PRIVACY POLICY

Last update: December 12, 2024

PREAMBLE

This Privacy Policy is intended for Users of the EVELITY Application published by OKEENEA DIGITAL. The purpose of this document is to inform you about how we collect and process your personal information.

1 in 4 people in the world are disabled, either temporarily or permanently. Our aim has been to create an application that enables all these people to be guided, step by step, to the destination of their choice, according to their needs and abilities, both indoors and on the campuses of our equipped sites.

Respect for privacy and personal data is at the heart of OKEENEA's approach, which is why we are committed to processing them in strict compliance with the French Data Protection Act of January 6, 1978 (hereinafter " Loi Informatique et Libertés"), as amended, and the General Data Protection Regulation (EU) of April 27, 2016 (hereinafter " RGPD ").

In this logic of "minimizing" data, OKEENEA has designed its Application to collect as little data as possible about its users, in order to fully respect their privacy. For example, we do not know the surname, first name or e-mail address of our Users.

In any event, we undertake to respect the following two (2) essential principles:

Each User remains in control of his or her personal data;
Your data is handled transparently, confidentially and securely.

Article 1. Definitions

For the purposes of this Policy, the following terms shall have the following meanings:

"Application": refers to the EVELITY application developed by OKEENEA DIGITAL.
"BackOffice": refers to the area dedicated to managers of equipped Sites.
"User Account": refers to the account created by the user when he/she downloads the application and selects his/her preferences.
"Services": refers to any service offered by OKEENEA DIGITAL as part of the provision of the Application, as well as any associated ancillary services.
Equipped Site": refers to places equipped and offering the EVELITY application (using Bluetooth beacons or other guidance technology).
"User": refers to any person using the Application.

All terms used in the singular shall have the same meaning in the plural, and vice versa.

Article 2. Identity of the data controller

In the context of the provision of the various Services, OKEENEA DIGITAL will play the role of "Data Controller" with you within the meaning of the RGPD

CONTACT DETAILS OF OKEENEA

6 RUE DES AULNES,
69410 CHAMPAGNE-AU-MONT-D'OR

https://www.okeenea.com/

Legal reminder:

The data controller is, within the meaning of the Data Protection Act and the RGPD, the person who determines the means and purposes of the processing. When two or more data controllers jointly determine the purposes and means of processing, they are the joint data controllers (or co-controllers).

The processor is a person who processes personal data on behalf of the controller, acting under the authority of the controller and on the latter's instructions.

Article 3. Contact details for our Data Protection Officer

Our Data Protection Officer (hereinafter referred to as "DPO") is available to respond to all requests, including the exercise of rights, relating to your personal data.

You can contact him :

By e-mail at the following address: dpo-digital@okeenea.com
By post: Cabinet HAAS AVOCATS - Délégué à la Protection des Données de OKEENEA DIGITAL - 6 rue de Saint Pétersbourg, 75008 PARIS

For further information

The Data Protection Officer is responsible for informing, advising and monitoring OKEENEA DIGITAL's compliance with data processing regulations.

In accordance with data protection regulations, the DPO acts as a point of contact:

Vis-à-vis data subjects for all matters relating to data processing carried out by OKEENEA DIGITAL or the exercise of your rights;
Towards the CNIL as part of its cooperation mission. The DPO may also contact this authority to request an opinion or prior consultation on all matters concerning the protection of personal data;
Vis-à-vis other DPOs appointed by participating subcontractors or data processors.

Article 4. How do we collect your data?

In principle, all personal data concerning you is collected directly from you. For example, when you indicate guidance preferences when launching the Application.

Exceptionally, we may collect your personal data from third parties, in particular from Apple or Android when you download our Application via one of these "stores".

Article 5 - What are the purposes and legal bases of the processing operations we carry out?

We collect only the personal data required for the purposes explicitly set out below:

PURPOSE	DETAILS OF PURPOSES	LEGAL BASIS
Application administration	Provision of guidance preferences and trip preparation aids General administration of the Application, and verification of its correct operation; Carrying out maintenance operations; General security management of the Application.	Our legitimate interest in providing Users with the best possible experience on our Application The execution of our general terms of use
Gathering statistics for research and development purposes	Gathering non-nominative and general statistics on the use of our Application Collection of non-nominative and specific statistics on the use of our solution	Our legitimate interest in improving our Application Your consent, for the collection of more specific statistics on your use.
Management of requests to exercise rights	Follow-up of request processing; Carrying out operations on your data in the context of requests made.	Our legal obligations arising from Articles 15 et seq. of the RGPD and the French Data Protection Act.

Where the legal basis mobilized is the pursuit of a legitimate interest, you have the possibility, on simple request, to obtain additional information relating to the balancing of interests.

Article 6 - What types of data are collected?

You can consult the details of the Data we are likely to have on you below:

PROCESSING	TYPES OF PERSONAL DATA COLLECTED
Application administration	Connection logs, hardware identification data, raw Application usage data Statistics to check the proper functioning of the services provided NB: OKEENEA does not process any data that could directly identify you. We do not collect your surname, first name, e-mail address, telephone number or postal address.
Statistics for research and development purposes	General statistics relating to the use of the Application Specific statistics relating to the use of the Application, with further details on the user profile (consent required).
Management of requests to exercise rights	Data relating to your identity: title, surname, first names, address, telephone number, e-mail addresses, membership number, date of birth. Proof of identity may be kept for the purpose of proving the exercise of a right of access, rectification or opposition, or to meet a legal obligation. Data relating to your request to exercise your rights Statistics

The information provided below is not intended to be exhaustive, but rather to inform you of the categories of Data that OKEENEA DIGITAL may process.

