Purpose of processing
The micro-enterprise identified at the French National Institute for Statistical and Economic Studies under the SIREN ID 887 969 814 (hereinafter referred to as “TSEDACLICK”), whose head office is established at 14 rue Louise Dory in Romainville (France), operates the mobile application of the same name . This application is mainly used to facilitate the regular sending of donations to a panel of Partner Associations. In this context, TSEDACLICK is required to collect information relating to Users, which is recorded in its databases. These records allow:
- issuing tax receipts
- facilitating up-coming donations or pledges
- keeping Users informed of future developments relating to the Application, in particular:
- the referencing of new Partner Associations
- the addition of new features
- any changes to the Terms and Conditions and / or this Privacy Policy
- maintenance operations likely to modify access to the Application
- sending their contact details to associations that the User supports if they have given their consent.
Legal basis for processing
- Issue tax receipts: the legal basis for processing is compliance with a legal obligation incumbent on the User (see article 6.1.b of the General Data Protection Regulation governing the processing of personal data in the territory of the European Union, hereinafter referred to as “ RGPD ”). In this case, it is about being able to present this receipt to benefit from a tax reduction; for French tax residents, in application of articles 200, 238 bis and 885-0 V bis A of the General Tax Code (CGI); for United States residents, in application of the 501c3 article.
By virtue of the principle of data minimization, if the User does not wish to receive receipts, he remains free not to provide any information relating to his identity (see article 5.1.c of the GDPR).
- Facilitate future donations or pledges: the legal basis for processing is the legitimate interest of TSEDACLICK (cf. article 6.1.f of the GDPR), at knowing how to offer an innovative service, able to optimize the allocations granted to its partner Associations.
- Inform about developments in the app: the legal basis for processing is the legitimate interest of TSEDACLICK (cf. article 6.1.f of the GDPR), namely promote the Application to its Users.
- Transmit the User’s contact details to the partner associations they support: the legal basis for processing is consent (see article 6.1.a of the GDPR), and as required by article L. 34-5 of the postal and electronic communications code.
Categories of data collected
- Identity: surname, first name, postal and electronic addresses, country of tax residence
- Method of payment: country of issue, brand, type (debit / credit), expiry date, and last 4 digits of the bank card number. The visual cryptogram is never recorded or kept.
- History of donations and pledges: amount, currency, date, beneficiary association, entry method.
Data recipients
- TSEDACLICK is the recipient of all the categories of data set out above.
- If when making a donation, the words “ I authorize Tsedaclick to communicate my contact details to the associations that I support “, accessible and modifiable at any time from the The “ Personal Data ” tab is validated, information related to his identity is shared with the association receiving the donation, regardless of the amount.
- On the basis of anonymity, data relating to User activity may be analyzed by TSEDACLICK, its partner associations or service providers specializing in this type of data analysis.
Shelf life
- Identity: for as long as the User’s account is active. In the event of a request to delete his Account, the deletion of this data will take place within a maximum of 24 hours.
- Tax receipts: in respect of accounting obligations, these documents are kept for a minimum period of six (6) years from their issue.
- Data relating to donations and pledges: these data are kept for an indefinite period by TSEDACLICK. In the event of deletion of an Account, they are anonymized.
- Data relating to the means of payment: this data is immediately deleted if the Account is closed.
It should be noted that in the event of a change in the User’s means of payment, the data relating to the previous bank card is retained. In this case, the legitimate interest pursued is the prevention of fraud. Likewise, it remains possible, even after deletion of the Account, to access the IP address of the device used for each payment made.
User rights
The data collected is mainly stored on servers located in Frankfurt, Europe. For IT security purposes, part of it is duplicated on servers located in the United States, but in compliance with the GDPR.
TSEDACLICK uses third-party hosts to ensure this archiving. To find out more about the conditions for storing data by TSEDACLICK providers, the User can contact the DPO at the address: dpo@tsedaclick.com .
It is also possible to no longer receive information related to future changes to the Application by writing to the same email address.
All data concerning the User is accessible from the ” Personal Data ” tab. It is free to access, and it is always possible to rectify or have erased any data contained therein.
Finally, if he considers, after having contacted TSEDACLICK, that his “Data Protection” rights are not respected, the User remains free to submit a complaint online to the CNIL.