Data protection, security and legal notices

The purpose of this charter is to inform you about the means we use to collect your personal data, in the strictest respect of your rights. In this regard, we indicate that we comply, in the collection and management of your personal data, with Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms, in its current version, known as” Computers and Freedoms ”, and Regulation (EU) 2016/679 of 27 April 2016 (hereinafter:” RGPD ”).

The person responsible for the collection and processing of your personal data is LEONSIA, a simplified joint stock company, registered in the Paris Trade and Companies Register under number 879 270 361, whose head office is located at 7, rue Thorel — 75002 Paris.

We have appointed a data protection officer, whose contact details are as follows: legal@rosaly.com.

The legal basis for our collection of your personal data is as follows:
- Legitimate interest when you voluntarily provide us with personal data during your visit to our website, the data being then collected to allow us to better respond to your requests for information on our Services.
- Your consent with regard to the audience analysis tools referred to in article 11.
- This collection is necessary in order to perform the contract concluded when you use our Services in the Application.

Your personal data is collected to meet one or more of the following purposes:
- Manage your access to certain services accessible in the Application and their use,
- Perform customer management operations concerning contracts, orders, deliveries, invoices, loyalty programs, monitoring the relationship with customers,
- Create a file of registered members, users, customers and prospects,
- Send newsletters, solicitations and promotional messages. If you do not wish to do so, we give you the option to express your refusal on this subject when collecting your data;
- Develop commercial statistics and the number of visits to our services,
- Organize contests, lotteries and all promotional operations except online gambling subject to the approval of the Online Gaming Regulatory Authority,
- Manage the management of people's opinions on products, services or content,
- Manage unpaid invoices and possible disputes regarding the use of our products and services,
- Personalize the responses to your requests for information,
- Comply with our legal and regulatory obligations.

When collecting your personal data, we inform you whether certain data must be provided or if they are optional. Mandatory data is necessary for the functioning of the Services. With regard to optional data, you are entirely free to indicate it or not. We also tell you what are the possible consequences of a lack of response.

Les données recueillies dans le cadre de l'ouverture de notre service Mes Experts à tous les Français du 5 au 6 mars 2024 afin de gérer les demandes de renseignement seront conservées pour une durée maximum de 4 semaines. Pour effectuer ce traitement de données, Rosaly se fonde sur son intérêt légitime de répondre aux questions d'argent des Français.

The Rosaly system is made available to employees by their employer. If you have received an invitation email, it is because your HR has offered you the solution to help you deal with financial contingencies. If your HR team has not yet done the process and you want to have Rosaly, the best way to get it is to talk to them about it!

Your personal data will not be transferred, rented or exchanged for the benefit of third parties.

Regarding data relating to the management of customers and prospects:
‍Your personal data will not be stored for longer than is strictly necessary to manage our commercial relationship with you. However, the data making it possible to establish proof of a right or a contract, which must be kept in order to comply with a legal obligation, will be kept for the period provided for by the law in force.Concerning possible prospecting operations for customers, their data may be kept for a period of 3 (three) years from the end of the commercial relationship. Personal data relating to a prospect, not a customer, may be kept for a period of 3 (three) years from the end of the commercial relationship. kept for a period of 3 (three) years from their collection or last contact from the prospector. At the end of this period of 3 (three) years, we will be able to contact you again to find out if you wish to continue to receive commercial solicitations.

Regarding the management of lists of objections to receiving prospecting:
‍Information allowing your right to object to be taken into account is kept for a minimum of 3 (three) years from the exercise of the right of opposition.

Regarding cookies:
‍The shelf life of the cookies referred to in Article 11 is 13 (thirteen) months.

We inform you to take all useful precautions, organizational and technical measures appropriate to preserve the security, integrity and confidentiality of your personal data and in particular, to prevent them from being deformed, damaged or from being accessed by unauthorized third parties. We will also use secure payment systems that comply with the state of the art and applicable regulations.

We inform you that your data is kept and stored, for the duration of their conservation on the servers of AWS, located in france in the European Union.

Your data will not be transferred outside the European Union as part of the use of the services we offer you.

Cookies are text files, often encrypted, stored in your browser. They are created when a user's browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website's server.

