FAKTUS PERSONAL DATA CHARTER

FAKTUS PERSONAL DATA CHARTER

FAKTUS PERSONAL DATA CHARTER

THIS CHARTER AIMS TO PROVIDE USERS WITH COMPLETE INFORMATION ABOUT THE USE MADE BY THE COMPANY OF THEIR PERSONAL DATA.

THE DEFINITIONS PROVIDED IN THE GENERAL TERMS OF USE, AS COMPLETED IF APPLICABLE BY GENERAL TERMS OF SALE OR SERVICE, APPLY TO THIS CHARTER ON PERSONAL DATA.

As part of its activities, the Company is obliged to collect and process personal data concerning Users, its Clients and/or their personnel, natural persons (hereinafter referred to as the "Data Subjects").

Concerned about the protection of the privacy of the Data Subjects and the processing of their personal data, the Company undertakes, as the Data Controller, to comply with the provisions of Regulation (EU) No 2016/679 of 27 April 2016, ensuring the highest level of protection for the personal data of the Data Subjects.

This Charter thus allows the Data Subjects to benefit from full transparency regarding the processing of their personal data by the Company.

I. WHO COLLECTS THE PERSONAL DATA OF USERS?

The Data Controller who collects personal data and implements data processing is the Company.

II. WHAT PERSONAL DATA DOES THE COMPANY COLLECT?

The Company ensures that it only collects personal data that is strictly necessary in relation to the purpose for which it is processed.

The various categories of personal data that the Company usually processes as part of its service and in accordance with its regulatory obligations are grouped under the following categories:

  • identifying personal data: such as first name, last name, place and date of birth, contact details (postal address, telephone number), nationality, identification numbers and documents (ID card, passport, residence permit, and tax numbers) of the Data Subjects;

  • banking personal data;

  • authentication data: such as identifying codes and passwords;

  • Browsing data: such as IP addresses, browsing data on the Site;

  • any type of information that the Data Subject voluntarily provides in the context of the services of the Company (notably as part of exchanges through forms, via customer service or in submitted documents).

Personal data is collected directly from the Data Subjects.

However, the Company may be required to process data obtained from third-party organizations, either with the consent of Users and Clients, or to comply with its regulatory obligations, notably from the Data Subjects' providers.

The Company only collects and processes data that is essential for providing Services or complying with its legal obligations.

III. WHAT ARE THE PURPOSES OF COLLECTING PERSONAL DATA FROM DATA SUBJECTS?

The Company is only authorized to use the personal data of the Data Subjects if it has a valid legal basis and must ensure it has one or more of the following legal bases:

  • The performance of a contract

  • The performance of a legal obligation

  • The legitimate interest of the Data Controller

  • When the Data Subject has given their consent.

The Company may collect and record personal data from the Data Subjects for the following purposes and according to the following legal bases:

PurposeLegal basisRetention periodManagement of the business relationship with the Data Subjects and provision of Faktus servicesPerformance of the contractDuration of the business relationship, then archived for 5 yearsProvision of the Site and the services offered on the SitePerformance of the contract3 years from the last activity on the SiteManagement of communications and follow-up of exchanges with the Data SubjectsPerformance of the contract3 years from each communicationCreation of a Customer AccountPerformance of the contract3 years from the last login to the Customer AccountCustomer servicePerformance of the contract3 years from each request, question, and complaintCompliance with legal and regulatory obligationsLegal obligationLegal retention periodFraud preventionLegitimate interest of the Company5 years from the closure of the fraud fileEstablishment of a customer and prospect fileLegitimate interest of the Company3 years from the last contact of the Data Subjects with the CompanyCommercial prospecting, conducting commercial operations and advertising campaigns for products and services identical to and similar to those provided by the Company to its clientsLegitimate interest of the Company3 years from the last contact of the Data Subject with the CompanySending newsletters, solicitations, and promotional messagesConsentUntil the withdrawal of consent or 3 years from the last contact of the Data Subjects with the Company

IV. ARE THE DATA OF THE DATA SUBJECTS TRANSFERRED TO THIRD PARTIES BY THE DATA CONTROLLER?

The personal data collected is solely processed by the Company, except in the following cases:

A. Communication to third parties necessary for the performance of the contract

The Company may be required to communicate personal data to its business partners and subcontractors, service providers, and administrative and control bodies, in strict accordance with the purposes defined above.

The provider SWAN acts as a joint data controller with the Company in the context of opening a payment account, using the data collected by the Company. SWAN also processes data for its own purpose, notably to provide its services and to meet its legal obligations regarding money laundering and terrorist financing. For more information on SWAN's processing of personal data, the User can consult the page: https://www.swan.io/privacy-policy.

