Privacy and Personal Data Protection Policy

Effective 2024-01-28

In the event of differences in translation or interpretation between the different versions, the French version shall prevail.

Legal Notice

Yesan, a simplified joint stock company with capital of 10,000.00 euros, headquartered at 231 rue Saint-Honoré, 75001 Paris, France, registered with the Paris Trade and Companies Registry under number 982198897 (hereinafter “the Company”) publishes the website yesan.finance (“the Site”), the Yesan application (“the Application”) and related services (“the Services”). The publishing director is Vincent Bonestève. To contact us, by email: support@yesan.info or by post: Yesan SAS, 231 rue Saint-Honoré, 75001 Paris, France.

The Company respects the privacy of its Users’ data in accordance with the French Data Protection Act no. 78-17 of January 6, 1978, as amended, and the General Data Protection Regulation applicable in France since May 25, 2018 (“RGPD”). For more information, you can consult our Privacy and Personal Data Protection Policy on the Site or in the Application. To contact our Data Protection Officer (DPO), by email: dpo@yesan.info and by post: Yesan SAS, DPO, 231 rue Saint-Honoré, 75001 Paris, France

Our Services and the data required to provide them are hosted by: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg & OVH SAS 2 rue Kellermann – 59100 Roubaix – France

 

Privacy and Personal Data Protection Policy

Yesan attaches particular importance to protecting your privacy and safeguarding your personal data. Personal data is defined as “any data relating to a natural person and likely to contribute to the identification of the latter, whether directly or indirectly, and whether such data is confidential or public (“Personal Data”)”.

The purpose of this document is to provide you (“the User”) with detailed information concerning the collection and protection of your personal data collected during your use of the services (“the Services”) of the website yesan.finance (“the Site”) or the Yesan application (“the Application”) published by Yesan SAS (“the Company”).

1. Data controller

Yesan SAS, a simplified joint stock company with capital of 10,000.00 euros, headquartered at 231 rue Saint-Honoré, 75001 Paris, France, registered with the Paris Trade and Companies Registry under number 982198897 (hereinafter “the Company”) is responsible for processing personal data and undertakes to comply with, on the one hand, Law no. 78-17 of January 6, 1978 relating to information technology, files and freedoms, known as the “Informatique et Libertés” Law, as amended by the Law of August 6, 2004, and on the other hand, European Regulation EU/2016/679 (“RGPD”).

The user may obtain communication of personal data concerning him or her, where appropriate to require rectification and to object, on legitimate grounds, to their being processed or used for purposes other than those cited in this document.

To contact our Data Protection Officer (DPO), please send an e-mail to: dpo@yesan.info or write to: Yesan SAS, DPO, 231 rue Saint-Honoré, 75001 Paris, France.

2. Consent

By using the Site and/or the Application, the User accepts the Company’s Confidentiality and Personal Data Protection Policy (also referred to as the Privacy Policy), and consents to the fact that certain data may be collected in accordance with the terms and principles described below.

3. Collection

The Company may collect information concerning the User at various times:

• When entering personal information to create an Account;
• When browsing the Site via Cookies;
• When using the Application.

The Company may collect and process the following personal data:

• Identification data: in particular surname, first name, e-mail address, terminal identifier, user identifier, registration date, country;
• Connection data: including IP address, logs, types and versions of Internet browsers used, encrypted passwords, session tokens;
• Site and Application usage and analytical data: in particular, the duration of consultation of certain Site pages / Application screens, interactions with the Site page / Application screen;
• Site and Application diagnostic data: including crash or error reports;
• Historical data: including purchase history on the Site or Application;
• Financial data: including investments in shares, digital assets, real estate, and any other assets, liabilities, account balances, investment balances, transaction details.

4. Cookies

4.1 Definition of a cookie

A cookie is a small text file that is placed or stored on the terminal (computer, tablet or mobile device) when the User visits the Site or Application. The cookie enables a site to recognize the User, to help the User navigate from page to page on the Site or Application, provides secure connections and remembers preferences for future visits.

The length of time a cookie is kept varies according to the type of cookie used.

4.2 Types of cookies used

Technical and functional cookies are necessary for the proper functioning of the Site and the Application and to provide the User with the Company’s Services. They are used throughout browsing, in order to facilitate and execute certain functions.

Social network Cookies enable content on the Site and Application to be shared on social networks. These Cookies may also be used to track Users’ browsing on the Site and Application. The Company invites the User to consult the privacy protection policies of the social networks from which these Cookies originate, to learn about the purposes for which the browsing information they may collect through these Cookies is used, and how to exercise their rights with these social networks.

Audience measurement and diagnostic cookies, also known as “analytical cookies”, enable the Company to measure the number of visits, the number of pages viewed and User activity. Audience measurement Cookies are used to generate statistics on the number of visitors to and browsing of our Site and Application, in order to improve performance. Cookies are also used to identify browsing problems and, ultimately, to resolve them.

