Privacy Policy
Last updated: July 15, 2024
This policy details the way in which ‘Poppins’, an SAS, registered in France under number FR34929553691, domiciled at 38 Rue Quai Henri IV, 75004 Paris, whose Director is L. Basch (“POPPINS” or “we”), having the capacity of data controller within the meaning of the applicable regulations on the protection of personal data, processes the personal data* (the "Data") of the users (the “User” or “you”) on its website of which address is www.wearepoppins.com and through its mobile application (together the “App”) (together the “Privacy Policy”).
Please read this Privacy Policy carefully. By using the App, the User agrees to the collection, storage and processing of their information in accordance with this Privacy Policy.
*Personal data is any information that relates to an identified or identifiable individual. For the purposes of GDPR, personal data means any information relating to the User such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. For the purposes of the CCPA, personal data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with the User.
Article I. Processed Data, purpose of processing and legal basis
1.1 Processed Data
Processed Data includes e-mail address, first and last names, photographs and all information indicated in the profile bio, the User’s country, address, phone number, and bank information (IBAN number and credit card number, credit card expiration date, first and last name of the card holder).
POPPINS also process usage Data (IP addresses, browser type, browser version, pages of the App that Users visit, time spent on those pages, time and date of the visits and unique device identifies and other diagnostic data).
When you access the App by or through a mobile device, POPPINS may collect certain information automatically, including, but not limited to, the type of mobile device used, mobile device unique ID, the IP address of the User’s mobile device, the User’s mobile operating system and type of mobile internet browser used as well as unique device identified and other diagnostic data. POPPINS processes this Data in order to optimize the Users’ experience and to provide services tailored to the needs of its platform Users.
1.2 Purpose of collection and processing of the Data
POPPINS may collect and process Data for following purposes:
-
To provide and maintain the App, including to monitor the usage of the App.
-
To manage User’s accounts: to manage User’s registration as a user of the App. The Data Users provide can give them access to different functionalities of the App that are available to them as registered users.
-
For the performance of contractual requirements: the development, compliance and undertaking of the listings and loans and payments made or proposed by the User.
-
To contact Users: To contact Users by email, telephone calls, SMS, or other equivalent forms of electronic communication, to services including the security updates, when necessary or reasonable for their implementation.
-
To provide Users with news, special offers and general information about other services and events which We offer that are similar to those that the Users have already purchased or enquired about unless Users have opted not to receive such information.
-
To manage Users’ requests: To attend and manage User’s requests to POPPINS.
-
To deliver targeted advertising to Users: We may use Data to develop and display content and advertising (and work with third-party vendors who do so) tailored to the User’s interests and/or location and to measure its effectiveness.
-
For business transfers: We may use Data to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of POPPINS’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Data held by POPPINS about our App users is among the assets transferred.
-
For other purposes: We may use User’s information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our App, products, services, marketing and your experience.
1.3 Legal basis for data collection and processing
The legal basis on which POPPINS’ Data collection and processing is based are:
-
User consent : for the Data provided at the creation of the account, setting it up or using the App;
-
Legitimate interests: Collecting and processing Data such as process usage Data is necessary for the purposes of the legitimate interests pursued by POPPINS;
-
Performance of a contract: Collection and processing of Data on the identity of the User and its location is necessary for the performance of the agreement with the User and/or any precontractual obligations thereof;
-
Legal obligations: Collecting and processing Data is necessary for compliance with a legal obligation to which POPPINS or its subcontractors are subject, for example the identity of the payment card holder is necessary to register a payment.
Article II. Data security and confidentiality
POPPINS implements technical and organizational security measures in line with best practices, particularly with regards to the security of its information system. POPPINS is committed to implementing all necessary measures to preserve the confidentiality and security of User’s Data and prevent it from being altered, damaged, destroyed or accessed by unauthorized third parties.
To that end, POPPINS requires its sub-contractors to provide a similar degree of protection that POPPINS does.
Please note that while POPPINS uses its best efforts to protect Users’ Data, it cannot guarantee its absolute security.
Article III. Cookie policy
Browsing the Platform results in cookies being deposited on the User's terminal. For more information on the use of cookies by POPPINS, please consult the Cookie Management Policy by clicking on the following link: Cookie policy.
