CUSTOMER: any USER of the Fizza mobile application making at least one ORDER on this mobile application.
ORDER: any succession of acts leading the CUSTOMER to select PRODUCTS in his basket and to validate the purchase of these PRODUCTS by payment. An ORDER is confirmed by an ORDER confirmation given to the CUSTOMER by e-mail.
PERSONAL DATA (or DCP): within the meaning of Article 4.1 of the GDPR: « any information relating to an identified or identifiable natural person; is deemed to be an « identifiable natural person » a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychological, economic, cultural or social identity;
PUBLISHER: this is the simplified joint stock company ADIAL, with capital of € 372,000.00, whose head office is located at 87 rue Alexandre Fleming 14100 LISIEUX, registered in the R.C.S. of LISIEUX B under number 441 698 784
SIGN: this is Oy Fizza Oy, with a capital of 40,000 €, whose registered office is at Salonsaarentie 41, 52300 RISTIINA, FINLAND, registered in the R.C.S. of Finland under number 3155322-2
OPERATOR: refers to the legal person whose professional activity is the commercial operation of a pizza vending machine. THE OPERATOR is bound by contract with the SIGN.
PRODUCT: Product referenced and accessible on the Fizza mobile application
RGPD: (General Data Protection Regulation) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and the freedom circulation of these data.
USER (S): anyone using the Fizza mobile application.
SELLER: here refers to the OPERATOR of the vending machine selected during the ORDER.
What is personal data?
Personal data is a concept defined by regulations, in particular the Data Protection Act of 6 January 1978 as amended, such as:
« Any information relating to an identified natural person or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to him ».
More specifically, these are the names, first names, email or postal addresses, photos and videos of a person. A number is also personal data, in particular bank card numbers, the loyalty code, or even the registration number of a vehicle. In general, all information that identifies a person is personal data.
Conversely, when data is anonymized, that is to say it then becomes impossible to identify the person concerned, it is not considered to be personal data.
What information is collected through the Fizza mobile application
The information collected when using the Fizza mobile application may be data relating to:
- identification (name, first names, date of birth, postal address, email address, username / password, loyalty code);
- personal life (gender, marital status, number of children, name and first name of the children, date of birth of the children, etc.);
- professional life (function, company, socio-professional category, etc.);
- purchases, and in particular purchasing preferences;
- bank details (credit card details); this data is not kept by the PUBLISHER, nor by the SIGN or the SELLER, nor by the payment merchant used on the Fizza mobile application.
- geolocation data;
- information provided during requests for information or assistance or the purchase of PRODUCTS or SERVICES from the PUBLISHER or BRAND, including the information necessary to process your ORDERS with the payment merchant concerned which may include the amount of any transaction.
Personal data of minors
No personal information from minors is collected, as the PRODUCTS and SERVICES offered in the Fizza mobile application are intended only for categories of people capable of subscribing to an act of purchase.
This is the reason why people who subscribe to SERVICES are systematically asked to enter their date of birth.
If a minor provides a false date of birth to access the PRODUCTS and SERVICES of the Fizza mobile application pretending to be an adult, we are not able to verify it. On the other hand, at the first request from one of his relatives, his data will be deleted from all databases, after having carried out all the necessary checks.
We also encourage parents and legal guardians to ask their children never to give out their personal data, without authorization, when they are online.
Why collect personal data?
When a CUSTOMER decides to place an ORDER on the Fizza mobile application, certain information is required to be able to process their ORDER and allow them to create a user account.
Certain data, such as those of the shopping cart or the amount of this cart, then make it possible to adapt the offer and provide a personalized SERVICE such as the possibility of recommending a cart whose content is identical to that of a previous one. ORDERED.
If you agree to receive information or commercial offers, these may be tailored to your user or buyer profile, by processing your purchase history. This is called « targeted advertising ».
ADIAL undertakes, in accordance with the regulations, to apply the principle of « minimization » of data, namely to collect only the necessary data.
Definition of Data Controller
Fizza Oy and the SELLER acknowledge that ADIAL does not process any DCP on its behalf and / or on its behalf. However, ADIAL provides through this contract, access to the functionalities of its software, which makes it possible to do so. These provisions therefore organize the responsibilities of ADIAL on the one hand and of Fizza Oy and the SELLER on the other hand, with regard to all the legal provisions relating to the protection of personal data and for the sake of informing persons affected by the collection and processing of their personal data.
Fizza Oy and the SELLER declare and accept:
- that they alone determine the purposes and means relating to the processing (s) of personal data
- that they are and remain solely responsible for the TREATMENT (s) carried out via the software made available by ADIAL
- that they alone assume all the legal consequences relating directly or indirectly to disputes, litigation and / or liability commitments related to the Processing of personal data
- that they are required to manage the response to the rights of individuals regarding their personal data.
Need for a contract for data processing subcontracting by ADIAL
Any request from the SIGN or the SELLER aimed at soliciting from the PUBLISHER an approach aimed at processing DCP must be the subject of a contract duly signed between the parties on the basis of article 28.3 of the GDPR: « Processing by a processor is governed by a contract or other act (…) which binds the processor to the controller, defines the object and duration of the processing, the nature and the purpose processing, the type of personal data and the categories of data subjects, and the obligations and rights of the controller (…) ”).
In the absence of such a specific contract, the SIGN or the SELLER expressly waives the responsibility of the PUBLISHER for all legal consequences that may relate directly or indirectly to disputes, litigation and / or liability commitments. related to the TREATMENT of personal data.
