PRIVACY POLICY

Any term defined in Article 4 of Regulation EU (2016/679) of the European Parliament and of the Council of 27 April 2016 (hereinafter the "GDPR") and mentioned in this Policy is understood to have the same meaning.
Thus, Personal Data (hereinafter  "Personal Data") means any information relating directly or indirectly to an identified or identifiable natural person. Processing means any operation, whether or not carried out by automated means and applied to Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other scope of availability, reconciliation or interconnection, limitation, erasure or destruction.

The term User refers to all natural persons who may be concerned by collection of their data conducted by Smart-Chain (hereinafter  "User").  The categories of data collected depend on the nature of the relationship that Users enter into with Smart-Chain.
‍
In the context of usage of our Site and Products, Users are :
‍
- Visitors: if you browse the Site without performing any action, you are a Visitor;
‍
- Prospect: if you contact us to obtain information about our Products or subscribe to our Newsletter, you are a Prospect;

- Customer: If you have subscribed to one of our Products, you are a Customer;

- Applicant: If you have filled in an application form on the Site, you are an Applicant;

Smart-Chain is a Data Controller within the meaning of Article 4 paragraph 7 of the GDPR for all data processing collected by its Site and Products. Smart-Chain is therefore, pursuant to its role as Data Controller, likely to collect Personal Data, for predefined purposes and legal bases. 

Smart-Chain certifies that no sensitive or particular data within the meaning of Articles 9 and 10 of the GDPR are collected in connection with its Site and Products. 
The Personal Data collected are as follows:

The Site collects data from the following Users: 

Smart-Chain undertakes to share Personal Data with subcontractors and service providers offering sufficient warranties for the performance of the tasks entrusted to them. Smart-Chain's subcontractors and service providers are subject to an obligation of confidentiality and may only use data in accordance with contractual provisions and applicable legislation.

Personal Data communicated to Smart-Chain's subcontractors and service providers are communicated on a strict need-to-know basis and in accordance with the principle of minimization of Personal Data necessary to carry out the identified processing.

The data collected will be used by Smart-Chain in strict compliance with the Policy. Access to the Personal Data collected is strictly limited to the persons in charge of processing the information.

Smart-Chain may be required to transmit Users' Personal Data to Third Parties who provide certain services on behalf of Smart-Chain.
‍
The following Third Parties are processors within the meaning of Article 4 paragraph 8 of the GDPR: "the natural or legal person, public authority, service or other body which processes Personal Data on behalf of the controller".
‍
These processors may be suppliers, service providers, or even partners. Smart-Chain may subcontract the following services:
‍
- Data hosting and maintenance;
- Dispatch of postal or digital mail;
- Customer relationship management;
-Maintenance ;
- Product technical development;
- Analysis; 
- Customer assistance,
- Payment processing ; 
- Security operations;
- Advertising;
‍
In accordance with Article 28 of the GDPR, access to your Personal Data by our subcontractors is provided for and framed by a contract. This contract, which binds us to our subcontractors, lists the various regulatory obligations that they are incumbent to, with regard to the protection of Personal Data.
‍
All service providers must comply with strict confidentiality obligations. Smart-Chain ensures that these requirements are met, so that Personal Data is not processed for purposes other than those set out above.

Smart-Chain maintains an up-to-date database of its subcontractors.

Third Parties refer to all external recipients of Personal Data collected by the Site and Products. The following are Third Parties within the meaning of Article 4 paragraph 10 of the GDPR: "a natural or legal person, a public authority, a service or a body other than the data subject, the controller, the sub-processor and the persons who, placed under the direct authority of the controller or the sub-processor, are authorized to process Personal Data".
‍
Users' Personal Data is also transmitted to Third Parties such as Smart-Chain's banks, insurance companies, lawyers, notaries and auditors.

-> Third Parties in business transfers: 
The User's Personal Data may also be transmitted to Third Parties in the event of a transfer of Smart-Chain's activities to a third company (merger, assignment, dissolution, etc.).
‍
In such a case, the Customer will be informed in advance in writing of any such transmission of his/her Personal Data and will have the right to object to such transmission.

-> “Authorized” Third Parties : 
Users' Personal Data may also be accessed by public authorities who, by virtue of legislative and regulatory provisions, have the power to require any organization to transmit documents or information in the context of a specific investigative mission.

