Privacy and data protection policy

APOLEARN SAS is concerned about the respect of privacy and the protection of the information you provide, and complies with the legislation in force regarding the protection of privacy and personal data. The collection and processing of your personal data is carried out in the following ways in compliance with the French law "Informatiques et Libertés" of 6 January 1978 as amended.

We have created this Charter so that you can communicate your personal information in complete confidence and confidentiality when you use our platform, and understand the scope and methods under which your data is processed and protected.

We reserve the right to modify this charter according to the evolution of our services and the legislation in force. Any modification of this Charter will be updated on our Sites. The last update is dated May 21, 2018.

Data is collected and processed by Apolearn SAS on its websites attached to the apolearn.com domain.

PREAMBLE

APOLEARN SAS is the publisher of content and services available on the Internet, hereinafter the "Services".

In this context, APOLEARN SAS, as the data controller, collects and processes personal data relating to users of the Services and Internet users who browse APOLEARN SAS websites. This data may subsequently be made available to partner companies of APOLEARN SAS (hereinafter the "Partners"). The Partners may also access certain personal data via the websites and feeds from APOLEARN SAS.

The purpose of this charter (hereafter the "Charter") is to recall the commitments made by APOLEARN SAS regarding the protection of personal data and its own legal or regulatory obligations, particularly in its capacity as personal data controller, and to clarify the nature of exchanges of personal data between APOLEARN SAS and the Partners.

The Charter defines, without limitation, the commitments that APOLEARN SAS and its Partners subscribe to within the framework of the collection, processing, provision and sharing of personal data collected within the framework of the subscription and implementation of the Services as well as browsing on APOLEARN SAS sites. These commitments may be supplemented and specified within the framework of special agreements that will be entered into for each specific partnership.

The Partners of APOLEARN SAS undertake to comply with these provisions provided that the missions they carry out in the context of their business relationship with APOLEARN SAS are directly subject to them.

ARTICLE 1: COMPLIANCE WITH THE LAW ON INFORMATION TECHNOLOGY AND CIVIL LIBERTIES

APOLEARN SAS undertakes to comply with the provisions of the law n° 78-17 of 6 January 1978 as amended (the "Data Protection Act") on the occasion of any collection, processing, provision and sharing of personal data in any form and by any means whatsoever.

ARTICLE 2: PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

APOLEARN SAS undertakes to ensure that any collection of personal data and any processing of such data is carried out in a fair, transparent, lawful and documented manner.

APOLEARN SAS ensures in particular for each processing operation that the personal data has been collected for a specific, explicit and legitimate purpose, that the persons concerned have been informed of the following in accordance with the provisions of the French Data Protection Act.and that their consent has been sought and obtained for each given purpose where required by law. Such consent shall be free, specific and informed.

In particular, in the event that the contact details of natural persons are collected, they may not be used or transferred for the purposes of direct canvassing by means of an automatic calling machine, fax or electronic means of communication (e-mail, SMS or MMS) without the prior consent of these persons. As an exception, in the event that these contact details have been collected as part of a service provision, in particular a request for an appointment or a request for a quote, and that they are used to send out canvassing aimed at promoting similar products or services, the electronic contact details may be used without the prior consent of the persons concerned. The persons concerned must nevertheless be informed of the possibility they have of objecting, free of charge, to the sending of any direct canvassing.

In addition, APOLEARN SAS ensures that the personal data collected are relevant and proportionate to the purpose of the processing.

ARTICLE 3: INFORMATION TO BE GIVEN TO THE DATA SUBJECTS

Persons whose personal data is collected and processed are informed via a tooltip or a hypertext link redirecting to this Charter or to the Terms of Use of the Site or Service, at the time of collection or, in case of technical impossibility (case of indirect collection for example), of the first use of their personal data:

The purpose of the processing operation for which the data are intended;

The compulsory or optional nature of the replies requested and the possible consequences of failure to reply;

Types of recipients or categories of recipients of the data ;

That they have rights of access, rectification, deletion and opposition with regard to the processing of personal data and how they can exercise these rights through a dedicated contact person: Brice Gaillard, Managing Director of the company ([email protected])

Where appropriate, planned transfers of personal data to a State which is not a Member State of the European Community.

In any event, any electronic direct marketing message must necessarily include the identity of the sender and clearly reflect the commercial nature of the message upon receipt or, if this is technically impossible, in the body of the message.

As an exception, in the context of the collection of personal data and/or navigation data by APOLEARN SAS and/or its Partners using automatic data collection tools (cookies, tags, beacons, etc.), APOLEARN SAS and / or its Partners may use the following tools to collect data automatically) installed on the Online Services, the persons concerned will be informed of the collection by means of a hypertext link referring to this Charter or to the Terms of Use of the Site or Service, or to the Cookie Policy, which will also inform them of the way in which they can oppose this collection by uninstalling the collection tools.

ARTICLE 4: DATA RETENTION PERIOD

APOLEARN SAS undertakes to provide a limited and proportionate storage period for the personal data collected and processed.

In this respect, APOLEARN SAS undertakes to comply with the recommended practices in terms of duration as set out in the Simplified Standard No. 48 adopted by the CNIL by Deliberation No. 2012-209 of 21 June 2012.