4.3 Consent

Some cookies do not require your consent:

• Technical and functional Cookies which are necessary for the operation of the Site and the Application;
• Certain audience measurement and diagnostic cookies.

All other cookies require your consent. These include social networking cookies and certain audience measurement cookies. The User may freely choose to accept or refuse the use of these Cookies.

The User is free to withdraw his or her consent and, more generally, to modify his or her preferences at any time, via the Cookies banner that appears in the bottom right-hand corner of your browser.

Cookie deactivation via the main browsers :

• Google Chrome: https://support.google.com/accounts/answer/61416
• Apple Safari: https://support.apple.com/guide/safari/sfri11471/mac
• Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
• Microsoft Edge: https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

5. Purpose and retention period

The following purposes are specified:

• Provision of Services. Contract performance. Operations relating to the management of customers, contracts, invoices, customer relations, necessary for the execution of the Contract between the Company and the User;
• Creation of a file of Users and prospects, Sending of newsletters, solicitations and promotional messages, for customers in the legitimate interest of the Company to develop and promote its business; for prospects on the basis of their consent;
• Compilation of internal statistics on Users and their use of the Services, in the legitimate interest of the Company to improve its Services;
• Responding to requests for information and complaints (by email, Application Stores or on social networks), in the Company’s legitimate interest in responding to Users’ requests;
• Management of requests to exercise RGPD rights, in compliance with the Company’s legal and regulatory obligations.

Data is kept for the lifetime of the account and the contractual relationship with the User when at least one of the latter exists. Data is kept for the length of time required for the purpose for which it was collected.

6. Recipients of data

Recipients with access to personal data are :

• Company staff;
• The Company’s subcontractors: in particular, hosting service providers, platform analysis and administration service providers, bug management service providers, newsletter sending service providers, product launch service providers, audience measurement service providers, customer request management service providers, bank account aggregators.

However, insofar as, for example, some of the Company’s service providers are located in countries outside the European Union (“third countries”), the Company may transfer some of the personal data to third countries.

This may in particular be the case for third countries for which the European Commission has not issued an “adequate protection” decision. In such a case, the Company will ensure that the transfer complies with applicable regulations and guarantees a sufficient level of protection for the privacy and fundamental rights of individuals (in particular through the European Commission’s standard contractual clauses).

7. Security

The Company has implemented reasonable technical and organizational measures to ensure security and protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

The Site or the Application may contain links to third-party websites. The Company is not responsible for the content of such sites, nor for the privacy standards and practices of such third parties. The Company recommends that the User reads and understands the relevant privacy policies of such third parties and their websites before accepting their cookies and consulting their site in order to ensure that personal data is sufficiently protected.

8. User rights

The User has the following rights with regard to his/her personal data:

Right to information: the purpose of this document (Articles 13 and 14 of the RGPD);

Right of access: the right to access his/her data being processed (Article 15 of the RGPD);

Right of rectification: right to obtain rectification of inaccurate data or completion of incomplete data (Article 16 of the RGPD);

Right to erasure: right to obtain the erasure of one’s data, in the cases provided for after deletion of the Account (Article 17 of the RGPD) ;

Right to limitation: right to obtain the limitation of the processing of personal data in certain defined cases (Article 18 of the RGPD) ;

Right to portability: right to portability of one’s data (Article 20 of the RGPD) ;

Right to object: right to object to the processing of personal data (Article 21 of the RGPD). Processing may be maintained despite this opposition, for legitimate reasons or the defense of legal rights ;

Right to withdraw your consent at any time: right to withdraw consent at any time, without calling into question the processing implemented up to that point and subject to the withdrawal of consent contravening the use of the Services in progress (Article 7 of the RGPD) ;

Right to define directives relating to the retention, deletion and communication of personal data after your death (Article 40-1 of the French Data Protection Act);

Right to lodge a complaint with a competent supervisory authority: right to lodge a complaint with the CNIL (Article 13 of the RGPD).

The User may exercise these rights by writing to the Company at the contact details mentioned in the “Data Controller” article herein.

The Company has a maximum response time of one (1) month from the date of receipt of the request. If the request cannot be met immediately, a dated acknowledgement of receipt will be sent. If the request is incomplete, the Company is entitled to ask for further information: the time limit is then suspended and will run again once this information has been provided.

In the event of a complaint, the User may submit a claim to the Commission Nationale de l’Informatique et des Libertés (CNIL): Commission Nationale de l’Informatique et des Libertés, 3 Place de Fontenoy, TSA 80715 – 75334 PARIS CEDEX 07 ; Tél : 01 53 73 22 22 ; Fax : 01 53 73 22 00 ; https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil

Any dispute relating to the use of personal data is subject to French law. Any claim or dispute arising from the interpretation or execution of the present privacy policy shall be submitted to the competent courts under the conditions of common law.