B. Communication to authorities:

The Company may be required, in compliance with applicable regulations, to provide personal data in France or abroad for the purposes of establishing, safeguarding, or defending a right in court, during administrative or criminal investigations, or in the context of legal proceedings of all kinds.

C. This data may also be transmitted to third parties in the context of:

  • The fight against fraud and the recovery of debts;

  • The performance of maintenance and technical development operations for the Website, internal applications, and the information system of the Company;

  • The collection of opinions from Data Subjects;

  • The dispatch of the newsletter.

The Company may also share personal data, with the prior and express consent of the Data Subject in the event of a sale, transfer, or merger of the Company or part of it, or if the Company acquires or merges with another company.

If such a transaction occurs, the Company will ensure that the other party complies with data protection legislation.

V. WHAT ARE THE RIGHTS OF THE DATA SUBJECTS REGARDING THEIR PERSONAL DATA?

In accordance with articles 14 to 22 of Regulation 2016/679 of 27 April 2016, any natural person using the service has the ability to exercise the following rights:

  • A right to information (which refers to the provision of clear and easily accessible information to the Data Subject)

  • A right of access

  • A right of rectification

  • A right to object and erase their data;

  • A right to object to profiling

  • A right to limit processing (which means that the Company cannot, beyond a certain time, continue to process and use the personal data of the Data Subject)

  • A right to portability of their data (which refers to the right of the Data Subject to recover the data they have provided and must be transferred)

  • A right to deletion

Finally, when the Company detects a personal data breach that could pose a high risk to the rights and freedoms of the Data Subject, the Data Subject will be informed of this breach as soon as possible.

These rights can be exercised with the Company that collected the personal data by email at the following address: notification@faktus.eu.

In accordance with current regulations, any request must be signed and accompanied by a photocopy of an

identity document bearing the signature of the requester and specifying the address to which the response should be sent. A response will then be sent to the Data Subject within two (2) months following the receipt of the request.

VI. WHAT HAPPENS TO THE DATA OF THE SELLER DATA SUBJECT AFTER THEIR DEATH?

The Data Subject may send instructions to the Company regarding the retention, deletion, and communication of personal data after their death, in accordance with Article 40-1 of Law 78-17 of 6 January 1978. The Data Subject can formulate their advance directives at the following address: notification@faktus.eu.

VII. ARE THE DATA OF THE DATA SUBJECTS SENT OUTSIDE THE EUROPEAN UNION?

The personal data concerning the Data Subject will not be transmitted for the purposes of the aims defined above to companies located in countries outside the European Union, except for the communication of mandatory information to any banking establishment and/or payment provider outside the European Union in relation to the payment of the Price.

In the event of the transfer of personal data concerning the Data Subject to companies located outside the European Union, the data is only transferred to companies that have committed to ensuring a sufficient and appropriate level of data protection (notably through standard contractual clauses (SCC) or binding corporate rules (BCR)).

VIII. WHAT SECURITY MEASURES HAS THE COMPANY TAKEN TO PROTECT THE PERSONAL DATA OF THE DATA SUBJECTS?

A. Internal measures within the Company

As the Data Controller, the Company takes all necessary precautions to preserve the security and confidentiality of the data and notably, to prevent them from being distorted, damaged, or accessed by unauthorized third parties, through the security of the computer system to prevent external access to the personal data of the Data Subjects.

On the other hand, when it uses subcontractors, the Company ensures that they comply with the rules related to data protection.

B. Relationships with subcontractors

When it uses subcontractors that may process the personal data of the Data Subject, the Company ensures that those subcontractors provide sufficient guarantees regarding compliance with data protection rules, and at a minimum the same guarantees as those of the Company, by entering into a contract with those subcontractors for this purpose.

IX. DOES THE COMPANY USE COOKIES, TAGS, AND TRACKERS?

When the User uses the Company's Services, the Company automatically receives and records certain types of information such as the parameters of the internet browser used, the contents of the cart, or identifiers to allow the User to log in.

The cookies and trackers strictly necessary for providing a service expressly requested by the User do not require prior consent. Thus, for example, the following trackers do not require consent from Users:

  • session "identifier" cookies, for the duration of a session, or persistent cookies limited to a few hours in some cases;

  • authentication and consent cookies;

  • persistent cookies for personalizing the user interface (language choice or presentation).

Any other cookie requires prior information and the express and prior consent of the Data Subjects, for example:

  • cookies related to advertising operations;

  • cookies from social networks generated by social sharing buttons when they collect personal data without consent from the data subjects;

  • certain audience measurement cookies.

At the entry of the Data Subjects on the Site, an information message is displayed to alert them to the use of cookies.

The collection of consent is done by the appearance of a visible banner on the Website allowing the User to choose the cookies that will be placed on their terminal, excluding however, the cookies necessary for providing the Services.

