Privacy Policy

1. Preamble
   

1.1 Through this Privacy Policy, Blyynd informs Users on how their Personal Data is processed on the Application as well as on the Specific Rights that may be exercised.

1.2. The present Privacy Policy is an integral part of the G.S.C. , so that the definitions used in the latter are reused in the present Privacy Policy.

2. Definitions 

2.1 The following terms, whether used in the singular or plural in this Privacy Policy, shall have the definition given in the G.S.C. or, failing that, the following definition:

Intermediate Archiving : Refers to the movement of Personal Data that is still of administrative interest to Blyynd (such as in the event of litigation and/or in the event of a legal obligation) into a separate database, logically or physically separated and to which, in any event, access is restricted. This archive is an intermediate step before the Personal Data concerned is deleted or made anonymous.

Recipients: refers to all subcontractors, joint managers and recipients of Personal Data processed by Blyynd.

Safe Lock : refers to the functionality of the Application, activated at the discretion of the User and allowing the automatic blocking of Content including unwanted photographs of male genitalia.

Personal Data Regulations  : means Law n°78-17 of January 6, 1978 relating to data processing, files and freedoms, relating to the protection of personal data, in application of the EU Regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (known as "RGPD" for General Data Protection Regulation).

3. Treatments  

Processed Personal Data and their Purposes with Corresponding Legal Bases:

Data related to Account and Profile Creation:

- First Name: Each user has the option to keep their first name or choose a new one.

- Gender Identity: Used for the use of the Blyynd application and services.

- The purposes of these data are managing the commercial relationship with the user and executing the contract between the user and Blyynd. For certain specific practices, user consent is required.

Profile Preferences:

- Profile preferences and preferences the user is open to discussing.

- Spoken languages, activation or deactivation of Safe Lock, likes given to other users, and affinities (mutual likes between two users).

- The data is used for managing reports and complaints, developing business statistics, analyses, and marketing tools. The legal basis is contract execution, and for certain operations such as the newsletter, legitimate interest, and user consent.

Contact Data:

- Phone numbers and email addresses.

- Used for managing specific rights exercises, outstanding payments and litigation, and combating fraud. The legal basis relies on contract execution and compliance with legal obligations.

Logs and Other Connection Data:

- IP address, device, time, connection location, and login email address.

- Used for managing pre-registration, universal onboarding, registration, onboarding feed, onboarding messaging, and for paid services (type of service, subscription date and time, renewal information).

- The purpose is the use of the Blyynd application and services, with a legal basis in contract execution.

Contents and Moderation:

- Exchanged contents are stored by Blyynd, but technical access is restricted except in cases of reporting for moderation.

- Data related to moderation includes automatic moderation of extremist content, visuals including the presence of children, visuals with added text, and unwanted erotic photos.

- The purpose is the use of the Blyynd application and services, related moderation, and exchanges with Blyynd regarding moderation. The legal basis is contract execution.

Support and Transactions:

- After-sales service support and transactional references communicated by Google or Apple.

- Transaction amounts and invoices used for contract execution and compliance with a legal obligation. This document describes in detail the personal data processed by Blyynd, the purposes of this collection, and the legal bases justifying these treatments, ensuring complete transparency towards the user.

4. Data Retention
   
   

   
   4.1 Contents are retained for twenty-four (24) hours unless moderated or upon mutual consent of both parties to extend the conversation time limit.
   
   

   
   4.2 Personal data related to moderation is kept for three (3) months in active storage from the last moderation action, then archived for five (5) years in Intermediate Archiving.
   
   

   
   4.3 Personal data necessary for creating an Account and Profile, as well as exchanges between a User and Blyynd not related to moderation, are kept in active storage for six (6) months after the end of the contractual relationship with the User, then for a period of four (4) years and six (6) months in Intermediate Archiving for evidentiary and legal obligations.
   
   

   
   4.4 Personal data necessary for sending commercial prospecting (newsletter) is retained in active storage for a period of three (3) years from the User's subscription to the newsletter or from their last interaction with Blyynd. After this period, or once the User has withdrawn their consent, their Personal Data may be archived for evidentiary purposes during the legal prescription periods.
   
