Skip to content

Personal data policy

1. Introduction

The main purpose of this document is to provide you with information about the processing of personal data carried out by A3BC Group (“A3BC Group” or “we”) in a concise, transparent, intelligible and easily accessible form, to help you understand how your data is processed.

2. Data is collected fairly and in a transparent manner

In order to ensure fair and transparent data collection, we provide information on each processing operation we carry out by means of information notices. Data is collected fairly. No data is collected without the knowledge or information of the data subjects.

3. Data is collected for legitimate and proportionate purposes

When we process data, we do so for specific purposes: each data processing carried out by us has a legitimate, specified and explicit purpose.
For each of the processing carried out, we undertake to collect and use only data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We ensure that the data is kept up to date and take steps to ensure that data that are inaccurate are erased or rectified.

4. What data do we process?

In the context of the processing of personal data, the purposes of which are presented to you below, A3BC Group collects and processes the following categories of data:

  • identification data of the data subject such as your title, your last name and first name, your date of birth, your phone number, your email address, the template of your fingerprints;
  • the login password associated with each customer account;
  • the date and time the user logs in and logs out;
  • the date and time documents and identification and authentication information are added, modified or deleted.

 

5. What are the legal bases and purposes of our processing?

The processing operations carried out by A3BC Group have the following purposes and legal bases: 

No. 

Purpose 

Sub-purpose 

Legal basis 

1.

Customer relationship 

Managing the activation of your customer account  

Consent 

Storing copies of supporting documents 

Performance of a contract and taking steps at the request of the data subject prior to entering into a contract 

Capturing the fingerprints of four of the fingers of one of the hands and calculating the corresponding template 

Consent 

Storing, updating and deleting the following documents and identification and authentication information: 

  • Curriculum vitae 
  • Proof of address 
  • Driving licence 
  • Accommodation certificate 
  • Pay slip 
  • Employment contract 
  • Cover letter 
  • Letter of recommendation 
  • Health insurance card 
  • Rent receipt 
  • Certificate of registration 
  • Bank details 
  • Family record book 
  • Tax notice 
  • Proof of activity 
  • Insurance certificate 
  • Identity document 
  • Fingerprint template 

Performance of a contract and taking steps at the request of the data subject prior to entering into a contract 

2.

Management of supporting documents 

Sharing stored documents and identification and authentication information with third parties 

Consent 

 

Performance of a contract and taking steps at the request of the data subject prior to entering into a contract  

3.

Login data management (Recording the login password associated with each customer account; 

Recording the date and time the user logs in and logs out; 

Recording the date and time documents and identification and authentication information are added, modified or deleted) 

Ensuring the non-repudiation of transactions carried out by means of documents and identification and authentication information recorded by the user 

Having proof in legal or judicial proceedings for which the provision of login data is requested 

Performance of a contract and taking steps at the request of the data subject prior to entering into a contract 

4.

Digital identity management 

 

Performance of a contract and taking steps at the request of the data subject prior to entering into a contract 

 

6. Who are the recipients of your data?

The recipients of your data are:

  • A3BC Group’s authorised members;
  • A3BC Group’s service providers and subcontractors, each to the extent to which it is concerned;
  • third parties in the context of requests for identification and authentication of transactions to which you are party.

We ensure that only authorised persons of those recipients have access to these data. A3BC Group has a strict clearance policy which ensures that the data it processes is only shared with those authorised to access them.

7. Do we transfer your data?

We may transfer personal data outside the European Union as part of the IT tools we use for our business.
These transfers will only be carried out after A3BC Group has taken measures to secure them, for example by using the standard contractual clauses adopted by the European Commission to provide a framework for the resulting cross-border flows.

 

8. How long are we keeping your data?

We ensure that data iskept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed. The periods for which we keep your personal data is proportionate to the purposes for which your data were collected.
More precisely, our data storage policy is organised as follows:

No. 

Category of data 

Purpose

Storage period 

1.

