KIFLO undertakes to ensure that the personal data of the user (hereinafter referred to as the ‘User’) of the Kiflo Solution is collected and processed in accordance with Law No. 78-17 of 6 January 1978, as amended, relating to information technology, files and civil liberties, known as the " Data Protection Act‘, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (’GDPR"), and any legislation adopted pursuant to this Regulation.
1. The data controller
The User is informed that, with regard to the collection and processing of personal data concerning him/her, the data controller is KIFLO, a limited liability company with a capital of € 1,000.00, registered in the Trade and Companies Register under number 847 670 262 (Paris), with its registered office located at 39 rue de la Gare de Reuilly – 75012 PARIS (France).
2. Categories of data collected
KIFLO collects certain data directly from Users. This data is as follows:
- Personal details and contact information: surname, first name(s), gender, date and place of birth, nationality, postal address, email address, telephone number;
- Data relating to the User's professional situation: professional status;
- Connection data: identification data, logs, cookies, browsing data on the application (IP address or GPS data of the device used), identification of the device used to connect to the Solution, dates and times of connection;
- Verification data: data collected from third-party web service providers used to verify the User's identity and prevent fraudulent activity;
- Data relating to communications between KIFLO and the User: telephone calls, emails, complaints or claims;
3. Data processing
KIFLO collects data directly from Users. The legal basis for the processing of personal data is as follows:
For processing requiring consent, the User concerned has the right to withdraw their consent by sending a request to dpo@kiflo.com.
4. Communication of data to third parties
Users' personal information may be transmitted to KIFLO’s subcontractors, who act on behalf of and in accordance with KIFLO's instructions.
KIFLO uses subcontractors to carry out the following operations:
- Payment transactions;
- Fraud prevention during payment transactions;
- Sending commercial prospecting emails or newsletters;
- Maintenance of the application.
Furthermore, KIFLO may disclose User data to third parties in the following cases:
- if required by law, KIFLO may transfer personal data in order to respond to claims made against it and to comply with administrative and legal procedures;
- if KIFLO needs to act to defend its interests, it may be required to disclose personal data to lawyers.
- if KIFLO is involved in a merger, acquisition, asset transfer or receivership, it may be required to transfer or share all or part of its assets, including personal data. In this case, Users will be informed before personal data is transferred to a third party.
5. No transfer of data outside EU
User data collected by KIFLO is only transferred to third parties located inside the European Union and in the USA. When KIFLO transfers data outside the EU, it uses standard contractual clauses and rely on the European Commission's adequacy decision dated July 10th, 2023 for USA.
6. Data retention period
For the purposes of managing the commercial relationship with the User, the User's personal data is retained for a period of three (3) years. This period of 3 years runs from the closure of the User's account on the application.
Data relating to the provision of services included in the subscription taken out by the User is kept for the duration of the contractual relationship plus the limitation periods.
In addition, invoices are kept for a period of 10 years from the end of the financial year in which the invoice was issued.
The data necessary for collection operations shall be retained until full payment of the sums owed by the User.
Data relating to cookies and other trackers shall be retained for a maximum period of thirteen (13) months.
In order to combat fraud, the User's personal data may be retained for a maximum period of five (5) years from the date of issue of an alert or the closure of the file if the fraud is proven.
Finally, KIFLO may archive certain data for the applicable limitation period if such retention is necessary for the management of disputes or complaints.
7. Data security and confidentiality
The Solution implements organisational, technical, software and physical measures in terms of digital security to protect personal data against alteration, destruction and unauthorised access, as detailed in our Information Security Policy, which is accessible from our trust center at trust.kiflo.com.
When using subcontractors, KIFLO ensures that they comply with the rules relating to the protection of personal data.
8. Cookies
Use of cookies
KIFLO uses cookies for the following purposes:
- to compile statistics and traffic volumes (audience measurement cookies).
- to adapt the presentation of the Solution to the device used;
- to adapt the presentation of the Solution to the preferences of each User;
- compile statistics on the deliverability, opening and reading of newsletters or marketing emails sent by email.
Cookie settings
KIFLO uses only cookies that are strictly necessary for the proper functioning of the Solution. They are generally only set in response to actions taken by the User on the Solution.
The User may set its web browser settings to block the use of these cookies, but some features of KIFLO website and/or Solution will no longer be accessible.
The User may also set its browser to accept cookies or disable them.
Instructions on cookies for the most commonly used browsers are available at the following links:
- Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
- Apple Safari® (Mac): https://help.apple.com/safari/mac/8.0/en.lproj/sfri11471.html
9. User rights
In accordance with the regulations applicable to personal data, Users have the following rights, which they may exercise by writing to KIFLO at the address indicated in Article 1 ‘Data Controller’ or by sending an email to dpo@kiflo.com:
- Right of access to information concerning them (Article 15 of the GDPR),
- Right to update or rectify information concerning them (Article 16 of the GDPR), where such information is inaccurate or incomplete,
- Right to erasure of information concerning them (Article 17 of the GDPR), when this information is no longer necessary for the purposes of processing, when they have objected to its processing, when it has been processed unlawfully, or when its erasure is necessary to comply with a legal obligation,
- Right to withdraw consent at any time (Article 13.2.c of the GDPR) when the processing of their data is based on their consent,
- Right to restriction of processing of their data (Article 18 of the GDPR), when its accuracy is contested, when its processing is unlawful, when it is no longer useful to YYY but is necessary for the internet user to establish, exercise or defend their legal rights, or in the event that they object to its processing, for the time necessary to verify the primacy of the reasons pursued by YYY over those of the user,
- Right to object to the processing of their data (Article 21 of the GDPR) when the processing of the data is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, or when the data is processed for direct marketing purposes.
- Right to data portability (Article 20 of the GDPR).
The User also has the right to lodge a complaint with the CNIL, either by writing to the following address: CNIL, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, or online via the website www.cnil.fr/fr/plaintes.
Before implementing any of these rights, KIFLO may request proof of the User's identity in order to verify its accuracy.