When the collection of this information is of a regulatory or contractual nature, or if it is a condition for the conclusion of a contract, or if there is an obligation to provide the information, we will indicate this to you by a statement of the type "⁕" at the time of collection. Failure to provide this information could lead OKEENEA DIGITAL to terminate / not offer you its Services, and where appropriate incur your liability.

Article 7 - Who can access your personal data?

Within the limits of their respective responsibilities and for the purposes mentioned above, the main persons who may have access to your Data are as follows:

Authorized OKEENEA DIGITAL personnel;
The owners of the equipped Sites, for whom OKEENEA DIGITAL acts as subcontractor;
Where applicable, the authorized personnel of OKEENEA DIGITAL's subcontractors: hosting provider, geolocation service, etc.; and
Where applicable, the relevant courts, mediators, chartered accountants, auditors, lawyers, bailiffs, etc.

Article 8 - How long do we keep your personal data?

We keep your personal data only as long as is necessary for the purposes for which it was collected, as summarized in the table below:

PROCESSING	RETENTION PERIOD
Application administration	For the duration of the contractual relationship, followed by intermediate archiving for the duration of the applicable statute of limitations, i.e. five (5) years, for purposes of proof. Raw" data resulting from use of the Application is kept for 1 month. Data used to verify the correct operation of the application are kept for a maximum of six (6) months. Retention of connection logs and history of actions for a period not exceeding twelve (12) months.
Statistics for research and development purposes	For the evaluation and improvement of our services: maximum 25 months.
Management of requests to exercise rights	Personal data relating to the management of requests for rights are kept for the entire period required to process the request, then stored in intermediate archives for the duration of the applicable criminal statute of limitations, i.e. six years (Art. 8 of the French Code of Criminal Procedure).

Article 9 - What are your rights?

In accordance with the IEL law and the RGPD, you have several rights relating to your Personal Data:

Right of access: you have the right to access all of your Personal Data at any time, pursuant toArticle 15 RGPD;
Right of rectification: you have the right to rectify inaccurate, incomplete or obsolete Personal Data at any time in accordance withArticle 16 RGPD;
Right to erasure: you have the right to demand that your Personal Data be erased and to prohibit any future collection on the grounds set out inArticle 17 of the GDPR, namely where it is inaccurate, incomplete, equivocal, out of date, or the collection, use, communication or storage of which is prohibited(read more) ;
Right to restrict processing: you have the right to ask us to temporarily freeze the use of some of your data, under the conditions provided for(Article 18 of the GDPR) ;
Right to object: underArticle 21 RGPD, you have the right to object to the Processing of your personal data. Note, however, that we may maintain their Processing despite this opposition, for legitimate reasons or the defense of legal rights.
Right to portability: under certain conditions specified inArticle 20 of the RGPD, you have the right to receive the Personal Data you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.

You also have the:

Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the RGPD provides that you may withdraw your consent at any time. This withdrawal will not call into question the legality of the Processing carried out prior to the withdrawal(Article 13-2c RGPD) ;
Right to define the fate of your Personal Data after your death and to choose whether we communicate (or not) your Personal Data to a third party that you have previously designated(Article 85 LIL).

These rights can be exercised by contacting our DPO:

By e-mail at the following address: dpo-digital@okeenea.com
By post: Cabinet HAAS AVOCATS - Délégué à la Protection des Données de OKEENEA DIGITAL - 6 rue de Saint Pétersbourg, 75008 PARIS.

You also have the right to lodge a complaint with a competent supervisory authority.

OKEENEA DIGITAL does not make any automated decisions that could have legal consequences for you, or that could significantly affect you.

Article 10 - What about cookies and other "tracers"?

OKEENEA DIGITAL uses connection data (date, time, Internet address, protocol of the visitor's computer, page consulted) and cookies (small files saved on Your computer) on its website to identify You, to memorize Your consultations, and to benefit from audience measurements and statistics, in particular relating to the pages consulted.

Depending on the purpose, Users may consent, refuse or choose to have certain types of cookies deposited on their terminals. This information is kept for a maximum period of thirteen (13) months. After this period, the raw traffic data associated with an identifier is either deleted or anonymized. Information collected via tracers is kept for a maximum of twenty-five (25) months. After this period, the data is deleted or made anonymous.

During your browsing, you may have the option of clicking on the icons dedicated to social networks X (e.g. Twitter), Facebook, Instagram, TikTok, LinkedIn...

Social networks enhance the user-friendliness of our Services, and help to promote them through sharing.

When the Internet user uses buttons to share publications on social networks, OKEENEA DIGITAL may have access to personal information that Internet users have indicated as public and accessible from their profiles. However, OKEENEA DIGITAL does not use any personal data in this way.

Article 11 - Are your personal data transferred outside the European Union?

In principle, we process your data within the European Union.

As an exception, and when we act as a "subcontractor" for the Site's property, we use a geolocation service provider located in the United Kingdom - a country recognized as offering an adequate level of protection by the European Commission.

Article 12 - What security measures are implemented?

We implement all necessary technical and organizational measures to ensure the security of our personal data processing and the confidentiality of the data we collect.

To this end, we take all necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve its security and, in particular, to prevent the data from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures for people accessing data with personal and secure access via confidential identifiers and passwords, logging and traceability of connections, etc.).