Identification of individuals 

Managing the activation of your customer account 

Duration of your customer account 

Storing, updating and deleting documents and identification and authentication information 

Until the deletion of your data and at the most as long as your customer account exists 

Capturing the fingerprints of four of the fingers of one of the hands and calculating the corresponding template 

Duration of your customer account 

Sharing stored documents and identification and authentication information with third parties 

24 hours from the registration of your consent to each sharing request 

Creating a digital identity 

Duration of your customer account 

2.

Login password associated with each customer account; 

Date and time the user logs in and logs out; 

Date and time documents and identification and authentication information are added, modified or deleted 

Ensuring the non-repudiation of transactions 

Having proof of transactions 

Duration of your customer account plus 7 years 

 

9. How do we ensure the security of your personal data?

The security of your personal data is very important to A3BC Group. We have implemented technical and organisational measures appropriate to the degree of sensitivity of the personal data, in order to ensure the integrity and confidentiality of the data and protect them against malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

10. Do we use processors?

Where we use a service provider, we will only disclose personal data to them after obtaining a commitment and guarantees from them that they will be able to meet security and confidentiality requirements. In compliance with our legal and regulatory obligations, the contracts concluded with our processors set out precisely the terms and conditions of the processing of personal data by them in accordance with personal data protection laws.

11. Do we use cookies?

More information about cookies can be found in our Cookie Policy.

12. What are your rights?

A3BC Group is committed to respecting your rights in relation to the data we process, in order to guarantee fair and transparent processing taking into account the particular circumstances and context in which your personal data is processed.

12.1 Your right of access

You have the right to obtain confirmation as to whether or not your personal data is being processed and, where that is the case, access to your data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient, and where applicable the international organisations, to whom the personal data have been or will be disclosed, in particular recipients in third countries;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and, at least in the latter case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

12.2 Your right to rectification of your data

You have the right to ask us, as the case may be, to rectify or complete your personal data that are inaccurate, incomplete, ambiguous or expired.

12.3 Your right to erasure of your data

You have the right to ask us to erase your personal data in the cases provided for by laws and regulations. Please note, however, that the right to erasure is not a general right and can only be exercised if one of the reasons provided for in the applicable laws is met.

12.4 Your right to restriction of processing of your data

You have the right to request restriction of processing of your personal data in the cases provided for by laws and regulations.

12.5 Your right to object to processing of your data

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on the legitimate interest pursued by the controller (see clause above on the legal bases for processing). If you exercise your right to object, we will no longer process your personal data for the processing concerned unless we demonstrate compelling legitimate grounds for the processing which must override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

12.6 Your right to data portability

You have the right to portability of your personal data. Please note, however, that the right to data portability is not a general right. Not all data from all processing operations are portable; the right to data portability only concerns processing carried out by automated means to the exclusion of manual or paper processing. This right is limited to processing based on your consent, on the performance of a contract or on the taking of steps prior to entering into a contract. This right does not include derived or inferred data, which are personal data created by A3BC Group.

12.7 Your right to withdraw your consent

Where the processing of personal data we carry out is based on your consent, you have the right to withdraw your consent at any time. We will then stop processing your personal data but this will not affect the operations based on consent before its withdrawal.

12.8 Your right to lodge a complaint

You have the right to lodge a complaint with the CNIL (3 place de Fontenoy 75007 Paris) on the French territory without prejudice to any administrative or judicial remedy.

12.9 Your right to give post-mortem instructions

You have the right to give special instructions on how your personal data should be stored, erased and shared after your death. These special instructions only concern, and will be limited to, the processing carried out by us. You also have the right, when that person will be designated by the executive branch, to give general instructions for the same purpose.

12.10 How to exercise your rights?

You may exercise the rights listed above by sending a request, together with a document proving your identity by any means, by email to contact.trustme@a3bc.io or by post to:  A3BC Group chez Teamwill, Tour EQHO, 2 avenue Gambetta 92400 Courbevoie.

13. Change to this document

We invite you to consult this policy on our website regularly. It may be updated at any time.