Nous contacter
[email protected]
Legals

Politique de confidentialité

Dernière modification effectuée le 14 octobre 2024

Definitions

Words marked with a capital letter – whether singular or plural – shall be understood according to the following definitions:

“User Account”: Means the personal account that Users can create on the Site.

“Personal Data” or “Personal Data” or “Data”: Any information that allows a natural person to be identified directly or indirectly, such as: your name, first name, email address or postal address, your telephone number.

“RIVRS” and/or the “Data Controller”: Refers to the company RIVRS, a simplified joint-stock company, with share capital of €16,210.00, whose registered office is located at 20 Quai Duguay Trouin, 35000 RENNES, registered in the Rennes Trade and Companies Register under number 903 951 259.

“Data Subject”: Any person about whom one or more Personal Data have been, are being or will be collected.

“GDPR”: Means EU Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data or General Data Protection Regulation.

“Site”: Refers to the website “rivrs.io” accessible at the following address: https://www.rivrs.io/ , which is published by RIVRS.

“Subcontractor”: Means any natural or legal person who processes Personal Data on behalf of the Data Controller, on its instructions and under its authority.

“Terminal”: Refers to any User equipment enabling access to the Site.

“Processing”: Means all operations relating to Personal Data, and in particular the recording, collection, organization, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, as well as locking, erasure or destruction, without this list being exhaustive.

“User”: Refers to any person having downloaded and/or browsing the Site published by RIVRS.

INTRODUCTION

As part of its activity, RIVRS is required to collect and process Data concerning you, in particular when you write to us via the “Contact” form.

In its capacity as Data Controller, RIVRS has implemented this Personal Data Protection Policy (hereinafter “the Policy” or “the Privacy Policy”) and undertakes to process this Data in accordance with the applicable rules; in particular in compliance with the principles of transparency, determination and legitimacy of purposes, accuracy, proportionality and minimization, security and confidentiality, responsibility and protection by design and by default.

This Policy informs you about how we collect and process your Data. We invite you to read it carefully.

Important – We only use your Data in the cases provided for by the regulations in force, namely:

  • Ensure compliance with a legal or regulatory obligation,
  • For various uses, only after having collected your free, specific and informed consent regarding the use of your Data,
  • Where we have a legitimate interest to use your Data. Legitimate interest is a set of commercial or business reasons which justify RIVRS using your Data.

We undertake to limit the collection of this Data to what is strictly necessary. It is recalled that this Data is collected at the initiative of RIVRS. The collection of Personal Data may also occur at the initiative of the Data Subjects.

In this Privacy Policy you will find explanations on the following questions:

  • Who are we ?
  • What data do we collect?
  • How do we collect your Data?
  • Why do we collect your Data?
  • Who do we share Data with?
  • Where is the Data stored?
  • How long is the Data kept?
  • How do we protect Data?
  • Data Breach
  • User Rights
  • Minors
  • Data Transfers Abroad
  • Sites Web tiers
  • Affiliate Policy
  • Processing records
  • Changes or Updates to the Privacy Policy
Who are we ?

The Data Controller is the company RIVRS, operating under the trade name RIVRS, a simplified joint-stock company, with share capital of €21,687.00, whose registered office is located at 20 Quai Duguay Trouin, 35000 RENNES, registered in the Rennes Trade and Companies Register under number 903 951 259.

As data controller, RIVRS determines the means and purposes, i.e. the reasons, methods and conditions for the Processing of your Personal Data.

What data do we collect?

As part of its activity, RIVRS is required to collect, in particular but not exclusively, the following information, some of which constitutes Personal Data:

  • Name or nickname, Discord username, email address, nickname associated with the User Account
  • Email address, IP address and associated location, your browser's user agent
  • Transaction ID when the User makes a payment
  • Any other information you wish to communicate to us.
How do we collect your Data?
Methods of collecting information

Below are the main methods we use to collect information:

  • We collect information when you use the Site, including through cookies and similar technologies (see below).
  • We collect information that you voluntarily provide to us. For example, we collect information that you provide to us in a comment or that you write to us via the “Contact” button on the Site.
  • We may collect information from third party sources as described below.
  • We collect information that you provide to us if you access the Site through third-party services such as FACEBOOK, TWITTER or INSTAGRAM.
Cookies and tracking technologies

We may use standard Internet technologies, including cookies. When you visit or access our Site, we allow certain third parties to use cookies (“Tracking Technologies”).

