1st catering & events app that matches employers and employees.
Privacy Policy
AN EXTRA®
Updated July 6, 2021
UN EXTRA undertakes, with regard to the collection, processing and communication of Personal Data, to comply with the regulations applicable to the processing of said data and in particular the Law 78-17 of January 6, 1978 (“ Law Computing and Freedom ") and European Regulation 2016/679 of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data (“ GDPR ").
This Privacy Policy is an integral part of the General Conditions of Use and Subscription so that the definitions used in the latter are reused in this Privacy Policy.
The purpose of this privacy policy is to inform Users of the Application and the Site about how their Personal Data is collected from the Application, how it is processed by the Data Controller and finally the rights they have. benefit from these treatments.
Article 1 – Data controller
The Data Controller of Personal Data collected from the Site within the meaning of Article 24 of the GDPR is:
The company UN EXTRA, Single-member Simplified Joint Stock Company registered with the MARSEILLE RCS under number 848 354 056 whose head office is located at 1163 Chemin de la Vallée ZI SAINT MITRE, 13400 AUBAGNE
For any questions or clarifications relating to this Privacy Policy and/or concerning the collection or protection of your personal data, you can contact us at the following email address: unextraapp@gmail.com
Article 2 – Data collected and retention periods
2.1. Data collected from the User
- IP adress
When you consult the Site or use the Application, UN EXTRA may record the IP address of your computer or data relating to events linked to the mobile device you are using.
- Cookies
Cookies are used as part of your browsing on the Site. They record information relating to your browsing and store information that you have entered during your visit, so that you no longer need to enter it on your next visits.
At no time do these cookies allow UN EXTRA to personally identify the User.
The retention period of these cookies in the User's terminal does not exceed THIRTEEN (13) months.
More specifically, Personal Data collected from cookies issued by UN EXTRA or third parties allows:
- to establish statistics and volumes of attendance and use of the Site;
- to adapt the presentation of the Site to the display preferences of the User's terminal (language used, display resolution, operating system used, etc.);
- to store information relating to a form completed by the User on the Site;
- to implement security measures;
- to monitor the commercial relationship with the User;
Thanks to cookies, UN EXTRA collects and processes for the purposes determined above, all or part of the following Data:
- Information related to the User's terminal:
- Their Internet service provider;
- Their advertising identifier linked to the operating system of their terminal;
- The IP address of their terminal;
- The geolocation data of your terminal;
- Information about your browsing and behavior on the Site:
- Statistics on the consultation of the different pages of the Site, the duration of the session;
- The full URL path to, through and from the Site;
- Information concerning the User (first and last name, age or age group, gender, declared and/or presumed socio-professional category, email address, etc.) linked to their activity on the Internet and communicated by third parties (advertisers , advertising agencies, etc.).
We inform you that you can oppose the recording of such cookies by configuring your browser or by deactivating cookies using your browser settings.
2.2. Data collected from Extras
The Data Controller collects, when creating an Extra Account, the following Personal Data that the Extra must necessarily provide, namely:
- His first name
- Her name
- His email address
- His sex
- His telephone number
- His date of birth
- His postal address
- His social security number
- Its sector of activity
- Positions sought
- His availability
Then, where applicable, the Data Controller will be likely to collect other Personal Data that the Extra will communicate spontaneously in the context of the use of the Application.
2.3. Ddata collected from Extras PRO
In addition to the data listed in article 2.2., the Controller will collect the following additional data from Extras PRO:
- Their SIRET number
- Their bank details (IBAN)
2.3. Data collected from Employers
The Data Controller collects, when creating an Establishment Account, the following Personal Data that the Professional Employer must necessarily provide, namely:
- Its sector of activity
- Its company name
- Its corporate name
- The first and last name or name of the legal representative
- Its head office
- His email address
- His telephone number
- His password
- Their bank details (IBAN)
The Private Employer must provide the following information:
- His first and last name
- His postal address
- His email address
- His telephone number
- His password
- Their bank details (IBAN)
Then, where applicable, the Data Controller will be likely to collect other Personal Data the Employer will communicate spontaneously in the context of the use of the Application, and in particular:
- The bills
- Transaction data
2.4. Data collected when exercising the rights mentioned in the article 6
Where applicable, UN EXTRA will collect, when exercising the rights set out in Article 7 of this Privacy Policy, a copy of the User's identity document.
Article 3 – Lawfulness and purposes of processing
In compliance with French and European regulations relating to the protection of Personal Data, UN EXTRA collects or processes your Personal Data only to the extent that this processing meets at least one legitimate bases following:
- This processing is necessary for the execution of the corporate purpose of UN EXTRA but also for the execution of the contractual relationship between UN EXTRA and the User,
- This processing is necessary to comply with the various legal obligations to which UN EXTRA is subject, and in particular accounting, tax and social obligations,
- This processing is necessary to protect the legitimate interests of UN EXTRA,
- You have consented to this processing for the purposes set out below
UN EXTRA only retains and stores your Personal Data for the period strictly necessary for these legitimate bases.
