Privacy policy

The website available at the following address: www.monga.io (hereinafter referred to as the “Site”) and the platform entitled “MongaPro”, accessible from the following address: pro.monga.io (hereinafter referred to as the “Platform”), are the property of MONGA, a simplified joint stock company with a share capital of 1.000 euros, registered in the Nanterre Trade and Companies Register under number 887 521 862, with its registered office at 119 bis rue de Colombes, Asnières-sur-Seine (92600) (hereinafter referred to as “MONGA”), which, as the party responsible for processing personal data, attaches great importance to the protection and respect of privacy.

The purpose of this privacy policy is to inform, when browsing the Site and/or using the Platform, any person using the Site and/or the Platform (hereinafter referred to as the “Users” or the “User”) of MONGA’s practices concerning the conditions of collection, use and sharing of information that Users may provide, as well as their rights.

The Site and the Platform comply with French and European standards relating to the protection of privacy and personal data and in particular with Law No. 78-17 known as “Informatique et Libertés” of January 6, 1978 relating to information technology, files and freedoms, amended by Law 2004-801 of August 6, 2004 and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 known as the “RGPD” relating to the protection of individuals with regard to the processing of personal data and to the free movement of such data.

Responsible for processing the personal data collected.

MONGA is responsible for processing personal data.

Nature of data collected.

The data collected on the Site and/or Platform in connection with the use of the services are those enabling MONGA to identify Users directly or indirectly and to provide the Services.

This may include the following categories of data concerning its Users:

civil status, identity and identification data such as surname or company name, first name, pseudonym, e-mail address, postal address, date of birth, landline and mobile telephone number; and/or

connection data such as IP address and browsing data such as cookies;

bank details necessary for the purchase of services offered by MONGA.

Users who communicate the personal data of a third party must confirm that they have the consent of this third party for MONGA to use, publish and/or distribute this third party’s personal data on the Site and/or Platform.

Purpose of the personal data collected

Personal data collected on the Site and/or through the Platform are used solely for and during the performance of services for the following purposes:

User registration and authentication; and

sending notifications to the User in order to: keep the User informed, by email, of MONGA’s latest news and/or offers; sending system messages (for example, notifications, invoices, forgotten password, etc.); communicating various information relating to MONGA’s services; and/or transmitting to the User information about offers from MONGA’s partners.

In addition, MONGA may use and/or store data in order to comply with its legal and/or regulatory obligations.

Aggregation with non-personal data

MONGA reserves the right to publish, disclose and use aggregated information (information about Users or specific groups or categories of Users combined in such a way that an individual User can no longer be identified or referred to) and non-personal information for industry and market analysis, demographic profiling, promotional and advertising purposes and other commercial purposes.

Time of collection

The data collected by MONGA is freely communicated by Users when browsing the Site and when registering on the Platform.

They may also be collected automatically during use of the Site and/or Platform, in particular when the User :

browses the Site’s pages without having created an account and/or used the Platform;

create an account on the Platform; and/or

send a request to MONGA via the contact form or by e-mail.

In any case, the personal data collected :

will be obtained and processed fairly and lawfully;

will be recorded for specific and legitimate purposes;

will be used in accordance with these purposes;

are adequate, relevant and not excessive in relation to these purposes;

and will take precautions to ensure the security and confidentiality of data to prevent it from being damaged, modified, destroyed or communicated to unauthorized third parties.

Consent

Users are systematically informed of the present privacy policy when they register on the Platform. Indeed, the creation of an account implies the User’s express, full and entire acceptance of the present privacy policy.

By ticking the box: “I acknowledge that I have read and understood the privacy policy and I accept it”, the User consents to his/her personal data being stored and processed by MONGA and/or any of its partners.

IMPORTANT: NOTE TO USERS

ANY BROWSING ON THE SITE AND/OR USE OF THE PLATFORM AFTER THE PUBLICATION OF THIS PRIVACY POLICY IMPLIES UNRESERVED ACCEPTANCE THEREOF.