We can distinguish between different types of cookies, which do not have the same purposes:
- Technical cookies are used throughout your browsing, in order to facilitate it and to perform certain functions. For example, a technical cookie can be used to remember the answers entered in a form or the user's preferences with regard to the language or presentation of a website, when such options are available. We use technical cookies (Matomo, Hubspot).
- Social media cookies can be created by social platforms to allow website designers to share the content of their site on these platforms. These cookies can in particular be used by social platforms to track the navigation of Internet users on the website in question, whether or not they use these cookies. We do not use social media cookies.
- Advertising cookies can be created not only by the website on which the user is browsing, but also by other websites displaying advertisements, ads, widgets or other elements on the page displayed. In particular, these cookies can be used to carry out targeted advertising, that is to say advertising determined according to the user's navigation. We use advertising cookies that allow us to measure the effectiveness of our campaigns (Google Adwords, Linkedin Insight Tag, Meta Pixel).
‍
We remind you for all practical purposes that you can refuse cookies during your visit to our site or to oppose the deposit of cookies by configuring your browser. However, such refusal could prevent the proper functioning of the Application.

In accordance with the Data Protection Act and the RGPD, you have the right to obtain the communication and, where applicable, the correction or deletion of data concerning you, through online access to your file. You can also contact:
- email address: legal@rosaly.com
- postal address: 7, rue du Quatre Septembre — 75002 Paris

Persons whose data are collected on the basis of our legitimate interest, as mentioned in Article 5, are reminded that they may object to the processing of data concerning them at any time. However, we may have to continue processing if there are legitimate reasons for the processing that prevail over your rights and freedoms or if the processing is necessary to establish, exercise or defend our legal rights.

You have the right to define guidelines for the storage, deletion and communication of your personal data after your death.
These instructions may be general, i.e. they then relate to all personal data that concerns you. In this case, they must be registered with a trusted digital third party certified by the CNIL.

The instructions may also be specific to the data processed by our company. They should then be sent to us at the following coordinates:
- email address: legal@rosaly.com
- postal address: 7, rue du Quatre Septembre — 75002 Paris

By sending us such instructions, you expressly give your consent for these instructions to be stored, transmitted and executed as provided herein.
In your instructions, you can designate a person responsible for carrying them out. When you have died, the latter will then have the right to read these instructions and ask us for their implementation. In the absence of designation, your heirs will have the right to take note of your instructions upon your death and ask us for their implementation.
You can change or revoke your instructions at any time by writing to us using the contact details above.

You have a right to the portability of the personal data that you have provided to us, understood as data that you have declared actively and consciously in connection with the access and use of the services, as well as data generated by your activity in the context of the use of the services. We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the execution of the contract between us.
This right can be exercised free of charge, at any time, and in particular when you close your account on the Platform, in order to recover and keep your personal data.
In this context, we will send you your personal data, by any means deemed useful, in an open standard format commonly used and readable by machine, in accordance with the state of the art.

You are also informed that you have the right to file a complaint with a competent supervisory authority, (the Commission Nationale Informatique et Libertés pour la France), in the Member State in which your usual residence, your place of work or the place where the violation of your rights would have been committed is located, if you consider that the processing of your personal data subject to this Charter constitutes a violation of applicable texts.
This remedy may be exercised without prejudice to any other recourse before an administrative or judicial jurisdiction. Indeed, you also have the right to an effective administrative or judicial remedy if you consider that the processing of your personal data subject to this Charter constitutes a violation of the applicable texts.

You have the right to obtain the limitation of the processing of your personal data, in the following cases:
- During the verification period that we are implementing, when you contest the accuracy of your personal data,
- When the processing of this data is unlawful, and you want to limit this processing rather than deleting your data,
- When we no longer need your personal data, but you want them to be kept in order to exercise your rights,
- During the period of verification of legitimate reasons, when you have objected to the processing of your personal data.

We reserve the right, at our sole discretion, to modify this charter at any time, in whole or in part. These changes will come into force as of the publication of the new charter. Your use of the Application following the entry into force of these changes will constitute recognition and acceptance of the new charter. Otherwise and if this new charter does not suit you, you will no longer have to access the Application.

This charter came into force on June 01, 2020.