Privacy and data protection policy

This document explains the principles and our commitments for the protection of your Personal Data and aims to inform you of how we process the data of our customers, prospects and partners in order to provide you with the best possible customer experience :

  • The Personal Data that BRAVAS collects and the reasons for such collection,
  • How the Personal Data will be used,
  • Your rights as a person concerned by our data processing.

This Policy applies to all BRAVAS services, regardless of their nature (website, applications, services, etc.).

The person responsible for processing your data :

The data controller is BRAVAS. The contact details are as follows:

  • Postal address: 22 B Rue Audiguier 31500 TOULOUSE
  • E-mail: hello@bravas.io.

Identity and contact details of the Data Protection Officer :

The appointment of a Data Protection Officer demonstrates BRAVAS' commitment to the protection, security and confidentiality of its customers' Personal Data.

You can contact the Data Protection Officer at the following address: dpo@bravas.io

What Personal Data does BRAVAS use?

BRAVAS undertakes to collect only data strictly necessary for the provision of the services offered and which are mainly intended to configure, secure and control all of an organization's devices (computers, smartphones, tablets) from an intuitive interface, without being an IT expert. And mainly to automatically configure computers and applications with :

  • Bravas: Manage and protect your IT fleet
  • Bravas : Secure your data and user accounts
  • Bravas: Auditing your IT assets

If you are asked for optional data, BRAVAS will clearly inform you of the Personal Data required to provide the service.

Personal Data collected directly from you is used only for the purposes for which you have been informed.

If your personal data has not been collected from you, BRAVAS will inform you as soon as possible of the processing for which it has been collected and its purposes.

Personal Data is used to offer you other services, only if you have agreed to benefit from the service or to receive additional communications.

The purposes of our processing

Personal data may be collected in a number of situations. Under no circumstances will this data be passed on to third parties, except when you have been notified, when authorized by law and with the consent of the persons concerned whenever required.

The main purposes of our processing are :

a. Request for information on our website:

We collect and process only the personal data you voluntarily provide us, i.e. your name and e-mail address.

These data are collected and processed so that you can benefit from personalized information concerning your requests and so that you can be informed about our services and commercial offers.

b. Register for our services

When you register for Bravas services, we collect and process your first and last name, postal address, e-mail address, telephone number and bank details.

This data is collected and processed in order to :

  • Take into account your subscription and contract performance,
  • Manage your subscription payment,
  • Manage any contact you have with us regarding your subscription.

c. Commercial communications and prospecting :

We collect and process only the personal data you voluntarily provide us, i.e. your name and e-mail address.

This data is collected and processed in order to send you commercial communications, and to carry out loyalty actions or personalized commercial prospecting.

d. Access to our customers' data for the production of our services.

For the sole purpose of providing services to our customers, we access data contained in their information systems. These actions are carried out in the context of subcontracting within the meaning of data protection law and of the rider that appears in our contracts to govern it.

What is the legal basis for our processing?

BRAVAS relies on the following legitimate bases in order to be able to process Personal Data:

a. Performance of the contract :

BRAVAS carries out certain data processing operations based on the performance of the contract. In this respect, the customer is obliged to provide the data necessary for the execution of the contract. This processing of your personal data is necessary to enable you to use our services. If the customer does not provide this data, it may not be possible to provide the service to the online payment service provider.

b. Legal obligations :

Obligations by which BRAVAS complies with a legal or regulatory obligation fall into this category, such as the management and issue of invoices as part of BRAVAS' relationship with customers.

On the legal basis of compliance with our legal obligations, BRAVAS carries out certain data processing operations for the following purposes:

  • Management of responses to official requests from authorized public or judicial authorities;
  • Compliance with the regulations applicable to our business;
  • Keeping invoices and other obligatory documents relating to transactions in accordance with our obligations;
  • Managing requests to exercise your rights regarding your personal data.

c. Consent

On the basis of your consent, BRAVAS carries out certain data processing operations for the following purposes:

  • Sending information about our activities and personalized information tailored to the user's profile;
  • Response to the exercise of rights, as well as to questions and complaints from the user;
  • Management of cookies subject to consent.

Withdrawal of consent to such processing by the user shall not affect the performance of contracts entered into by the data subject with BRAVAS.

d. Legitimate interest

The legal basis for the processing of Personal Data may be legitimate interests such as ensuring that our site remains secure, or to understand users' needs, expectations and satisfaction levels, in order to improve our services, products and brands. All these actions are carried out with the aim of improving the level of customer satisfaction and ensuring a unique browsing and purchasing experience, in which case an assessment of the interest of such processing will make it possible to verify that it does not disproportionately infringe the rights of the data subject.

