Privacy policy
At Amaya Ag (“AMAYA”), protecting your personal data is a priority. When you use the https://amaya.ag (the “Site”) and/or the AMAYA platform and mobile application (the “Platform”) and in the context of managing our contractual relationships with our clients, we need to collect personal data about you. The purpose of this policy is to inform you about how we process these data in accordance with the Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (the “GDPR”).
Who is the data controller?
The controller is Amaya Ag, a simplified joint stock company registered at the RCS of Reims under number 914 627 294 and whose head office is located at 7 rue Pierre Salmon 51430 Bezannes ("We").
On what legal basis, for what purposes and for how long do we keep your personal data?
Goals | Legal bases | Retention periods |
Provide our services available on our Platform via your account. | Execution of pre-contractual measures taken at your request and/or execution of the contract that you or your company have signed with us. | When you have created an account: your data is kept for the duration of your account. Your log logs are kept for 6 months or 1 year. In case of inactive account for 2 years, your personal data will be deleted if you do not reply to our reactivation email. |
Carry out the operations related to our clients' management of contracts, quotes, invoices and ensure the follow-up of the contractual relationship with our clients. | Performance of the contract you or your company have signed with us. |
Personal data is stored for the duration of the contractual relationship. In addition, your data (except for your bank details) is archived for probative purposes for a period of 5 years. Regarding your credit card data, they are kept by our payment service provider for the duration of your subscription. The data relating to the visual cryptogram or CVV2 registered on your bank card is not stored. Your credit card data may be retained for the purpose of proof in case of a dispute over the transaction in the intermediate archives for a period of thirteen (13) months following the debit date. This period may be extended to fifteen (15) months in order to take into account the possibility of using credit cards with deferred debit. |
Train our algorithms to improve our solution. | Our legitimate interest in improving our solution. |
The data is kept for 2 years. |
Build a customer and prospect file. | Our legitimate interest in developing and promoting our business. | For customers: the data is kept for the duration of the contractual relationship. For prospects: the data is kept for a period of 3 years from your last contact. |
Send newsletters, solicitations and promotional messages. | Our legitimate interest in keeping our customers and prospects informed of our latest news. |
The data is kept for 3 years from your last contact with us. |
Respond to your requests for information. | Our legitimate interest in responding to your requests. |
The data is kept for the time necessary to process your request for information and deleted once the request for information has been processed. |
Comply with the legal obligations applicable to our business. | Comply with our legal and regulatory obligations. |
Invoices are archived for a period of 10 years. Your transaction data (except bank details) is kept for 5 years. |
Develop statistics of navigation and audience of the site, platform and application to improve their functionality through the deposit of cookies for audience measurement. | Your consent or our legitimate interest in analyzing the composition of our customers and improving our services. |
The data is kept for 13 months. |
Manage requests for rights. | Our legitimate interest in responding to your requests and keeping track of them. |
If we ask you for proof of identity: we only keep it for the time necessary to verify your identity. Once verified, the voucher is deleted. If you exercise your right to object to receiving marketing: we keep this information for 3 years. |
Who are the recipients of your data?
Will have access to your personal data:
Our company’s staff;
Our subcontractors: hosting provider, newsletter sending provider, audience measurement and analysis provider, email service provider, secure payment provider, billing tool, cookie management tool;
Where applicable: public and private bodies exclusively to meet our legal obligations.
Is your data likely to be transferred outside the European Union?
Your data is stored and stored for the duration of processing on the servers of the company Google Cloud Services located in the European Union. In the context of the tools we use (see article on recipients regarding our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools:
- Either the data is transferred to a country that has been subject to an adequacy decision by the European Commission in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection considered as sufficient and adequate to the provisions of the GDPR;
- Either the data is transferred to a country whose level of data protection has not been recognised as adequate under the GDPR: in this case, these transfers are based on appropriate guarantees indicated in article 46 of the GDPR adapted to each provider, in particular, without being exhaustive, the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism;
- Either the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
- Right to information: this is the reason we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all your personal data at any time under Article 15 of the GDPR.
- Right to rectification: you have the right to rectify your personal data at any time if it is inaccurate, incomplete or out of date in accordance with Article 16 GDPR.
- Right to limitation: you have the right to obtain the restriction of the processing of your personal data in certain cases defined in article 18 of the GDPR.
- Right to erasure: you have the right to demand that your personal data be deleted and to prohibit any future collection of it for the reasons set out in Article 17 of the GDPR.
- Right to file a complaint with a competent supervisory authority (in France the CNIL) if you consider that the processing of your personal data constitutes a violation of the applicable texts pursuant to Article 77 of the GDPR.
- The right to define guidelines for the retention, deletion and disclosure of your personal data after your death.
- Right to withdraw consent at any time: for purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out before the withdrawal.
- Right to portability: under certain conditions specified in article 20 of the GDPR, you have the right to receive the personal data that you have provided us in a standard machine-readable format and to request their transfer to the recipient of your choice.
- Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note that we may continue to process your data despite this objection for legitimate reasons or in order to defend legal rights.
What are your rights regarding your data?
You have the following rights in relation to your personal data:
You can exercise these rights by writing to us at the contact details below. We may ask you to provide us with additional information or documents to prove your identity.
What cookies do we use?
For more information on cookie management, please visit our https://amaya.ag/cookies .
Contact point to exercise your rights
Contact email: contact@amaya.ag
Contact address: 7 rue Pierre Salmon, 51430 Bezannes
Amendments
We may amend this policy at any time to comply with regulatory, case law, editorial or technical developments. These amendments will apply on the effective date of the amended version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any material changes to this privacy policy.
Effective date: 23/02/2023