Article IV. Rights of the User
In accordance with applicable laws and regulations, the User holds the following rights, subject to data retention periods and compelling legitimate reasons for processing Data from POPPINS:
-
Right of access: to the Data processed by POPPINS concerning the User;
-
Right of rectification: if the Data is inaccurate or incomplete;
-
Right to erasure: allowing the deletion of Data;
-
Right to object: to the processing of certain Data;
-
Right to portability: Data is transmitted for potential re-use;
-
Right to information: this is the right to obtain information on how POPPINS processes Data.
These rights may be exercised at any time by sending an e-mail to the following address: legal@wearepoppins.com or a letter by post to Poppins - 38 Rue Quai Henri IV, 75004 Paris, France. All requests for access, rectification or objection must be accompanied by a copy of a document proving the identity of the person making the request. These identity documents will be kept for one (1) year for the exercise of the rights of access and rectification and three (3) years for the right of objection.
We undertake to respond to each request as quickly as possible whether the requests can be granted or not, given the situation and in light of applicable laws and regulations.
Article V. Recipients of Data
As part of the processing of User Data, POPPINS may transmit or give access to such to the following categories of Data sub-processors:
-
The service provider for the development, hosting and maintenance of the App;
-
The service provider conducting penetration tests on the App;
-
Service providers in charge of marketing analysis and customer segmentation;
-
The supplier of the statistical analysis solution for cookies and trackers.
-
Service providers for monitoring and analyzing the use of our App, to advertise on third party websites to Users after they visited our App, for payment processing, to contact Users. The list of current service providers and is attached to this Privacy Policy in Annex I.
-
Affiliates: We may share User information with POPPINS affiliates, in which case We will require those affiliates to honor this Privacy Policy. Affiliates include POPPINS parent company and any other subsidiaries, joint venture partners or other companies that POPPINS controls or that are under common control with POPPINS.
-
Business partners: POPPINS may share User information with its business partners to offer Users certain products, services or promotions.
-
With other Users: when the User shares personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If Users interact with other users or register through a third-party social media service, Users’ contacts on the third-party social media service may see Users’ name, profile, pictures and description of the User’s activity. Similarly, other Users will be able to view descriptions of Users’ activity, communicate with Users and view their profile.
-
Other parties: With User consent, POPPINS may disclose Data for any other purposes that the User has consented to.
Finally, POPPINS may be required to communicate such Data to third parties when such communication is required by law, regulation, or court order, or if such communication is necessary to ensure the protection and defense of its rights or protect the personal safety of the Users of the App or the public. Apart from these cases, Users Data will not be transferred or made accessible to any third party, subject to any restructuring of POPPINS, including total or partial transfer of assets, merger, takeover, acquisition, demerger and more generally any reorganization operation.
Article VI. Storage duration
POPPINS stores Data for the time that is strictly necessary to achieve the purposes for which they were collected.
POPPINS may store Data if its storage is reasonably necessary to comply with its legal obligations, satisfy regulatory requirements, prevent fraud and abuse, and enforce this Privacy Policy and the Terms of Use. POPPINS may retain Data for a limited period, if required by law enforcement. When Data is rendered anonymous, POPPINS may store such Data as long as necessary for commercial purposes.
Article VII. Transfer of User Data
User information, including User Data, is processed at the POPPINS’ or its subcontractors’ operating offices and in any other places where the parties involved in the processing are located. Therefore, this information may be transferred to — and maintained on — computers located outside of the User’s state, province, country or other governmental jurisdiction where the data protection laws may differ from those from the User’s jurisdiction.
User consent to this Privacy Policy followed by User submission of such information represents User agreement to that transfer.
POPPINS or its subcontractors will take all steps reasonably necessary to ensure that User Data is treated securely and in accordance with this Privacy Policy and no transfer of User Data will take place to an organization or a country unless there are adequate controls in place including the security of the Data and other personal information.
Article VIII. Privacy Rights for Children
Our App does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided POPPINS with Data, please contact POPPINS. If We become aware that We have collected Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from our servers.
Article XIX. Right to lodge a complaint
The Users also have the right to lodge a complaint with their local Data Protection Authority. For the list of Data Protection Authorities within the EU member states, please see the following page: Data Protection Authorities - European Commission (europa.eu)
For France specifically, The User also has the right to complain to the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07, about the way in which TENZING collects and processes Data.