If the User wishes to withdraw his/her consent to the processing of his/her data, he/she simply needs to go to his/her account and make the request using the forms provided on the Platform, or make the request directly by e-mail to the following address: contact@monga.io.

In addition, where required by law and/or in certain circumstances, the User’s consent will be obtained or a possibility of refusal will be provided before any data is transmitted.

Recipients of personal data

The recipient of the personal data collected on the Site and/or through the Platform is first and foremost MONGA.

In its capacity as web and/or application host, MONGA is the recipient of personal data collected on hosted platforms.

Personal data will not be disclosed to third parties. However, other recipients may have access to personal data. These may include MONGA’s service providers responsible for the Site and/or Platform (administration, sales, marketing, legal, etc.) and its external service providers (technical service providers, access providers, communications agencies, etc.).

In the event of a change of control of MONGA, a merger, an acquisition, bankruptcy proceedings or any other form of transfer of assets, the data collected by MONGA may be transferred to third parties. Nevertheless, MONGA undertakes to guarantee the confidentiality of the personal data collected and to inform Users before such data is transferred or subjected to new confidentiality rules.

Where required by law, the User’s consent will be obtained or a possibility of refusal will be provided before any data is transmitted.

User rights

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the “RGPD” on the protection of individuals with regard to the processing of personal data and on the free movement of such data and with Law No. 78-17 known as “Informatique et Libertés” of 6 January 1978, as amended by Law 2004-801 of 6 August 2004 on information technology, files and freedoms, the User has:

a right of access to personal data;

the right to modify personal data;

the right to rectify personal data;

the right to delete and erase their personal data;

the right to object to the use of personal data;

the right to restrict the use of your data; and

a right to data portability.

Users wishing to assert one of their rights may send their request by e-mail or post to the following addresses:

Postal mail: 66 Avenue des Champs Élysées – 75008 Paris, FRANCE

Email : contact@monga.io

In the event of exercising one of these rights, the User must provide MONGA with the information required for identification: surname, first name, e-mail address and, if applicable, postal address.

In addition, in accordance with the regulations in force, the request must be signed, accompanied by a photocopy of a signed identity document, be clear and specify in detail the right they wish to exercise, as well as the address to which they wish to receive a reply if they wish to exercise one of the rights listed above.

MONGA undertakes to respond within a maximum of one (1) month following receipt of the User’s complete request.

Due to the complexity of the request and/or the number of requests, this period may be extended to two (2) months on condition that MONGA informs the User of the reasons for the postponement within one (1) month of receipt of the request.

MONGA informs Users of their right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (hereinafter the “CNIL”) in one of the ways indicated below:

By phone: +33 1 53 73 22 22

By fax: +33 1 53 73 22 00

Via the CNIL website: www.cnil.fr/fr/plaintes or www.cnil.fr

By post:

Commission Nationale de l’Informatique et des Libertés – CNIL (French Data Protection Authority)

3 Place de Fontenoy

TSA 80715 – 75334 PARIS CEDEX 07.

Data retention period

Data retention for the duration of the contractual relationship

The personal data collected from Users is not kept beyond the time required to fulfil the obligations defined when the contract was concluded or the predefined duration of the contractual relationship, except for data that MONGA needs to keep as evidence, for legal or administrative purposes or in accordance with current legislation.

Retention of anonymized data beyond the contractual relationship / after account deletion

MONGA retains the personal data collected from Users for the time strictly necessary to achieve the purposes described in this Privacy Policy. In the event of termination of the contract or closure of the User’s account, MONGA will retain for one (1) year from the date of termination of the contract or closure of the account the information provided at the time of creation of an account, namely : the identifier used to create the User’s account; the surname and first name; the associated postal addresses; the pseudonyms used; the associated e-mail or account addresses; the telephone numbers; the password as well as the data enabling it to be verified or modified, in their last updated version. Browsing data will be kept for a maximum of six (6) months, in accordance with CNIL recommendations. After this period, it will be anonymized and kept exclusively for statistical purposes, and will not be used in any way whatsoever.

