Introduction

Your personal data is important to us. We consider that the protection of personal data is a fundamental part of our activities. As a consequence, the personal data that we collect is protected and processed with the utmost care, in strict compliance with applicable statutory rules and in particular the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”).
This Privacy Policy is intended for persons outside our organisation with whom we interact, including visitors to our website (hereinafter referred to as the “Website”), prospects, customers, partners or job applicants (jointly, “you”).
The goal of this Privacy Policy is to inform you of :

  • The categories of personal data we collect and process;
  • The manner and purposes for which we collect and process your personal data;
  • The legal basis under which your personal data is processed;
  • The partners with whom we may share your personal data;
  • Your rights and obligations in relation to such processing.

Data controller:

HiPay simplified joint-stock company, registered with the Nanterre Trade and Companies Register under the number 390 334 225, having its registered office at 94 rue de Villiers, 92300 Levallois-Perret, France (hereinafter referred to as “HiPay” or “we”, “us”).

Purposes:

We collect and process personal data via our Website for the purposes of managing the Website, including the following processing purposes:

  • Management of business development;
  • Relationship management with customers, suppliers and partners;
  • Producing statistics on audience measurements and analysis of browsing on the Website;
  • Management of job applications and careers;
  • Management of requests received through the contact form.

Legal basis for processing:

We only collect and process your personal data if we are legally authorised to do so. The legal basis for processing your personal data include your consent (when you have given your consent for your data to be processed), the contract (when data processing is necessary for the performance of a contract between HiPay and you), compliance with a legal obligation and the “legitimate interests” of HiPay.

Categories of personal data processed:

As a data controller, HiPay collects and processes the following data for the purposes described below:

Processing Purpose Categories of personal data processed Basis for processing
Business Development Management Last name, first name, company name, address, telephone number, email address, position held within the company, data relating to the business development actions carried out. The processing is necessary for the implementation of actions prior to entering into a contract with you or your organisation, or because we have a legitimate interest in the processing in order to contact you.
Relationship management with customers, suppliers and partners Last name, first name, company name, address, telephone number, email address, position held within the company, contact management data (time stamp and purpose of the request, monitoring, follow-up, statistics); The processing is necessary for the performance of the contract between us or for the implementation of actions prior to entering into a contract with you or your organisation, or because we have a legitimate interest in the processing in order to contact you.
Website Management and Page Hit implementation Data relating to browsing (time stamp, user IP address, technical data relating to the equipment and browser used by users) and digital platforms via share and media buttons and other cookie information (as authorised by you) We have a legitimate interest in the processing in order to allow you to access the Website and to compile audience statistics when you have given us your consent.
Recruitment Management Last name, first name, email address, telephone number, current position, level of experience, field of activity, interview report and, in general, all personal data on your CV, cover letter or any other document to which you give us access in the context of your application. We have a legitimate interest in the processing in order to process the applications we receive and to hire suitable candidates.
Request through Contact Form Management Last name, first name, email address, telephone number, company, position held, subject and content of your message. We have a legitimate interest in the processing of your data in order to be able to process your request and contact you again.

Mandatory or optional nature of the data collection for the management of your request:

The data collected (particularly by cookies) during browsing for page views and the use of on-line services is optional and is subject to your consent. Data whose collection is mandatory for other purposes is indicated by a star on the relevant form.

Automated decision-making:

We do not implement automated decision-making.

Data Source (when data other than that provided through the on-line service is used to process your request):

  • Trade and Companies Register for the identity of legal representatives;
  • Register of beneficial owners for the identity of legal representatives;
  • HIPAY service providers as part of the implementation of KYC (Know Your Customer).

Categories of data subjects:

Users of the Website (visitors, customers, partners, suppliers, candidates).

Data recipients:

HiPay guarantees the confidentiality of your personal data. The personal data that we collect is intended for us in our capacity as data controller. It may be communicated to the recipients below for the purposes set out in this Privacy Policy. These operations are carried out according to agreements in line with applicable regulations. These agreements are in place to ensure that your rights are protected and complied with.
As a consequence, and in line with the above, we communicate all or part of the data to the following recipients:

  • HiPay personnel in charge of the content and technical administration of the Website;
  • HiPay personnel in charge of processing requests received through the contact forms;
  • HiPay personnel in charge of career management;
  • HiPay personnel in charge of the security of information systems;
  • Technical service providers responsible for the maintenance or management of the Website. These service providers must at all times guarantee high levels of security in relation to your personal data and are bound, where applicable, by an agreement under which they are required to protect the confidentiality and security of your personal data, and to process it only in accordance with HiPay’s instructions;
  • In the event of a merger or acquisition of HiPay, in whole or in part, by another company or if HiPay were to sell or transfer all or part of its activities, the purchaser would have access to the information collected by HiPay, including personal data, subject to applicable laws. Likewise, personal data may be transferred as part of a corporate restructuring, insolvency proceedings or any other similar event, if and as permitted by applicable law;
  • When obliged by law, we may transmit your data to legal authorities for them to comply with their legal, regulatory or contractual obligations.