Cookies as well as other unique identifiers are thus used to obtain this information when the browser or device of the Data Subjects accesses the Website.

A. What is a Cookie?

The term cookie encompasses several technologies that allow for the tracking of the navigation and actions of internet users. These technologies are multiple and constantly evolving. Notably, there are cookies, tags, pixels, and Javascript code.

A cookie is a small text file recorded by your computer, tablet, or smartphone's browser that preserves user data to facilitate navigation and enable certain functionalities.

B. For what reasons are cookies, tags, and trackers used?

Cookies are used by the Company to remember the preferences of the Data Subjects, optimize and improve the User's use of the Website by providing content that is more specifically tailored to their needs.

C. The Cookies that the Company issues on the site allow:

  • To identify the User when they log in to the Site;

  • To determine the internet browser settings of the Data Subjects, such as the type of browser used and the plug-ins installed;

  • To establish statistics and volume of visits and usage of the various elements making up our services (using audience measurement cookies);

  • To adapt the presentation of the Website according to the terminal used;

  • To adapt the presentation of the Website according to the affinities of each User;

  • To optimize the services offered on the Website;

  • To communicate with the User in a targeted manner.

Only the issuer of a cookie can read or modify the information contained therein.

Some cookies are installed until the Data Subjects close their browser, while others are kept for longer.

D. Browser software settings

The User can configure their browser software so that cookies are stored on their terminal or, conversely, that they are rejected, either systematically or depending on their issuer.

The User can also configure their browser software so that the acceptance or refusal of cookies is offered to them on an ad-hoc basis before a cookie is likely to be stored on their terminal.

E. How to exercise this choice, depending on the browser used?

For cookie management, the configuration of each browser is different.

The "help" section of the toolbar of most browsers indicates how to refuse new "cookies" or obtain a message that signals their receipt, or how to disable all "cookies".

The cookies that the Company issues are used for the purposes described above, subject to the choices of the Data Subjects, which result from the settings of their browser software used during their visit to the Site and their agreement by clicking on the "ok" button of the cookie banner.

Several options are available to the User for managing cookies. Any settings made by the Data Subjects regarding the use of cookies may modify their internet browsing and their access conditions to certain services requiring the use of cookies.

The User can choose at any time to express and modify their wishes regarding cookies, directly from the settings of their internet browser.

Each procedure being different, the User is invited to refer to the documentation related to their browser, accessible from the website of its publisher.

X. THE DATA PROTECTION OFFICER OF THE COMPANY

The Company has appointed a data protection officer who can be contacted by email at the following address: notification@faktus.eu.

XI. UPDATE OF THE PERSONAL DATA POLICY

The Company may update this policy occasionally.

In the event of a significant development, the Company will notify the Data Subject by email or by any other means.


THIS CHARTER AIMS TO PROVIDE USERS WITH COMPLETE INFORMATION ABOUT THE USE MADE BY THE COMPANY OF THEIR PERSONAL DATA.

THE DEFINITIONS PROVIDED IN THE GENERAL TERMS OF USE, AS COMPLETED IF APPLICABLE BY GENERAL TERMS OF SALE OR SERVICE, APPLY TO THIS CHARTER ON PERSONAL DATA.

As part of its activities, the Company is obliged to collect and process personal data concerning Users, its Clients and/or their personnel, natural persons (hereinafter referred to as the "Data Subjects").

Concerned about the protection of the privacy of the Data Subjects and the processing of their personal data, the Company undertakes, as the Data Controller, to comply with the provisions of Regulation (EU) No 2016/679 of 27 April 2016, ensuring the highest level of protection for the personal data of the Data Subjects.

This Charter thus allows the Data Subjects to benefit from full transparency regarding the processing of their personal data by the Company.

I. WHO COLLECTS THE PERSONAL DATA OF USERS?

The Data Controller who collects personal data and implements data processing is the Company.

II. WHAT PERSONAL DATA DOES THE COMPANY COLLECT?

The Company ensures that it only collects personal data that is strictly necessary in relation to the purpose for which it is processed.

The various categories of personal data that the Company usually processes as part of its service and in accordance with its regulatory obligations are grouped under the following categories:

  • identifying personal data: such as first name, last name, place and date of birth, contact details (postal address, telephone number), nationality, identification numbers and documents (ID card, passport, residence permit, and tax numbers) of the Data Subjects;

  • banking personal data;

  • authentication data: such as identifying codes and passwords;

  • Browsing data: such as IP addresses, browsing data on the Site;

  • any type of information that the Data Subject voluntarily provides in the context of the services of the Company (notably as part of exchanges through forms, via customer service or in submitted documents).

Personal data is collected directly from the Data Subjects.

