Last edited: August 31st, 2023
Scope and definitions
This policy applies to:
Together, a simplified joint stock company with a share capital of 1,104.86 euros, registered in the Paris Trade and Companies Register under number 914 451 232, whose registered office is located 128 rue La Boétie - 75008 Paris, in the person of its President, LS Ventures SAS;
Hereinafter referred to as "Together";
And the User of the services developed by Together;
Hereinafter referred to as "the User";
Hereinafter referred to together as "the Parties".
Together is the publisher of a website (the "Website") accessible at https://together.do, and a web application (the "App") accessible at https://app.together.do. Both are intended at brands owners who seek to reduce their customers acquisition costs, improve their brand awareness, or develop their online communities through clever partnerships with fellow brands.
Together wants to establish a relationship of trust with its users to become the key partner of their co-marketing efforts. To this respect, protection of Personal Data collected for the purposes of its business is of particular importance to Together.
Together is subject to the provisions of the current regulations relative to the protection of personal data and, in particular, the French Data Protection Act, in its current version on the date hereof and the EU Regulation 2016/679 of 27 April 2016, known as the "GDPR".
In doing so, Together offers its services within a secure and clear legal framework, after implementing a Personal Data security approach to minimize the risk of data breach and, in the event of an incident, provide an effective and timely response.
Article 1 - Purpose
Article 2 - Awareness and acknowledgement of the user
By using or benefiting from the App or the Website, the duly authorized User acknowledges having read this Policy as well as the Terms of Service, having fully understood and accepted its content.
In order to meet its legal obligations in terms of Data protection and to provide with secure and efficient services, Together reserves the right to make changes to this Policy at its discretion, in particular to ensure compliance with applicable law.
Article 4 - Data Protection Officer (DPO)
Together has appointed Mr. Leonard Sellem as the Data Protection Officer (DPO). He can be contacted for any question:
- By email, at the following address: email@example.com
- By post, at the following address: Together SAS - 15/17 rue Scribe - 75009 Paris - FRANCE
In the absence of a satisfactory response from us, you may contact the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés ("CNIL"), located at 3 Place de Fontenoy - TSA 80715 - 75334 Paris CEDEX 07.
Article 5 - Personal Data Collected and Processed
Data processed is strictly limited to what is necessary in relation to the purposes for which they are processed.
Users' Data is processed with their consent, which they may withdraw at any time, or, when necessary, to (i) provide them with the subscribed services or demos; (ii) answer their questions; (iii) comply with the legal obligation we are subject to; (iv) in our legitimate interests, to ensure the security and proper functioning of the Site or to communicate our offers to them by e-mail as part of our BtoB relationship. If they no longer wish to receive our communications, they can click on the unsubscribe link provided at the end of our e-mails to this effect, or by writing us at the following address : firstname.lastname@example.org.
Together collects and processes data from its Website users when they decide to fill in our contact form. They are asked to use their professional details (email) to reduce the amount of personal data collected. However, we do collect, store and process data that is intrinsically of personal nature, as their name. We store this data 3 years to be able to respond to our user's requests.
Together collects and processes data from its App users mainly to comply with the contractual and legal obligations they are subject to, in the context of a B2B commercial relationship. For this reason, we store their data for an unlimited time. If they wish us to delete it, we will proceed as far as we legally can. We need to keep track of the service we provided and the financial flows related to it.
5.2. Personal Data Security
The technical resources implemented to protect Personal Data are the following:
- Encryption of data at rest;
- SSL encryption of all incoming and outgoing communications in the database;
- Systematic access control within the application.
Control mechanisms are simultaneously implemented in the process of developing and providing services:
- Systematic code review including security elements to be verified
- Regular review of access controls within the infrastructure hosting the services
5.3. Transmission of Data to third parties
Users' Data is not transferred outside European Union. However, should this happen, only authorized service providers will receive Data, with the implementation of appropriate safeguards. Please note that Users' Data may be transferred to third parties who are legally entitled to access it upon specific request, in certain cases provided for by law: judicial authority, administrative authority, etc. Users' Data may also be communicated to third parties if this is necessary to protect and/or defend our rights, to enforce compliance with these provisions.
Article 6 - User's rights
To exercise your rights as listed below, you must contact the DPO at one of the addresses listed in Article 4 and provide him with any useful information to clearly identify you.
More specifically, you must provide proof of your identity, your email address and, if need be, the reference of your user account.
We will reply to requests to exercise your rights by email to the address provided in your request as soon as possible and, in any event, within the legal deadlines.
Any request that is abusive or unfounded with regard to laws and regulations may be rejected.
In accordance with the Regulations, in particular articles 15 to 22 of the RGPD, you benefit from the following rights concerning the processing of your Data, within the legal limits:
- Right of information: to obtain information on the conditions of processing (recipients, purposes, categories of data, etc.);
- Right of access: to obtain confirmation as to whether or not your Data concerning are being processed, and, where that is the case, to obtain information on your Data and a copy of your Data;
- Right to rectification: to correct or update your Data when they are inaccurate or incomplete;
- Right to erasure: to request the deletion of one's Data;
- Right to restriction of processing: to request not to process all or part of the Data temporarily, without requesting their deletion;
- Right to data portability: to receive your Data in a structured, commonly used and machine-readable format and to be able to easily transmit them to a third party;
- Right to object: to object to processing for reasons related to your particular situation, or to withdraw your consent for processing based on this legal basis;
- Right to define specific guidelines for the processing of your post-mortem Data.