express authorisation, with the exception of any legal requisition provided for by legal provisions.
However, acceptance of these conditions implies your consent to our company being able to transmit the information collected with its clients, subcontractors and/or suppliers in order to perform the processing operations referred to in article 4 hereof.
Our partners and we ourselves use Internet cookies and tags in order to distinguish you from other users when you use our website or apps.
Indeed, when consulting our website, information pertaining to the device (computer, tablet, smartphone, etc.) you use to browse our website/application may be stored as cookies installed on your device, subject to your preferences in relation to these cookies. You may change these preferences at any time.
What are the cookies from this website used for?
Only the issuer of a cookie is likely to read or modify the information contained therein.
Cookies that we issue on our website
When you log on to our website, we may, subject to your choices, install various cookies on your device allowing us to recognise your device's browser over the course of the period during which the cookie concerned is valid. The cookies we issue are used for the purposes described below, subject to your choices, which are managed by the settings of the browser you used to visit our website. You may change these settings at any time. The retention period of this information does not exceed 13 months.
The cookies we issue allow us to:
List of third-party cookies
Analysis and performance cookie
Other tools via third-party cookies:
Other analytics or data trackers (SDK or ServerSide):
Your Cookie Preferences
You can – at any time – set or change your cookie preferences by using any of the methods described below.
The options available to you are those of your browser.
The storing of a cookie on a device is essentially governed by the wishes of the user of the device. The user may set or change these wishes free of charge and at any time via their browser software. If you have agreed to have cookies stored in your device's browser, the cookies included in the pages and content that you have visited may temporarily be stored in a dedicated area on your device. They will only be readable by their issuer.
If you refuse to have cookies stored on your terminal, or if you delete any that have already been stored, you may no longer be able to enjoy access to a certain number of functions and features that are nevertheless necessary in order to browse certain areas of our website. This would apply if you tried to access any of our content or services requiring you to be identified. This would also apply if we – or our service providers – were unable to recognise, for technical compatibility purposes, the type of browser used by your device, its language and display settings or the country from which your device appeared to be connecting to the Internet.
We would accept no liability for any consequences of the reduced functionality of our services resulting from our being unable to store or consult cookies needed for them to operate properly which you have refused to accept or deleted.
Exercising your choices, depending on your browser
When it comes to managing cookies and your choices, each browser's configuration is different. It is described in your browser's help menu, which tells you how to change your cookie preferences:
Security of storage and transmission to third parties
The data we collect is stored on the servers of our Google Cloud Platform provider, which guarantees a high level of security. These servers are located within the European Union, Ireland and Belgium and allow your data to be processed exclusively within the European Union.
Transmission to third parties
In order to provide the service, we may transfer some of your personal data to our subcontractors. For the purposes of your use of the services that we provide, your data will not be transferred outside the European Union.
We will inform you of all the appropriate precautions and organisational and technical measures to take in order to safeguard the security, integrity and confidentiality of your personal data, and in particular to prevent it from being distorted or damaged, and to prevent any unauthorised third parties from accessing it. We also use secure, state-of-the-art payment systems that comply with applicable regulations.
Depending on the needs, risks, costs and purpose of the data processing operations, our company will take measures that may include data pseudonymisation and encryption for any impact assessment.
Our Company has a procedure in place for regularly testing, analysing and assessing the efficacy of the technical and organisational measures for ensuring the security of data processing operations.
Data retention period
Pursuant to article 32, paragraph 8 of law no. 78-17 of 6 January 2018 “on data processing, files and freedoms”, our company will only retain personal data for the period strictly necessary to fulfil the purposes defined in article 4.
In accordance with our anti-money laundering and anti-terrorist financing obligations, your transaction data will be retained for a period of five years once your account has been closed and our contractual relationship ended.
In accordance with the applicable regulations, you have rights when your data is processed:
You are hereby informed that in the event of inaccurate, incomplete or unreliable data being communicated, any request based on article 32 of Law no. 78-17 of 6 January 2018 "pertaining to data processing, files and freedoms" cannot be made, such that you acknowledge that our company may not be held liable in this respect.
You also acknowledge that the collection of certain data may be required to satisfy a regulatory or contractual requirement and you may be required to provide the requested personal data.
You are also entitled to lodge a complaint with the supervisory authority of your choice and in particular with the Commission Informatique et Libertés (France's data watchdog) located at 3 place Fontenoy - 75007 Paris, if you consider that one of its rights might have been infringed by virtue of the processing of its data.
In accordance with article 40-1 of law no. 78-17 of 6 January 1978 as amended by law no. 2018-493 of 20 June 2018, you are entitled to issue instructions governing the storage, erasure and sharing of your personal data after your death.
A person may be appointed to carry out these instructions. This person shall then have the capacity, after your death, to acquaint themselves with the said instructions and ask the relevant data controllers that they be implemented.
These instructions may be:
You are hereby informed that when these instructions are general and relate to all of the deceased's data, they may be entrusted to a trusted third party certified by the French data watchdog.
In the case of specific instructions, they may also be entrusted to the data controllers in the event of death. They are governed by the data subject’s specific consent and may not result simply from their approval of the general terms and conditions of use.
In the absence of instructions issued by the person during their lifetime, their heirs will have the opportunity to exercise certain rights, in particular:
the right of access, if necessary for the purposes of settling the deceased's estate; the right to object in order to close the deceased's user accounts and to object to the processing of their data.
Exercising your rights
You may exercise your rights by sending a request to our Data Protection Officer (DPO) or our Client Support department at the addresses given below. Any request to exercise a right must be accompanied by a photo of the applicant holding his/her identity document. You will receive a reply within one month of the date of receipt of your request. We may request additional information or documents from you to grant your request.
Contact us – DPO’s contact details
If you have any questions about the processing of your personal data or any comments, requests or complaints regarding its confidentiality, you may contact our Data Protection Officer:
Complaining to the Commission Nationale de l'Informatique et des Libertés (France's data watchdog)
If the rights of the data subject have not been respected, they may file a complaint with the CNIL (once they have contacted the data controller):
Commission Nationale de l'Informatique et des Libertés 3 Place de Fontenoy, 75334 PARIS
Useful link: https://www.cnil.fr/fr/webform/adresser-une-plainte