However, the Company may be required to process data obtained from third-party organizations, either with the consent of Users and Clients, or to comply with its regulatory obligations, notably from the Data Subjects' providers.

The Company only collects and processes data that is essential for providing Services or complying with its legal obligations.

III. WHAT ARE THE PURPOSES OF COLLECTING PERSONAL DATA FROM DATA SUBJECTS?

The Company is only authorized to use the personal data of the Data Subjects if it has a valid legal basis and must ensure it has one or more of the following legal bases:

  • The performance of a contract

  • The performance of a legal obligation

  • The legitimate interest of the Data Controller

  • When the Data Subject has given their consent.

The Company may collect and record personal data from the Data Subjects for the following purposes and according to the following legal bases:

PurposeLegal basisRetention periodManagement of the business relationship with the Data Subjects and provision of Faktus servicesPerformance of the contractDuration of the business relationship, then archived for 5 yearsProvision of the Site and the services offered on the SitePerformance of the contract3 years from the last activity on the SiteManagement of communications and follow-up of exchanges with the Data SubjectsPerformance of the contract3 years from each communicationCreation of a Customer AccountPerformance of the contract3 years from the last login to the Customer AccountCustomer servicePerformance of the contract3 years from each request, question, and complaintCompliance with legal and regulatory obligationsLegal obligationLegal retention periodFraud preventionLegitimate interest of the Company5 years from the closure of the fraud fileEstablishment of a customer and prospect fileLegitimate interest of the Company3 years from the last contact of the Data Subjects with the CompanyCommercial prospecting, conducting commercial operations and advertising campaigns for products and services identical to and similar to those provided by the Company to its clientsLegitimate interest of the Company3 years from the last contact of the Data Subject with the CompanySending newsletters, solicitations, and promotional messagesConsentUntil the withdrawal of consent or 3 years from the last contact of the Data Subjects with the Company

IV. ARE THE DATA OF THE DATA SUBJECTS TRANSFERRED TO THIRD PARTIES BY THE DATA CONTROLLER?

The personal data collected is solely processed by the Company, except in the following cases:

A. Communication to third parties necessary for the performance of the contract

The Company may be required to communicate personal data to its business partners and subcontractors, service providers, and administrative and control bodies, in strict accordance with the purposes defined above.

The provider SWAN acts as a joint data controller with the Company in the context of opening a payment account, using the data collected by the Company. SWAN also processes data for its own purpose, notably to provide its services and to meet its legal obligations regarding money laundering and terrorist financing. For more information on SWAN's processing of personal data, the User can consult the page: https://www.swan.io/privacy-policy.

B. Communication to authorities:

The Company may be required, in compliance with applicable regulations, to provide personal data in France or abroad for the purposes of establishing, safeguarding, or defending a right in court, during administrative or criminal investigations, or in the context of legal proceedings of all kinds.

C. This data may also be transmitted to third parties in the context of:

  • The fight against fraud and the recovery of debts;

  • The performance of maintenance and technical development operations for the Website, internal applications, and the information system of the Company;

  • The collection of opinions from Data Subjects;

  • The dispatch of the newsletter.

The Company may also share personal data, with the prior and express consent of the Data Subject in the event of a sale, transfer, or merger of the Company or part of it, or if the Company acquires or merges with another company.

If such a transaction occurs, the Company will ensure that the other party complies with data protection legislation.

V. WHAT ARE THE RIGHTS OF THE DATA SUBJECTS REGARDING THEIR PERSONAL DATA?

In accordance with articles 14 to 22 of Regulation 2016/679 of 27 April 2016, any natural person using the service has the ability to exercise the following rights:

  • A right to information (which refers to the provision of clear and easily accessible information to the Data Subject)

  • A right of access

  • A right of rectification

  • A right to object and erase their data;

  • A right to object to profiling

  • A right to limit processing (which means that the Company cannot, beyond a certain time, continue to process and use the personal data of the Data Subject)

  • A right to portability of their data (which refers to the right of the Data Subject to recover the data they have provided and must be transferred)

  • A right to deletion

Finally, when the Company detects a personal data breach that could pose a high risk to the rights and freedoms of the Data Subject, the Data Subject will be informed of this breach as soon as possible.

These rights can be exercised with the Company that collected the personal data by email at the following address: notification@faktus.eu.

In accordance with current regulations, any request must be signed and accompanied by a photocopy of an

identity document bearing the signature of the requester and specifying the address to which the response should be sent. A response will then be sent to the Data Subject within two (2) months following the receipt of the request.

VI. WHAT HAPPENS TO THE DATA OF THE SELLER DATA SUBJECT AFTER THEIR DEATH?

The Data Subject may send instructions to the Company regarding the retention, deletion, and communication of personal data after their death, in accordance with Article 40-1 of Law 78-17 of 6 January 1978. The Data Subject can formulate their advance directives at the following address: notification@faktus.eu.

