February 28, 2024 version1/ Purpose of this charter
The purpose of this charter is to inform you about the means we use to collect your personal data, in strict compliance with your rights.Billabex complies, in the collection and management of your personal data, with Law No. 78-17 of January 6, 1978 on Data Processing, Data Files and Individual Liberties, in its current version, known as "Informatique et Libertés", and Regulation (EU) 2016/679 of April 27, 2016, as soon as it comes into force (hereinafter: the GDPR/"RGPD").
2/ Identity of the data controller
The company responsible for collecting your personal data is Billabex, SAS registered with the Paris Trade and Companies Registry under number 984 298 505, having its registered office at 26 RUE BOSQUET, 75007 PARIS France (hereinafter referred to as "We").
3/ Data Protection Officer
We have appointed a Data Protection Officer (
contact form).
4/ Our collection resources
The personal data we collect and process depends on how you interact with us, including:
- a "User", i.e. you have an account on the Billabex platform;
- a "Customer", i.e. you are the holder of a subscription contract to the Billabex platform;
- a "Visitor" when you visit
https://www.billabex.com, participate in our webinars and other digital events, contact us directly (via our forms on the site, by e-mail or at physical events for example), download a white paper or interact with us in any other way without being a User or Customer.
5/ What we collect
Depending on how you interact with us, we may collect the following data.
When you are a
User, the following categories of personal data may be collected:
- Identification data, e.g. your surname, first name, e-mail address
- User content, i.e. the content you send to Billabex (invoices, emails, etc.);
- Connection data, such as your login and password, as well as any data required to maintain your connection to the platform
- Device data, e.g. device model, browser version, screen resolution;
- your IP address ;
- Usage data, e.g. application logs, technical logs and any other data enabling us to keep a record of visits and actions carried out on the platform.
- Location data (for support only)
- Support data, such as the content of support tickets or chat messages.
When you are a
Customer or a contact person for a Customer, the following categories of personal data may be collected as part of our commercial relationship:
- Identification data, e.g. your surname, first name, e-mail address;
- Contract data, including subscription type and billing details.
When you are a
Visitor, the following categories of personal data may be collected:- Identification data, e.g. your surname, first name, e-mail address
- Device data, e.g. device model, browser version, screen resolution;
- Navigation data, for example, the pages you visit on the https://billabex.com website;
- your IP address ;
- Location data ;
- Chat data, if you use the chat available on https://billabex.com;
- additional third-party information relating to your professional activity;
When we collect your personal data, we inform you whether certain information is mandatory or optional. Mandatory data is necessary for the operation of our services. For optional data, you are entirely free to choose whether or not to provide it. We will also inform you of the possible consequences of failing to do so.
6/ Collection origin
We may collect personal data in two different ways:
or directly from you:
- voluntarily when you fill in collection fields
- automatically, when you use the Platform or browse the sites.
or indirectly :
- or from other users of our services;
- or from our technical partners providing integration services
- from third parties (particularly if you use Single Sign On to connect to the Platform), or
- with our business partners
- from our marketing partners, when you download a white paper from a third-party site (e.g. from a social network);
Should partners or third parties collect other personal data, they will be solely responsible for complying with their legal and regulatory obligations in respect of such collection and processing, which they carry out themselves, using their own resources and for their own needs alone.
7/ For what purposes do we collect your data?
Depending on the way in which you interact with us, our processing operations pursue the following purposes, associated with the legal basis for collection.
Users
Purpose:
Performance of the Services as described in our General Terms and ConditionsProvision of user support
Communications relating to new functionalities (the "Product Communications") and changes to our GCUS.
Associated legal basis:
Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
Purpose:
Monitor use of the Platform
Aggregation and analysis of data to improve the Platform and Services
Detection, prevention and resolution of technical bugs
Information for users concerning their use of the Platform, the management of their account and any instructions sent by email (for example, to validate an email address).
Setting up and managing a user database
Associated legal basis:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Purpose:
Management and processing of requests to exercise individual rights.Processing to ensure compliance with applicable laws and regulations
Associated legal basis:
Processing is necessary to comply with a legal obligation to which the data controller is subject
Customer
Purpose:
Performance of the Services as described in our General Terms and ConditionsCarry out customer management operations concerning contracts, orders, invoices, loyalty programs and customer relations.
Customer support
Information leaflets on changes to the CGS (General Terms and Conditions)
Sending of information notices relating to the Subscription Contract, including the expiry or renewal of a subscription, or any other instruction made necessary for the performance of the Services
Associated legal basis:
Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
Purpose:
Creation and management of customer databaseDetecting and preventing fraud attempts
Managing unpaid bills and disputes
Organization of commercial campaigns and/or operations (e.g. sponsorship system) outside the scope of licensed gambling activities Sending you communications relating to our offers and services in connection with those for which you are already a customer, unless you do not wish to receive them.
