Personal data processing policy applicable to contacts, clients, potential customers, Famileo / ENTOURAGE SOLUTIONS users

The company ENTOURAGE SOLUTIONS (hereinafter called « ENTOURAGE SOLUTIONS »), S.A.S, under French law with a capital of 111 010.00 euros, registered at RCS of Saint-Malo with the number 805 178 159, and its registered office at 4 Avenue Louis Martin, 35400 Saint-Malo, France, represented by Tanguy de GÉLIS, duly competent in his capacity as PRESIDENT, is aware of how important it is to keep personal data confidential and is committed to their protection in accordance with current personal data protection legislation.

This personal data processing policy aims to inform the user (subscriber, loved one or family member), the contact or the potential customer on the commitments and practical measures taken by FAMILEO in order to ensure the respectful use of your personal data when visiting their website: http://www.famileo.com (hereinafter called « the Site »), and their mobile application FAMILEO (hereinafter called « the Application »).

This document is available to read and download in PDF format here.

The following provisions apply to all processing of personal data by the controller when using the Site and/or the Application, unless otherwise specified in the specific provisions set out below.

ENTOURAGE SOLUTIONS undertakes to process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing personal data and on free movement of these data (hereinafter referred to as the GDPR), French law n ° 78-17 of 6 January 1978 relating to data, files and freedoms (as amended), and all other applicable laws.

The data controller (the organization responsible for your personal data) is the following entity:

ENTOURAGE SOLUTIONS, a French Société par Actions Simplifiée (SAS) having its registered office at 4 Avenue Louis Martin, 35400 Saint-Malo, France
Its contact details are as follows:
* E-mail address: hello@famileo.com
* Website: www.famileo.com

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO at the following email address:
dpo@famileo.com

If you are based in the European Union, you also have the right to make a complaint at any time to the Commission Nationale de l’Informatique et des Libertés (CNIL), the French supervisory authority in charge of data protection issues (https://www.cnil.fr). We would, however, appreciate the chance to deal with your concerns before you approach the CNIL so please contact us in the first instance.

If you are located outside the European Union please note that your personal data will be transferred to the European Union and hosted on servers based in the European Union.

If you are based in the European Union, please note that ENTOURAGE SOLUTIONS hosted all the data on servers based in European Union, and is closely working with his service providers and make sure that all the service providers are GDPR compliant.

You will be informed if your data must be disclosed in application of a law or regulation, or in compliance with a decision of a competent regulatory or judicial authority.

We draw your attention to the use of buttons linking to "social networks", such as Facebook, Twitter, Instagram. The main use of these "social networks" buttons is to allow your redirection to our page on the corresponding social network. This is a non-mandatory option. Using this option may result in collection of your personal data by the social network concerned.

We recommend you to be vigilant and to consult the policies on the protection of personal data of the applicable social network, so that you are aware of the information it collects as well as the purposes for which your data might be used, and particularly where advertising purposes are concerned.

Sometimes there are options directly on website of the social network allowing you to change the settings for access to and concerning the confidentiality of your personal data.

Use of these ‘social networks’ buttons is at your initiative and fully under your responsibility. FAMILEO is not responsible for any processing of your data that is or might be done by these third-party social networks.

Personal data associated with users will be kept for the duration of the subscription to the FAMILEO service and for as long as necessary for the performance of your contract with us, for the fulfilment of our legal and regulatory obligations, and to enforce or apply our terms of use https://www.famileo.com/en-EU/cgv and other agreements, including for billing and collection purposes.

In a case of a cancellation of a subscription without a request for deletion of the account, the personal data will be retained for a period of three (3) years, and will remain accessible through the FAMILEO family group space.

In a case of a cancellation of a subscription with a request for deletion of the account, the personal data will be deleted from our database and will no longer be accessible through the FAMILEO family group space.

Only posts sent to gazettes that were edited before the account is deleted will be kept in the previously generated PDFs in the FAMILEO family group space, and they will be only accessible for family.

The personal data of contacts and prospects, who do not create an account, are kept for three (3) years from the last contact of FAMILEO with the contact or prospect. At the end of this period the personal data will be deleted.