VII. ARE THE DATA OF THE DATA SUBJECTS SENT OUTSIDE THE EUROPEAN UNION?

The personal data concerning the Data Subject will not be transmitted for the purposes of the aims defined above to companies located in countries outside the European Union, except for the communication of mandatory information to any banking establishment and/or payment provider outside the European Union in relation to the payment of the Price.

In the event of the transfer of personal data concerning the Data Subject to companies located outside the European Union, the data is only transferred to companies that have committed to ensuring a sufficient and appropriate level of data protection (notably through standard contractual clauses (SCC) or binding corporate rules (BCR)).

VIII. WHAT SECURITY MEASURES HAS THE COMPANY TAKEN TO PROTECT THE PERSONAL DATA OF THE DATA SUBJECTS?

A. Internal measures within the Company

As the Data Controller, the Company takes all necessary precautions to preserve the security and confidentiality of the data and notably, to prevent them from being distorted, damaged, or accessed by unauthorized third parties, through the security of the computer system to prevent external access to the personal data of the Data Subjects.

On the other hand, when it uses subcontractors, the Company ensures that they comply with the rules related to data protection.

B. Relationships with subcontractors

When it uses subcontractors that may process the personal data of the Data Subject, the Company ensures that those subcontractors provide sufficient guarantees regarding compliance with data protection rules, and at a minimum the same guarantees as those of the Company, by entering into a contract with those subcontractors for this purpose.

IX. DOES THE COMPANY USE COOKIES, TAGS, AND TRACKERS?

When the User uses the Company's Services, the Company automatically receives and records certain types of information such as the parameters of the internet browser used, the contents of the cart, or identifiers to allow the User to log in.

The cookies and trackers strictly necessary for providing a service expressly requested by the User do not require prior consent. Thus, for example, the following trackers do not require consent from Users:

  • session "identifier" cookies, for the duration of a session, or persistent cookies limited to a few hours in some cases;

  • authentication and consent cookies;

  • persistent cookies for personalizing the user interface (language choice or presentation).

Any other cookie requires prior information and the express and prior consent of the Data Subjects, for example:

  • cookies related to advertising operations;

  • cookies from social networks generated by social sharing buttons when they collect personal data without consent from the data subjects;

  • certain audience measurement cookies.

At the entry of the Data Subjects on the Site, an information message is displayed to alert them to the use of cookies.

The collection of consent is done by the appearance of a visible banner on the Website allowing the User to choose the cookies that will be placed on their terminal, excluding however, the cookies necessary for providing the Services.

Cookies as well as other unique identifiers are thus used to obtain this information when the browser or device of the Data Subjects accesses the Website.

A. What is a Cookie?

The term cookie encompasses several technologies that allow for the tracking of the navigation and actions of internet users. These technologies are multiple and constantly evolving. Notably, there are cookies, tags, pixels, and Javascript code.

A cookie is a small text file recorded by your computer, tablet, or smartphone's browser that preserves user data to facilitate navigation and enable certain functionalities.

B. For what reasons are cookies, tags, and trackers used?

Cookies are used by the Company to remember the preferences of the Data Subjects, optimize and improve the User's use of the Website by providing content that is more specifically tailored to their needs.

C. The Cookies that the Company issues on the site allow:

  • To identify the User when they log in to the Site;

  • To determine the internet browser settings of the Data Subjects, such as the type of browser used and the plug-ins installed;

  • To establish statistics and volume of visits and usage of the various elements making up our services (using audience measurement cookies);

  • To adapt the presentation of the Website according to the terminal used;

  • To adapt the presentation of the Website according to the affinities of each User;

  • To optimize the services offered on the Website;

  • To communicate with the User in a targeted manner.

Only the issuer of a cookie can read or modify the information contained therein.

Some cookies are installed until the Data Subjects close their browser, while others are kept for longer.

D. Browser software settings

The User can configure their browser software so that cookies are stored on their terminal or, conversely, that they are rejected, either systematically or depending on their issuer.

The User can also configure their browser software so that the acceptance or refusal of cookies is offered to them on an ad-hoc basis before a cookie is likely to be stored on their terminal.

E. How to exercise this choice, depending on the browser used?

For cookie management, the configuration of each browser is different.

The "help" section of the toolbar of most browsers indicates how to refuse new "cookies" or obtain a message that signals their receipt, or how to disable all "cookies".

The cookies that the Company issues are used for the purposes described above, subject to the choices of the Data Subjects, which result from the settings of their browser software used during their visit to the Site and their agreement by clicking on the "ok" button of the cookie banner.