Draw up sales statistics
Associated legal basis:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Purpose: Sending communications relating to our offers and services as well as new content and organizing eventsProcessing for another purpose requiring your consent
Associated legal basis:
The data subject has consented to the processing of his/her personal data for one or more specific purposes
Purpose:
Management and processing of requests to exercise individual rights.
Processing to ensure compliance with applicable laws and regulations
Associated legal basis:
Processing is necessary to comply with a legal obligation to which the data controller is subject
Visitor
Purpose:
To respond to a request from a contact form or following an e-mail from you, or following contact at a digital or physical event or via any other channel.
Associated legal basis: Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
Purpose:
Aggregation and analysis of data relating to the browsing of the Billabex.com website in order to draw up visitor statistics. To adapt the content of the Billabex.com site to the characteristics that you have indicated (for example, the language of the site), of which Billabex may be aware and - where applicable - to your previous navigation. Create and manage a prospecting database
Marketing communication and prospecting management
Associated legal basis:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Purpose:
Sending communications relating to our offers and services as well as new content and organizing events Processing for another purpose requiring your consent
Associated legal basis: The data subject has consented to the processing of his/her personal data for one or more specific purposes
Purpose:
Management and processing of requests to exercise individual rights. Processing to ensure compliance with applicable laws and regulations
Associated legal basis:
Processing is necessary to comply with a legal obligation to which the data controller is subject
8/ Recipients of collected data
Access to your personal data will be granted to authorized and qualified personnel of our company, auditing bodies (in particular the statutory auditor) and our subcontractors.Personal data may also be sent to public bodies, exclusively to meet our legal obligations, to legal auxiliaries, and to ministerial officers.Data relating to the purchaser's payment may be sent to debt collection agencies only.
9/ Transfer of personal data Your personal data will not be transferred, rented or exchanged for the benefit of third parties.
10/ Retention period for personal data
(i) Concerning data relating to the management of customers and prospects : Your personal data will not be kept beyond the time strictly necessary to manage our commercial relationship with you. However, data required to establish proof of a right or contract, or to comply with a legal obligation, will be kept for the period stipulated by the law in force.With regard to any prospecting operations aimed at customers, their data may be kept for a period of three years from the end of the commercial relationship.
Personal data relating to non-customer prospects may be kept for a period of 3 (three) years from the date of collection or last contact with the prospect.At the end of this three-year period, we may contact you again to find out whether you wish to continue receiving commercial solicitations.
(ii) Concerning identity documents: In the event of exercising the right of access or rectification, data relating to identity documents may be kept for the period stipulated in article 9 of the French Code of Criminal Procedure, i.e. one year. If the right to object is exercised, such data may be archived for the period of limitation stipulated in article 8 of the Code of Criminal Procedure, i.e. three years.
(iii) Concerning credit card data: Financial transactions relating to the payment of purchases and fees via the Solution are entrusted to a payment service provider, which ensures their smooth and secure processing.For the purposes of our services, this payment service provider may receive personal data relating to your credit card numbers, which it collects and stores in our name and on our behalf.
We do not have access to this data.
To enable you to make regular purchases or pay related fees on the Solution, your credit card details are kept for the duration of your registration on the Solution and, at the very least, until you make your last transaction.
By checking the box expressly provided for this purpose on the Solution, you give us your express consent to this storage.Data relating to the visual cryptogram or CVV2, written on your bank card, is not stored.If you do not wish your personal data relating to your credit card numbers to be stored under the conditions specified above, we will not store this data beyond the time required to complete the transaction.In any event, the data relating to these transactions may be stored in intermediate archives for the period stipulated in article L 133-24 of the French Monetary and Financial Code, i.e. 13 months following the debit date, for the purposes of proof in the event of a dispute. This period may be extended to 15 months to take into account the possibility of using deferred debit payment cards.
(iv) Concerning the management of lists of objections to receiving canvassing: The information enabling us to take account of your right to object is kept for a minimum of three years from the date on which you exercise your right to object.
(v) Concerning cookies : The retention period for the cookies referred to in Article 13 is 13 months.
11/ Security
We inform you that we take all necessary precautions and appropriate organizational and technical measures to preserve the security, integrity and confidentiality of your personal data, and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties. We also use secure payment systems that comply with the state of the art and applicable regulations. The safety measures implemented by Billabex are detailed on the dedicated page.
12/ Hosting We inform you that your data will be kept and stored, for as long as it is required, on the servers of Amazon Web Service. These servers are located in Ireland.