Purpose | Legal basis | Data categories | Categories of people | Duration |
– Access, operation, use, personalization and improvement of the Platform – Optimization of the connection between Extras and Employers – Identity verification - Account management – Management and prevention of litigation and disputes between Users | Execution of the contractual relationship between UN EXTRA and the Users | – Identity data – Contact data – Economic and financial information | – Extra – Extra PRO - Employer | Duration of the contractual relationship increased by 3 years |
– Billing and payments | – Identity data – Contact data – Economic and financial information | - Employer | 10 years from the closing date of the financial year during which the invoice was issued. | |
– Recovery | – Identity data – Contact data – Economic and financial information | - Employer | Until full payment of amounts due | |
– Data analysis, auditing, and identification of usage trends | Consent | – Connection data | - User | 13 months |
– Commercial prospecting and information on new products, news and events | Legitimate interest | – Identity data – Contact data | – Extra – Extra PRO - Employer | 3 years |
– Establishment of contact with an authorized person and follow-up of the contact | – Identity data – Contact data | - User | 3 years | |
-Control and prevention of fraud, malware, and security incident management | Compliance with legal and regulatory obligations | – Connection data | - User | 1 year |
-Accounting | – Identity data – Contact data – Economic and financial information | - Employer | 10 years from the end of the financial year. | |
-Respect for specific rights (Art.6) | – Identity data – Contact data | - User | 1 year |
Article 4 – Sharing of Data with third parties
Personal Data may be shared with third-party companies to enable:
- hosting the Site and the Application,
- back-office administration and database management,
- financial transactions,
- sending newsletters
UN EXTRA therefore uses the following service providers:
- Heroku
- Google Cloud Platform
- Google Cloud Function
- Firebase
- Hasura Cloud
- Mangopay
UN EXTRA undertakes to verify that all of its service providers scrupulously respect the GDPR, by requiring them to provide sufficient guarantees demonstrating that the technical and organizational security measures applicable to the protection of personal data have been taken.
In any case, service providers can only have strictly limited access to Personal Data. strictly necessary for the performance of their services.
Your Personal Data may also be shared in the following cases:
- If required by law, UN EXTRA may transmit your Personal Data to pursue claims made against us and comply with administrative and legal procedures;
- In the event of a merger, acquisition, transfer of assets or receivership procedure, UN EXTRA may be required to transfer or share all or part of its assets, including Personal Data.
In the event that a transfer of Personal Data to a recipient located in a country which is not located in the territory of the EEA and which has not been the subject of an adequacy decision by the Commission European, UN EXTRA undertakes to take all appropriate guarantees to ensure its complete legality, ensuring that Users have enforceable rights and legal remedies against the recipient and to obtain prior and specific consent of the User to said transfer of Personal Data.
Article 5 – Security and confidentiality of your Data
AN EXTRA guarantee to implement organizational, technical, software and physical measures in terms of digital security to protect personal data against alteration, destruction and unauthorized access.
Despite all these measures, UN EXTRA would like to draw your attention to the fact that the Internet is not a completely secure environment, such that it cannot guarantee you, at 100%, the security of the transmission and storage of your data.
As such, UN EXTRA undertakes to notify the CNIL, as soon as possible, of any data breach likely to create a risk for the rights and freedoms of individuals.
For all details relating to the organizational, technical, software and physical measures that UN EXTRA has put in place to ensure the security and confidentiality of your data, you can contact us at the following email address:
The Site and the Application are hosted by the company whose contact details are as follows:
DIGITAL OCEAN,
11 rue Maison Dieu 75014 Paris
Article 6 – Implementation of your specific rights
In accordance with the regulations applicable to personal data, you have the following rights:
- A permission to access, to know the personal data concerning you
- A right of rectification, to request updating of inaccurate information about you
- A right to object, to refuse the use of data concerning you
- A right to erasure, to request the deletion of your personal data
- A right to restriction of processing of your data
- A right to portability of your data
- Access rights
The User has the possibility of obtaining from the Data Controller confirmation that the Personal Data concerning him or her is or is not processed and, when they are, access to said Personal Data as well as the following information:
- the purposes of the processing;
- categories of Personal Data;
- the recipients or categories of recipients to whom the Personal Data have been or will be communicated;
- when possible, the planned retention period of Personal Data or, when this is not possible, the criteria used to determine this period;
- the existence of the right to request from the Data Controller the rectification or erasure of Personal Data, or a limitation of the processing of their Personal Data, or the right to object to this processing;
- the right to lodge a complaint with the supervisory authority regarding personal data (in France, the CNIL);
- when Personal Data is not collected from the User, any information available as to their source;
- the existence of automated decision-making, including profiling, and, at least in such a case, meaningful information regarding the underlying logic, as well as the significance and intended consequences of such processing for the User ;
When Personal Data is transferred to a third country or to an international organization, the User has the right to be informed of the appropriate guarantees with regard to this transfer.