Several options are available to the User for managing cookies. Any settings made by the Data Subjects regarding the use of cookies may modify their internet browsing and their access conditions to certain services requiring the use of cookies.

The User can choose at any time to express and modify their wishes regarding cookies, directly from the settings of their internet browser.

Each procedure being different, the User is invited to refer to the documentation related to their browser, accessible from the website of its publisher.

X. THE DATA PROTECTION OFFICER OF THE COMPANY

The Company has appointed a data protection officer who can be contacted by email at the following address: notification@faktus.eu.

XI. UPDATE OF THE PERSONAL DATA POLICY

The Company may update this policy occasionally.

In the event of a significant development, the Company will notify the Data Subject by email or by any other means.


THIS CHARTER AIMS TO PROVIDE USERS WITH COMPLETE INFORMATION ABOUT THE USE MADE BY THE COMPANY OF THEIR PERSONAL DATA.

THE DEFINITIONS PROVIDED IN THE GENERAL TERMS OF USE, AS COMPLETED IF APPLICABLE BY GENERAL TERMS OF SALE OR SERVICE, APPLY TO THIS CHARTER ON PERSONAL DATA.

As part of its activities, the Company is obliged to collect and process personal data concerning Users, its Clients and/or their personnel, natural persons (hereinafter referred to as the "Data Subjects").

Concerned about the protection of the privacy of the Data Subjects and the processing of their personal data, the Company undertakes, as the Data Controller, to comply with the provisions of Regulation (EU) No 2016/679 of 27 April 2016, ensuring the highest level of protection for the personal data of the Data Subjects.

This Charter thus allows the Data Subjects to benefit from full transparency regarding the processing of their personal data by the Company.

I. WHO COLLECTS THE PERSONAL DATA OF USERS?

The Data Controller who collects personal data and implements data processing is the Company.

II. WHAT PERSONAL DATA DOES THE COMPANY COLLECT?

The Company ensures that it only collects personal data that is strictly necessary in relation to the purpose for which it is processed.

The various categories of personal data that the Company usually processes as part of its service and in accordance with its regulatory obligations are grouped under the following categories:

  • identifying personal data: such as first name, last name, place and date of birth, contact details (postal address, telephone number), nationality, identification numbers and documents (ID card, passport, residence permit, and tax numbers) of the Data Subjects;

  • banking personal data;

  • authentication data: such as identifying codes and passwords;

  • Browsing data: such as IP addresses, browsing data on the Site;

  • any type of information that the Data Subject voluntarily provides in the context of the services of the Company (notably as part of exchanges through forms, via customer service or in submitted documents).

Personal data is collected directly from the Data Subjects.

However, the Company may be required to process data obtained from third-party organizations, either with the consent of Users and Clients, or to comply with its regulatory obligations, notably from the Data Subjects' providers.

The Company only collects and processes data that is essential for providing Services or complying with its legal obligations.

III. WHAT ARE THE PURPOSES OF COLLECTING PERSONAL DATA FROM DATA SUBJECTS?

The Company is only authorized to use the personal data of the Data Subjects if it has a valid legal basis and must ensure it has one or more of the following legal bases:

  • The performance of a contract

  • The performance of a legal obligation

  • The legitimate interest of the Data Controller

  • When the Data Subject has given their consent.

The Company may collect and record personal data from the Data Subjects for the following purposes and according to the following legal bases:

PurposeLegal basisRetention periodManagement of the business relationship with the Data Subjects and provision of Faktus servicesPerformance of the contractDuration of the business relationship, then archived for 5 yearsProvision of the Site and the services offered on the SitePerformance of the contract3 years from the last activity on the SiteManagement of communications and follow-up of exchanges with the Data SubjectsPerformance of the contract3 years from each communicationCreation of a Customer AccountPerformance of the contract3 years from the last login to the Customer AccountCustomer servicePerformance of the contract3 years from each request, question, and complaintCompliance with legal and regulatory obligationsLegal obligationLegal retention periodFraud preventionLegitimate interest of the Company5 years from the closure of the fraud fileEstablishment of a customer and prospect fileLegitimate interest of the Company3 years from the last contact of the Data Subjects with the CompanyCommercial prospecting, conducting commercial operations and advertising campaigns for products and services identical to and similar to those provided by the Company to its clientsLegitimate interest of the Company3 years from the last contact of the Data Subject with the CompanySending newsletters, solicitations, and promotional messagesConsentUntil the withdrawal of consent or 3 years from the last contact of the Data Subjects with the Company

IV. ARE THE DATA OF THE DATA SUBJECTS TRANSFERRED TO THIRD PARTIES BY THE DATA CONTROLLER?

The personal data collected is solely processed by the Company, except in the following cases:

A. Communication to third parties necessary for the performance of the contract

The Company may be required to communicate personal data to its business partners and subcontractors, service providers, and administrative and control bodies, in strict accordance with the purposes defined above.