   

   
   4.5 Financial personal data necessary for accounting and tax obligations (invoices, transaction amounts, date, and time of transactions) are kept for six (6) months in active storage from the end of the contractual relationship, then for an additional period of nine (9) years and six (6) months in Intermediate Archiving.

   
   
   4.6 As an exception, in compliance with the requirements for the retention of connection logs, Blyynd, as a host and provider of access to online public communication services under Article 6 of the Digital Economy Trust Law, retains logs for a period of one (1) year in active storage from the day of their generation.

5. Data Storage

5.1 The Application is hosted by the company: Google Cloud France SARL, 8 rue de Londres, 75009 Paris, France. VAT number: FR78881721583.

5.2 All precautions have been taken to store Users' personal data in a secure environment and prevent it from being altered, damaged, or accessed by unauthorized third parties. The information provided by the User will never be transmitted to third parties for commercial purposes, nor sold or exchanged.

6. Destinataires or Categories of Recipients if they exist:

6.1 Personal data processed on the Application by Blyynd is accessible to certain employees to best fulfill the aforementioned purposes, as well as to authorized external recipients for the provision of the service.

Summary of Personal Data Transfers and their Purposes:

1. Kozelo SAS (France)

- Nature of Data Transferred: Photographs / Videos.

- Purpose of Transfer: Moderation.

- Recipients of Data: Subcontractors in the United States (AWS, Google LLC, OVH US LLC, MailChimp, The Rocket Science Group, SendGrid, Twilio Inc.).

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Privacy Policy Kozelo SAS

2. Google

- Nature of Data Transferred: Account identifier and amount request for subscription payment.

- Purpose of Transfer: Payment / authentication.

- Recipients of Data: Joint data controller.

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Google Privacy Policy.

3. Apple

- Nature of Data Transferred: Account identifier and amount request for subscription payment.

- Purpose of Transfer: Payment / authentication.

- Recipients of Data: Joint data controller.

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Apple Privacy Policy.

4. Ding SAS

- Nature of Data Transferred: Phone number and message content.

- Purpose of Transfer: Phone number verification.

- Recipients of Data: Subcontractor.

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Ding SAS Privacy Notice.

5. Emailjs

- Nature of Data Transferred: Email and message content.

- Purpose of Transfer: Transmission of legal documents (GTC, Privacy Policy).

- Recipients of Data: Subcontractor.

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Emailjs Privacy Policy.

6. Google (Hosting)

- Nature of Data Transferred: Data stored on the Application.

- Purpose of Transfer: Hosting.

- Recipients of Data: Subcontractor.

- Level of Protection: Adequacy decisions, standard contractual clauses.

- Privacy Policy: Google Privacy Policy.

7. Specific Rights

7.1. In accordance with the Data Protection Regulation, the User may, at any time, benefit from the following Specific Rights:

• access,

• rectification,

• erasure,

• estriction of processing,

• data portability,

• objection,

• post-mortem instructions.

7.2. Right of access

7.2.1. The User has the possibility to obtain from Blyynd confirmation as to whether Personal Data concerning them is being processed, and if so, access to such Personal Data as well as the following information:

a) the purposes of the processing;

b) the categories of Personal Data;

c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed;

d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from Blyynd rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning the User, or to object to such processing;

f) the right to lodge a complaint with the CNIL (French Data Protection Authority);

g) where the Personal Data are not collected from the User, any available information as to their source;

h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User.

7.2.2. Where Personal Data are transferred to a third country or to an international organization, the User has the right to be informed of the appropriate safeguards relating to the transfer.

7.2.3. Blyynd provides a copy of the Personal Data undergoing processing.

7.2.4. Blyynd may charge a reasonable fee based on administrative costs for any additional copies requested by the User.

7.2.5. Where the User makes the request electronically, the information shall be provided in a commonly used electronic form, unless otherwise requested by the User.

7.2.6. The User's right to obtain a copy of their Personal Data shall not adversely affect the rights and freedoms of others.

