The present Data Protection Policy delineates how Rayn collects and processes your personal data via the Rayn websites and application referenced herein.
Rayn encompasses an ecosystem comprising Rayn websites (inclusive of domain names such as, but not limited to, www.rayn.finance), mobile applications, clients, and stakeholders.
This Data Protection Policy is applicable to all personal data processing activities undertaken across Rayn platforms, websites, and departments.
Should you be a client or user of our services, this Data Protection Policy is applicable in conjunction with the terms of business and other contractual documents, inclusive of, but not limited to, agreements we may have with you.
In the event you are not a stakeholder, client, or user of our services but utilize our website, this Data Protection Policy equally pertains to you, alongside our Cookie Policy.
Consequently, this Policy should be read collectively with our Cookie Policy, which furnishes supplementary particulars regarding our utilization of cookies on the website.
***
1. WHO ARE WE AND WHAT IS OUR ROLE IN THE PROCESSING OF PERSONAL DATA ?
Automata France SAS (also referred to as "the company" or "we" in this policy) is a simplified joint-stock company with its registered office located at 240 rue Evariste Galois, 06410 Biot, Sophia Antipolis, registered in the Trade and Companies Register under the number 902 498 617 00023 (whose intra-community VAT number is: FR47 902 498 617).
The company Automata France operates under the commercial name "Rayn".
Its main activity is the development and management of all systems, software, technical solutions, websites, platforms, and applications, as well as the acquisition, subscription, holding, management, and transfer, in any form, of all shares and securities in all companies or legal entities. In this context, it also operates as a Digital Asset Service Provider (DASP) and is registered with the AMF (French Financial Markets Authority) under the registration number E2023-087.
The company operates the website accessible to the public at the following URL (hereinafter referred to as the "Site"): https://www.rayn.finance/. This Site aims to:
The company also administers pages that showcase its activities and allow it to publish content on social networks and interact with internet users (notably on Facebook, Instagram, YouTube, and LinkedIn).
During your navigation and interactions on the Site, on the pages managed by the company on social networks, or, more generally, during your interactions or exchanges with the company, it may collect and process Personal Data concerning you, for the management of the activities it carries out and on its own behalf, in its capacity as Data Controller, whether you are a customer, prospect, contact, internet user, candidate, supplier, service provider, or partner, potential or current (also referred to as "you" or "the concerned Person(s)" or "user(s)" in this policy).
In this context, the company applies the principles defined by legal and regulatory provisions in the field of Personal Data protection, particularly in Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data (General Data Protection Regulation, "GDPR"), as well as the law no. 78-17 of 6 January 1978 on Information Technology, Data Files, and Civil Liberties (known as the "Information Technology and Liberties Law") and its implementing decrees.
2. WHAT ARE THE METHODS FOR COLLECTING YOUR PERSONAL DATA ?
2.1 Your Personal Data is collected either directly from you or indirectly from third parties.
2.1.1 Indeed, your Personal Data is particularly collected or processed in whole or in part during your navigation on the Site, your interactions with the Site, and when you enter information into data collection forms that may be present there, but also more generally within the framework of requests that you may send to the company by any means at your convenience, your relationship and your exchanges with the company, and when you share content from the Site using "share buttons" on social networks that may be offered on our Site, or during your navigation on one of the company's pages on social networks.
Generally, your Personal Data is thus directly collected from you in the aforementioned cases.
2.1.2 However, your Personal Data may also be collected through third parties (i.e. indirect collection from third parties).
Indeed, the Personal Data that we collect and process about you may possibly be gathered or enriched by us, particularly for the purpose of conducting commercial operations, communication, solicitation, prospecting, or marketing, using other sources of information (social networks, so-called "public" information, websites, file rentals, etc.).
Similarly, your Personal Data may be transmitted to us by other staff members/contacts within your company or through third parties in certain situations.
Moreover, specifically concerning Personal Data processed in the context of our recruitment operations (for employment or an internship), we use the information you provide us (e.g., form completed for this purpose or generally information mentioned in your CV) that we integrate into our candidate database (CV library). However, we may also approach third parties (for example, recruitment agencies, previous employers, internship supervisors, or clients with whom you have worked on previous missions) or use other sources of information (in particular professional social networks, recruitment firms, or specialized recruitment websites) to collect information about you for the evaluation of your application or your professional profile. Furthermore, even without a candidacy from you, we may, particularly in the context of our monitoring and active search for professional profiles that may match our job vacancies, collect Personal Data from third parties (for example, recruitment agencies or "headhunters") or use other sources of information (in particular professional social networks or specialized recruitment websites) to collect information about you with the aim of proposing that you apply for one of our job offers.