The provider SWAN acts as a joint data controller with the Company in the context of opening a payment account, using the data collected by the Company. SWAN also processes data for its own purpose, notably to provide its services and to meet its legal obligations regarding money laundering and terrorist financing. For more information on SWAN's processing of personal data, the User can consult the page: https://www.swan.io/privacy-policy.

B. Communication to authorities:

The Company may be required, in compliance with applicable regulations, to provide personal data in France or abroad for the purposes of establishing, safeguarding, or defending a right in court, during administrative or criminal investigations, or in the context of legal proceedings of all kinds.

C. This data may also be transmitted to third parties in the context of:

  • The fight against fraud and the recovery of debts;

  • The performance of maintenance and technical development operations for the Website, internal applications, and the information system of the Company;

  • The collection of opinions from Data Subjects;

  • The dispatch of the newsletter.

The Company may also share personal data, with the prior and express consent of the Data Subject in the event of a sale, transfer, or merger of the Company or part of it, or if the Company acquires or merges with another company.

If such a transaction occurs, the Company will ensure that the other party complies with data protection legislation.

V. WHAT ARE THE RIGHTS OF THE DATA SUBJECTS REGARDING THEIR PERSONAL DATA?

In accordance with articles 14 to 22 of Regulation 2016/679 of 27 April 2016, any natural person using the service has the ability to exercise the following rights:

  • A right to information (which refers to the provision of clear and easily accessible information to the Data Subject)

  • A right of access

  • A right of rectification

  • A right to object and erase their data;

  • A right to object to profiling

  • A right to limit processing (which means that the Company cannot, beyond a certain time, continue to process and use the personal data of the Data Subject)

  • A right to portability of their data (which refers to the right of the Data Subject to recover the data they have provided and must be transferred)

  • A right to deletion

Finally, when the Company detects a personal data breach that could pose a high risk to the rights and freedoms of the Data Subject, the Data Subject will be informed of this breach as soon as possible.

These rights can be exercised with the Company that collected the personal data by email at the following address: notification@faktus.eu.

In accordance with current regulations, any request must be signed and accompanied by a photocopy of an

identity document bearing the signature of the requester and specifying the address to which the response should be sent. A response will then be sent to the Data Subject within two (2) months following the receipt of the request.

VI. WHAT HAPPENS TO THE DATA OF THE SELLER DATA SUBJECT AFTER THEIR DEATH?

The Data Subject may send instructions to the Company regarding the retention, deletion, and communication of personal data after their death, in accordance with Article 40-1 of Law 78-17 of 6 January 1978. The Data Subject can formulate their advance directives at the following address: notification@faktus.eu.

VII. ARE THE DATA OF THE DATA SUBJECTS SENT OUTSIDE THE EUROPEAN UNION?

The personal data concerning the Data Subject will not be transmitted for the purposes of the aims defined above to companies located in countries outside the European Union, except for the communication of mandatory information to any banking establishment and/or payment provider outside the European Union in relation to the payment of the Price.

In the event of the transfer of personal data concerning the Data Subject to companies located outside the European Union, the data is only transferred to companies that have committed to ensuring a sufficient and appropriate level of data protection (notably through standard contractual clauses (SCC) or binding corporate rules (BCR)).

VIII. WHAT SECURITY MEASURES HAS THE COMPANY TAKEN TO PROTECT THE PERSONAL DATA OF THE DATA SUBJECTS?

A. Internal measures within the Company

As the Data Controller, the Company takes all necessary precautions to preserve the security and confidentiality of the data and notably, to prevent them from being distorted, damaged, or accessed by unauthorized third parties, through the security of the computer system to prevent external access to the personal data of the Data Subjects.

On the other hand, when it uses subcontractors, the Company ensures that they comply with the rules related to data protection.

B. Relationships with subcontractors

When it uses subcontractors that may process the personal data of the Data Subject, the Company ensures that those subcontractors provide sufficient guarantees regarding compliance with data protection rules, and at a minimum the same guarantees as those of the Company, by entering into a contract with those subcontractors for this purpose.

IX. DOES THE COMPANY USE COOKIES, TAGS, AND TRACKERS?

When the User uses the Company's Services, the Company automatically receives and records certain types of information such as the parameters of the internet browser used, the contents of the cart, or identifiers to allow the User to log in.

The cookies and trackers strictly necessary for providing a service expressly requested by the User do not require prior consent. Thus, for example, the following trackers do not require consent from Users:

  • session "identifier" cookies, for the duration of a session, or persistent cookies limited to a few hours in some cases;

  • authentication and consent cookies;

  • persistent cookies for personalizing the user interface (language choice or presentation).

