Privacy Policy

Ethiko’s Privacy Policy

1. Data Controller Information: Who is responsible for processing your data?

We recognize the importance of protecting the privacy of our customers’ and users’ personal information. This policy details how we collect, use, disclose, and protect the personal information provided by users of our services. It aims to regulate and provide information on the processing of personal data of current clients, potential clients, former clients, and third parties whose data we may process as a result of the relationships we establish with our clients.

The company is legally authorized to process the information provided by users of our website.The controller of personal data collected through our website is :

Controller’s Name: OVH
Contact Email: contact@ovh.net

For any inquiries, questions, or to exercise rights related to the processing of personal data on our website, you can contact the responsible party through the provided contact methods.

2. Purpose of Processing: What is the purpose of processing your data?

The collected information is used to provide financial services, process transactions, prevent fraud, customize our clients’ experience, and comply with legal obligations.

Personal data will be obtained through information request forms or through the contracting of our products or services. We may use the information to improve our services and send marketing communications with prior consent from clients.

Personal data collected through our website will be used for the following purposes:

Provision of Financial Services: Data is collected to provide financial services, such as account opening, transaction management, requests for banking products, among others.
Compliance with Legal Obligations: Data collection and processing are carried out to comply with applicable legal obligations and financial regulations.
Client Management: Data will be used to maintain relationships with clients, including account management, communications related to financial services, and customer service.
Fraud Prevention and Security: Data collection and processing are performed to prevent and detect potential frauds, ensuring the security of financial transactions.

The legal basis for processing personal data is based on the user’s explicit consent. The relevant forms will include a checkbox for accepting the privacy policy as a requirement for registration or use of the services.

Personal data is obtained in accordance with legal regulations and with the explicit consent of the users. This information is provided to ensure transparency about the use and processing of personal data collected on our website.

3. Third-Party Recipients of Personal Data: Who do we share your personal data with?

We may share personal data with third-party recipients to provide and improve our services. These third parties may act as data processors. Situations in which data might be shared include, but are not limited to:

Associated Financial Entities: We may share data with financial institutions to facilitate transactions, verify identities, or provide specific financial services.
Public Authorities, Official Bodies or Bank Supervision and Control Entities and Competent Tax Authorities: We may disclose personal data as required by banking and financial sector regulation, anti-money laundering and terrorism financing regulation, as well as consumer protection laws in force.
Notaries: In the case of mortgage contracting, we will communicate your data to Notaries as their intervention is necessary for formalization.
Public Registries: Data will be sent to Public Registries (such as the Property Registry) when it is necessary to register the corresponding guarantees (mortgages).
Service Providers: In certain circumstances, we contract external service providers, such as payment platforms, web analytics service providers, or fraud prevention services, who could access personal data in the course of their activities.
Third-Party Cookies: Our website may use third-party cookies, which collect data to improve the user experience. These cookies are used by external providers and could record personal information, provided the user gives their consent.

Users have the option to manage cookie preferences through their browser settings, allowing or rejecting the use of third-party cookies on our website.

It is important to highlight that access to personal data by third-party recipients is subject to the explicit approval and consent of the user. This information is provided to ensure transparency in the handling of personal data on our website.

4. International Transfers

We commit to informing you transparently about any international data transfers that may occur. In some cases, personal data may be transferred outside of the countries that are part of the European Union.

These international transfers will occur in compliance with applicable data protection regulations. In particular, explicit and detailed notification will be provided about such transfers, ensuring compliance with applicable data protection laws.

It is important to note that these transfers could involve sending data to companies with servers located outside the European Union, such as those in the United States or other countries.

Our commitment is to ensure that, regardless of international transfers, your personal data’s protection and privacy are maintained in accordance with corresponding data protection standards and regulations.

5. Data Retention Period: How long do we keep your data?

We commit to keeping the personal data provided by users only for the time necessary to fulfill the purposes for which they were collected, unless a legal or regulatory obligation requires a longer retention period.

The retention period for personal data may vary depending on the purpose of the processing and applicable legal obligations. Generally:

Current Clients’ Data: Data from current clients will be retained for the duration of the contractual relationship and, once concluded, will be blocked for 10 years as mandated by anti-money laundering regulations.
Potential Clients and Former Clients’ Data: Data from potential clients, as well as from former clients, will be retained for a reasonable period to maintain records and manage inquiries or complaints.
Legal Compliance and Regulatory Obligations: In certain cases, information may be kept for an additional period to comply with legal obligations, respond to legal and regulatory requirements, resolve disputes, prevent fraud, or enforce agreements. Eventually, we will abide by the legal prescription periods depending on the specific contracts you sign with us, for example, 21 years according to mortgage regulations.

After the corresponding periods have passed or when the data are no longer necessary for the established purposes, data will be securely deleted in accordance with internal policies and current data protection regulations.