The Data Controller provides a copy of the Personal Data subject to processing.
The Data Controller may require payment of reasonable fees based on administrative costs for any additional copies requested by the User or in the event of a request for transmission of Personal Data on paper and/or physical media.
When the User submits his request electronically, the information is provided in commonly used electronic form, unless he requests otherwise.
The User's right to obtain a copy of their Personal Data must not infringe the rights and freedoms of others.
- Rights of rectification
The User has the possibility of obtaining from the Data Controller, as soon as possible, the rectification of Personal Data concerning him which is inaccurate. He also has the possibility of obtaining the completion of incomplete Personal Data, including by providing a supplementary declaration.
- Rights to erasure
The User has the possibility of obtaining from the Data Controller the erasure, as soon as possible, of Personal Data concerning him when one of the following reasons applies:
- The Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed by the Data Controller;
- The User has withdrawn their consent for the processing of their Personal Data and there is no other legal basis for the processing;
- The User exercises his right of opposition under the conditions set out below and there is no overriding legitimate reason for the processing;
- The Personal Data has been the subject of unlawful processing;
- Personal Data must be erased to comply with a legal obligation;
- Personal Data was collected from a child.
- Rights to limitation
The User has the possibility of obtaining from the Data Controller the limitation of the processing of his Personal Data when one of the following reasons applies:
- The Data Controller verifies the accuracy of the Personal Data following the User's challenge to the accuracy of the Personal Data;
- The processing is unlawful and the User opposes the erasure of the Personal Data and instead demands the limitation of their use;
- The Data Controller no longer needs the Personal Data for the purposes of processing but they are still necessary for the User to establish, exercise or defend legal rights;
- The User has objected to the processing under the conditions set out below and the Data Controller verifies whether the legitimate reasons pursued prevail over the reasons alleged.
- Right to Data Portability
The User has the possibility of receiving Personal Data concerning him or her from the Data Controller, in a structured, commonly used and machine-readable format when:
- The processing of Personal Data is based on consent, or on a contract;
- The processing is carried out using automated processes.
When the User exercises his right to portability he has the right to obtain that the Personal Data is transmitted directly by the Data Controller to another data controller whom he will designate when technically possible.
The right to portability of the User's Personal Data must not infringe the rights and freedoms of others.
- Right to object
The User may object at any time, for reasons relating to his particular situation, to the processing of Personal Data concerning him based on the legitimate interest of the Data Controller. The latter will then no longer process the Personal Data, unless it demonstrates that there are compelling and legitimate reasons for the processing which prevail over the interests and rights and freedoms of the User, or may keep them for the purposes of processing. establishment, exercise or defense of legal rights.
- Post-mortem guidelines
The User has the possibility of communicating to the Data Controller instructions relating to the conservation, erasure and communication of his Personal Data after his death, which directives may also be registered with " from a certified digital trusted third party ". These guidelines, or sort of “youdigital stament », may designate a person responsible for their execution; failing this, the User's heirs will be designated.
In the absence of any directive, the User's heirs may contact the Data Controller in order to:
– to access the processing of Personal Data allowing “ the organization and settlement of the deceased's estate » ;
– to receive communication from “ digital goods » or “data resembling family memories, transferable to heirs”;
– to close the User's Account on the Website and oppose the continued processing of their Personal Data.
- How to exercise these rights
To exercise these rights, you can contact us at any time by email at the following address: unextraapp@gmail.com
Or by post to the following address: AN EXTRA 1163 Chemin de la Vallée ZI SAINT MITRE, 13400 AUBAGNE
For the purposes of asserting its specific rights according to the conditions referred to above, the Data Controller may ask the latter to prove their identity by mentioning their last name, first name, email address and to accompany their request for a copy of a valid identity document, as well as any information or document capable of ensuring their identity.
A response will be sent to the User within a maximum of one month (1 month) following the date of receipt of the request.
If necessary, this period may be extended by two (2) months by the Data Controller who will alert the User, taking into account the complexity and/or number of requests.
In the event of a request from the User to delete their Personal Data and/or in the event of exercising their right to request the erasure of their Personal Data, the Data Controller may however keep them in the form of intermediate archiving, and this for the duration necessary to satisfy its legal obligations, or for evidentiary purposes during the applicable limitation period.
The User may also lodge a complaint with the competent supervisory authority (In France, the CNIL).
Article 7 – Password security
UN EXTRA takes all necessary precautions to ensure the secure storage of the User's password to access their Account.
However, the security of this password also depends on its design by the User.
Article 8 – Consent
By using the Site and the Application, you agree to this Privacy Policy.
Article 9 – Update of this Privacy Policy
UN EXTRA reserves the right to make any changes to this Privacy Policy at any time.
If a modification is made, UN EXTRA undertakes to publish the new version on the Website.
In the event of disagreement with the new wording of the Privacy Policy, you retain the option of requesting the deletion of all Personal Data concerning you.