- Application: the CertiPhoto mobile application and its whole pages and screens.
- Service: providing certified pictures from an Android terminal.
- Product: the service that you can subscribe via an integrated in-app purchase.
- Publisher: the owner, creator and editor of the application, responsible for developing and publishing it.
- User: anyone using the application and/or purchasing product in the application.
- Store: the online download platform used by the Publisher to publish the application and used by the user to download the application.
Data Protection OfficerThe way CertiPhoto processes your personal information is subject to the EU General Data Protection Regulation ("GDPR"). The person in charge is Mr. Pascal Eric Mayani. He can be reached at firstname.lastname@example.org.
Nature of collected dataIn the course of using the Service, the Publisher collects the following categories of data about its Users:
- Identification data (e-mail address) and identity data (if the address corresponds by name);
- Connection data (IP addresses, event logs...);
- Location data (GPS, GSM, wifi...).
Databases containing these data are declared to the National Commission for Data Protection and Liberties (CNIL, France), file number 1956075.
Legal bases for processing personal dataWhere the Service process special categories of data, such as data relating to your location, this will be done on the basis of either:
- Your explicit consent;
- Compliance with our legal and regulatory obligations.
Communication of personal data to third partiesYour data will not be communicated to third parties, even if the Publisher takes part in a merger operation, acquisition or any other form of sale. However, you are informed that they may be disclosed under a law, regulation or a decision from a judicial authority.
Accessing, rectifying and opposing rightsYou can ask the Publisher to rectify or erase your personal data, or limit the processing of these data, or signify your opposition to any processing about them. However, in such a case, you will have to instantly give up the use of the Service.
Credentials collectionUse of the Service requires registration without prior identification. Hence you don't have to communicate any personal data like first name, last name, address, etc. You're allowed to use a nickname, even if it's best to use an email address that reflects your true identity for probity issues of digital pictures certificates.
GeolocationThe Service collects and processes your geolocation data to produce digital evidence with the highest possible accuracy. In accordance with your right of opposition, you have the possibility, at any time, to disable the geolocation feature directly on your Android device. In this case your pictures will not be geolocated.
Device data collectionSome of the technical data of your device are collected automatically by the Service, such as the IP address, the Internet access provider, the mobile carrier provider, the hardware and software configuration of the terminal, etc... This data collection is necessary to give the certificates their probative legal value.
Technical data shelf lifeThe technical data, as well as the photographs related to it, are kept by default over a period of three years.
Retention timelines for personal data and anonymisation
Retention of data for the duration of the contractual relationshipIn accordance with the French law number 78-17 of 6 January 1978 relating to data processing, files and freedoms, the personal data which are the subject of a processing operation shall not be kept beyond the the time required to fulfill the obligations defined at the conclusion of the contract or the duration predefined contract relationship.
Retention of anonymous data beyond the contractual relationship and / or after the deletion of the AccountYour personal data are kept for the period strictly necessary for the achievement of the purposes of the Service. Beyond this period, they will be anonymised and kept for exclusively statistical and will not give rise to any exploitation of any kind.
Deleting the dataPurge means are provided and available for the effective removal of all your personal data. These means will be used when deleting your account, or when the length of storage or archiving necessary for the fulfillment of the specified purposes is reached.
Deleting a User Account
Deleting the account on demandThe User has the possibility to delete his account and all related data, including all his photographs, at any time by simple request to the support.
Deleting the account in case of violation of Terms of ServiceIn case of violation of one or more provisions of the Terms of Service or any other document incorporated therein by reference, the Publisher reserves the right to restrict or terminate without any prior warning and in its sole discretion, your use and access to the Service.
Indications of security breach detected by the Publisher
User informationThe Publisher undertakes to implement all appropriate technical and organizational measures to guarantee a level of security adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data.
In the event that it becomes aware of an illegal access to personal data you stored on the servers of CertiPhoto, or unauthorized access having for consequence of the risks identified above, the Publisher undertakes to:
- Notify you of the incident as soon as possible;
- Examine the causes of the incident and inform you;
- Take the necessary measures within reasonable limits in order to lessen the negative and harm that may result from such an incident