Data Protection Policy
1. What is the purpose of the data protection policy?
- Given the relationship of trust that exists between Buongiorno and its customers, Buongiorno has wished to set out its personal data protection policy with regard to data protection regulations by taking into account the European Union standards in this matter and more particularly the General Data Protection Regulation (GDPR).
- With this data protection policy, Buongiorno undertakes, within the framework of its activities and in accordance with the regulations in force, to protect the privacy of its prospects and customers (the “data subjects”) by ensuring the protection, confidentiality and security of the personal data collected.
- Buongiorno further undertakes to have suitable financial, human and technical means to safeguard the data subjects’ human dignity, legitimate interests and fundamental rights.
- The main objective of this data protection policy is to concentrate in a single document clear, simple and precise information concerning the data processing operations carried out by Buongiorno, in order to enable the data subjects to understand what information and personal data (hereinafter referred to as the “personal data”) are collected, how they are used and what their rights are with regard to these personal data.
- Buongiorno reserves the right to amend this data protection policy at its sole discretion and at any time, in accordance with applicable data protection regulations.
2. Governance of personal data
- Buongiorno has developed a personal data governance policy.
- This policy includes all the guidelines, rules, procedures, and practices implemented by Buongiorno to take into account the requirements of regulations relating to the use and protection of personal data, whose guiding principles are presented in this policy.
- In this context, Buongiorno has designated a Data Protection Officer (DPO).
- The task of the DPO is to ensure compliance with data protection regulations and to liaise with the competent authority and all data subjects in relation to the collection or processing of personal data.
- The DPO can be contacted by any interested person at the following postal address: “GDPR – 350 rue Denis Papin 13594 Aix en Provence Cedex 3” or at the following email address “firstname.lastname@example.org”.
- « anonymisation » means «the result from processing personal data in order to irreversibly prevent identification » ;
- « collect » means to obtain personal data. Data may be collected in particular by means of questionnaires or replies to messages;
- « consent » means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- « controller» means the person or body which, alone or jointly with others, determines the purposes and means of the processing of your personal data;
- « profiling » means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”;
- « online services » means digital services offered by Buongiorno, such as website, applications, or associated services;
- « providers » should be construed in the broadest sense and means in particular service providers, subcontractors working with Buongiorno;
- « processing of personal data » means any operation or set of operations in relation to such data, whatever the mechanism used;
- « products or services » means all products and services, including technological products and services (websites, applications and associated services) offered or to be offered by Buongiorno;
- « prospect » means any person who has contacted Buongiorno to obtain information about a product or service offered by Buongiorno.
4. When does Buongiorno collect personal data?
- Personal data may be collected primarily in the context of:
- the entry into contact with Buongiorno;
- the customer’s use of any products and services from Buongiorno, including technological services (website, application, and associated services);
- the relationship between Buongiorno, its prospects, and its customers;
- the performance of contracts;
- the performance of legal or regulatory obligations relating to the activity of Buongiorno and having an impact on the protection of personal data, such as tax obligations, audit, fight against fraud,…;
- and those relating to the management of the commercial relationship in particular at the time of complaints, or satisfaction surveys; …
5. What are the categories of data processed by Buongiorno?
- Personal data means any information relating to a natural person which permits to identify him or her, directly or indirectly.
- The data collected by Buongiorno may be divided into the following main categories: contact data, identification data, civil status, photos, data linked to the use of the services, payment data.
- Personal data may include an individual’s first and last name, telephone number, photograph, video recording, messages exchanged, postal address, email address, computer’s IP address, type of device used.
5.1 Declarative personal data
- Declarative personal data are those provided by the data subjects and collected by Buongiorno in the context of commercial or contractual relationships.
- The data come mainly from the data subjects and the persons authorised by the data subjects to transmit them to Buongiorno.
- For example, the data subject may be asked to provide personal data relating to his or her family situation as well as his or her full name and contact details. These data can be collected through electronic forms (on website or mobile applications) or paper forms or through answers to Buongiorno’s questions.