13/ Cookies
Cookies are text files, often encrypted, stored in your browser. They are created when a user's browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website's server.
The Solution uses different types of cookies for different purposes:
- Technical cookies are used throughout your browsing experience, to facilitate navigation and execute certain functions. A technical cookie may, for example, be used to memorize the answers entered in a form, or the user's preferences regarding the language or layout of a website, where such options are available.
These cookies are essential to the performance of the service.
Among these technical cookies, several third-party cookies are used to offer functionalities based on services external to the Solution: for the login buttons set up on the home page: Google, Microsoft; for access to customer support: CRISP; for the captcha set up on the registration page: Google reCAPTCHA.- Audience analysis cookies enable us to measure the number of visits to the Solution, the number of pages viewed and the use of site functionalities for statistical purposes. This information base enables us to improve the product and your user experience on our site, by better understanding our users' expectations. Your IP address is also collected to determine the city from which you are connecting.Among these audience analysis cookies, several third-party cookies are used: Google Analytics, Mixpanel, Sentry.
- Cookies used for marketing purposes enable us to better understand our customers' use of the Solution, in order to provide them with personalized support in relation to their experience of the Solution, and the use they make of it. These cookies also enable us to tailor our communication policy to each customer.Several third-party cookies are used for marketing purposes: LinkedIn, Facebook, Google Ads, Outbrain.
We remind you that you can refuse to accept cookies by configuring your browser. However, such a refusal could prevent the Solution from working properly.
14/
Access to your personal data
In accordance with the "Informatique et Libertés" law and the RGPD, you have the right to obtain communication and, where appropriate, rectification or deletion of data concerning you, through online access to your file. You can also contact :
-
contact form (dpo)- postal address: 26 RUE BOSQUET, 75007 PARIS France
Persons whose data is collected on the basis of our legitimate interest, as mentioned in article 4, are reminded that they may object to the processing of their data at any time.
We may, however, continue to process data if there are legitimate grounds for the processing which override your rights and freedoms, or if the processing is necessary to establish, exercise or defend our legal rights.
15/ The right to specify how your data will be handled after your death
You have the right to define directives concerning the conservation, deletion and communication of your personal data after your death.These directives can be general, meaning that they apply to all personal data concerning you. In this case, they must be registered with a trusted digital third party certified by the CNIL.
Instructions may also be specific to the data processed by our company. In this case, please send them to the following address:
-
contact form (dpo)- postal address: 26 RUE BOSQUET, 75007 PARIS France
By sending us such instructions, you expressly give your consent for these instructions to be stored, transmitted and executed in accordance with the terms and conditions set out herein.In your instructions, you may designate a person to carry out your wishes. This person will then be entitled, when you die, to take cognizance of your directives and ask us to implement them. If you do not designate a person, your heirs will be entitled to take cognizance of your instructions on your death and ask us to implement them.
You can change or revoke your instructions at any time by writing to us using the contact details above.
16/ Portability of your personal data
You have a right to the portability of the personal data you have provided to us, understood as the data you have actively and consciously declared in the course of accessing and using the services, as well as the data generated by your activity in the course of using the services.
We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the performance of the contract binding us.This right may be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to recover and store your personal data.Within this framework, we will send you your personal data, by any means deemed useful, in a standard open format commonly used and machine-readable, in accordance with the state of the art.
17/ Making a complaint to a supervisory authority
You are also informed that you have the right to lodge a complaint with a competent supervisory authority, (the Commission Nationale Informatique et Libertés for France), in the Member State in which your habitual residence, your place of work or the place where the violation of your rights would have been committed is located, if you consider that the processing of your personal data subject to the present Charter constitutes a violation of the applicable texts.
This recourse may be exercised without prejudice to any other recourse before an administrative or jurisdictional court. Indeed, you also have the right to an effective administrative or judicial remedy if you consider that the processing of your personal data as described in the present Charter constitutes a violation of the applicable laws.
18/ Treatment limitation
You have the right to limit the processing of your personal data in the following cases:
- For the duration of our verification process, if you dispute the accuracy of your personal data,
- When the processing of such data is unlawful, and you wish to restrict such processing rather than delete your data,
- When we no longer need your personal data, but you want us to keep it in order to exercise your rights,
- During the period of verification of legitimate reasons, when you have objected to the processing of your personal data.
19/ Modifications
We reserve the right, at our sole discretion, to modify this charter, in whole or in part, at any time. These modifications will come into effect upon publication of the new charter. Your use of the Solution following the entry into force of these modifications will constitute recognition and acceptance of the new charter.
Failing this, and if the new charter does not suit you, you must no longer access the Solution.