The person whose personal data are collected has the following associated rights:

* To ask the data controller for access to his or her personal data, to require correction or deletion of personal data, or a to demand limitation of processing related to the person in question (hereinafter the ‘data subject’),
* To oppose the processing,
* To the portability of his or her data,
* To withdraw his or her consent at any time, without prejudice to the lawfulness of processing that has occurred based on the consent made prior to his or her withdrawal, this right existing only when the processing is based on Article 6 (1) (a), or on Article 9 (2) (a) of the GDPR, that is to say based on the consent of the data subject allowing processing his or her personal data for one or more specific purposes.
* To not be the subject of individual decision-making based exclusively on automated processing such as profiling.
* To define guidelines on the fate of his or her personal data after his or her death
* Lodge an appeal before the competent authority

Your California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Site and Application that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can exercise your rights (Cf. as mentioned in the paragraph ‘e.’ above) by contacting us at the following email address: dpo@famileo.com.

Upon receipt of a valid request by email, it shall be processed without undue delay. Occasionally it could take us longer than thirty (30) working days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

In accordance with the recommendations of the CNIL, our maximum duration for the storage of cookies is 13 months after their first installation in the user's device, as is the duration of the validity of the user's consent for use of these cookies.

The lifespan of cookies is prolonged at the time of each visit. Therefore, the user’s consent must be renewed when this period has expired.

Our site uses cookies provided by Google Analytics and Google Tag Manager.
Google Analytics and Google Tag Manager process the data mentioned under the provisions set out in their privacy policy: https://support.google.com/analytics/answer/6004245?hl=en#infocollect.
The data processed by Google Analytics includes the IP address of devices used to view the site, but they are not sent to us.

Cookies may be used for statistical purposes, and in particular to optimize the services FAMILEO provides to its users, this includes processing information concerning frequency of access, the personalization of pages, as well as operations carried out and the information consulted.

We inform you that ENTOURAGE SOLUTIONS may place cookies on your device. A cookie records information relating to your browsing activity on the service (e.g. the pages consulted, the date and time of the visit, etc.) that we will be able to read during your subsequent visits.

If you do not want cookies to be used on your device, most browsers offer the option to disable cookies through the settings options. You can use one of the following links, depending on your browser: Google Chrome, Mozilla Firefox or Windows Internet Explorer.

You can also select "Customize" in the cookie banner at the top of our site to choose whether to allow/disallow some or all of the cookies used on our site.

However, you are informed that some services may not work properly if the cookies are disabled.

ENTOURAGE SOLUTIONS may collect browsing information through the use of cookies.

We chose Amazon Web Services (AWS) to host and secure data for our services. The data centre dedicated to our services is located in Ireland (https://www.datacenters.com/amazon-aws-clonshaugh)

The assurance and warranty programs in terms of security and personal data protection we have selected in AWS services have been subjected to strict SOC1, SOC2 and SOC3 compliance checks by independent international inspection organizations.
Learn more

Data protection: The AWS infrastructure puts in place effective safeguards to keep users, contacts, and prospects confidential. All data is stored in highly secure AWS data centres.

To be more specific, the data that families exchange is encrypted with TLS certificate, between our users and the server.
Learn more

AWS has security breach monitoring and a data breach notification process. It will take care of any confirmed breach of AWS systems and inform ENTOURAGE SOLUTIONS as soon as possible.
Learn more

In the event of a personal data breach, ENTOURAGE SOLUTIONS undertakes to internally document the personal data breaches, as well as to notify the violations posing a risk to the rights and freedoms of individuals to the competent authority within seventy-two hours (72h).

In the event that the risks are high, the ENTOURAGE SOLUTIONS users concerned will also be notified without undue delay after ENTOURAGE SOLUTIONS being aware of the breach.

Only the following identified and authorized ENTOURAGE SOLUTIONS teams have the right to process your personal data in connection with our services to you:
* Our User Support Service team
* Our Technical Service team via the User Support Service, for specific support cases
* Our Marketing Service team

Access to your personal data by identified and authorized employees is only accessible through 1 (a single) IP address from ENTOURAGE SOLUTIONS' registered office, or via a secure and registered VPN outside the company's registered office.

We call upon service providers in Europe for provision and execution of certain services.

For example, we use the services of various third parties to facilitate provision of our services, such as hosting and printing gazettes (non-exhaustive list):

* We chose AWS to host and secure our data; its data centre that is dedicated to our services is in Ireland (https://www.datacenters.com/amazon-aws-clonshaugh).

* We have chosen Handirect as a service provider to print and manage shipping the gazettes https://www.handirect.com/.

