Cleanfox user protection policy
Foxintelligence publishes Cleanfox, a free service which makes it easier for you to manage your email accounts by offering you a tool that cleans your mailbox and automatically deletes your newsletters.
In return for this free service, the transactional data extracted from the user mailboxes allow us to establish statistical studies marketed with various economic operators (companies, associations, schools, and universities) to improve their products and services. and refine their knowledge of the markets.
We guarantee you in this respect that we do not communicate any data for advertising targeting purposes, profiling or reidentification. The tools we use are proven and do not allow your subsequent identification in any way. To perform statistical analyzes and the production of our reports, we must carry out some processing of its users' personal data. We therefore act as a data controller, in that we determine the means and purposes of the processing of your data.
As such, we undertake to comply with the provisions of the General Data Protection Regulation (GDPR). Article 12 also requires us to inform you of the characteristics of the processing that we carry out with your data and the rights that you have in relation to it.
The purpose of this Cleanfox user data protection policy is to fulfill our obligation to be transparent and provide information by making you aware of all of the information required by the GDPR.
3. RESPECT FOR YOUR PRIVACY
We access your email account for the sole purposes of identifying newsletters so that you can delete them on the one hand, and identifying your transactional emails in order to extract the data that enables us to offer data for statistical, research, investment, or educational purposes.
Under no circumstances do we access the contents of your personal emails. With regard to transactional emails, we extract data in them without accessing them, unless we update our filtering and data extraction tools, in which case only a limited part of our teams may access these emails.
In addition, be aware that we reprocess any personal data related to you for the statistical studies that we market to make any subsequent re-identification impossible.
4. DATA PROCESSED
The data concerning you that we may process is as follows:
- identity and identification (surname, first name, date of birth, automatically generated ID, referral code associated with each user),
- contact details (email address(es) provided in order to create the Cleanfox account and to be cleaned)
- transactional data concerning your online-purchases (information about the item(s) concerned, payment type, delivery address, billing address if different, order number, user's consumption history)
- technical data (identification data, connection data, acceptance data and, where applicable, location data).
5. ORIGIN OF DATA
We collect your data from:
- data that you provide to us directly when you create your Cleanfox account,
- data generated automatically from our services in order to identify you and make your access to Cleanfox secure (application password, user ID)
- enriched data generated from our services by means of machine learning, data science and crawling tools in order to obtain additional information about your buyer profile (sex, town) and transactions carried out, not all enriched data is personal as not all of it can identify you or make you identifiable.
6. LEGAL BASIS
We process your personal data for the following purposes:
- managing your registration with Cleanfox,
- providing the cleaning service for your email accounts,
- managing the relationship and interactions with you,
- dealing with requests to add or delete an email account associated with Cleanfox,
- dealing with your requests to delete your Cleanfox account,
- improving our services and audience measurements and, where applicable, satisfaction surveys,
- Realization of statistical reports marketed to various economic operators for statistical purposes, research, education and investment without any possibility of future reidentification
The GDPR defines data recipients as individuals or corporations to whom/which personal data is communicated, regardless of whether they are a data controller or processor.
In this regard, recipients of your data, who have our permission or legal authority to access it, can be internal or external:
- internal recipients are members of our staff who are authorised to process your data according to their respective skills.
- external recipients are our processors (e.g. data host), or authorised services responsible for auditing (auditors), the civil service, the judicial authorities and law officers as part of their role, where appropriate.
9. STORAGE PERIOD
Your data is processed for a limited period which we decide in the light of the legal and contractual restrictions on us and, failing this, according to our needs.
We apply the following storage periods:
- if your account is deleted: immediate deletion of your data.
- if you are inactive without deleting your account: 3 years from the most recent activity in your account or the most recent contact with you.
10. YOUR RIGHTS
You have the following rights with regard to your personal data:
- a right to ask us to confirm that data which concerns you is being processed, to access this data and to request a copy of it (right to access and copy).
- a right to have any data concerning you which is inaccurate or obsolete corrected (right of rectification).
- a right to ask for your data to be erased when you no longer wish to use Cleanfox (right to erasure).
- a right to receive data concerning you which you have communicated to us in a structured, widely-used and machine-readable format (right to portability).
- a right to give instructions in relation to the processing of your data if you die (post-mortem right).
However, you are informed that you do not have a right to restrict or object to the processing of your data as the requirements for these rights to be exercised as laid down in the applicable regulations are not met in this case.
The right to erasure is exercised automatically when you delete your Cleanfox account, as this results in immediate and automatic deletion of your personal data, unless you instruct otherwise.
With regard to the right to data portability, you have a functionality in Cleanfox which enables you to exercise it and recover all of the data that you provided to us when you signed up for Cleanfox.
Lastly, in the « Settings » section of your Cleanfox account, we give you a right to opt out of being among the group of users whose transactional data we use to produce data for statistical, research, investment or educational purposes for our clients.
The other aforementioned rights must be exercised exclusively by you in writing, either by email to firstname.lastname@example.org or by mail to the address Foxintelligence 1 rue de Metz 75010 Paris.
If we have any doubts about your identity, we reserve the right to ask you to provide proof of your identity, which will be deleted immediately after your identity has been verified.
The GDPR defines a processor as any individual or corporation who/which processes personal data on a data controller's behalf.
If we decide to enlist any processor of our choice to process your data, we will ensure that the latter honours his/her/its obligations under the GDPR and will undertake to sign a written contract with him/her/it which will require him/her/it to perform the same obligations that we fulfil ourselves in relation to data protection. We also reserve the right to carry out an audit of our processors in order to ensure that they are fulfilling their obligations.
We take the technical and organisational measures that we deem appropriate to combat unauthorised destruction, loss, alteration or disclosure of personal data in an accidental or unlawful manner.
These measures include:
- managing permissions and restrictions of data access rights,
- using secure identification processes such as the application password to synchronise the user's email account and Cleanfox,
- using tested and proven data pseudonymisation and anonymisation techniques
- implementing back-up measures,
- implementing encryption measures (private keys),
- implementing traceability measures for each database.
If a processor is used, we undertake to make him/her/it contractually subject to security guarantees through appropriate technical and organisational measures.
13. DATA BREACH
In the event of a data breach, we undertake to report it to EDPB in the manner stipulated by the GDPR.
If the breach poses a high risk to you, we undertake to warn you about it if you are affected and to give you the necessary information and recommendations.
14. DATA PROTECTION OFFICER
We have appointed a responsible for data protection, Mr Louis BALLADUR, whom you may contact at the following address for any queries concerning your data: email@example.com.
We also have hired a lawyer, Mr Eric BARBRY, to act as an independent DPO for Foxintelligence. He can be contacted at firstname.lastname@example.org.
15. CROSS-BORDER FLOWS
We reserve the right to implement cross-border flows outside the EU for data that we process, and you will be informed of them. In this event, we will ensure that your rights are respected and will sign, if necessary, one or more contract(s) to manage these flows with the receiving country/countries in accordance with the requirements of the applicable regulations.
16. PROCESSING REGISTER
We keep an up-to-date register, which is available to EDPB, of processing operations in which processing of the data of users of the Cleanfox application is recorded.
17. CONTACT DETAILS
For any queries that you may have about the processing of your data, you may contact us at the address email@example.com.
As permitted by law, you may also contact EDPB at the following address: Rue Wiertz 60, B-1047 Brussels or by email: firstname.lastname@example.org on 01-53-73-22-22.
If changes are made to the applicable regulations or if new functionalities in Cleanfox which affect the processing of your data are implemented, we reserve the right to amend this policy. Notice of any new policy will be given before it enters into force.