6. Rights of Access, Rectification, Opposition, and Cancellation

Our users have the right to exercise access, rectification, deletion, limitation, portability, and opposition rights regarding their personal data:

Access and Rectification: You can access your personal data and, if necessary, rectify them if they are inaccurate or incomplete.
Deletion: Under certain circumstances, you can request the deletion of your personal data.
Processing Limitation: You have the right to request the limitation of the processing of your data in certain situations.
Portability: You can request the transfer of your data to another data controller in a structured and readable format.
Opposition: You can oppose the processing of your data, including processing for direct marketing purposes.

To exercise any of these rights, or if you wish to obtain more information about the processing of your personal data, you can contact us through the provided contact methods. We are committed to addressing your requests and inquiries related to your data protection rights to ensure respect and protection for your personal data.

LinkCy’s Privacy Policy

Introduction

LinkCy SAS regards as of paramount importance the protection and security of Personal Data.

LinkCy collects and processes your personal data in the context of its partnership with the following Partner:

Partner’s Name : OVH
Partner’s Email Address : support@ovh.net

The Privacy Policy for Personal Data collected via LinkCy SAS within the framework of the activities for which it acts as an Agent of a Payment Service Provider (Paynovate SA) is detailed below, which sets out:

How LinkCy SAS collects and processes your Personal Data;
The security measures that LinkCy SAS implements to guarantee the confidentiality and integrity of your Personal Data;
The rights you have to control them throughout your use of the Services.

This policy is effective as of 24/04/2021.

This Privacy Policy may be modified or supplemented at any time by LinkCy SAS, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page.

If the changes affect the processing activities carried out on the basis of the User’s consent, LinkCy SAS must obtain your consent again.

We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services.

Who is the Data controller?

We – LinkCy, a SAS registered with the Paris Trade and Companies Register under number 852295732, with a capital of 13 089 € whose registered office is located 42 Rue Boursault, 75017 Paris, France – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below).

In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: nicolas.dupouy@linkcy.io

What are the Applicable Laws?

The processing of your Personal Data is carried out in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), as well as in compliance with French legislation governing the protection of personal data and privacy in electronic communications, notably the French Data Protection Act (amended on 20 June 2018 to enhance personal data protection). This legislation also includes European directives and national laws relating to privacy protection in electronic communications, notably the « ePrivacy » Directive 2002/58/EC (collectively referred to as the « Applicable Laws »).

The competent authorities for data protection in France are the National Commission on Informatics and Liberty (CNIL) for national compliance oversight, and the European Court of Justice (ECJ) for matters involving European Union law.

What personal data is collected? How are they collected ?

Personal Data means any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use:

Identity: surname, first name, maiden name, marital date and place of birth, proof of identity;

Personal life: personal email address, personal telephone number, personal postal address and proof of address;
Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip;
Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income;
Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection.

Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources.

The processing operations concern the personal data of Users, Customers or Prospects.

Why is personal data collected?

The main purpose of collecting Personal data through the Application is to allow us to:

Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use;

Conclude or execute any contract with you and to respond to any request for services;

Answer and satisfy your requests and eventual queries;

Manage of customer account;
Carry out customer loyalty operations;
Carry out commercial prospecting operations;
Development of statistics;
Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services;
Develop our services (launch new products or services, improve the application, etc.);
Protect our operations or those of others third parties and our rights and security or those of third parties;
Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy;
Resolve any disputes that we may have withs its Users and enforce contracts with third parties.

Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data.

What legal ground(s) do we rely on?

Personal Data processing is necessary for:

the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User’s request in accordance with Article 6(1)(b) of the GDPR

compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations;

the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc.

Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations.

How long do we keep your information?

We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account).

However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as:

legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements);
the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation).

While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required.

If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at support@linkcy.io

Who may we share your information with?

As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement.

We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular:

Our subsidiary company
Our Payments Services Provider
Our others Services Providers
Our Partners, as defined in the General Terms and Conditions of Use

These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy SAS.

We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy SAS.

In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party.

Is my Personal Data transferred outside the European Union?

The processing and hosting of the Personal Data are established on the territory of the European Union.

Nevertheless, if we transfer Personal Data outside the territory of the European Union, we guarantee that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data.

In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission).

How do we secure personal data?

We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data.

These measures include:

Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;
Careful selection of subcontractors;
administrative and technical controls to restrict access to Personal Data on a “need to know” basis;
technological security measures, including firewalls, encryption and anti-virus software, authentication devices;

Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk.

What are your rights regarding your personal data?

You have rights to the Personal Data that concerns you and that is processed by LinkCy SAS:

The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy.
The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person.
The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address).
The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation.
The right to limit processing: you have the right to « block » or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further.
The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller.
The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims.
The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal.
The right to provide us with instructions on the use of your Personal Data after your death – you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time.

How to contact us?

If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your Personal Data, please contact support@linkcy.io

We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

In the absence of a response from us or if you are not satisfied by our response or proposal or at any moment, you have the ability to lodge a complaint before the CNIL (the French data protection authority) or with the supervisory authority of the Member State of the European Union of your country of residence.