These Tracking Technologies may enable third parties to automatically collect information about you in order to improve how you navigate the Site, to improve the performance of the Site, and to personalize your experience on the Site, as well as for security and fraud prevention purposes.

These Tracking Technologies give us access to the following information in particular:

  • Information relating to your use of our Site;
  • Information relating to the presence of cookies on your Terminal, the time and date of consultation of a page, and a description of the page where the Web beacon is placed;
  • Information about whether or not you have read the emails we send you, and about the clicks you make on the links contained in these emails.

We will not share your email address, or any other Personal Information, with online advertising companies or ad networks without your consent.

Through the Site, and subject to your consent, we may provide advertisements that may also be tailored to you, for example advertisements that are based on your recent browsing behavior across different websites, browsers or Devices.

We may also use third parties, such as network advertisers, which are third parties that display advertisements based on your visits to websites, in order to provide targeted advertising to you. Third-party ad network providers, advertisers, sponsors, and/or traffic measurement services may also use cookies to measure the effectiveness of their advertisements and to personalize advertising content for you. These cookies are governed by each third party's specific privacy policy, and not this one.

The Site may save navigation cookies on your Terminal; which are necessary for navigation on the Site and allow the Site to function properly.

Subject to your agreement, we may place on your Terminal:

  • Audience measurement cookies: these are cookies that allow us to track your browsing in order to establish consultation statistics and monitor the performance of the Site and each of its pages. These cookies allow us to improve our services in order to provide a better user experience.
  • Targeting/advertising cookies: these are cookies used to offer the most suitable content and advertising possible, taking into account your preferences and interests.

You can consult the detailed list of Cookies that we use and modify your consent regarding cookies at any time by clicking on the following link: cookie preference .

Why do we collect your Data?

Personal Data concerning you is collected and used by RIVRS for the following purposes:

Operations necessary for the proper functioning of the Site
  • Provision and operation of the Site;
  • Support for requests to create User Accounts, login processes and provision of services associated with User Accounts;
  • Development of statistics relating to Users and their use of the Site;
  • Commenting and image uploading service, including validation and moderation process;
  • Providing RSS feed.
Operations necessary for the proper functioning of RIVRS
  • Recruitment process, receipt and processing of applications, whether spontaneous or not;
  • Management of contacts and relations between RIVRS and its Users;
  • Management of the exercise of your rights over your Data, under the conditions provided for in the Article “User Rights” below;
  • Development of statistics relating to Users and the Company’s activities.
Marketing and prospecting operations
  • Analysis of our Users in order to determine our content and advertising campaigns, personalized or not, by e-mail and on all networks;
  • Audience analysis, analysis of browsing behavior;
  • Loyalty or personalized commercial prospecting actions;
  • Development of commercial statistics.
Who do we share Data with?
Internal RIVRS recipients

People working within RIVRS may have access to some of your Data if their duties require the Processing of all or part of your Data, and subject to having been authorized by RIVRS to carry out Data Processing.

Access to your Data is based on individual and limited access authorizations. Personnel who can access Personal Data are subject to an obligation of confidentiality (by a nominal and personal confidentiality undertaking).

Our Subcontractors

As part of our activities, we use Subcontractors, i.e. people who process, on behalf of RIVRS, all or part of your Data.

We exercise particular vigilance in the selection of Subcontractors who process Personal Data on our behalf. We undertake to ensure that the Subcontractors provide identical guarantees of confidentiality and security and that the Processing carried out by them is carried out in compliance with the regulations in force, and in particular the GDPR.

Our Subcontractors provide services on our behalf, in particular:

  • Site Hosting: Cloudflare Pages
  • “Human resources” data: Unitee
  • Recruitment and employer branding: Welcome to The Jungle
  • Email service: Gmail (Google)
  • Handling Contact Requests: Cloudflare Workers & Discord
  • Visualizing statistical data: PostHog

Our Subcontractors' access to your Data is based on signed contracts mentioning their obligations regarding the protection, security and confidentiality of Data. We ensure that our Subcontractors carry out one or more Data Processing operations in accordance with this Policy.