ARTICLE 5: RIGHTS OF DATA SUBJECTS

APOLEARN SAS, when acting as data controller, shall put in place procedures to enable data subjects to exercise the rights they have by virtue of articles 38 and following of the French Data Protection Act (Loi Informatique & Libertés) (right of access, rectification, deletion and opposition).

In particular, data subjects are able to object in a simple and unambiguous manner to the use or transfer of data collected for the purposes of canvassing by post or telephone with human intervention, canvassing by means of electronic communication for a similar product or service, as well as the transfer to the Partners of data relating to their identity (excluding processing data allowing their identification for the said processing) and to their family, economic and financial situation, provided that the Partners receiving the data do not contact the persons concerned for the purposes for which these persons have communicated their information.

The data subjects are also able to object, after the collection of the data, to the use of the data collected for commercial prospecting purposes, by the current controller or the controller of a further processing operation to which the data have been communicated.

APOLEARN SAS undertakes to take into account or to have taken into account by their users within a period of one month, or failing this before reusing the data, the requests for deletion or for not making the data available to third parties which will have been transmitted to them.

In particular, in the case of canvassing carried out by APOLEARN SAS or its Partners by means of electronic means of communication (e-mail), the messages sent to the persons concerned must all contain a link to unsubscribe in a simple, quick and easily accessible manner. This option must be taken into account as soon as possible.

ARTICLE 6: FORMALITIES WITH THE SUPERVISORY AUTHORITIES

APOLEARN SAS undertakes to complete all provisions for the appointment of an IT and Freedom correspondent. Any questions relating to the processing of personal data may be addressed to: [email protected]

ARTICLE 7: SECURITY AND CONFIDENTIALITY OF DATA COLLECTED AND COMMUNICATIONS OF DATA

APOLEARN SAS undertakes to implement all necessary means to guarantee the security, confidentiality and integrity of the personal data collected and to take all appropriate technical and organisational measures to limit the risks of loss, distortion, deterioration or misuse of this data, as well as the risks of access to the data by unauthorised third parties.

In particular, access to data processing must require authentication of the persons accessing the data, for example by means of a sufficiently robust and regularly renewed individual access code or password, or by any other reliable means of authentication.

Data communications between APOLEARN SAS and its Partners, or between the Partners and any third parties to whom the personal data collected may subsequently be communicated, are carried out using secure methods.

These methods must make it possible to ensure the confidentiality, integrity and authenticity of the information transmitted.

When transmitting data over unsecured channels, certain precautions must be taken to make the data incomprehensible to any unauthorized person.

ARTICLE 8: SUBCONTRACTING

In cases where APOLEARN SAS or its Partners call upon subcontractors called upon to process personal data on their behalf, they must ensure that these subcontractors present sufficient guarantees to ensure the implementation of the security and confidentiality measures mentioned in Article 7 above. However, this requirement will not relieve them of their personal obligation to ensure compliance with these measures.

The contract between the processor and the controller must specify the obligations incumbent on the processor with regard to the protection of the security and confidentiality of the data, provide that the processor may act only on instructions from the controller, give an undertaking of confidentiality and then a record of the destruction of the data at the end of the operations.

ARTICLE 9: INTERNATIONAL TRANSFERS OF PERSONAL DATA

In the event that the personal data collected is communicated to Partners, further recipients or subcontractors located in countries outside the European Union that do not offer an adequate level of protection, the transfer will only be possible if :

(1)It was preceded by either :

The signature between the data exporter and the data importer of a contract containing the Standard Contract Clauses defined by the European Commission Decision 2004/915/EC or any other Decision that may replace it in the future;

Adherence by the US data importer to the principles of the EU-US Privacy Shield; or

The establishment of Binding Corporate Rules (BCR) binding the exporter and the importer of data when they are part of the same group of companies.

ET

(2 ) It has been the subject of the requisite prior formalities with the competent supervisory authority. In France, prior authorization from the CNIL is required (with the exception of transfers to US data controllers who have adhered to the principles of the EU-US Privacy Shield, for which a declaration is sufficient).

Furthermore, if the transfer has not been the subject of information to the persons concerned as soon as the data is collected, APOLEARN SAS undertakes to inform the persons concerned prior to any transfer.

ARTICLE 10: SENSITIVE DATA

APOLEARN SAS shall refrain from collecting or processing any personal data that directly or indirectly reveals :

  • Racial or ethnic origins;
  • Political, philosophical or religious opinions;
  • Union membership;
  • Health status (other than health coverage needs) ;
  • Sexual orientation;
  • Offences, convictions and security measures,

In the event that the purpose of the commercial relationship requires the collection of the above-mentioned elements, the parties irrevocably undertake to comply with the procedures of the French Data Protection Act (Loi Informatique et Liberté).

ARTICLE 11: DATA RELATING TO MINORS

APOLEARN SAS undertakes not to collect personal data on minors without inviting the latter to request the authorisation of their parents or legal representatives. To this end, a specific mention will appear on the collection documents of sites whose targets are minors. This mention will stipulate that the legal representative consents to the collection of information on the minor in his or her care.