5.2 Personal data related to the functioning of products and services
- Personal data may arise from the use by the data subjects of Buongiorno’s products and services or may relate to operations carried out via the products and services offered by Buongiorno in the context of its relationship with the data subject.
- For example, information is collected on the communications with the customer service, or the connection to the services offered, or the use of online services (use of applications).
5.3 Personal data from third parties
- The personal data processed may also come from:
- service providers;
- public or supervisory authorities;
- subcontractors, providers of Buongiorno or third parties if their personal data protection policies allow it;
- other products or services provided by third parties to which the data subjects have subscribed and/or for which they have authorised sharing with Buongiorno.
5.4 Public personal data
- Buongiorno may collect public personal data concerning the data subjects.
- Public personal data are personal information or data that are produced or received by an administrative or public authority as part of its public service task, that are published by an administrative authority or that can be communicated to any person upon request.
- Buongiorno may use public information or personal data where permitted by law or regulation and in compliance with the specific rules of communication and re-use specified by such law or regulation.
5.5 Personal data calculated or inferred by Buongiorno
- Buongiorno may generate or calculate new personal data on the basis of declarative personal data or data related to the functioning of technological tools.
- This is in particular used to know its customers, to adapt its products and services, to personalize the offers that can be made to customers, in which case Buongiorno may define commercial or marketing profiles, segments.
5.6 Special categories of data
- Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, personal genetic data, personal biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning a natural person’s sex life or sexual orientation.
- These special categories of personal data, which must be subject to special attention, are not processed by Buongiorno; in the event that their processing becomes necessary, Buongiorno undertakes to process them under the conditions laid down by the regulations relating to the protection of personal data.
- It may happen that the data subject chooses to provide Buongiorno with some of this information such as his or her racial origin, sexual orientation or religious beliefs, in which case the fact of choosing to provide this information constitutes consent to its processing.
6. What are the personal data processed by Buongiorno?
- Buongiorno processes the following main personal data in relation to user:
- last name, first name;
- sex searched;
- date of birth: age;
- nationality/place of origin;
- number of children;
- email address;
- mailing address;
- telephone number;
- alias (identifier encrypted by the mobile telephone operator allowing contact to be made by SMS);
- data relating to related persons (children, parents, spouses);
- connection and consultation data to electronic applications (IP, device, logs, tracers);
- messages exchanged on community services or with the customer service;
- SMSs sent or received;
- conversations with the customer service;
- calls to value-added services;
- bank details/RIB;
- identity card;
- telephone bills.
7. Who are the recipients of the data collected by Buongiorno?
7.1 When Buongiorno is acting as a controller
- The personal data collected, as well as those that will be obtained later, are intended for Buongiorno in its capacity as the data controller.
- Buongiorno ensures that the personal data of the data subjects are only accessed by authorised persons and only when necessary for the performance of their tasks.
- Some personal data may be sent to third parties to comply with legal, regulatory or contractual obligations or to legally authorised authorities.
- The categories of recipients of the data include: customers, financial and accounting departments, legal department, sales department, internal customer relationship service, technical providers, service providers in charge of customer relations.
7.2 When Buongiorno is acting as a processor
- As part of its contracts with its partners, Buongiorno may collect and process data on behalf of its partners, who act in in these cases as the controllers and end recipients of the data collected.
- Buongiorno ensures that the same security measures are in place for such processing and data as for those where Buongiorno is the controller.
8. How long does Buongiorno keep the personal data?
- Personal data are stored in Buongiorno’s information systems or those of its subcontractors or providers. Subject to transmission to third parties, personal data are stored in a data centre and processed in Europe.
- As a matter of principle, Buongiorno undertakes to choose subcontractors and providers who meet the best quality and security criteria and provide sufficient guarantees in terms of reliability, security and resources to implement technical and organisational measures.
- Lastly, Buongiorno knows at all times the place where its data are hosted in order to be able to demonstrate compliance to the competent supervisory authorities.
