ARTICLE 1 : PREAMBLE

The data processing controller is the company Roger SAS, a simplified joint-stock company, registered with the Paris Trade and Companies Register under the number 912 987 328, whose head office is located at 150 Rue de Longchamp, 75116 Paris.

At Roger, the protection of your personal data is a priority.

The purpose of this privacy policy is to inform the users of the site and the platform:

• On how their personal data are collected. Personal data is considered as any information that allows the identification of a user. In this regard, this could be: their first and last names, their age, their postal or email address, their location or even their IP address (non-exhaustive list);
• On the rights they have concerning these data;
• On the person responsible for processing the personal data collected and processed;
• On the recipients of these personal data;
• On the site's cookie policy.

The aim of this policy is to inform you about the procedures according to which we process these data in compliance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").

This policy complements the legal notices and the General Terms of Use that users can consult at the following address:

Terms of Use

‍

ARTICLE 2 : PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

In accordance with Article 5 of European Regulation 2016/679, personal data are:

• Processed in a lawful, fair, and transparent manner in relation to the individual concerned;
• Collected for specified, explicit and legitimate purposes (see Article 3.1 below), and not further processed in a manner incompatible with those purposes;
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
• Processed in a manner that ensures appropriate security of the collected data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Processing is lawful only if, and to the extent that, at least one of the following applies:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary to protect the vital interests of the data subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

‍

ARTICLE 3 : PERSONAL DATA COLLECTED AND PROCESSED

Article 3.1 : Data collected

The personal data collected in the course of our activity are as follows:

• Identification data (including your first and last name, email address, phone number, country);
• Data related to your professional life (including the name of your company);
• Connection data (for example IP address, connection logs);
• Internet data (including your operating system, browser, type of device, screen resolution, language setting, time zone, page url);
• Encrypted information related to the payment method of the Owner of the organization (including credit card number). The collection is implemented by the company Stripe, which alone retains the encrypted bank details of the User (Owner) for this purpose. Roger does not retain any bank details;

These data are used for account access and for the use of the application features.

‍

Article 3.2 : Data collection method

Your data are kept by the data controller under reasonable security conditions, for a period of 3 years.

The company may keep certain personal data beyond the periods announced above in order to fulfill its legal or regulatory obligations.

‍

Article 3.3 : Data hosting

The platform, the site, and the data related to the Roger application are hosted on AWS servers in Europe (Paris). Find more information about AWS's data processing here:

https://aws.amazon.com/fr/compliance/data-privacy

‍

Article 3.4 : Cookie policy

To learn more about managing cookies, we invite you to consult our Cookie Policy.

‍

ARTICLE 4 : DATA CONTROLLER

Personal data are collected by Amazon Web Services EMEA SARL.

The personal data controller can be contacted as follows:

By mail at the address: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg

By email: aws-EU-privacy@amazon.com

‍

ARTICLE 5 : USER RIGHTS IN TERMS OF DATA COLLECTION AND PROCESSING

Article 5.1 : General

Any user affected by the processing of his or her personal data can assert the following rights, under the European Regulation 2016/679 and the Data Protection Act (Law 78-17 of January 6, 1978):

• Right of access, rectification, and right to erasure of data (laid down respectively in Articles 15, 16, and 17 of the GDPR);
• Right to data portability (Article 20 of the GDPR);
• Right to limitation (Article 18 of the GDPR) and opposition to the processing of data (Article 21 of the GDPR);
• Right not to be subject to a decision based solely on automated processing;
• Right to determine the fate of the data after death;
• Right to refer to the competent supervisory authority (Article 77 of the GDPR).

‍

Article 5.2 : Use of Google User Data Policy

At Roger, we value your data privacy and security. By using our services, you agree that Roger will handle and transfer information received from Google APIs in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

This policy is our commitment to ensuring safe and responsible use of your data.

‍

ARTICLE 6 : CONDITIONS FOR MODIFICATION OF THE PRIVACY POLICY

The publisher of the site and the Roger platform reserves the right to modify this Policy at any time to ensure its compliance with current law for the users of the site and the platform.

Any modifications shall not affect purchases previously made on the site, which remain subject to the Policy in effect at the time of purchase and as accepted by the user at the time of validating the purchase.

The user is invited to familiarize themselves with this Policy each time they use our services, without it being necessary to formally notify them. However, we will keep you informed of any significant changes to this privacy policy.

This policy, published on 05/12/2023, was updated on 12/20/2023

NOTE:

For any questions regarding security and personal data, or to enable you to exercise your rights of access, correction, or deletion, please contact the Roger team at the following address: hello@getroger.io

‍