Personal data processing policy applicable to contacts, clients, potential customers, Famileo / ENTOURAGE SOLUTIONS users

The company ENTOURAGE SOLUTIONS (hereinafter called « ENTOURAGE SOLUTIONS »), S.A.S, under French law with a capital of 111 010.00 euros, registered at RCS of Saint-Malo with the number 805 178 159, and its registered office at 20, Rue Amiral Leverger, 35400 Saint-Malo, France, represented by Tanguy de GÉLIS, duly competent in his capacity as PRESIDENT, is aware of how important it is to keep personal data confidential and is committed to their protection in accordance with current personal data protection legislation.

This personal data processing policy aims to inform the user (subscriber, loved one or family member), the contact or the potential customer on the commitments and practical measures taken by FAMILEO in order to ensure the respectful use of your personal data when visiting their website: http://www.famileo.com (hereinafter called « the Site »), and their mobile application FAMILEO (hereinafter called « the Application »).

This document is available to read and download in PDF format here.

The following provisions apply to all processing of personal data by the controller when using the Site and/or the Application, unless otherwise specified in the specific provisions set out below.

ENTOURAGE SOLUTIONS declares that it processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing personal data and on free movement of these data (hereinafter referred to as the GDPR) and French law n ° 78-17 of 6 January 1978 relating to data, files and freedoms (modified).

The data controller (the organization responsible) is identified above. 
Its contact details are as follows:
* ENTOURAGE SOLUTIONS
* E-mail address: hello@famileo.com 
* Phone number +44 20 3991 0397
* Website: www.famileo.com

The DPO (Data Protection Officer) appointed by ENTOURAGE SOLUTIONS can be reached at the following email address:
dpo@famileo.com

ENTOURAGE SOLUTIONS undertakes not to transfer personal data to any country outside the European Union or to an international organization whose head office is not located in the European Union.

Your data shall not be included in any communications to third parties. You will be informed if your data should have to be disclosed in application of a law or regulation, or in compliance with a decision of a competent regulatory or judicial authority.

We draw your attention to the use of buttons linking to "social networks", such as Facebook, Twitter, Instagram. The main use of these "social networks" buttons is to allow your redirection to our page on the corresponding social network. This is a non-mandatory option. Using this option may result in collection of your personal data by the social network concerned.

We recommend you to be vigilant and to consult the policies on protection of personal data of the social network, so that you are aware of the information it collects as well as the purposes for which your data might be used, and particularly where advertising purposes are concerned.

Sometimes there are options directly on the social network used for changing settings for access to and concerning the confidentiality of your personal data.

Use of these ‘social networks’ buttons is at your initiative and fully under your responsibility. FAMILEO is not responsible for any processing of your data that is or might be done by these third-party social networks.


Personal data associated with users will be kept for the duration of the subscription to the FAMILEO service and for as long as necessary for execution of your contract, for ENTOURAGE SOLUTIONS fulfilment of its legal and regulatory obligations, and to allow implementation of prerogatives recognized by law and jurisprudence.

In a case of a cancellation of a subscription without a request for deletion of the account, the personal data will be preserved, for a period of three (3) years, and will remain accessible through the FAMILEO family group space.

In a case of a cancellation of a subscription with a request for deletion of the account, the personal data will be deleted from our database and will no longer be accessible through the FAMILEO family group space.

Only posts sent to gazettes that were edited before the account is deleted will be kept in the previously generated PDFs in the FAMILEO family group space, and they will be only accessible for family.

The personal data of contacts and prospects, who do not create an account, are kept for three (3) years from the last contact of FAMILEO with the contact or prospect. At the end of this period the personal data will be deleted.

The person whose personal data are collected has the following associated rights:

* To ask the data controller for access to his or her personal data, to require correction or deletion of personal data, or a to demand limitation of processing related to the person in question (hereinafter the ‘data subject’),
* To oppose the processing,
* To the portability of his or her data,
* To lodge a complaint with a supervisory authority,
* To withdraw his or her consent at any time, without prejudice to the lawfulness of processing that has occurred based on the consent made prior to his or her withdrawal, this right existing only when the processing is based on Article 6 (1) (a), or on Article 9 (2) (a) of the GDPR, that is to say based on the consent of the data subject allowing processing his or her personal data for one or more specific purposes.
* To not be the subject of individual decision-making based exclusively on automated processing such as profiling.
* To define guidelines on the fate of his or her personal data after his or her death
* Lodge an appeal before the competent authority

In accordance with the General Data Protection Regulations, you can exercise your rights (Cf. as mentioned in the paragraph ‘e.’ above) by contacting the following email address: dpo@famileo.com.

