Privacy Policies

At Once, protecting your personal data is a priority!
The purpose of this privacy policy is to provide you with information about the way we process your personal data. You can rest assured that when collecting and managing your data, we are fully compliant with the (good old) "Informatique et Libertés" law of 1978 (the French data protection act) and also with the (very popular) European data protection regulation of 27 April 2016 (hereafter referred to as the "GDPR").

What is personal data?

During your use of our website (hereafter referred to as the "Site"), which is accessible online at the address https://www.once.app/, we may ask you to provide us with personal data concerning you in order to use our services (hereafter referred to as the "Services").  The term "personal data" refers to all data making it possible to identify you as an individual.

Which personal data is collected by Once?

During our activities and via the Services which we propose, we may gather a certain amount of information concerning you, including your name, email address, Google authentication number, user ID, IP address, position in your company, all files and assets uploaded to the Platform while creating web stories, and data concerning your use of the Platform.
Certain data, such as your first name, last name, email address and photograph, can be retrieved from Google, via Google Authentication if you choose this option when you register. By choosing this option, you allow Google to share this information with us. These data may be collected when you use our Site, or when you use our Services.  

Who is the data controller?

Once App, a SAS company,
Registered in the Trades and Companies Register
of Nanterre, 92000, France, under the no. 884 386 483,
having its registered office at Neuilly sur Seine, 92200, France.

E-mail address: legal@once.app

We have appointed a Personal Data Protection
E-mail address : legal@once.app

1. The use of your personal data

On which bases are your data collected and used?

Contract

This collection is necessary to implement the contract concluded when you use our Services on our Site.

Legitimate Interest

When you voluntarily provide us with personal data, we collect it in order to better meet your requests for information on our Site.

Consent

This involves the collection and storage of your personal data via cookies used on our Site or the sending of information and prospection material.

For which end purpose(s) are your data collected and used?

Contract

Creating a database of users, registered members and prospects.
Managing your access to our Services accessible via the Site and their use.

Legitimate Interest

The preparation of business statistics and those concerning visits to our Site.
Personalising replies to your requests for information.
Managing people's opinions concerning the Site’s Services or content.
Sending information or prospection material.

Cookies

For more information on Cookies, please read our attached Cookies Policy.

NB/ You may always refuse to provide us with your data and we will then inform you of any possible consequences this refusal may have when the provision of such data is mandatory.

2. Recipients of the collected data

The following will have access to your personal data:

(i) Our team

Our beloved team!

(ii) The services handling
inspection activities

The services handling inspection activities (including the auditors of corporate accounts),
Our processors, and in particular:our payment service providers,our web hosting provider,our productivity and collaboration toolsour web analytics services.

(iii) Our processors,

and in particular:our payment service providers,our web hosting provider,our productivity and collaboration toolsour web analytics services.

Not forgetting the (much less fun) public authorities, legal officers (bailiffs, notaries, etc.), ministerial officers and debt collection organisations.

Your personal data will never be transferred to, leased to or exchanged with third parties.

3. Personal data retention period

Not forgetting the (much less fun) public authorities, legal officers (bailiffs, notaries, etc.), ministerial officers and debt collection organisations.

Your personal data will never be transferred to, leased to or exchanged with third parties.

a. User's data

The data is stored for the whole length of your registration to our Services and for a period of:

Three (3) years from your unsubscription date concerning the use of the data for prospection purposes. At the end of this three (3) year period, we may contact you again to find out if you wish to continue receiving commercial communications from us.

One (1) year as from the exercise of the right of access or rectification, in the event of exercise of this right, concerning data relating to identity documents.

A minimum of three (3) years as from the date on which you exercise your right of opposition concerning information making it possible to exercise your rights.

Five (5) years as from your unsubscription date concerning compliance with legal and regulatory obligations and in order to make it possible to establish proof of a right or a contract.

Thirteen (13) months concerning the cookies mentioned in the article below.

b. Credit Card Data

No worries, your bank details are safe with Stripe, our payment service provider, who ensures the proper functioning of your purchases and fees on our Site.