In all cases, HiPay will make every effort to ensure the confidentiality and security of personal data when communicated to the aforementioned authorities.

Data transfers outside the EU:

We do not transfer data transfers outside the European Economic Area (EEA). However, if this were to happen, we will put in place contractual mechanisms and binding legal processes to legally transfer personal data beyond the borders of the EEA zone in accordance with the GDPR.

Data retention period:

The retention periods we apply to your personal data are limited and proportionate to the purposes for which it was collected. The retention period of personal data by our services is variable and determined by various criteria, including:

  • the purpose for which we use it: we store the data for the period necessary to fulfil the purpose of the processing; and
  • legal obligations: laws or regulations may set a minimum period for which we have to keep personal data.

We organise our data retention policy based on these criteria and are available to answer any questions you may have. For example, we retain the following data for the periods indicated below:

  • The data collected via the on-line forms is kept for a maximum period of three years from the last contact.
  • The data necessary for the production of audience statistics and use of on-line services is stored in a format that does not allow the identification of individuals by their IP address, and includes an identifier (relating to the cookie) stored for a maximum period of thirteen months unless the data subject objects.
  • In addition, your data is kept until you request its deletion. In the event of a request for deletion, all your data will be permanently deleted within thirty (30) days of your request, to the extent permitted by the regulations in force.

Security measures:

We implement all the security measures required to ensure the security of the data we collect. Security measures shall be implemented in accordance with HiPay’s information systems security policy.
In addition, we ask our service providers and subcontractors who may have access to personal data, to implement appropriate technical and organisational security measures with regard to such data.
Furthermore, HiPay employees who have access to your personal data in the course of their duties are bound by strict confidentiality obligations.

However, while we strive to use reasonably acceptable means to protect your personal data, we cannot guarantee its absolute security or confidentiality, but we guarantee that we make all reasonable efforts to avoid any misuse or loss.

How can you exercise your rights?

In accordance with the applicable regulations, you have the following rights over your personal data:
Your right to information – This Privacy Policy informs you of the identity of the data controller, the purposes and legal basis under which your data is processed, the retention period of your data and the recipients or categories of recipients with whom your personal data is shared, as well as of your rights. If we decide to process data for purposes other than those indicated, all information relating to these new purposes will be communicated to you.
Your right to access and correct your data – You have the right to access your personal data. You may also request that your personal data be corrected or supplemented, as the case may be, if it is inaccurate, incomplete, ambiguous or out of date.
Your right to delete your data – You may ask us to delete your personal data in the cases defined by law.
Your right to restrict the processing of your data – You may request the restriction of the processing of your personal data in the cases provided for by law.
Your right to object to the processing of your data – You have the right to object to the processing of your personal data for reasons relating to your own situation. Nevertheless, it will not be possible to exercise this right when there are legitimate and compelling reasons for the processing of your data under applicable law or regulations, including, for example, for the establishment, exercise or defence of legal claims.
Your right to portability of your data – You have the right to portability of your personal data. As such, and in the cases provided for by law, you may ask us to transfer your data to another organisation or to communicate it to you.
Your right to withdraw your consent – When the data processing we implement is based on your consent, you may withdraw it at any time. We will then stop processing your personal data, it being specified that this will not apply retroactively.
Your right to appeal – You have the right to lodge a complaint with the CNIL, or with any other supervisory authority, without prejudice to any other administrative or judicial appeal.
Your right to define post-mortem guidelines – You have the possibility to define guidelines relating to the retention, deletion and communication of your personal data after your death with a trusted third party, certified and responsible for enforcing the will of the deceased in accordance with the requirements of the applicable legal framework.

HiPay’s Data Protection Officer (DPO) is your contact person for any request to exercise your rights.
You can contact our DPO electronically: [email protected]
You can also contact our DPO by post: HIPAY – Data Protection Officer (DPO), 94 rue de Villiers, 92300 LEVALLOIS-PERRET, France.

Management of cookies and other trackers:

We may process your personal data using cookies technology or other trackers, in accordance with our Cookies Management Policy, which is available at this address: https://hipay.com/en/cookies-3.

Updates

We may amend this Privacy Policy to reflect changes to the various regulations and practices in force.
Any changes we make to our Privacy Policy will be posted directly on this page of our Website. In order to ensure that you have the latest version at all times, we invite you to consult it on-line.
If we have made any changes to this Privacy Policy that substantially affect how we use your personal data, we will contact you by any means of communication to inform you.