Privacy Policy
At PlayAbility, protecting your personal data is a priority.
When you use the website https://www.playability.gg (the “Site”) and/or the PlayAbility Adaptive Software (the “Software”) and in the context of managing our contractual relationships with our clients, we collect personal data concerning you.
The purpose of this policy is to inform you about the modalities according to which we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and Law No. 78-17 of January 6, 1978 relating to data processing, files, and freedoms (together the “Applicable Regulation”).
1. Who is the data controller?
The data controller is the company PlayAbility, a simplified joint-stock company, registered in the RCS of Bobigny under number 978 633 964, with its registered office located at 95 Avenue du Président Wilson – 93100 MONTREUIL (“We”).
2. What data do we collect?
Personal data is data that allows an individual to be identified directly or by cross-referencing with other data.
We collect personal data that fall into the following categories:
-
Identification data (name, first name, email and postal address, phone number);
-
Data relating to your choice of gaming mode (with which part of your body you wish to use the Software);
-
Data relating to your body movements, face, as well as your voice;
-
Data relating to your professional life (company name, CV, position/function, LinkedIn URL);
-
Data relating to your purchases in the Software;
-
Connection data (connection logs, encrypted passwords);
-
Navigation data (IP address, pages viewed, date and time of connection, browser used, operating system, user ID, MAID);
-
Economic and financial data (data relating to your bank cards);
-
Any information you wish to transmit to us in the context of your contact request and in our forms.
Mandatory data are indicated by an asterisk when you provide us with your data.
3. For what purposes, on what legal bases, and for how long do we retain your personal data?
| Objectives | Legal Bases | Retention Periods |
|---|---|---|
| Provide our services available on our Software via your account | Execution of pre-contractual measures taken at your request and/or execution of the contract you have entered into with Us | Data relating to your account are retained for the entire duration of your account. Your connection logs are retained for 1 year. In addition, your data may be archived for evidentiary purposes for a period of 5 years. |
| Perform operations relating to the management of our clients concerning contracts, in-app purchases, invoices and ensure the follow-up of the contractual relationship with our clients | Execution of the contract you have entered into with Us | Personal data are retained for the entire duration of the contractual relationship. In addition, your data (except for your bank details) are archived for evidentiary purposes for a period of 5 years. Regarding data relating to your bank card, they are retained by our payment service provider STRIPE. Data relating to the visual cryptogram or CVV2, inscribed on your bank card, are not stored. |
| Manage your reviews on our services and our Software | Our legitimate interest in collecting your opinion on our services and our Software | 2 years from the publication of the review |
| Create a file of clients and prospects | Our legitimate interest in developing and promoting our activity | For clients: data are retained for the entire duration of the contractual relationship. For prospects: data are retained for a period of 3 years from your last contact. |
| Comply with our legal obligations regarding the reporting of illicit content on the Software | Comply with our legal and regulatory obligations imposed in the context of our Software | Data relating to your identity are retained for 5 years from the end of the validity of the Terms and Conditions, the closure of your account, or the closure of the report. Other information provided by the user, including information relating to payment, are retained for one year from the end of the validity of the Terms and Conditions, the closure of your account, or the closure of the report. Technical data allowing the identification of the source of the connection or those relating to the terminal equipment used are retained for a period of one year from the connection or the use of the terminal equipment. |
| Send newsletters, solicitations, and promotional messages by email | For clients: our legitimate interest in retaining and informing our clients of our latest news For prospects: your consent | Data are retained for 3 years from your last contact with Us or until withdrawal of your consent. |
| Respond to your information requests | Our legitimate interest in responding to your requests | Data are retained for a period of 3 years from your last contact. |
| Comply with legal obligations applicable to our activity | Comply with our legal and regulatory obligations | Invoices are archived for a period of 10 years. Data relating to your transactions (except for bank data) are retained for 5 years. |
| Processing of applications and management of interviews (preselection of candidates, contact to assess the candidate’s ability to occupy the position, finalization of the recruitment process) | Execution of pre-contractual measures | Your data are retained in active database for the entire duration of the recruitment process until the hiring decision. In case of refusal of your application, your data may be retained 3 months after the end of recruitment in order to be able to provide you with explanations on the reasons that led to the rejection of your application. Your data may be retained in intermediate archiving for evidentiary purposes for 5 years from the date of the hiring decision. |
| Organize contests and promotional operations | Our legitimate interest in retaining our clientele and offering them gifts | Data are retained for the entire duration of contests or promotional operations and may be archived for 5 years for evidentiary purposes. |
| Develop statistics (navigation, audience of the Site and Software) and improve the functionalities of the Site and Software through the deposit of audience measurement cookies | Your consent | Data are retained for 25 months. |
| Manage requests for exercise of rights | Our legitimate interest in responding to your requests and keeping track of them | If we ask you for proof of identity: we retain it only for the time necessary for identity verification. Once verification is complete, the proof is deleted. Information allowing the management of your requests for exercise of rights in application of the GDPR will be retained for 3 years from the request. |
4. Who are the recipients of your data?
The following will have access to your personal data:
- The staff of our company;
- Our subcontractors: hosting provider, newsletter sending provider, audience measurement and analysis provider, electronic messaging provider, secure payment provider, billing tool, cookie management tool, CRM tool, customer service provider and chatbot, database provider, form generator, task automation tool;
- If applicable: public and private organizations, exclusively to respond to our legal obligations.
5. Are your data likely to be transferred outside the European Union?
In the context of the tools we use (see article on recipients concerning our subcontractors), your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured by means of the following tools:
-
either the data are transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
-
or the data are transferred to a country whose level of data protection has not been recognized as adequate to the GDPR: in this case, these transfers are based on appropriate safeguards indicated in Article 46 of the GDPR, adapted to each provider, including in a non-exhaustive manner the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or by virtue of an approved certification mechanism.
-
or the data are transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
6. What are your rights regarding your data?
You have the following rights regarding your personal data:
-
Right to information: this is precisely why we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
-
Right of access: you have the right to access all your personal data at any time, under Article 15 of the GDPR.
-
Right to rectification: you have the right to rectify your inaccurate, incomplete, or obsolete personal data at any time in accordance with Article 16 of the GDPR.
-
Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
-
Right to erasure: you have the right to require that your personal data be erased, and to prohibit any future collection for the reasons set out in Article 17 of the GDPR.
-
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of applicable texts, in accordance with Article 77 of the GDPR.
-
Right to define directives relating to the retention, erasure, and communication of your personal data after your death.
-
Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR indicates that you can withdraw your consent at any time. This withdrawal will not affect the legality of the processing carried out before the withdrawal.
-
Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
-
Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Note, however, that we may maintain their processing despite this objection, for legitimate reasons or the defense of rights in court.
You can exercise these rights by writing to us at the contact details below. We may ask you on this occasion to provide us with additional information or documents to justify your identity.
7. What cookies do we use?
To learn more about cookie management, we invite you to consult our Cookie Policy.
8. Contact point to exercise your rights
Contact email: team@playability.gg
Contact address:
To the attention of: PlayAbility
95 Avenue du Président Wilson – 93100 MONTREUIL
9. Modifications
We may modify this policy at any time, in particular to comply with any regulatory, jurisprudential, editorial, or technical developments. These modifications will apply from the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any significant modification to this privacy policy.
Effective date: January 25, 2024