Any other cookie requires prior information and the express and prior consent of the Data Subjects, for example:

  • cookies related to advertising operations;

  • cookies from social networks generated by social sharing buttons when they collect personal data without consent from the data subjects;

  • certain audience measurement cookies.

At the entry of the Data Subjects on the Site, an information message is displayed to alert them to the use of cookies.

The collection of consent is done by the appearance of a visible banner on the Website allowing the User to choose the cookies that will be placed on their terminal, excluding however, the cookies necessary for providing the Services.

Cookies as well as other unique identifiers are thus used to obtain this information when the browser or device of the Data Subjects accesses the Website.

A. What is a Cookie?

The term cookie encompasses several technologies that allow for the tracking of the navigation and actions of internet users. These technologies are multiple and constantly evolving. Notably, there are cookies, tags, pixels, and Javascript code.

A cookie is a small text file recorded by your computer, tablet, or smartphone's browser that preserves user data to facilitate navigation and enable certain functionalities.

B. For what reasons are cookies, tags, and trackers used?

Cookies are used by the Company to remember the preferences of the Data Subjects, optimize and improve the User's use of the Website by providing content that is more specifically tailored to their needs.

C. The Cookies that the Company issues on the site allow:

  • To identify the User when they log in to the Site;

  • To determine the internet browser settings of the Data Subjects, such as the type of browser used and the plug-ins installed;

  • To establish statistics and volume of visits and usage of the various elements making up our services (using audience measurement cookies);

  • To adapt the presentation of the Website according to the terminal used;

  • To adapt the presentation of the Website according to the affinities of each User;

  • To optimize the services offered on the Website;

  • To communicate with the User in a targeted manner.

Only the issuer of a cookie can read or modify the information contained therein.

Some cookies are installed until the Data Subjects close their browser, while others are kept for longer.

D. Browser software settings

The User can configure their browser software so that cookies are stored on their terminal or, conversely, that they are rejected, either systematically or depending on their issuer.

The User can also configure their browser software so that the acceptance or refusal of cookies is offered to them on an ad-hoc basis before a cookie is likely to be stored on their terminal.

E. How to exercise this choice, depending on the browser used?

For cookie management, the configuration of each browser is different.

The "help" section of the toolbar of most browsers indicates how to refuse new "cookies" or obtain a message that signals their receipt, or how to disable all "cookies".

The cookies that the Company issues are used for the purposes described above, subject to the choices of the Data Subjects, which result from the settings of their browser software used during their visit to the Site and their agreement by clicking on the "ok" button of the cookie banner.

Several options are available to the User for managing cookies. Any settings made by the Data Subjects regarding the use of cookies may modify their internet browsing and their access conditions to certain services requiring the use of cookies.

The User can choose at any time to express and modify their wishes regarding cookies, directly from the settings of their internet browser.

Each procedure being different, the User is invited to refer to the documentation related to their browser, accessible from the website of its publisher.

X. THE DATA PROTECTION OFFICER OF THE COMPANY

The Company has appointed a data protection officer who can be contacted by email at the following address: notification@faktus.eu.

XI. UPDATE OF THE PERSONAL DATA POLICY

The Company may update this policy occasionally.

In the event of a significant development, the Company will notify the Data Subject by email or by any other means.


Vous pouvez modifier vos choix de cookies à tout moment en cliquant ici .

Pages

Business account

Simplified factoring

Surety

Our mission

Our commitments

Information

Team

Legal Notice

Terms and Conditions

Personal data

Faktus, a company registered with the Paris Trade and Companies Register under number 978 087 138, whose registered office is located at 142 Rue Montmartre 75002 Paris, is listed in the Unique Register of Insurance, Banking and Financial Intermediaries under registration number 23008083 as a non-exclusive agent in banking operations and payment services.

© 2026 Faktus

Pages

Business account

Simplified factoring

Surety

Our mission

Our commitments

Information

Team

Legal Notice

Terms and Conditions

Personal data

Faktus, a company registered with the Paris Trade and Companies Register under number 978 087 138, whose registered office is located at 142 Rue Montmartre 75002 Paris, is listed in the Unique Register of Insurance, Banking and Financial Intermediaries under registration number 23008083 as a non-exclusive agent in banking operations and payment services.

© 2026 Faktus

Pages

Business account

Simplified factoring

Surety

Our mission

Our commitments

Information

Team

Legal Notice

Terms and Conditions

Personal data

Faktus, a company registered with the Paris Trade and Companies Register under number 978 087 138, whose registered office is located at 142 Rue Montmartre 75002 Paris, is listed in the Unique Register of Insurance, Banking and Financial Intermediaries under registration number 23008083 as a non-exclusive agent in banking operations and payment services.

© 2026 Faktus

Update cookies preferences