Privacy Policy - CertiPhoto


Definitions

  • Application: the CertiPhoto mobile application and its whole pages and screens.
  • Service: providing certified pictures from an Android terminal.
  • Product: the service that you can subscribe via an integrated in-app purchase.
  • Publisher: the owner, creator and editor of the application, responsible for developing and publishing it.
  • User: anyone using the application and/or purchasing product in the application.
  • Store: the online download platform used by the Publisher to publish the application and used by the user to download the application.

Data Protection Officer

The way CertiPhoto processes your personal information is subject to the EU General Data Protection Regulation ("GDPR"). The person in charge is Mr. Pascal Eric Mayani. He can be reached at privacy@certi.photo.


Nature of collected data

In the course of using the Service, the Publisher collects the following categories of data about its Users:

  • Identification data (e-mail address) and identity data (if the address corresponds by name);
  • Connection data (IP addresses, event logs...);
  • Location data (GPS, GSM, wifi...).

Databases containing these data are declared to the National Commission for Data Protection and Liberties (CNIL, France), file number 1956075.


Legal bases for processing personal data

Where the Service process special categories of data, such as data relating to your location, this will be done on the basis of either:

  • Your explicit consent;
  • Compliance with our legal and regulatory obligations.


Communication of personal data to third parties

Your data will not be communicated to third parties, even if the Publisher takes part in a merger operation, acquisition or any other form of sale. However, you are informed that they may be disclosed under a law, regulation or a decision from a judicial authority.


Accessing, rectifying and opposing rights

You can ask the Publisher to rectify or erase your personal data, or limit the processing of these data, or signify your opposition to any processing about them. However, in such a case, you will have to instantly give up the use of the Service.


Credentials collection

Use of the Service requires registration without prior identification. Hence you don't have to communicate any personal data like first name, last name, address, etc. You're allowed to use a nickname, even if it's best to use an email address that reflects your true identity for probity issues of digital pictures certificates.


Geolocation

The Service collects and processes your geolocation data to produce digital evidence with the highest possible accuracy. In accordance with your right of opposition, you have the possibility, at any time, to disable the geolocation feature directly on your Android device. In this case your pictures will not be geolocated.


Device data collection

Some of the technical data of your device are collected automatically by the Service, such as the IP address, the Internet access provider, the mobile carrier provider, the hardware and software configuration of the terminal, etc... This data collection is necessary to give the certificates their probative legal value.


Technical data shelf life

The technical data, as well as the photographs related to it, are kept by default over a period of three years.


Retention timelines for personal data and anonymisation


Retention of data for the duration of the contractual relationship

In accordance with the French law number 78-17 of 6 January 1978 relating to data processing, files and freedoms, the personal data which are the subject of a processing operation shall not be kept beyond the the time required to fulfill the obligations defined at the conclusion of the contract or the duration predefined contract relationship.


Retention of anonymous data beyond the contractual relationship and / or after the deletion of the Account

Your personal data are kept for the period strictly necessary for the achievement of the purposes of the Service. Beyond this period, they will be anonymised and kept for exclusively statistical and will not give rise to any exploitation of any kind.


Deleting the data

Purge means are provided and available for the effective removal of all your personal data. These means will be used when deleting your account, or when the length of storage or archiving necessary for the fulfillment of the specified purposes is reached.


Deleting a User Account


Deleting the account on demand

The User has the possibility to delete his account and all related data, including all his photographs, at any time by simple request to the support.


Deleting the account in case of violation of Terms of Service

In case of violation of one or more provisions of the Terms of Service or any other document incorporated therein by reference, the Publisher reserves the right to restrict or terminate without any prior warning and in its sole discretion, your use and access to the Service.


Indications of security breach detected by the Publisher


User information

The Publisher undertakes to implement all appropriate technical and organizational measures to guarantee a level of security adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data.
In the event that it becomes aware of an illegal access to personal data you stored on the servers of CertiPhoto, or unauthorized access having for consequence of the risks identified above, the Publisher undertakes to:

  • Notify you of the incident as soon as possible;
  • Examine the causes of the incident and inform you;
  • Take the necessary measures within reasonable limits in order to lessen the negative and harm that may result from such an incident

Limitation of liability

The commitments defined in the above point relating to the notification in the event of a security breach may be treated as any acknowledgment of fault or responsibility for the occurrence of the incident in question.


Transfer of personal data abroad

The Publisher undertakes not to transfer the personal data of its Users outside the EU.


Privacy policy update

The Publisher agrees not to lower the level of confidentiality of your data without informing you and obtaining your consent.


Personal data portability

The Publisher undertakes to offer you the possibility of having you return all the data concerning you on simple request. This data will be provided in text / ASCII format, an open and easily reusable format.