Limitation of liability of the PUBLISHER
In the absence of proven fault on the part of the PUBLISHER retained by a judgment on the merits passed by judgment and not subject to judicial recourse, the SIGN notes and fully guarantees and at first request, the PUBLISHER of all legal and pecuniary consequences damaging that could affect it directly or indirectly due to a violation of legal and / or regulatory obligations relating to the protection of personal data.
Duty to inform, advise and alert the CUSTOMER by the PUBLISHER
The PUBLISHER has put in place the software tools allowing the SIGN to comply with the provisions of the GDPR. However, if a difficulty is identified potentially involving the violation of one or more provisions of the GDPR relating to CUSTOMER DCPs, it is up to the BRAND to inform CUSTOMERS.
GDPR Compliance Statement
Under the laws in force, the SELLER and the SIGN are responsible for processing the data they use. They guarantee the PUBLISHER that they have fulfilled all the obligations incumbent on them under Law No. 78-17 of January 6, 1978 known as « Informatique & Libertés » and the GDPR. For the purposes of meeting their obligations, they are informed by the EDITOR that the location of the EDITOR’s servers is as follows: OVH – SAS with capital of € 10,000,000 – RCS Roubaix – Tourcoing 424 761 419 00045 – Code APE 6202A VAT number: FR 22 424 761 419 – Headquarters: 2 rue Kellermann – 59100 Roubaix – France. Regarding the transmission of personal data, the SELLER and the SIGN guarantee that they have informed the natural persons concerned of the use made of them.
How to oppose the processing of my personal data?
The information that the CUSTOMER agrees to entrust, through the use of the Fizza mobile application, remains his personal data and no one can deprive him of his fundamental right to dispose of his data.
The CUSTOMER therefore has the right to oppose or limit certain processing of his personal data.
If the CUSTOMER wishes to access, rectify or even request the erasure of his data from the information systems of the SIGN and the SELLERS who are bound to him by contract, he just needs to write by email to the following address: contact @ fizza.fi.
The CUSTOMER can also by connecting to the Fizza mobile application, in the « My Account » section, access and modify certain data.
The CUSTOMER also has the right to the portability of certain data. If he wishes to exercise this right, he is requested to contact the SIGN at the above email address as well.
If the exercise of the CUSTOMER’s rights entails consequences, in particular restrictions or prohibitions of access to the PRODUCTS or SERVICES of the brand, the information will then be provided to him in a clear manner so that he is able to make his decision. in an informed and transparent manner.
Means implemented to ensure the protection of personal data
THE BRAND and SELLERS are implementing actions to meet regulatory requirements, and reduce the risk of personal data breach.
As part of the obligation to manage CUSTOMER accounts provided for by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and to the free circulation of this data, the PUBLISHER reminds THE SIGN and SELLERS that they keep a register of personal data processing (article 30 of the GDPR), which the CUSTOMER can access in whole or in part, on motivated request, sent to email@example.com
The BRAND and the SELLERS are the sole judges of the need for their respective activities to set up a data protection officer (DPO) in charge of ensuring the maintenance and regular updating of this register on the basis of the provisions provided for by the regulations. In particular, for each new processing implemented by the PUBLISHER on request that is the subject of a contract from the BRAND or a SELLER, the DPO, as part of an internal prior validation procedure. , controls its purpose and its legitimacy with regard to the needs of the company but also and above all with regard to the risk of breach of data protection and the privacy of the persons concerned. In particular, it is responsible for ensuring that each of the treatments envisaged by the BRAND or the SELLERS respects the principles of respect for privacy from the design of a solution or an application.
Finally, with regard to the security measures implemented to protect personal data from any risk of unauthorized disclosure or attack on their integrity, the BRAND and SELLERS have deployed the means at their disposal with their respective teams. and their providers in order to minimize the risk of security breaches.
The PUBLISHER makes every effort to maintain systems monitoring. The PUBLISHER’s applications are scanned for security holes and vulnerabilities, and the PUBLISHER takes the necessary precautions to prevent the loss, misuse or alteration of personal data. When certain services require the use of a third party, the PUBLISHER selects its service providers on the basis of security and confidentiality criteria previously defined with regard to the issues, and systematically requires from its subcontractors a level of security which guarantees a sufficient level of protection of the personal data they process on their behalf
Location of personal data
The personal data of CUSTOMERS are stored with service providers, in their Data centers located exclusively in France (OVH – SAS with a capital of € 10,000,000 – RCS Roubaix – Tourcoing 424 761 419 00045 – Code APE 6202A VAT number: FR 22 424 761 419 – Headquarters: 2 rue Kellermann – 59100 Roubaix – France).
The PUBLISHER always requires from its hosting service providers that the data entrusted to it be hosted in France.
If, for technical reasons or for specific needs related to the maintenance of certain applications, personal data is accessible by third parties located outside the European Economic Area, the PUBLISHER has made sure beforehand that the latter guarantee a sufficient level of protection of these data, by making them sign the standard contractual clauses of the European Commission.
Retention period of personal data
The BRAND and the SELLERS declare that their objective is to always keep personal data in a safe and secure manner, only for the time necessary to achieve the purpose of the processing.
In this perspective, appropriate physical, technical and organizational measures are taken to prevent, as far as possible, any retention of personal data beyond a maximum period of 26 months, with the exception of the data that must be kept in order to respond. to legal requirements.
Beyond this period, the SIGN offers CUSTOMERS by email to automatically and selectively purge database data.
Modification of the personal data protection policy
This Personal Data Protection Policy may be updated regularly, in particular to take into account changes in the law and regulations. In the event that a CUSTOMER has a registered account, the CUSTOMER will be informed of any modification of the Policy by e-mail to the e-mail address linked to his account.
These changes come into effect immediately when they are downloadable and viewable on the Fizza mobile application