Social media platforms

The use of social networks to interact with the Site (in particular the buttons for accessing our FACEBOOK, X (TWITTER), INSTAGRAM, YOUTUBE, LINKEDIN, DISCORD, TIKTOK, etc. pages) may result in the exchange of Data between RIVRS and these social networks.

For example, if you visit a page of the Site while logged into your FACEBOOK account, META may collect this information. Or, if you click on the "TWITTER" button on your mobile phone, causing the TWITTER application to open to which your account is also logged, TWITTER may collect this information.

We therefore invite you to consult the Personal Data management policies of the various social networks to be aware of the collections and Processing that they carry out on your Data.

Police authorities, judicial authorities and administrative authorities

Where we have a legal obligation to do so or in order to protect the rights, property and safety of RIVRS, we may also disclose your information in the following circumstances:

  • To investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud, or security issues.
  • To establish or exercise our rights of defense against legal claims.
  • To protect our rights, property or personal safety and those of our Users or the general public.
  • If we or any of our affiliates experience a change of control, including through a merger, acquisition or purchase of all or substantially all of our assets.

Sharing your information in this context is not a regular event, but can happen at any time. We will ensure that the types and amounts of information we may have to share for legal purposes are limited to what is reasonably necessary and that any transfers outside the European Union are made on an appropriate legal basis.

Where is the Data stored?
Non-personal information

Please note that our servers, as well as the partners and service providers we trust, are located around the world. Any non-personal data we collect is stored and processed primarily in France but also in various jurisdictions around the world, for the purposes detailed in this Privacy Policy.

Personal Data

Personal Data may be retained, processed and stored in France and in other jurisdictions if this is necessary for the proper provision of our services and/or if required by law. RIVRS intends to favor the storage of Data within the European Union or, at the very least, storage solutions in countries outside the European Union offering sufficient guarantees, and this in compliance with the legislation in force.

How long is your Data kept?

As Data Controller, RIVRS undertakes to comply with the retention periods imposed by law.

We apply the principle of limitation of the duration of data retention in order to retain the Data only for the period strictly necessary to achieve the purposes of the Processing, it being specified that what is necessary depends on specific circumstances, such as regulations requiring the retention of information for a specific period or limitation periods for legal disputes. When a limitation period is imposed by law, the retention period may not be less than it.

Your Personal Data is kept for a period of time that complies with legal provisions or is proportional to the purposes for which it was collected. Certain retention periods meet the legitimate interest of the Data Controller.

The table below mentions the main retention periods for your Data.

Data Categories Purposes Retention periods
Technical data
All Data, including cookies and browsing data Operation of the Site, navigation features and retention of the User’s configuration choices 1 year from their collection, 13 months from consent for cookies
Data of people who contacted RIVRS
All Data related to contact requests, except contact related to the exercise of rights over the Data Processing the request and response 1 year from collection, unless you withdraw your consent
Request related to the exercise of one of the rights available to Data Subjects over their Data Processing of the request to exercise rights Current calendar year at the time of application, increased by 2 years
Data collected via cookies
Cookies Advertising targeting and sending of information, prospective offers 6 months from the date of collection of consent
Aggregated data through cookies Development of statistics 24 months, from the date of collection of consent
How do we protect Data?

As Data Controller, we implement appropriate technical and organizational measures in accordance with applicable legal provisions, to protect your Personal Data against any violation.

A Data breach within the meaning of the GDPR is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

In accordance with the regulations in force, RIVRS undertakes to respect the principles of security, confidentiality and integrity of Personal Data collected from Users.

Confidentiality

RIVRS undertakes to preserve the confidentiality of Personal Data with regard to its staff, its collaborators and any person likely to have access to it.

RIVRS personnel authorized to have access to Personal Data undertake to respect confidentiality and may be subject to a legal or contractual obligation of confidentiality. Similarly, authorized personnel have received the necessary training in the protection of Personal Data.

RIVRS may be required to propose a limitation of the Personal Data collected, an anonymization of this Data or to use pseudonymization.

Security measures implemented

RIVRS implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

RIVRS relies on the combination of several levels of security. The measures can be human, physical or logical in order to contribute to the security of its information systems.