In order to be able to carry out your transactions, Stripe collects and stores personal data relating to your credit card in our name and on our behalf. We do not have access to these data.

The data relating to your credit card are kept for the duration of the commercial transaction, and for the following purposes:
for the entire duration of your registration on our Site and within the limit of your credit card's validity period, only if you allowed the storage of your bank details in order to facilitate your subsequent purchases by ticking the dedicated box at the time of payment of your purchase.

Thirteen (13) months following the debit date or fifteen (15) months following the debit date to take into account the possibility of using deferred debit payment cards, for the purposes of proof in the event that the transaction is disputed, in intermediate archives.

The data relating to the visual cryptogram or CVV2, written on your credit card, are not stored.
To find out more about how your bank data are collected and stored, you can consult the General Terms and Conditions of Use of Stripe.

4. Security

No worries here! We (and our processors) have taken all necessary precautions in addition to the appropriate organisational and technical measures to protect the security, integrity and privacy of your personal data.

5. Hosting

Your data is kept and stored for the whole duration of its processing, on the servers of the company Amazon Web Services located in Ireland in the European Union.

6. Transfer outside the European union

Your data may also be hosted on the servers of the company Amazon Web Services, located in the United States.
This company is covered by the "Privacy Shield", which offers an adequate level of protection according to the European Commission decision dated 12 July 2016 (please see the adequacy decision). For further information concerning the protection offered by the "Privacy Shield", you can visit its website.  
Regarding the tools we use (see article “Recipients of the collected data” concerning our processors), your personal data may be transferred outside the European Union. The transfer of your data within this framework is secured by the following safeguards:Either these companies have adhered to the "Privacy Shield", which has been deemed to offer an adequate level of protection by the European Commission decision dated 12 July 2016 (please see the adequacy decision). To learn more about the protection offered by the Privacy Shield, you can consult its website;Either we have concluded a specific contract governing the transfer of your data outside the European Union with them, based on the standard contractual clauses between a data controller and a processor approved by the European Commission.

7. Cookies

For more information on Cookies, please read our attached Cookies Policy.

8. Your rights

Right to information

This is precisely why we drafted this privacy policy

Right of access

You have the right to access all of your personal data at any time

Right to rectification

You have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time

Right to limitation

You have the right to demand that the processing of your personal data be restricted in certain cases described in art.18 of the GDPR

Right to data portability

You have the right to receive your personal data in a readable format and to demand its transfer to the recipient of your choice

Right to be forgotten

You have the right to demand that your personal data be deleted and to prohibit any future collection

Right to submit a complaint

You have the right to contact the relevant supervisory authority (the CNIL in France), if you feel that the processing of your personal data violates one of the applicable laws or regulations

Right to object

You have the right to oppose the processing of your personal data. However, please note that we may continue to process it despite this opposition, on legitimate grounds or to defend our rights before the courts.Regarding prospection, you may oppose this at any time via the unsubscribe link located at the bottom of each of our prospection e-mails.

Right to leave instructions for after your death

concerning the storage, deletion and communication of your personal data, designating the person responsible for implementing these if necessary.You may send them to a digital trusted third party certified by the CNIL (French data protection authority) in the case of general instructions, or to the contact details below for your specific instructions. You can modify or revoke your instructions at any time.


You may exercise the above-mentioned rights by writing to us at legal@once.app

You should be able to prove your identity by any means. If we have any doubt regarding your identity, we could ask you to provide us with additional necessary information such as a copy of a signed identity document.

9. Applicability date

This privacy policy takes effect on the 1st of June 2020

10. Modifications

We reserve the right to partially or wholly modify this privacy policy at any time at our sole discretion.
These modifications will take effect as from the publication date of the new privacy policy. Your use of the Site once these modifications have taken effect constitutes your acknowledgement and acceptance of the new privacy policy. Failing this, if this new privacy policy is unacceptable to you, you must no longer access our Site.

11. Credits

Credits for the pictograms: designed by Gregor Cresnar, Thomas Soto, Iyikon, Bezier Master, Alina Oleynik, Jaro Sigrist, Three Six Five, Rflor, Rama, AomAm, Por Suppasit, and Pedro Santos from Noun Project.