Upon receipt of a valid request by email, it shall be processed within five (5) working days.

In accordance with the recommendations of the CNIL, our maximum duration for the storage of cookies is 13 months after their first installation in the user's device, as is the duration of the validity of the user's consent for use of these cookies.

The lifespan of cookies is prolonged at the time of each visit. Therefore, the user’s consent must be renewed when this this period has expired.

Our site uses cookies provided by Google Analytics and Google Tag Manager.
Google Analytics and Google Tag Manager process the data mentioned under the provisions set out in their privacy policy: https://support.google.com/analytics/answer/6004245?hl=en#infocollect.
The data processed by Google Analytics includes the IP address of devices used to view the site, but they are not sent to us.

Cookies may be used for statistical purposes, and in particular to optimize the services FAMILEO provides to its users, this includes processing information concerning frequency of access, the personalization of pages, as well as operations carried out and the information consulted.

We inform you that ENTOURAGE SOLUTIONS may place cookies on your device. A cookie records information relating to your browsing activity on the service (e.g. the pages consulted, the date and time of the visit, etc.) that we will be able to read during your subsequent visits.

You acknowledge that you have been informed that ENFORCEMENT SOLUTIONS may use cookies and that you authorize them to do so.

If you do not want cookies to be used on your device, most browsers offer the option to disable cookies through the settings options. You can use one of the following links, depending on your browser: Google Chrome, Mozilla Firefox or Windows Internet Explorer.

You can also select "Customize" in the cookie banner at the top of our site to choose whether to allow/disallow some or all of the cookies used on our site.

However, you are informed that some services may not work properly if the cookies are disabled.

ENTOURAGE SOLUTIONS may collect browsing information through the use of cookies.

We chose Amazon Web Services (AWS) to host and secure data for our services.
The data centre dedicated to our services is located in Ireland (https://www.datacenters.com/amazon-aws-clonshaugh)

The assurance and warranty programs in terms of security and personal data protection we have selected in AWS services have been subjected to strict SOC1, SOC2 and SOC3 compliance checks by independent international inspection organizations.
Learn more

Data protection: The AWS infrastructure puts in place effective safeguards to keep users, contacts, and prospects confidential. All data is stored in highly secure AWS data centres.

To be more specific, the data that families exchange is encrypted with TLS certificate, between our users and the server.
Learn more

AWS has security breach monitoring and a data breach notification process. It will take care of any confirmed breach of AWS systems and inform ENTOURAGE SOLUTIONS as soon as possible.
Learn more 

In the event of a personal data breach, ENTOURAGE SOLUTIONS undertakes to internally document the personal data breaches, as well as to notify the violations posing a risk to the rights and freedoms of individuals to the competent authority within seventy-two hours (72h).

In the event that the risks are high, the ENTOURAGE SOLUTIONS users concerned will also be notified within seventy-two hours (72h).

Only the following identified and authorized ENTOURAGE SOLUTIONS employees have the right to process your personal data, in any case of specific request from you:
* Our User Support Service
* Our Technical Service via the User Support Service, for specific support cases
* Our Marketing Service

Access to the users 'personal data by identified and authorized employees is only accessible through 1 (a single) IP address from ENTOURAGE SOLUTIONS' registered office, or via a secure and registered VPN outside the company's registered office.

We call upon service providers in Europe for provision and execution of certain services.

For example, we use the services of various third parties to facilitate provision of our services, such as hosting and printing gazettes:

* We chose AWS to host and secure our data; its data centre that is dedicated to our services is in Ireland (https://www.datacenters.com/amazon-aws-clonshaugh).

We have chosen Handirect as a service provider to print and manage shipping the gazettes https://www.handirect.com/.

We chose Dalenys as a service provider for managing and securing online payments users subscribe to a FAMILEO plan https://www.dalenys.com/en/.

