When you use the Collective platform, we may collect personal data about you.
The purpose of this policy is to inform you about the ways in which we process this data.
1.Datacontroller
Collective, Simplified joint stock company
RCS Paris n° 892 760 539
Registered office: 9 rue des Colonnes, 75002 Paris, France
(hereinafter: "We")
2. What is the purpose of the data collected?
Your data is processed for one or more purposes. Each purpose is associated with a legal basis of which you can find the list below.
Based on the execution of pre-contractual measures taken at your request and/or the execution of the service contract you have signed, we implement processing for the following purposes:
To allow you to create and access your account;
To allow you to carry out missions for your clients as a member of a collective or to submit a project and to follow up on the execution of your missions as a client.
Based on our legitimate interest in developing and promoting our activity, we implement processing for the following purposes:
To respond to your requests for information;
To build up a file of members and clients; To manage any disputes that may arise regarding our services.
Based on the respect of our legal and regulatory obligations, we implement processing for the following purposes:
The respect of the regulations applicable to our activity;
The management of requests to exercise rights.
3. What personal data do we collect?
A personal data is a data which allows to identify an individual. We collect data which fall under the following categories:
- Identification data (for example: name, first name, email address, postal address, identity card);
- Data relating to your professional life (for example: exercised job); - Data relating to your personal situation;
- Connection data (for example: IP address, logs);
- Economic and financial data (for example: RIB).
Mandatory data are indicated when you provide us with your data. They are necessary to provide you with our services.
4. Who are the recipients of the data?
- The staff of our company
- Our subcontractors: hosting service provider, audience measurement and analysis service provider, invoice manager, accounting software
- If necessary: the services responsible for control (auditor in particular), public bodies, exclusively to meet our legal obligations, court officers, judicial officers and bodies responsible for debt collection.
5. How long is the data kept?
Data collected to provide our services and to enable you to perform assignments for clients, data required for evidentiary purposes: duration of the legal statute of limitations (as a general rule 5 years) - invoices 10 years
. Data is kept during the processing of an information request and is deleted once the information request has been processed. Data collected for the purpose of sending newsletters, solicitations and promotional messages: 3 years from the collection of the data.
6. Will your data be transferred outside the European Union?
Your data is stored on AWS servers.
Your data may be transferred outside the European Union as part of the tools we use and our relationship with our subcontractors (see "Who is the recipient of the data?").
This transfer is secured by means of the following tools:
- Either this data is transferred to a country that has been judged to offer an adequate level of protection by a decision of the European Commission;
- Or we have entered into a specific contract with our subcontractors governing transfers of your data outside the European Union, based on the standard contractual clauses between a data controller and a subcontractor, approved by the European Commission
7. What are your rights regarding your data?
You have the following rights with regard to your personal data:
- Right to information: This is the reason why we have drawn up this charter.
- Right of access: You have the right to access all your personal data at any time.
- Right of rectification: You have the right to rectify at any time your inaccurate, incomplete or obsolete personal data.
- Right to limitation: You have the right to obtain the limitation of the processing of your personal data in certain cases defined in art.18 of the RGPD.
- Right to limitation: You have the right to obtain the limitation of the processing of your personal data in certain cases defined in art.18 of the GDPR.
- Right to be forgotten: You have the right to demand that your personal data be erased, and to prohibit any future collection.
- Right to portability: You have the right to receive the personal data you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
- Right to object: You have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite your objection, for legitimate reasons or to defend legal claims.
- The right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable laws.
- You may exercise these rights by writing to us at the address below.
We may ask you to provide additional information or documents to prove your identity.
8. Personal Data Contact Point
Contact Email: hello@collective.work
Contact Address: Collective SAS, 9 rue Ambroise Thomas, 75009 Paris, France
9. Changes
We may make changes to this policy at any time.
These changes will apply as of the effective date of the modified version. You are therefore invited to regularly consult the latest version of this charter.
Effective date: 01/04/2022