* We chose Dalenys as a service provider for managing and securing online payments users subscribe to a FAMILEO plan https://www.dalenys.com/en/.

* We have chosen SendinBlue as a service provider for management of and sending automatic emails from FAMILEO services https://fr.sendinblue.com/.

* We have chosen Zendesk as a service provider for setting up the online chat service on our website as well as for processing user support requests https://www.zendesk.com/.

* We chose Microsoft Office 365 as a provider for the use and management of our IT and communication tools https://products.office.com/.

We may share your personal and private data with these service providers when they are subject to obligations in accordance with this Privacy Policy and any other appropriate privacy (as GDPR) and security measure, provided that such third parties use your personal and private data only on our behalf and according to our instructions.

The following provisions are specific to each type of personal data processing.

Personal data processed
We process the following data through the various forms accessible on the Site and through the Application:
* IP address of the user
* The user’s last name
* The user’s first name 
* The user’s email address
* The user’s date of birth
* Relationship of the user with the beneficiary of FAMILEO
* The user’s country of residence
  * Currency, VAT and price management
* The FAMILEO service beneficiary’s last name
* The FAMILEO service beneficiary’s first name
* The beneficiary’s date of birth
* The beneficiary’s gender
* The FAMILEO service beneficiary’s postal address
  * The place of gazette delivery
* Language of the beneficiary’s gazette
* Photos published by FAMILEO users
  * Posts sent by users for publication of the paper gazette

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data regarding your use of the Site or Application to calculate the percentage of users accessing a specific Site or Application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

On the Application or the Site, we never ask for so-called sensitive data (racial or ethnic information, political opinions, religious or philosophical opinions, trade union membership, health, sexual orientation) and we do not advise you to enter such data when using the Site or the Application. However, if you choose to include in the free comments spaces any so-called sensitive data (including health data such as information about a disability), they will be transmitted, as they are, under your sole responsibility and on your own initiative, to our services or partners in order to process your request.

Purposes:
Processing of personal data implemented by FAMILEO serves explicit, legitimate and predetermined purposes, and it is intended for management of subscriptions to the FAMILEO service as well as management of the relationship with our users and for sending transactional and marketing messages. In particular, this processing is aimed at creating and ensuring the proper management of subscriptions for the managers, users and beneficiaries of FAMILEO services.

FAMILEO strives to collect and process only data strictly necessary for the purposes of the implemented processes.

FAMILEO may send you marketing messages. You can oppose this at any time by clicking on the unsubscribe link at the bottom of each email or by contacting FAMILEO ("Contact Us").

Legal basis
This processing is necessary for the performance of the contract to which the data subject is party or for the execution of pre-contractual measures taken at the request of the latter. It is based on Article 6 (1) (b) of the GDPR. The request for data with a contractual nature: the data subject is obliged to provide this data if he or she wishes to enjoy use of our products or services. If the person concerned does not provide the data, they will not be able to subscribe to a FAMILEO subscription and will not have access to the service.

Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Personal data processed
When receiving a request form a contact or an invitation by mail, we process the following personal data:
* Last name
* First name
* Email address

Purposes:
The processing of personal data is intended for the management of the relationship with our contacts and prospects. In particular, this processing is aimed at communicating information about our products and services to the person concerned, following a specific request via our contact and invitation forms or by email.

Legal basis:
This processing of personal data is based on the consent of the data subject (Article 6 (1) (a) of the GDPR). The request for data with a contractual nature: the data subject is not obliged to provide this data.
If the data subject does not provide the data or withdraws consent to the data processing, he or she will not be able to receive information from our organization, our products and services.

If you have any questions about this Privacy Policy, how we collect or process your personal information, how to exercise your rights, or any other aspect of our privacy practices, please feel free to contact us. You can contact us at any time using the following email address: dpo@famileo.com or by mail to FAMILEO (Personal data), 4 Avenue Louis Martin, 35400 Saint-Malo, France.

We reserve the right to modify this Privacy Policy at any time. The latest version of this policy governs our processing of your personal data and will always be available at https://www.famileo.com/famileo/en-EU/privacy-policy.

If we modify this policy in a manner that we, at our sole discretion, consider to be material, we will notify you by sending an email to the address associated with your account. By continuing to access or using the Services after these changes take effect, you agree to be bound by the terms set out in the new Privacy Policy.

Most recent update of this document: 05/01/20222


Private and secure family network

Network guaranteed free of advertising and reselling of data

The user retains full ownership over their data.