2.2 Furthermore, in general, you are informed that as a principle:
Special case: if data collection forms for Personal Data (for example, forms integrated on the Site or within our pages on social networks, or any data collection form in whatever format that we might make available to you to collect information about you) involve the entry of mandatory Personal Data for the implementation of the associated Processing, you will be informed on the form and it will be specified the possible consequences of a failure to communicate these details. Otherwise, the requested information is optional. In the absence of a specific form, the mandatory data for the pursued purposes will be indicated to you, it being specified that data not indicated as mandatory is, of course, optional.
2.3 Apart from specific legal obligations, or contrary details in this policy, we do not collect "special" Personal Data, that is, data that would reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor genetic data, nor data concerning health or data concerning a natural person's sex life or sexual orientation.
2.4 Personal Data of minors or protected adults: we only offer our services to adults with legal capacity. Therefore, in general, the use of the Site and the company's dedicated pages on social networks is reserved for adults with legal capacity, the company cannot in any case be
held liable for the use of the Site or its pages on social networks by minors or those who lack legal capacity, and therefore for any consequences that may result from this, particularly in terms of the Processing of their Personal Data.
3. WHAT DATA IS COLLECTED, FOR WHAT PROCESSING PURPOSES, AND FOR WHAT DURATIONS ?
3.1 Management, processing, and monitoring of information requests and exchanges with our users, via or through the Site or the company's social media pages, or by any other means, and more generally the company's relations with its contacts in a broad sense
We may collect, use, store, and transfer different types of Personal Data about you as follows:
For your information, we also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but are not considered personal data by law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the application. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3.2 Management of our relationships with our partners including our current or potential providers and suppliers:
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility for these policies or for personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.
3.3 Compliance with legal and regulatory obligations (including accounting, tax, and administrative obligations) related to the execution of contracts concluded by the company, and more generally to the company's activities:
3.4. Email Communications:
4. COOKIES
The company utilizes "cookies" within the application. Cookies are small files containing textual information. Cookies are stored on your mobile device only when you consent to the placement of cookies when prompted during the use of our App.
For further information, please read our cookie policy available on our website: https://www.rayn.finance/cookie-policy/
5. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the GDPR and the legislation of the EU member state to which we are subject permit us to do so. Most commonly, we will use your personal data in the following circumstances:
6. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
Purpose/activity | Data type | Legal basis for processing |
To open and use a Rayn account | Identity, Contact, Financial, Device | Necessary for the performance of a contract |
To process in-App purchases and provide services | Identity, Contact, Financial, Transaction, Device, Marketing and Communications, Location | Necessary for the performance of a contract |
To manage our relationship with you | Identity, contact, finances, profile, marketing and communications | Necessary for the performance of a contract |
To manage and protect our company and the App | Identity, Contact, Device | Necessary for our legitimate interests |
Marketing (for subscribing clients) | Identity, Contact, Device, Content, Profile, Usage, Marketing and Communications, Location | Necessary for our legitimate interests |
Marketing (for prospects): | Identity, Contact | Your consent |
To improve the application | Identity, Contact, Device, Content, Profile, Usage, Location | Necessary for our legitimate needs |
To expedite the "Add contact" procedure directly from your phone | Identity, Contact, Your Contact(s) | Consent |
To ensure compliance with applicable laws and regulations | Communication Data, Identity, Contact, Finance, Transaction, Use | Legal or regulatory obligation |
Use of Your Personal Data
When the processing of personal data is carried out on behalf of the Company, we enter into a separate contract with the processor regarding this processing. This contract constitutes a commitment to GDPR compliance and provides adequate contractual guarantees for the implementation of appropriate technical and organizational measures, which ensure the protection of your rights.
Regarding the transfer of personal data to recipients outside our corporate group, we only transmit data to third parties when required by law, necessary for the performance of the contract, or when you have consented to the transfer. Under these conditions, the third-party recipients of personal data may include:
We authorize these service providers to use or disclose personal data only to provide services on our behalf or to comply with legal requirements. We contractually require these service providers to protect the security and confidentiality of personal data they process on our behalf. Our service providers acting as processors are primarily based within the EU..
7. INTERNATIONAL TRANSFERS
Some of our external third parties are based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.
When we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing the following safeguard: when we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For more details, see European Commission: Standard Contractual Clauses for data transfers between EU and non-EU countries.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. DATA SECURITY
We recognize the importance of protecting and managing your personal data. All personal data that we process is treated with the utmost care and security. This section outlines some of the security measures we have put in place.
