All terms relating to the protection of personal data used in this document and identified by capital letters, used in the singular or plural, must be interpreted in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 repealing Directive 95/46/EC (hereinafter "the European Regulation").The term "Data", used in the singular or plural, refers to Personal Data whose processing is carried out by APIDAY in its capacity as Data Controller and Subcontractor.The User who is the Data Subject within the meaning of the European Regulation is the natural person who consults the site and who creates a user account, if applicable, in order to use the service for the needs of his or her business.
Within the framework of your activity on the www.apiday.com website or on our user path, the APIDAY Service is provided by the APIDAY Company, a simplified joint stock company with a capital of 1,000 Euros, registered with the PARIS Trade and Companies Register under number 314 503 996, whose head office is located at 112 Avenue de Paris 94306 VINCENNES CEDEX. APIDAY assumes the role of data controller for part of the processing and the role of subcontractor for another part.The capacity of data controller applies to processing related to consultation, navigation on the site as well as processing related to the user path. On the other hand, the status of subcontractor applies to the service itself, which is the subject of the contract between APIDAY and the User when the latter decides to create an account. Indeed, APIDAY provides its customers with a tool and expertise to ensure their compliance with ESG requirements.
When you use our site or our Service, you provide us with information about yourself, some of which may identify you ("Personal Information"). This is the case when you browse our site or use our Service.The nature and quality of the Personal Data collected about you varies. It mainly consists of:
We collect your personal data for specific purposes and on different legal grounds.
A "cookie" is a small file stored on your computer that allows you to move from one web page to another while retaining your browsing settings.
The APIDAY website only uses functional cookies that are strictly necessary for its operation. However, it is possible to configure and block these cookies directly via your Internet browser. To find out more about the configuration to follow, consult the dedicated page on the CNIL website (https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).
However, blocking these functional cookies could considerably limit or even prevent your navigation on the site and access to the Service.
For certain processing purposes, we may share your data with service providers we use to perform a range of operations and tasks:
Only the information they need to carry out the Service is communicated to these service providers. They are prohibited from using the data for purposes other than those originally intended. We make every effort to ensure that these third parties preserve the confidentiality and security of your data.
Finally, your data may also be transmitted to legal or regulatory authorities in order to comply with our legal obligations. In this case, only the necessary data is provided. We make every effort to keep your data confidential and secure.We do not sell your data.
The APIDAY platform that processes Personal Data for the purposes of the Service is hosted on servers in Europe.
Furthermore, Apiday does not transfer any data to countries outside the European Union do not provide an adequate level of protection.
In case of such a transfer, we guarantee that the transfer is carried out :
We only keep your personal data for as long as is necessary to fulfill the purpose for which we hold it, to meet your needs or to fulfill our legal obligations.
Retention times vary depending on several factors, such as:
APIDAY is committed to protecting the personal data we collect, or that we process, from loss, destruction, alteration, disclosure or unauthorised access.
Thus, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing them. These measures are designed to maintain the security and confidentiality of your personal data. These measures may include practices such as limited access to personal data by persons authorised by virtue of their functions.
In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, backup, software, etc.) are regularly reviewed and updated as necessary.
In case of an anonymous session (i.e. without creating an APIDAY account), personal data are automatically deleted after a maximum of 1 hour.
The APIDAY platform is hosted by a leading cloud provider. All components of the platform are individually secured by an authentication and network filtering layer. The platform is regularly audited by a renowned player in information systems security. Network exchanges are protected by an SSL certificate based on a 2048-bit RSA key.
On the personal data we collect/process, you can exercise the following rights:
You dispute the accuracy of your data, until we verify its accuracy;
The processing is illegal but you do not want us to delete your data;
We no longer need your personal data for the purpose of processing, but you need your data in order to bring, assert or defend against legal claims;
You object to the processing on the basis of related grounds pending verification of whether our compelling legitimate grounds for continuing the processing override those interests ;
If such personal data is subject to such limitations, we will only process your data with your consent, or for the purpose of bringing, enforcing or defending against legal claims;
A right to determine what happens to your personal data after your death.
To exercise your rights, you may contact APIDAY's Data Protection Officer (DPO) at email@example.com or DPO Consulting, Service DPO externalisé, 18 rue Pasquier, 75008 Paris.
When you send us a request to exercise a right, you are asked to specify as far as possible the scope of the request, the type of right exercised, the personal data processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, you may be asked to prove your identity.
In any case, you have the right to make a complaint to the CNIL via the following link: https://www.cnil.fr/fr/plaintes.
This policy may be regularly updated to take into account changes in regulations relating to personal data.