Human security

The measures implemented by RIVRS include:

  • Training sessions to raise awareness among RIVRS staff of fundamental knowledge regarding confidentiality, IT security and protection of Personal Data in general and the GDPR in particular;
  • Appointment of a Data Protection Officer
  • Support for teams by the Data Protection Officer, who is in regular contact with RIVRS staff.
Physical security

The measures implemented by RIVRS include:

  • Password-secured FTP server and SFTP - SSH protocol;
  • Access and privilege management: only administrators can allow access to Data from a computer or server;
  • Perimeter security components such as firewalls filter access to RIVRS resources.
Logical security

The measures implemented by RIVRS include:

  • The configuration of computers, servers and mobile phones according to an identical protocol which takes into account the latest versions of the editors;

The RIVRS Data Protection Officer is systematically involved in new IT projects likely to modify the Processing of Personal Data: creation of new functionalities, change of software solution, change of Personal Data hosting medium, etc.

This organization promotes the deployment of the principle of “Privacy by design”.

Data Breach

In the event of a Personal Data breach, RIVRS undertakes to promptly inform the CNIL under the conditions prescribed by the GDPR.

If the said breach poses a high risk to the Data Subjects and the Personal Data has not been sufficiently protected, RIVRS will notify the Data Subjects and communicate the necessary information and recommendations.

Minors

The minor User must obtain the consent of his legal guardian prior to using the Site or communicating Personal Data concerning him.

If you have reason to believe that a minor has shared information with us, please contact us as indicated below.

What are your rights over your Data?

In accordance with the GDPR, adapted into French law by law n° 2018-493 of June 20, 2018, and law n°78-17 of January 6, 1978 known as the Data Protection Act, you have the following rights over your Data:

Right to information

RIVRS undertakes to inform Users of the Site of the collection and use of Personal Data and thus to produce clear, transparent and accessible information on the conditions and methods of the collection and Processing of Personal Data.

This Policy directly contributes to this right to information.

Right of access

You have a right of access allowing you to obtain information on the existence of a Processing and its methods.

Right of rectification

You may request the Data Controller to rectify your Data, particularly when it is incomplete and/or no longer up to date.

RIVRS may, where appropriate, oppose the request with a legitimate interest or compelling reasons when the applicable legislation so provides. RIVRS may also, if necessary, ask the person making the request to provide proof of their identity prior to implementing the request.

Right to erasure (“right to be forgotten”)

Subject to the regulations in force, and in particular exceptions (for example, in terms of retention necessary to comply with a legal obligation), you can request the erasure of Personal Data relating to you:

  • When the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • When you withdraw consent on which the Processing is based and no other legal basis for the Processing exists;
  • When you consider that the Processing of your Personal Data constitutes unlawful Processing;
  • Where Personal Data must be erased pursuant to a legal obligation provided for by Union law or the law of the Member State to which RIVRS is subject, i.e. France;
  • Where you have objected to the Processing of Data and RIVRS has no legitimate or compelling reason to refuse your request.

The Data Controller will be the sole decision-maker on the merits of the requests and may, where appropriate, oppose the request with a legitimate interest or compelling reasons when the applicable legislation so provides.

For example, RIVRS may validly object to the destruction of Data whose retention period includes a retention period set by law if the request for destruction of said Data occurs before the end of said retention period.

The destruction of Data at the end of the periods set out in the Article “How long is your data kept” contributes directly to the implementation of this right to be forgotten.

Right to object

You have the right to object at any time, for reasons relating to your particular situation, to the Processing of Personal Data concerning you.

The right to object is limited, in particular, by the legitimate interest of RIVRS in processing the Personal Data and other legal requirements – such as compelling reasons.

Right not to be subject to a decision based exclusively on automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

A decision is deemed to be based on an exclusively automated decision when a decision producing legal effects concerning you or significantly affecting you is taken solely by technological means, without human intervention.

If necessary, you can ask RIVRS to involve someone in the decision-making process.

Right to restriction of processing

Under certain conditions, you can obtain from RIVRS the limitation of the Processing of your Data:

  • When the accuracy of the Personal Data concerning you is contested, and for a period enabling the Data Controller to verify the accuracy of the Data;
  • Where the Processing is unlawful and you oppose the erasure of your Data and request, instead, the restriction of the Processing;
  • When the Data is no longer necessary in relation to the purposes for which it was collected but you need it for the establishment, exercise or defence of legal rights;
  • When you object to a Processing carried out by RIVRS and based on its legitimate interest, RIVRS may continue the Processing for the entire duration of the verification aimed at determining whether the legitimate grounds pursued by RIVRS in the context of the Processing prevail over yours.
Right to portability

You may obtain from RIVRS the Personal Data previously provided to the Data Controller in a structured, commonly used and machine-readable format.

