Personal Data Protection Policy

This privacy policy (the “Policy”) applies from May 25, 2018 and incorporates the legal and regulatory updates to which KissKissBankBank & Co (the “Company”) is subject.

1. Changes to the policy

The Company reserves the right to make changes to this Policy and in particular in the context of legal or regulatory updates which are imposed on it. The Company undertakes to inform its users by email of any modification made to this Policy and to communicate on the date on which it will come into force.

2. Purpose of the Policy

The purpose of this Policy is to describe the nature of the personal data that the Company collects from its users. The Policy also details under what circumstances the data collected may be shared and the rights enjoyed by users in this context. Any capitalized term not defined in this Policy has the definition given to it in the General Conditions of Use.

3. Type of data collected

As part of the existing contractual relationship between users of the Site and the Company, the following personal data may be collected:

  • The information necessary to open a user account on the Site (in particular surname, first name, email, postal address) and certain optional information (including location)
  • The information necessary to verify the identity of the Project Holder during a Collection launched on the Site (identity card, proof of address and bank account statement)
  • Certain information relating to transactions carried out on the Site such as the country of the transaction and its status (success or failure). The Company does not keep data relating to the means of payment used to carry out transactions on the Site with the exception of the first four numbers of the bank card, its expiration date, the type of card and the country of origin
  • Information relating to user activity on the Site (IP address)
  • The email address associated with the Facebook account when the user chooses to connect via Facebook. The Company will never post any information on the Facebook interface of its users.

4. Purpose of the collection of personal data

The personal data collected are subject to processing for which the manager is KissKissBankBank & Co, in accordance with the regulations relating to the protection of personal data (and in particular Regulation (EU) 2016/679 of April 27, 2016 known as Regulation General on Data Protection). More specifically and in order to create an account on the Site and for the purposes of using the services offered by the Company, certain data must be collected and processed. This includes :

  • The processing of personal data for the execution of the intermediation mission in crowdfunding of the Company and the management of customers and prospects (Project Developer or KissBankers). Customer data will be kept as such for the duration of the contractual relationship
  • Fulfillment of contractual, legal or regulatory obligations, such as the fight against money laundering and terrorist financing
  • The protection of the legitimate interest of the Company in particular in the context of the fight against fraud and cybercrime and kept as such for a period of 3 years
  • Improvement of the commercial relationship or for the purposes of commercial prospecting by electronic means or by telephone subject to the client's consent (only after express authorization to receive the Company's newsletter), and kept as such for a period of 1 year from the end of the commercial relationship.

In addition, the Company collects from its subsidiaries and its parent company (where express consent has been given) the customer's personal data and information relating to the products he has subscribed to them. The Company may also, within the framework of its legal and regulatory obligations, collect personal data from administrations and public authorities (INSEE, Banque de France, Tax administration, etc.).

They are intended for the Company and may be communicated to the companies of the group to which it belongs and to its subcontractors or partners for the processing and purposes mentioned above. They may also be communicated to any authorized administrative or judicial authority or more generally to any authorized third party, in order to comply with its legal or regulatory obligations.

All of this data may be kept beyond the specified periods, in compliance with the applicable statutory limitation periods.

The personal data collected are mandatory for the subscription to the offers of the Company. Otherwise, registration for services and use of the Site cannot be processed and the customer is liable to refusal.

5. Automated processing

The Company can make decisions, including by profiling, concerning the client. These decisions are taken after interrogation of the regulatory files (Banque de France file for our crowdfunding intermediation mission), after analysis of the client's risk profile and the supporting documents provided. Depending on the case, these decisions may result in the refusal of access to a product or service.

6. Sharing of information

When the user account is created, the Company creates a personalized and nominative page for each of them, which contains its information relating to the projects supported, the projects carried, the place of residence (if this is completed) and its pseudonym.

The following information is never made public:

  • The password
  • IP address
  • Telephone number
  • Date of birth and identification information (for Project Developers)
  • Communications sent directly to the Company.

Certain information is shared with the Project Leaders when a KissBanker contributes to a Project. Project Developers have the obligation to keep confidential the information transferred to them in this context. Only information strictly necessary for the return of counterparties is shared. Project Developers are prohibited from asking KissBankers for information not necessary for the return of counterparties. If such a request arises, the KissBanker can make a complaint to the Company at the following address: rgpd@kisskissbankbank.com.

Certain information is also shared with the payment service provider (the “PSP”) chosen by the Company to manage transactions made through the Site. The information is then collected and processed by the PSP according to the terms and conditions which govern its general conditions of use.

7. Transfers of personal data outside the European Union

Any data transfers made to countries outside the European Union are carried out in accordance with the specific rules which ensure the protection and security of personal data. When payment transactions are made with the payment service provider chosen by the Company, customer personal data may be transferred to countries outside the European Union, to allow the settlement of the transaction or to combat money laundering or the financing of terrorism (EU Regulation 2015/847).

8. Specific case of minors

Minors under the age of 16 are not allowed to register on the Site. In the event that a minor under the age of 16 wishes to make Donations or Contributions, he may do so through a parent or adult guardian registered on the Site.

9. Exercise of the rights of contributors

The customer has a right of access, rectification, erasure, opposition and limitation of processing. He can make a portability request for the data he has provided and which are necessary for the contract or the processing of which he has consented. He can withdraw his consent at any time when it has been previously given. He can also give instructions relating to the storage, erasure and communication of his data after his death. He can exercise these rights by specifying his surname, first name, postal address and by attaching a double-sided copy of his identity document, by sending an email to the following address: rgpd@kisskissbankbank.com.

The customer can also contact the Data Protection Officer of La Banque Postale - 115, rue de Sèvres - 75275 Paris Cedex 06.

In the event of difficulty in connection with the management of his personal data, the client has the right to lodge a complaint with the National Commission for Data Protection (CNIL).