Privacy Policy


Updated on 6 July 2021

UN EXTRA is committed, as regards the collection, the treatment and the communication of Data of a personal nature, to respect the regulation applicable to the treatment of the aforementioned data and in particular the Law 78-17 of 6 January 1978 (" Law Information Technology and Civil Liberties ") and the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (" RGPD ").

This Privacy Policy is an integral part of the General Terms and Conditions of Use and Subscription so the definitions used in the latter are reused in this Privacy Policy.

The purpose of this privacy policy is to inform the Users of the Application and of the Website about the way their Personal Data is collected from the Application, how it is processed by the Data Controller and finally the rights they have with regard to such processing.

Article 1 - Data controller

The Data Controller of the Personal Data collected from the Site within the meaning of Article 24 of the GDPR is :

The company UN EXTRASociété par Actions Simplifiée Unipersonnelle registered at the RCS of MARSEILLE under the number 848 354 056, whose registered office is located at 1163 Chemin de la Vallée ZI SAINT MITRE, 13400 AUBAGNE

If you have any questions or concerns about this Privacy Policy and/or the collection or protection of your personal data, you can contact us at the following email address


Article 2 - Data collected and retention periods

2.1.  Data collected from the User

  • IP address  

When you visit the Site or use the App, UN EXTRA may record the IP address of your computer or event data related to the mobile device you are using.

  • Cookies

Cookies are used as part of your navigation on the Site. They record information relating to your navigation and store information that you have entered during your visit, so that you do not need to enter it again during your next visits. 

At no time, these cookies allow UN EXTRA to identify personally the User. 

These cookies are kept in the User's terminal for no longer than THIRTEEN (13) months.

More specifically, the Personal Data collected from the cookies issued by UN EXTRA or third parties allow:

  • to establish statistics and volumes of visits and use of the Site;
  • to adapt the presentation of the Site to the display preferences of the User's terminal (language used, display resolution, operating system used, etc.);
  • to memorise information relating to a form completed by the User on the Site; 
  • to implement security measures;
  • to ensure the follow-up of the commercial relationship with the User;

Thanks to cookies, UN EXTRA collects and processes for the purposes determined above, all or part of the following Data:

  • Information related to the User's terminal: 
    • Its Internet service provider ;
    • His advertising ID linked to the operating system of his terminal;
    • The IP address of its terminal;
    • The geolocation data of its terminal;
  • Information on its navigation and behaviour on the Site:
    • Statistics on the consultation of the different pages of the Site, the duration of the session;
    • The complete URL path to, through and from the Site;
  • Information concerning the User (surname and first name, age or age range, sex, declared and/or presumed socio-professional category, e-mail address, etc.) linked to his/her activity on the Internet and communicated by third parties (advertisers, advertising agencies, etc.).

Please note that you can prevent such cookies from being stored by configuring your browser or by deactivating cookies from your browser settings. 

2.2. Data collected from Extras

When creating an Extra Account, the Data Controller collects the following personal Data that the Extra must necessarily fill in, namely 

  • First name
  • His name
  • Its email address
  • Its gender
  • Its telephone number
  • Date of birth
  • Its postal address
  • Its social security number
  • Its sector of activity
  • Positions sought
  • Its availability 

Then, if necessary, the Data Controller may collect other Personal Data that the Extra will communicate spontaneously when using the Application.

2.3. Dons collected from the Extras PRO

In addition to the data listed in Article 2.2, the Responsible Entity will collect the following additional data from the Extras PRO: 

  • Its SIRET number
  • Bank details (IBAN)

2.3. Data collected from Employers

The Data Controller collects the following Personal Data when creating an Establishment Account, which the Professional Employer must necessarily fill in, namely 

  • Its sector of activity
  • Its name
  • Its corporate name
  • Full name or name of the legal representative 
  • Its head office
  • Its email address
  • Its telephone number
  • Its password
  • Bank details (IBAN)

The Private Employer must fill in the following information: 

  • His/her name and surname 
  • Its postal address
  • Its email address
  • Its telephone number
  • Its password
  • Bank details (IBAN)

Then, if necessary, the Data Controller may collect other Personal Data that the Employer spontaneously communicates in the context of the use of the Application, and in particular :

  • Invoices
  • Transaction data

2.4. Data collected when exercising the rights referred to in Article 6

If necessary, UN EXTRA will collect, at the time of the exercise of the rights recalled in article 7 of the present Privacy Policy, the copy of the identity document of the User

Article 3 - Lawfulness and purposes of processing  

In conformity with the French and European regulation relating to the protection of the Personal Data, UN EXTRA collects or processes your Personal Data only insofar as this processing answers at least one of the following legitimate bases following:

  • This treatment is necessary to the execution of the social object of UN EXTRA but also to the execution of the contractual relation between UN EXTRA and the User,
  • This treatment is necessary to the respect of the various legal obligations to which UN EXTRA is subjected, and in particular the obligations of accounting, tax and social order,
  • This processing is necessary to protect the legitimate interests of UN EXTRA,
  • You have consented to this processing for the following purposes

UN EXTRA only keeps and stores your Personal Data for the time strictly necessary for these legitimate purposes.