7.3 Right of rectification

7.3.1. The User has the possibility to obtain from Blyynd, without undue delay, the rectification of inaccurate Personal Data concerning them. They also have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

7.4 Right to erasure

7.4.1. The User has the right to obtain from Blyynd the erasure, without undue delay, of Personal Data concerning them when one of the following grounds applies:

a) The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Blyynd;

b) The User has withdrawn their consent to the processing of Personal Data, and there is no other legal ground for the processing;

c) The User exercises their right to object in the conditions set out below, and there are no overriding legitimate grounds for the processing;

e) The Personal Data have been unlawfully processed;

f) The Personal Data must be erased to comply with a legal obligation;

The Personal Data have been collected from a child.

7.5 Rights to restriction 

7.5.1. The User has the right to obtain from Blyynd the restriction of processing of their Personal Data when one of the following grounds applies:

a) Blyynd is verifying the accuracy of the Personal Data following the User's challenge to the accuracy of the Personal Data;

b) The processing is unlawful, and the User opposes the erasure of the Personal Data and requests instead the restriction of their use;

c) Blyynd no longer needs the Personal Data for the purposes of processing, but they are required by the User for the establishment, exercise, or defense of legal claims;

d) The User has objected to processing pending the verification whether the legitimate grounds of Blyynd override those of the User.

7.6 Right to data portability

7.6.1. The User has the right to receive from Blyynd their Personal Data concerning them, in a structured, commonly used, and machine-readable format when:

a) The processing of Personal Data is based on consent, or on a contract, and the processing is carried out by automated means.

7.6.2. When exercising their right to data portability, the User has the right to have the Personal Data transmitted directly from Blyynd to another Blyynd, where technically feasible.

7.6.3. The right to data portability of the User's Personal Data shall not adversely affect the rights and freedoms of others.

7.7 Right to object 

7.7.1. The User may object at any time, for reasons related to their particular situation, to the processing of Personal Data concerning them based on the legitimate interests pursued by Blyynd. Blyynd shall then no longer process the Personal Data, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the User, or for the establishment, exercise, or defense of legal claims.

7.8 Post-mortem instructions

77.8.1. The User has the option to provide Blyynd with instructions regarding the storage, erasure, and disclosure of their Personal Data after their death, which instructions may also be recorded with a "certified digital trustee". These instructions, akin to a "digital will", may designate a person responsible for their execution; in the absence of such designation, the User's heirs shall be designated.

7.8.2. In the absence of any instructions, the User's heirs may contact Blyynd to:

- access the processing of Personal Data necessary for the "organization and settlement of the deceased's estate";

- receive communication of "digital assets" or "data resembling family memories, transferable to heirs";

- proceed with the closure of the User's account on the Application and object to the continued processing of their Personal Data.

7.8.3. In any case, the User has the option to inform Blyynd at any time that they do not wish, in the event of death, for their Personal Data to be disclosed to a third party.

8. Exercise of Specific User Rights

8.1 These rights can be exercised at any time by contacting Blyynd:

By email to the following address: dpo@ydes.com, with the subject line [Blyynd].

By postal mail with the subject line [Blyynd] to the following address:

Cabinet Ydès

Cyril Fabre – Avocat & Délégué à la protection des données

12 Cours Albert 1er

75008 Paris

8.2 In order to assert their rights under the conditions mentioned above, and in the event that Blyynd has doubts about the identity of the requester, Blyynd may ask the requester to prove their identity by providing their full name, email address, and accompanying their request with a copy of a valid identification document.

8.3 A response will be sent to the User within a maximum period of one (1) month following the date of receipt of the request.

8.4 This period may be extended by two (2) months by Blyynd, who will inform the User of this, taking into account the complexity and/or number of requests.

8.5 In the event of a request from the User for the deletion of their Personal Data and/or the exercise of their right to request the erasure of their Personal Data, Blyynd may nevertheless retain them in Intermediate Archiving form for the duration necessary to comply with its legal obligations or for evidentiary purposes during the applicable prescription period.

8.6 The User may also lodge a complaint with the competent supervisory authority (CNIL).