The following are authorized third parties under Article 4 paragraph 9 of the GDPR: 
- Tax authorities ; 
- Social security (anti-fraud mission) ;
- Justice; 
- Police, gendarmerie, bailiffs;

When required by law, Smart-Chain may disclose Customer and/or User data if reasonably necessary:
- To comply with any applicable legal process, such as a court order, subpoena or search warrant, governmental or judicial investigation or other legal requirement; 
- To assist in the prevention or detection of illegal activity (subject, in each case, to applicable law); 
- To protect the safety of any person;
‍

Smart-Chain undertakes to guarantee the confidentiality, integrity and availability(CIA) of the data collected. In general, Smart-Chain implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risks involved.
‍
Smart-Chain employees are subject to an IT charter appended to the company's internal regulations, which ensures an appropriate level of security.

Smart-Chain provides its best efforts, in accordance with the state of the art, to secure the Site and the Products in light of the complexity of the Internet and mobile networks.
‍
Personal Data is processed in such a way as to ensure maximum security.
‍
To this end, Smart-Chain undertakes to implement the following security measures:
- Pseudonymization and encryption of personal and sensitive data;
- Means to guarantee the confidentiality, integrity, availability and resilience of processing systems and services at all times;
- Means to restore availability and access to Personal Data within an appropriate timeframe in the event of a physical or technical incident;
- A procedure for regularly testing, analysis and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing;

Smart-Chain will notify the competent supervisory authority of any violation of Personal Data at the earliest opportunity after it has become aware of the violation, and by any means. 
‍
In the event of a risk to the confidentiality, integrity or availability  of Users' Personal Data, Smart-Chain undertakes to notify the competent supervisory authority of the breach within a maximum of 72 hours.
‍
When the risk has serious consequences for the confidentiality, integrity or availability of Personal Data, Smart-Chain is required, under the terms of this Policy and current regulations, to inform Users.

When Smart-Chain acts as a subcontractor on behalf of its Customers who have subscribed to a Product (Bloom), its obligations are described in the general terms of service of these Products.

Personal Data is kept for no longer than is necessary for the purposes for which it is collected and processed.
‍
A retention period is set according to each purpose:

Under the conditions of Articles 15 to 22 of the GDPR, any User may exercise the rights listed below by simple written request, imperatively accompanied by valid proof of identity bearing the holder's signature, sent by post addressed by e-mail to the following address: Contact@smart-chain.fr.

Smart-Chain will process requests within a reasonable timeframe, and at the latest within one (1) month of receipt of the request. In the case of complex requests, this period may be extended to three (3) months. 

All requests must be clear, precise and justified. In any event, Smart-Chain recommends that you contact the CNIL to find out more about the regulations governing the protection of Personal Data, the rights of individuals and the possibility of lodging a complaint with this authority: https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment. 

User have the following rights:
- Right of access: All Users may request access to their data and the right to receive a copy of their Personal Data. 
- Right of deletion and rectification: Users may also request the deletion of their Personal Data and the rectification of erroneous or obsolete Personal Data. 
- Right to object: Users may object to the processing of their Personal Data, in particular by withdrawing their consent to the processing of their Personal Data at any time.
- Right of limitation: Users may also request the limitation of the processing of their Personal Data. This right applies only if the User contests the accuracy of his/her Personal Data; or in the event of unlawful processing; or if Smart-Chain no longer needs his/her Personal Data for processing purposes but such data is still necessary for the establishment, exercise or defense of legal claims; or in the event of exercise of his/her right to object during the period of verification as to whether the legitimate motives pursued by Smart-Chain prevail over those of the User.
- Right to portability: All Users also have the right to data portability, i.e. the right to receive data held by Smart-Chain in a structured, commonly used and readable format, and the right to transmit this data to another data controller.
- Right to forget: Every User, a natural person, also has the right to define directives concerning the fate of his or her Personal Data after death.
- Right not to be the subject of an automated data processing decision

You are never required to provide any Personal Data requested by Smart-Chain. However, if you refuse to provide certain Personal Data, access to the Site and your Product subscriptions may be limited, suspended or even rendered impossible.

If you have any questions concerning the use of your Personal Data as covered by this document, you can contact us at this address: contact@smart-chain.fr. 
‍
If you do not agree with this Policy, you can lodge a complaint with the CNIL:
‍
- On-line via the form available on the following page: https://www.cnil.fr/fr/plaintes
- Or by post to the following address: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.