Based on its legitimate interests, we may implement certain data processing operations for the following purposes:

  • Knowing our contacts ;
  • Sending out satisfaction surveys;
  • The management, monitoring, control and development of our activities;
  • Managing your requests for information and complaints;
  • Information about changes to the terms and conditions of our sites and to this privacy policy;
  • The establishment of any evidence necessary to defend our rights;
  • Statistics and analysis to improve our products and services.

How BRAVAS protects Personal Data

BRAVAS undertakes to take into account the protection of your Personal Data and your privacy right from the conception of the services offered to you(Privacy by design). To ensure security and guarantee that your rights are respected and properly exercised, we implement measures to protect your Personal Data (Privacy by default).

To whom may your Personal Data be communicated?

Your data may be transmitted to :

  • BRAVAS internal departments: departments responsible for the execution of subscribed services, in particular Customer Service, Sales Administration, etc.
  • BRAVAS' external service providers: technical service providers, including
    subcontractors;
  • To BRAVAS commercial partners, after having informed you in advance and having allowed you to express your choices by means of a checkbox.

Can your Personal Data be transferred outside the European Union?

BRAVAS processes all your Personal Data within the European Union (EU).

However, for certain specific services, BRAVAS may have recourse to subcontractors established outside the EU. Certain Personal Data may then be communicated to them strictly for the purposes of their missions. In this case, in accordance with current regulations, BRAVAS requires its subcontractors to provide the necessary guarantees to supervise and secure such transfers, in particular by signing the European Commission's standard contractual clauses.

How long does BRAVAS keep your Personal Data?

The length of time your Personal Data is kept depends on the service subscribed to. BRAVAS undertakes not to retain your Personal Data beyond the period necessary for the provision of the service, and therefore for your use of the service, plus the retention period imposed by the applicable rules on legal prescription and a grace period of 30 days which allows the service to be reactivated if necessary.

Are your personal data protected?

BRAVAS undertakes to take all necessary measures to ensure the security and confidentiality of Personal Data and in particular to prevent it from being damaged, deleted or accessed by unauthorized third parties.

Furthermore, in the event of a security incident affecting your Personal Data (destruction, loss, alteration or disclosure), BRAVAS undertakes to comply with the obligation to notify violations of Personal Data, in particular to the CNIL.

What are your rights regarding your Personal Data?

You may at any time exercise the rights provided for by current regulations applicable to BRAVAS with regard to personal data, subject to meeting the conditions (which is linked to the legal basis of the processing):

  • Right of access: you may have access to your Personal Data processed on the basis of your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
  • Right of rectification: you may update your Personal Data or have your processed Personal Data rectified, based on your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
  • Right to object: you may express your wish that your Personal Data no longer be processed in cases where the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. On the other hand, you may not object to processing carried out within the framework of a legal obligation or as part of the performance of a public service mission which presents compelling and legitimate reasons overriding your rights and freedoms;
  • Right to deletion: you may request the deletion of your Personal Data, subject to the legal retention period, in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. On the other hand, you may not request the deletion of data processed in the context of a legal obligation or the performance of a public service mission;
  • Right to limitation: you may request the suspension of the processing of your Personal Data based on your consent, legal obligation, contractual performance or legitimate interest if you have a pending request for rectification, erasure or objection, or if you consider the processing unlawful;
  • Right to portability: you may request the recovery of your Personal Data in order to dispose of it only if the processing is based on your consent or the performance of a contract. You cannot benefit from the right to portability if the processing is carried out in the context of a legal obligation, the performance of a public service mission or legitimate interest.

When subscribing to a service or collecting your Personal Data, you will be given the address (postal and/or e-mail) to which you can send your request to exercise your rights.

All requests must be accompanied by proof of identity. BRAVAS undertakes to respond to your requests to exercise your rights as quickly as possible and in any event within the legal time limits.

Who to contact

The appointment of a Data Protection Officer demonstrates BRAVAS' commitment to the protection, security and confidentiality of its customers' Personal Data.

You can contact the Data Protection Officer at the following address: dpo@bravas.io

You also have the right to complain to the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07 (https://www.cnil.fr/) about the way BRAVAS processes your Personal Data.

Modification of this policy

Updates to this Privacy Policy will be posted on the BRAVAS website.

GLOSSARY

Each capitalized term has the meaning given below.

  • "Privacy and Personal Data Protection Policy" and "Policy": means this Policy describing the measures taken for the processing, use and management of your Personal Data and your rights as a data subject affected by the processing.

  • "Personal Data": Refers to any information relating to you and enabling you to be identified directly or indirectly.

  • "Processing": Refers to any operation or set of operations applied to your Personal Data.

  • "Data Controller": BRAVAS is responsible for processing your Personal Data.

  • "Personal Data Breach": Refers to a breach of security, resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to your Personal Data.

  • "Recipient": Refers to the department or company that receives communication and may access your Personal Data.