Legal basis

Data categories

Categories of people


- Access, operation, use, customisation and improvement of the Platform

- Optimising the connection between Extras and Employers 

- Verification of identity 

- Account Management

- Management and prevention of disputes and litigation between Users

Execution of the contractual relationship between UN EXTRA and the Users 

- Identity data

- Contact details 

- Economic and financial information

- Extra

- Extra PRO

- Employer

Duration of the contractual relationship increased by 3 years

- Invoicing and payments

- Identity data

- Contact details 

- Economic and financial information

- Employer

10 years from the closing date of the accounting year in which the invoice was issued. 

- Recovery

- Identity data

- Contact details 

- Economic and financial information

- Employer

Until full payment of the amounts due


- Data analysis, auditing, and identification of usage trends


- Connection data

- User

13 months


- Business development and information on new products, news and events

Legitimate interest

- Identity data

- Contact details 

- Extra

- Extra PRO

- Employer

3 years

- Establishing contact with an authorised person and following up the contact

- Identity data

- Contact details 

- User

3 years


-Control and prevention of fraud, malware, and security incident management

Compliance with legal and regulatory obligations

- Connection data

- User

1 year


- Identity data

- Contact details 

- Economic and financial information

- Employer

10 years from the end of the accounting period.

-Respect for specific rights (Art.6)

- Identity data

- Contact details 

- User

1 year


Article 4 - Sharing of Data with third parties

Personal Data may be shared with third party companies to, among other things 

  • the hosting of the Website and the Application, 
  • back-office administration and database management,
  • financial transactions,
  • sending newsletters

UN EXTRA calls on the following service providers for this purpose:

  • Heroku
  • Google Cloud Platform
  • Google Cloud Function 
  • Firebase
  • Hasura Cloud
  • Mangopay

UN EXTRA commits itself, to verify that all its providers scrupulously respect the RGPD, by requiring from the latter that they provide sufficient guarantees demonstrating that the technical and organizational measures of security applicable as regards protection of personal data were taken.

In any event, service providers may only have strictly limited access to Personal Data strictly necessary for the performance of their services.

Your Personal Information may also be shared in the following cases: 

  • If required by law, UN EXTRA may transfer your Personal Data to pursue claims against us and to comply with administrative and judicial proceedings;
  • In the case of operation of merger, acquisition, transfer of assets or procedure of judicial recovery, UN EXTRA could be brought to transfer or share all or part of its assets, including the Data in personal matter. 

In the hypothesis that a transfer of Personal Data to a recipient situated in a country that is not situated on the territory of the EEA and that has not been the object of a decision of adequacy of the European Commission, UN EXTRA commits itself to take all the appropriate guarantees to assure the perfect lawfulness of it, assuring that the Users have opposable rights and ways of right against the recipient and to obtain the previous and specific consent of the User to the said transfer of Personal Data.

Article 5 - Security and confidentiality of your Data 

UN EXTRA guarantees to implement organisational, technical, software and physical digital security measures to protect Personal Data against alteration, destruction and unauthorised access. 

In spite of all these measures, UN EXTRA would like to draw your attention to the fact that the Internet is not a completely secure environment, so that it cannot guarantee you, 100%, the security of the transmission and storage of your data.

In this respect, UN EXTRA undertakes to notify the CNIL, as soon as possible, of any data violation likely to generate a risk for the rights and freedoms of physical persons.

For all details relating to the organizational, technical, software and physical measures that UN EXTRA has put in place to ensure the security and confidentiality of your data, you can contact us at the following email address

The Site and the Application are hosted by the company whose details are as follows  


11 rue Maison Dieu 75014 Paris

Article 6 - Implementation of your specific rights

In accordance with the regulations applicable to personal data, you have the following rights:

  • A right of accessto find out your personal data 
  • A right of rectificationto request an update of inaccurate information about you 
  • A right of objectionto refuse the use of your data 
  • A right to erasureto request the deletion of your personal data 
  • A right to limitation of processing of your data 
  • A right to portability of your data 
  • Access rights

The User has the possibility of obtaining from the Data Controller confirmation as to whether or not Personal Data concerning him/her are being processed and, when they are, access to said Personal Data, as well as the following information:

  • the purposes of the processing ;
  • categories of Personal Data;
  • the recipients or categories of recipients to whom the Personal Data have been or will be disclosed;
  • where possible, the intended period of retention of Personal Data or, where this is not possible, the criteria used to determine this period;
  • the existence of the right to request from the Data Controller the rectification or erasure of Personal Data, or a restriction on the processing of Personal Data, or the right to object to such processing;
  • the right to lodge a complaint with the personal data control authority (in France, the CNIL);
  • where Personal Data is not collected from the User, any available information as to its source;
  • the existence of automated decision-making, including profiling, and, at least in such cases, relevant information about the underlying logic and the significance and intended consequences of such processing for the User;

Where Personal Data is transferred to a third country or to an international organisation, the User has the right to be informed of the appropriate safeguards with respect to such transfer.