9. Guiding principles for the protection of personal data
- The GDPR has strengthened the duty to provide information to data subjects whose personal data are collected.
9.1 Lawfulness, fairness and transparency
- Buongiorno will not process data unlawfully, with the understanding that lawfulness is assessed in the light of one of the conditions described below.
- Consent of data subject. Buongiorno may carry out processing where the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Minor. The services offered by Buongiorno are not intended for minor children. The data subject acknowledges being 18 years of age or older to subscribe or use Buongiorno services. It is up to the parents and any person exercising parental authority to decide whether their minor child is allowed to use the services.
- Such consent may be given by a written statement, including by electronic means, or an oral statement, or when using the services.
- Performance of the contract or taking steps prior to entering into a contract. Buongiorno may carry out processing where processing is necessary for the performance of the contract.
- For example, processing is implemented within the framework of the performance of the contract when maintaining and managing contracts, such as with reimbursements or management of unpaid invoices.
- Legal and regulatory obligations. Buongiorno may carry out processing where processing is necessary for compliance with its legal or regulatory obligations.
- These legal or regulatory obligations include, for example, those relating to the control and monitoring regarding the internal control to which Buongiorno is subject and, more particularly, banking and tax obligations.
- In this context, it may be required to request specific information concerning certain operations if required by law or regulation and to transmit personal information and data to third parties.
- Legitimate interests of Buongiorno. Buongiorno may carry out processing where processing is necessary for the purposes of the legitimate interests pursued by Buongiorno or a third party.
- The legitimate interests pursued by Buongiorno are diverse but may consist in particular of:
- the improvement of the marketing knowledge of the data subjects;
- the improvement of products and services;
- segmentation, profiling, direct marketing, marketing segmentation.
- Such processing operations are carried out taking into account the interests and fundamental rights of the data subjects. As such, they are accompanied by measures and guarantees to ensure the protection of the interests and rights of the data subjects and allow a balance with the legitimate interests pursued by Buongiorno.
9.1.2 Fairness and transparency
- Buongiorno undertakes to provide fair, clear and transparent information.
- Buongiorno undertakes to inform the data subjects of each processing operation it carries out by means of information notices.
9.2 Specified, explicit and legitimate purposes
- Personal data are collected and processed by Buongiorno for specified, explicit and legitimate purposes at all times.
- Committed to guaranteeing the ethics and security of the personal data of its customers, Buongiorno uses personal data in accordance with the terms of this data protection policy.
- Buongiorno uses all or part of the personal data for the following main purposes:
- taking steps at the request of the data subjects prior to entering into a contract;
- managing contracts and relationships with its customers;
- managing exchanges with partners of Buongiorno in the context of complaints or requests sent to it;
- managing its activities (e.g. internal and external audit) and compliance with legal obligations;
- managing, protecting and securing tools, websites and applications;
- measuring quality and satisfaction;
- improving the services provided;
- developing service innovation;
- executing solicitation operations;
- developing trade statistics;
- managing data subject’s requests in relation to their rights;
- managing unpaid debts, litigation, fight against fraud, money laundering and terrorist financing, and tax evasion;
- managing people’s opinions on products, services or content;
- getting customer knowledge.
9.3 Adequacy, relevance and restriction
- For each processing operation, Buongiorno undertakes to ensure that the processing operations are adequate and to collect and process only data that are strictly necessary for the purpose pursued.
9.4 Data accuracy
- Buongiorno is committed to ensuring that the data collected are complete and as up-to-date as circumstances permit.
- Data subjects have the right to exercise their right to rectification, under the conditions given below, if they become aware of the existence of inaccurate data.
9.5 Storage period and restriction
- Buongiorno undertakes that it will not keep personal data longer than is necessary to fulfil the purposes for which they are stored or no longer than the period provided for by the regulations relating to the protection of personal data.
Categories of Personal Data
Rules of active conservation
Customer and prospect file management
For customers: for the duration of the contractual relationship and 5 years thereafter
For prospects: 3 years from the last contact from the prospec
Until deleted or 6 months after unsubscription or 3 years after last service access
Messages or recordings
- After the end of the retention period, the data will be deleted from Buongiorno’s information system.