Article XII. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify Users of any changes by posting the new Privacy Policy on this page.
We will let Users know via email and/or a prominent notice on our App, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
Users are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
ANNEX I – List of service providers having potential access to the Data
Article I. Analytics
We may use third-party service providers to monitor and analyze the use of our App. They may include, but are not limited to:
1.1 Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our App. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the App available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: https://policies.google.com/privacy).
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
-
Matomo
Matomo is a web analytics service. You can visit their Privacy Policy page at https://matomo.org/privacy-policy.
1.3 Fathom
Fathom is a web analytics service. You can visit their Privacy Policy page at https://www.fathomhq.com/privacy.
Article II. Email Marketing
We may use User Data to contact Users with newsletters, marketing or promotional materials and other information that may be of interest to them. Users may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use email marketing service providers to manage and send emails to Users. They may include, but are not limited to:
2.1 Mailchimp
Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.
For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/.
Article III. Payments
We may provide paid products and/or services within the App. In that case, We may use third-party services for payment processing (e.g. payment processors).
We will not store or collect User payment card details. That information is provided directly to our third-party payment processors whose use of Users’ personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
They may include, but are not limited to:
-
Stripe
Their Privacy Policy can be viewed at : https://stripe.com/us/privacy.
3.2 PayPal
Their Privacy Policy can be viewed at : https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Article IV. Behavioral Remarketing
POPPINS uses remarketing services to advertise to Users after Users accessed or visited our App. We and our third-party vendors use cookies and non-cookie technologies to help Us recognize User’s Device and understand how Users use our App so that We can improve our App to reflect User interests and serve Users advertisements that are likely to be of more interest to them.
These third-party vendors collect, store, use, process and transfer information about User’s activity on our App in accordance with their Privacy Policies and to enable us to:
-
Measure and analyze traffic and browsing activity on our App
-
Show advertisements for our products and/or services to Users on third-party websites or apps
-
Measure and analyze the performance of Our advertising campaigns
Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:
-
The NAI's opt-out platform: http://www.networkadvertising.org/choices/
-
The EDAA's opt-out platform: http://www.youronlinechoices.com/
-
The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN
You may opt-out of all personalized advertising by enabling privacy features on your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See your mobile device help system for more information.
We may share information, such as hashed email addresses (if available) or other online identifiers collected on our App with these third-party vendors. This allows Our third-party vendors to recognize and deliver Users ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.
The third-party vendors We may use are, but are not limited to:
4.1. Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page:
http://www.google.com/settings/ads](http://www.google.com/settings/ads).
Google also recommends installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout for your web browser.
Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
4.2 X (formerly known as Twitter)
Twitter remarketing service is provided by X Corp.
You can opt-out from X’s interest-based ads by following their instructions: Your privacy options for personalized ads | X Help (twitter.com).
You can learn more about the privacy practices and policies of X by visiting their Privacy Policy page: X Privacy Policy (twitter.com)
4.3 Facebook / Meta
Facebook or Meta remarketing service is provided by Facebook Inc. and Meta Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: (https://www.facebook.com/help/516147308587266).
To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217.
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA: (http://www.aboutads.info/choices/), the Digital Advertising Alliance of Canada in Canada (http://youradchoices.ca/) or the European Interactive Digital Advertising Alliance in Europe (http://www.youronlinechoices.eu/ ), or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
4.4 Pinterest
Pinterest remarketing service is provided by Pinterest Inc.
You can opt-out from Pinterest's interest-based ads by enabling the "Do Not Track" functionality of your web browser or by following Pinterest instructions:
(http://help.pinterest.com/en/articles/personalization-and-data).
You can learn more about the privacy practices and policies of Pinterest by visiting their Privacy Policy page: https://about.pinterest.com/en/privacy-policy.
Article V. Usage, Performance and Miscellaneous
We may use third-party service providers to provide better improvement of our App. They may include, but are not limited to:
-
Intercom
Their Privacy Policy can be viewed at https://www.intercom.com/legal/privacy.
-
Facebook Messenger
Their Privacy Policy can be viewed at https://www.facebook.com/privacy/policy.
-
Zendesk
Their Privacy Policy can be viewed at https://www.zendesk.com/company/agreements-and-terms/privacy-notice/.
5.4 Tawk
Their Privacy Policy can be viewed at https://www.tawk.to/privacy-policy/.