Deletion of data after deletion of the User’s account

Means of purging the personal data collected from Users are put in place in order to provide for their effective deletion as soon as the retention or archiving period necessary for the fulfillment of the determined or imposed purposes is reached.

Deleting data after a period of inactivity

For security reasons, if the User has not logged on to the Platform for a period of one (1) year, the User will receive an e-mail inviting him/her to log on as soon as possible, failing which the User’s personal data will be deleted from MONGA’s databases.

Links

When using the Site and/or Platform, MONGA reserves the right to make recommendations of third-party services or those of potential partners. Consequently, users may have access to various links directing them to third-party sites and/or the sites of potential partners.

MONGA shall not be liable for any information sent to or collected by such third parties.

This Privacy Policy does not govern third-party sites or third-party content accessed by the User.

MONGA has no control over hyperlinks and/or other promotional formats.

Consequently, MONGA does not give any guarantee concerning the personal data protection practices of the indexed websites and cannot under any circumstances be held liable in the event of a dispute arising between a website indexed on the Site and/or Platform and one of the Users, in particular for any loss or damage suffered, as the operators of the indexed websites are solely responsible for their personal data protection practices.

Cookies

A cookie is a text file that may be stored in a dedicated space on the User’s computer hard disk when the User consults an online service via his/her browser. In practice, cookies are small text files placed on the User’s computer by the websites the User visits. They are used to operate the websites and improve their usability. The cookie is transmitted by a website’s server to the User’s browser. Each cookie is assigned an anonymous identifier. A cookie cannot be traced back to an individual. When consulting the Site and/or using the Platform, Users are informed that cookies or other means of recording browsing data are used by the Site and/or Platform, in particular Google Analytics or by third parties, service providers for the Site and/or Platform and deposited on the User’s terminal (computer, mobile or tablet). MONGA or its partners, such as Google Analytics, may install, subject to the User’s acceptance, various cookies, in particular: session cookies, which disappear as soon as the User leaves the Site and/or Platform; permanent cookies, which remain on the User’s terminal until their lifetime expires or until the User deletes them using the functionalities of his/her browser; and statistical cookies (used to measure the Site’s audience). Only the sender of a cookie can read or modify the information it contains. In accordance with the recommendations of the French Data Protection Authority (CNIL), the User will be expressly asked to accept the Site’s cookies when connecting to the Site for the first time.

Purpose of cookies

The cookies used by MONGA or its partners make it possible to identify Users, recognize their browsers when they connect to the Site and/or Platform, record their access frequencies (traffic measurement) and the display preferences of Users’ terminals, adapt and/or personalize the presentation of the Site and/or Platform to improve Users’ experience and optimize the Site and/or Platform for the sole purpose of providing the services requested by the User. In addition, the cookies used on the Site and/or Platform are based on the International Chamber of Commerce guide by categories: strictly necessary; functionality.

Strictly necessary cookies

Strictly necessary cookies enable the User to navigate the Site and/or Platform. These cookies do not collect any information about the User that could be used for marketing purposes. MONGA uses these cookies to: ensure the functioning of the Site and/or Platform and/or Services; secure the Site and/or Platform and/or forms and protect them against malicious scripts. MONGA does not use these cookies to: collect information that could be used to promote products or services to Users; or store User preferences or names after a visit.

Functionality cookies

These cookies are used to provide services or to remember the User’s settings in order to improve the User’s visit to the Site, experience on the Platform and/or use of the Services. MONGA does not use cookies to collect personal information that could be used to promote products or services for the User on other sites.

Cookie retention period

In accordance with CNIL recommendations, cookies are kept for a maximum of thirteen (13) months after they are first stored on the User’s terminal, as is the period of validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.