Under the right to portability, you may also transmit this Data to another Data Controller or request that the Personal Data concerning you be directly transmitted by RIVRS to another Data Controller, if this is technically possible.

Right to withdraw consent

You may, using the means implemented by RIVRS for this purpose, withdraw your consent at any time when your Personal Data is processed on the basis of it.

The withdrawal of consent is only valid for the future, and therefore cannot call into question the lawfulness of the Processing carried out before this withdrawal.

Post mortem law

You have the right to formulate directives concerning the conservation, deletion and communication of your Data post-mortem.

Right to lodge a complaint with a supervisory authority

You may exercise the above rights with RIVRS by sending a request by e-mail to the RIVRS Data Protection Officer at the following e-mail address [URL] or by post to the following address: 20 Quai Duguay Trouin, 35000 Rennes.

RIVRS may request the communication of a copy of a supporting identity document in all cases where it considers that your identity is not sufficiently established, or that there is or may be a reasonable doubt about the identity of the applicant. The level of checks carried out by RIVRS when processing requests to exercise rights will vary depending on the nature of the requests, the sensitivity of the information communicated and the context in which the request is made.

RIVRS undertakes to respond to any request as soon as possible, and in any event within one (1) month of receipt of the complete request. This period may nevertheless be extended by two (2) months taking into account the complexity and number of requests.

The RIVRS Data Protection Officer is available to Users for any questions regarding the technologies and procedures deployed to protect all Personal Data transmitted and recorded via the Internet, all in accordance with the requirements of the CNIL and the European Union.

Where applicable, Users of the Site and Data Subjects have the possibility of submitting a complaint to the Commission Nationale Informatique et Libertés (CNIL), or electronically on the site www.cnil.fr or by post, to the following address:

CNIL – Complaints Department
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22

Data Transfers Abroad

In providing the Site, we do not intend to transfer information to affiliated entities or other third parties beyond the borders of your country or jurisdiction, to other countries or jurisdictions around the world. However, in the event that we use this type of transfer, by using the Site, you consent to the transfer of your information outside the European Union.

If you are located in the European Union, your Personal Data may only be transferred to locations outside the European Union if we are satisfied that a comparable or better level of protection is in place to protect the Personal Data in the location concerned.

A transfer of personal data to a country outside the European Union or to an international organisation may take place when the CNIL has established, by decision, that the third country, a territory or one or more specific sectors in that third country ensures an adequate level of protection of personal data.

Such transfer does not require specific authorization.

In the absence of a decision by the CNIL concerning the adequate level of protection of the country outside the European Union, RIVRS cannot transfer this data to such a country unless appropriate guarantees have been put in place contractually and on condition that Data Subjects nevertheless have enforceable rights and effective legal remedies within the country(ies) concerned.

Sites Web Tiers

The Site may contain links, in particular hypertext links, and/or content referring to a third-party website.

We have no control over the content of third-party websites or the practices of these third parties regarding the protection of Personal Data that they may collect and decline any responsibility relating to this content. It is your responsibility to inform yourself about the Personal Data protection policies of these third parties.

Treatment register

We undertake to keep an up-to-date processing register listing all Processing carried out.

This register is a document or application that allows us to list all the Processing that we implement as Data Controller. It is not intended to be communicated to the Data Subjects.

We undertake to provide the supervisory authority, upon first request, with information enabling said authority to verify the compliance of the Processing with the data protection regulations in force.

Changes and/or updates to the privacy policy

We may revise this Privacy Policy from time to time, in our sole discretion, and the most recent version will always be available within the Site (as indicated at the top of this Policy). We encourage you to review this Privacy Policy periodically for any changes.

In the event of material changes, we will publish a notice that will be displayed distinctly within the Site by means of a “pop-up” window or a banner, to announce these changes.

Your continued use of the Site following notification of changes will constitute your acknowledgement of, and consent to, such changes to the Privacy Policy and your agreement to be bound by the terms of such changes.

Contact us

If you have general questions about the Site or the information we collect about you, or how we use it, you can contact us by email at [email protected]