We have chosen SendinBlue as a service provider for management of and sending automatic emails from FAMILEO services https://fr.sendinblue.com/.

We have chosen Zendesk as a service provider for setting up the online chat service on our website as well as for processing user support requests https://www.zendesk.com/.

We chose Microsoft Office 365 as a provider for the use and management of our IT and communication tools https://products.office.com/.

We may share your personal and private data with these service providers when they are subject to obligations in accordance with this Privacy Policy and any other appropriate privacy and security measure, provided that such third parties use your personal and private data only on our behalf and according to our instructions.


The following provisions are specific to each type of personal data processing.

Personal data processed:

We process the following data through the various forms accessible on the Site and through the Application:
* IP address of the user
* The user’s name
* The user’s First name
* The user’s email address
* The user’s date of birth
* Relationship of the user with the beneficiary of FAMILEO
* The user’s country of residence
    * Currency, VAT and price management
* The FAMILEO service beneficiary’s name
* The FAMILEO service beneficiary’s first name
* The beneficiary’s date of birth
* The beneficiary’s gender
* The FAMILEO service beneficiary’s postal address
   * The place of gazette delivery
* Language of the beneficiary’s gazette
* Photos published by FAMILEO users
   * Posts sent by users for publication of the paper gazette

On the Application or the Site, we never ask for so-called sensitive data (racial or ethnic information, political opinions, religious or philosophical opinions, trade union membership, health, sexual orientation) and we do not advise you to enter such data when using of the Site or the Application. However, if you choose to include in the free comments spaces any so-called sensitive data (including health data such as information about a disability), they will be transmitted, as they are, under your sole responsibility and on your own initiative, to our services or partners in order to process your request.

Purposes:
Processing of personal data implemented by FAMILEO serves explicit, legitimate and predetermined purposes, and it is intended for management of subscriptions to the FAMILEO service as well as management of the relationship with our users and for sending transactional and marketing messages. In particular, this processing is aimed at creating and ensuring the proper management of subscriptions for the managers, users and beneficiaries of FAMILEO services.

FAMILEO strives to collect and process only data strictly necessary for the purposes of the implemented processes.

FAMILEO may send you marketing messages. You can oppose this at any time by clicking on the unsubscribe link at the bottom of each email or by contacting FAMILEO ("Contact Us").

Legal basis:
This processing is necessary for the performance of the contract to which the data subject is party or for the execution of pre-contractual measures taken at the request of the latter. It is based on Article 6 (1) (b) of the GDPR. The request for data with a contractual nature: the data subject is obliged to provide this data if he or she wishes to enjoy use of our products or services. If the person concerned does not provide the data, they will not be able to subscribe to a FAMILEO subscription and will not have access to the service.

Personal data processed
When receiving a request form a contact or an invitation by mail, we process the following personal data:

* Name
* First name
* Email address

Purposes:
The processing of personal data is intended for the management of the relationship with our contacts and prospects. In particular, this treatment is aimed at communicating information about our products and services to the person concerned, following a specific request via our contact and invitation forms or by email.

Legal basis:
This processing of personal data is based on the consent of the data subject (Article 6 (1) (a) of the GDPR). The request for data with a contractual nature: the data subject is not obliged to provide this data.
If the data subject does not provide the data or withdraws consent to the data processing, he or she will not be able to receive information from our organization, our products and services.

If you have any questions about this Privacy Policy, how we collect or process your personal information, how to exercise your rights, or any other aspect of our privacy practices, please feel free to contact us. You can contact us at any time using the following email address: dpo@famileo.com or by mail to FAMILEO (Personal data), 20 rue Amiral Leverger, 35400 Saint-Malo, France.

We reserve the right to modify this Privacy Policy at any time. The latest version of this policy governs our processing of your personal data and will always be available at https://www.famileo.com/famileo/en-EU/privacy-policy.

If we modify this policy in a manner that we, at our sole discretion, consider to be material, we will notify you by sending an email to the address associated with your account. By continuing to access or using the Services after these changes take effect, you agree to be bound by the terms set out in the new Privacy Policy.

Most recent update of this document: 08/04/2020


Private and secure family network

Network guaranteed free of advertising and reselling of data

The user retains full ownership over their data.