The User’s right to refuse cookies

When browsing the Site for the first time, a banner explaining the use of cookies appears. It enables the User to activate or deactivate certain cookies. The banner will only disappear once the User has accepted the use of cookies in order to continue browsing. Registration of a cookie is subject to the User’s consent. In accordance with legal and regulatory provisions, MONGA obtains prior consent for the deposit of cookies. Users therefore have the option of configuring their browsing software in such a way as to oppose, totally or partially (in particular depending on the issuer), the recording of cookies. The configuration also offers the possibility of accepting or refusing cookies on a one-off basis, before they are stored on the User’s terminal. Users who wish to prevent cookies from being saved can follow the procedure specific to each browser, described in the browser’s help menu. Chrome https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=fr Internet Explorer https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies Edge https://privacy.microsoft.com/fr-fr/windows-10-microsoft-edge-and-privacy Safari https://support.apple.com/fr-fr/guide/safari/manage-cookies-and-website-data-sfri11471 Firefox https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences Opera http://help.opera.com/Windows/9.20/fr/cookies.html However, in the event of opposition to the recording of cookies or the uninstallation of a cookie, Users are informed that certain services may no longer function correctly.

Transfer of personal data abroad

MONGA processes User data solely within the European Union and does not transfer such data outside this area. Nevertheless, in the case of international transfers outside the European Union, a distinction must be made between: countries which have been granted an adequacy decision by the European Commission: in this case, the Data is transferred to a country ensuring a level of protection deemed sufficient and adequate to the provisions of European data protection regulations; and countries whose level of data protection has not been recognized as adequate: in this case, to guarantee a transfer in compliance with European regulations, and in particular to ensure data security, MONGA will base its transfer on protection mechanisms adapted to each service provider and subcontractor, such as the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.

Security

MONGA undertakes to implement appropriate and reasonably necessary technical and organizational measures with regard to the regulations applicable to the protection of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage in order to guarantee a level of security appropriate to the risks incurred for the rights and freedoms of natural persons in connection with the processing referred to in this privacy policy. When personal data is transferred to third parties for processing, MONGA ensures that these third parties implement all appropriate technical and organizational measures to ensure the protection of personal data in accordance with applicable laws. These measures are defined taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the identified risks. Depending on the needs, risks, costs and purpose of the processing, these measures may include pseudonymization and encryption of data. This protection can be ensured by the mention of “https” in the browser’s URL address, as well as by the representation of a closed padlock at the bottom of the screen. Finally, in the event of a violation of rights concerning personal data likely to generate a high risk for the User’s rights and freedoms, MONGA undertakes to inform the User of this violation within a maximum period of seventy-two (72) hours.

Changes to the privacy policy

MONGA reserves the right to modify and update this Privacy Policy at any time, in particular in order to take into account any legal and/or jurisprudential developments and to comply with the requirements of the regulations applicable to the protection of personal data. MONGA will inform Users of any significant changes or updates to this policy by e-mail. The prevailing version is that which is accessible online on the day of consultation of the Site and/or use of the Platform. Any consultation of the Site and/or use of the Platform after publication of the modified privacy policy implies the User’s unreserved acceptance of the new privacy policy.

Contact

For any inquiries or to find out more about the processing of their personal data, including the exercise of their rights indicated above, the User may contact MONGA from their account using the SandBox contact form or by e-mail or post at the following address:

Email : contact@monga.io

Postal mail: MONGA – 119 bis rue de Colombes – 92600 Asnières-sur-Seine, FRANCE

For any complaint or dissatisfaction in connection with the use of personal data by MONGA, the User may contact MONGA using the SandBox contact form or by e-mail or post at the following address:

Email : contact@monga.io

Postal mail: MONGA – 119 bis rue de Colombes – 92600 Asnières-sur-Seine, FRANCE

When the User contacts MONGA, he/she will be asked to identify him/herself.