9.6 Commitment to security and confidentiality
- Buongiorno undertakes to implement security measures appropriate to the degree of sensitivity of the personal data to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
- All Buongiorno’s premises in which personal data are processed are protected electronically and/or manually against intrusion by unauthorised third parties.
- Buongiorno has adopted internal policies and processes implementing measures that comply with the principles of personal data protection by design and by default.
- For example, it may apply pseudonymisation of personal data as soon as this is possible or necessary.
9.7 Rights of data subjects
- The individuals whose data are processed are granted the following rights, unless otherwise legally required from Buongiorno:
- the right of information;
- the right of access;
- the right to rectification;
- the right to erasure or the right to be forgotten;
- the right to portability;
- the right to object;
- the right to restriction of processing;
- the right to question;
- the right to give guidelines for the storage, erasure and communication of personal data after their death.
9.7.1 Procedures for exercising these rights
- If you have any questions or requests regarding the processing of personal data by Buongiorno, please contact: email@example.com
9.7.2 Right to lodge a complaint
- The data subjects have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy.
- The data subjects may lodge this appeal with the supervisory authority.
9.8 Automated decision-making
- Data subjects are informed of the possibility of using their personal data for automated processing, including for profiling purposes..
- “Profiling” means «any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements».
- Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision produces legal effects concerning them or similarly significantly affects them. This right does not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and Buongiorno or is based on the data subject’s explicit consent.
- The automated processing of personal data carried out in the circumstances mentioned above may only be carried out by Buongiorno on condition that suitable measures have been implemented by it to safeguard the data subject’s rights and freedoms and legitimate interests
- Furthermore, data subjects have the right to demand human intervention or to express their point of view or to contest the automated decision taken.
- Buongiorno may use personal data, in particular personal contact data as well as other information and data transmitted for commercial and advertising purposes, including for internal analyses and statistics, to improve its products and services and to send information and offers relating to Buongiorno’s products and services, such as SMS, newsletters and other advertising messages to the data subjects.
- The consent of the data subjects is always required for this type of processing.
9.10 Framework for transfers outside the European Union
- The personal data that European citizens have transmitted to Buongiorno in accordance with the agreed purposes are transferred to a country inside the European Union or outside the European Union.
- In case of transfers to a country outside the European Union, rules have been put in place to ensure the protection and security of the data.
- In all cases, Buongiorno undertakes to take all necessary and appropriate measures to ensure the security of personal data.
- These personal data may be communicated, at the request of the data subjects, to official bodies and to authorised administrative or judicial authorities, or to third parties.
10. Special processing
10.1 Cookies and other tracking technology
- When we talk about cookies or other tracking technology, we mean the technology placed and read for example when you consult a website, read an email, install or use software or a mobile application, whatever the type of device used.
- In order to improve the use and functionalities of its websites, Buongiorno uses various types of cookies or other trackers such as pixel tags, some of which may automatically record and transmit personal data to Buongiorno’s websites.
10.2 Plug-in and social modules
- The access to and use of Buongiorno’s websites or applications by the data subjects may give third party service providers access to personal data.
- These features are not activated automatically and require the express permission of users. For example, if the user uses certain features, Buongiorno’s websites may connect and transmit personal data to social networks such as Facebook, Twitter or Instagram.
- Because these social networks use your data inter alia for tracking and advertising purposes, Buongiorno recommends that you consult those networks’ data policies and take measures to increase the confidentiality of your data.
 Règl. (UE) 2016/679 of 27 april 2016
 WP29 Opinion 05/2014 on Anonymisation Techniques of 10 April 2014
 Regulation (EU) 2016/679 of 27-4-2016: OJEU 2016 L 119 p.1 ff., 4(4).
 Regulation (EU) 2016/679 of 27-4-2016: OJEU 2016 L 119 p.1 s., Art. 4(4).