The Controller provides a copy of the Personal Data being processed.

The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the User or in case of a request for the transmission of the Personal Data on paper and/or physical media.

Where the User submits an application electronically, the information shall be provided in a commonly used electronic form, unless the User requests otherwise.

The User's right to obtain a copy of his or her Personal Data shall not infringe the rights and freedoms of others.

  • Rectification rights

The User has the possibility to obtain from the Data Controller, as soon as possible, the rectification of Personal Data concerning him/her that are inaccurate. He/she also has the possibility to obtain that incomplete Personal Data be completed, including by providing an additional declaration.

  • Erasure rights

The User has the right to obtain from the Data Controller the erasure, as soon as possible, of Personal Data concerning him/her when one of the following reasons applies

  • The Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed by the Controller;
  • The User has withdrawn his consent for the processing of his Personal Data and there is no other legal basis for the processing;
  • The User exercises his right to object under the conditions recalled below and there is no compelling legitimate reason for the processing;
  • The Personal Data has been processed unlawfully;
  • Personal Data must be deleted to comply with a legal obligation;
  • The Personal Data was collected from a child.
  • Limitation rights

The User has the possibility to obtain from the Data Controller the limitation of the processing of his/her Personal Data when one of the following reasons applies:

  • The Data Controller verifies the accuracy of the Personal Data following the User's challenge of the accuracy of the Personal Data;
  • The processing is unlawful and the User objects to the deletion of the Personal Data and demands instead the restriction of their use;
  • The Data Controller no longer needs the Personal Data for the purposes of the processing, but they are still necessary for the User to establish, exercise or defend legal claims;
  • The User has objected to the processing under the conditions recalled below and the Data Controller verifies whether the legitimate reasons pursued prevail over the alleged reasons.
  • Right to Data Portability

The User has the possibility to receive from the Data Controller the Personal Data concerning him/her, in a structured, commonly used and machine-readable format when :

  • The processing of Personal Data is based on consent, or on a contract;
  • The treatment is carried out using automated processes.

When the User exercises his right to portability, he has the right to obtain that the Personal Data be transmitted directly by the Controller to another controller that he will designate when technically possible.

The right to portability of the User's Personal Data must not infringe the rights and freedoms of others.

  • Right to object

The User may object at any time, for reasons relating to his/her particular situation, to the processing of his/her Personal Data based on the legitimate interests of the Controller. The latter will then no longer process the Personal Data, unless it can demonstrate that there are compelling and legitimate grounds for the processing which override the interests and rights and freedoms of the User, or may retain them for the establishment, exercise or defence of legal claims.

  • Post-mortem guidelines

The User has the possibility of communicating to the Data Controller directives regarding the conservation, deletion and communication of his/her Personal Data after his/her death, which directives may also be registered with " a certified digital trusted third party ". These guidelines, or "tedigital stament "If the User fails to do so, the User's heirs will be appointed.

In the absence of any directive, the heirs of the User may contact the Data Controller in order to :

- to access the processing of Personal Data allowing " the organisation and settlement of the deceased's estate " ;

- to receive communication of the " digital assets "or "data similar to family memories, which can be passed on to heirs";

- to close the User's Account on the Website and to oppose the further processing of his/her Personal Data.

  • How to exercise these rights

To exercise these rights, you can contact us at any time by e-mail at the following address

Or by post to the following address UN EXTRA 1163 Chemin de la Vallée ZI SAINT MITRE, 13400 AUBAGNE

For the purposes of asserting its specific rights under the conditions referred to above, the Data Controller may ask the data subject to provide proof of his or her identity by mentioning his or her surname, first name and e-mail address, and to accompany the request with a copy of a valid identity document, as well as any information or document likely to enable the data subject to be identified.

A reply will be sent to the User within a maximum of one month (1 month) from the date of receipt of the request.

If necessary, this period may be extended by two (2) months by the Data Controller, who will alert the User to this fact, taking into account the complexity and/or number of requests.

In the event that the User requests the deletion of his/her Personal Data and/or exercises his/her right to request the deletion of his/her Personal Data, the Data Controller may nevertheless keep the Personal Data in the form of an intermediate archive for the time necessary to meet its legal obligations, or for evidential purposes during the applicable limitation period.

The User may also lodge a complaint with the competent supervisory authority (in France, the CNIL).

Article 7 - Password security 

UN EXTRA takes all useful precautions to ensure the secure storage of the User's password to access his Account.

However, the security of this password also depends on its design by the User.

Article 8 - Consent   

By using the Site and the Application, you consent to this Privacy Policy. 

Article 9 - Updating of this Privacy Policy

UN EXTRA reserves the right to make changes to this Privacy Policy at any time. 

If a modification is made, UN EXTRA undertakes to publish the new version on the Internet Site.

If you do not agree with the new wording of the Privacy Policy, you may request the deletion of all of your Personal Information.