We use a range of physical and technical measures to ensure the security of your personal data and to prevent unauthorized access, use, or disclosure:
Although we take all reasonable steps to ensure that your personal data is protected against unauthorized access, we cannot guarantee that it will be secure during transmission by you to our application, our website, or other services. We will take all reasonable steps to ensure that all your personal data is protected against unauthorized access and is aligned with our privacy policy.
As no system can be considered 100% secure, we cannot guarantee the security of the personal data you provide to us.
All payment transactions made by us or by the third-party payment processing service provider we have chosen will be encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) technology. When we have given you (or when you have chosen) a password that enables you to access certain parts of our website or App, you are responsible for keeping this password confidential.
We ask you not to share your personal data or password with anyone.
9. DATA RETENTION
The law requires us to retain basic information about our customers (including Contact, Identity, Financial, and Transaction data) for ten years after they cease being customers for tax purposes.
In certain conditions, you can ask us to erase your data: see Your rights below for further information.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
10. YOUR RIGHTS
In certain circumstances, you have the following rights under data protection laws in relation to your personal data:
Please note: the exercise of these rights is nevertheless limited with respect to Personal Data that would be necessary for the operation of said blockchains (cf. notably the Data retained/stored within the blockchains used in the management, monitoring, and processing of digital asset operations). Indeed, these Data necessary for the operation of the blockchains are neither modifiable nor erasable for the life of the concerned blockchain. Moreover, the retention/storage of these Data in said blockchains is not the responsibility of Automata France which neither manages nor controls said blockchains, and therefore has no power of determination nor control over the Processing of Personal Data that may be implemented within said blockchains, nor to reflect the exercise by the concerned Persons of their rights with respect to said blockchains.
For any other request, you can contact us:
In any case, in the event of reasonable doubt as to the identity of the person submitting such a request to exercise their rights, the company may always request that additional information necessary to confirm the identity of the Concerned Person be provided and may request, where the situation requires it, a photocopy of an identity document bearing the holder's signature. In such a case, the aforementioned response times will be suspended pending receipt of the necessary additional information to identify the Concerned Person.
In the event of receiving such a request, it will be answered as soon as possible and in any event within a maximum period of one month from receipt of the request. If necessary, this period may be extended by two months, taking into account the complexity and number of requests received, in which case the requester will be informed.
The request may be submitted by the Data Subject or by a person specially authorized for this purpose by the Data Subject, provided that the authorized person justifies their own identity and that of the principal, the authorization itself, as well as its specific duration and purpose. The authorization must also specify whether the authorized agent can receive the response.
Furthermore, you always have the right to lodge a complaint with the competent supervisory authority (in France, this is the National Commission on Informatics and Liberty known as "CNIL": 3 Place de Fontenoy - TSA 80715 – 75334 Paris cedex 07; tel.: 01 53 73 22 22) if you believe that the processing of your Personal Data is not carried out in accordance with the legal and regulatory provisions concerning the protection of Personal Data.
To understand your rights, you may also refer to the explanations provided by the CNIL here: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles.
11. CAN THIS DATA PROTECTION POLICY BE MODIFIED ?
11.1 This Data Protection Policy is subject to change at any time, which will take effect on the date of publication of the corresponding update.
11.2 Indeed, in the case of modification, the new Data Protection Policy will be posted on the Site in the dedicated section. Moreover, all forms for the collection of Personal Data that may appear on our Site provide a link to this policy.
11.3 We therefore invite you to consult it regularly.
12. WHAT IS THE SITE'S POLICY ON COOKIE MANAGEMENT ?
12.1 Cookies and other trackers or similar technologies may be installed and/or read in your browser or terminal during your visit to the Site.
12.2 Click here to access our "cookie management policy," which is also accessible via a link embedded in the footer of all pages of the Site.
Date of the last update: February, 16th 2024
GLOSSARY
Legal basis
Consent means the processing of your personal data when you have signified your agreement by a declaration or a clear acceptance of the processing for a specific purpose. Consent is only valid if it is a free, specific, informed and unambiguous indication of what you want. You may withdraw your consent at any time by contacting us.
Legitimate interest our company's interest in conducting and managing our business to enable us to offer you the best service/product and the best and safest experience. We take care to consider and balance any potential impact on you (both positive and negative) and your rights before processing your personal data as part of our legitimate interests. We do not use your personal data for activities where the impact on you outweighs our interests (unless we have your consent or are required or permitted to do so by law). You can find out more about how we assess our legitimate interests against the potential impact on you in relation to specific activities by contacting us at
Contract performance The processing of your data is necessary for the performance of a contract to which you are a party or to take measures at your request prior to the conclusion of such a contract.
Complying with a legal obligation means processing your personal data where this is necessary to comply with a legal obligation to which we are subject.
Description of the categories of personal data