Protection of personal data

The personal data collected on this site is as follows:
- Account opening
When a user creates an account with the service provider, the user's surname, first name, e-mail address and telephone number are collected.
- Login and profile
When a user logs on, the user's login details and usage data are collected.
- Payment
As part of the payment for the products and services offered, the service provider requests information relating to the user's bank account or credit card.
- Communication
When the site is used to communicate with members of the service provider's staff, data relating to the user's communications may be the subject of a recording of the conversation.

The personal data collected from users is used to provide and improve the Platform's services and to maintain a secure environment. More specifically, the data is used for the following purposes:
- access to and use of the Platform by the user;
- management of the operation and optimisation of the Platform;
- organisation of the conditions of use of the Payment Services;
- verification, identification and authentication of the data transmitted by the user;
- implementation of user assistance;
- prevention and detection of fraud, malware and management of security incidents;- management of any disputes with users;
- sending of commercial information.

Personal data may be shared with third-party companies in the following cases:
- when the user uses payment services, for the implementation of these services, the service provider is in contact with third-party banking and financial companies with which it has signed contracts;
- when the user authorises a third-party website to access his/her data;
- when the service provider uses the services of other service providers to provide user support, advertising and payment services. These service providers have limited access to the user's data in order to provide these services and are contractually obliged to use it in accordance with the provisions of the applicable regulations on the protection of personal data;
- if required by law, the service provider may transmit data in order to respond to claims made against it and to comply with administrative and legal proceedings;
- if the service provider is involved in a merger, acquisition, sale of assets or receivership, it may be required to sell or share all or part of its assets, including personal data. In this case, users will be informed before any personal data is transferred to a third party.

The service provider implements organisational, technical, software and physical digital security measures to protect personal data against alteration, destruction and unauthorised access. However, it should be noted that the Internet is not a completely secure environment and the service provider cannot guarantee the security of the transmission or storage of information on the Internet.

Pursuant to the regulations applicable to personal data, users have the following rights:
- they may request the deletion of their account;
- they may exercise their right of access, in order to find out about the personal data concerning them;
- if the personal data held by the service provider is inaccurate, they may request that the information be updated;
- users may request the deletion of their personal data, in accordance with the applicable data protection laws;
- they may exercise their right to the portability of personal data provided by the person and processed on the basis of their consent or the performance of a contract.

These rights may be exercised by writing to the following e-mail address (rgpd64 @ solidpepper.com), or by post to the following address (SOLIDPEPPER, Résidence Alliance, 3 rue du Pont de l'Aveugle 64600 Anglet).

Before exercising these rights, the service provider may request proof of the user's identity in order to verify its accuracy.

Your personal data is only kept for the period necessary to satisfy the various purposes defined above, except in cases where the law authorises or requires it to be kept for longer. You will find below details of the most common storage periods at SOLIDPEPPER:
- For the duration of the contract and for 3 years after the end of the commercial relationship for personal data collected. (CNIL)
- 5 years for contracts and commercial correspondence. (Art L110-4 of the French Consumer Code)
- 10 years for supporting documents (invoices, etc.). (Art L123-22 of the French Consumer Code)
- If you are a prospect without an established contractual and/or commercial relationship, for 3 years from the date of collection or last solicitation (CNIL).
- As part of an application for a position, your data may be kept for a period of two years after receipt of your application file.
- Finally, connection information collected for the purposes of tracking the visit path, tracking connection data (frequency, dates), audience measurement and behaviour analysis will be kept for 3 years after any inactivity on the part of the user. (CNIL)

Our cookie policy.
This policy on the use of cookies aims to be transparent and clear about how we use your information. Our policy sets out how and when we use cookies on our website . Users have the option of deactivating cookies via their browser settings. If you refuse to save cookies on your hard drive, certain browsing functions may be altered. SOLIDPEPPER therefore declines all responsibility for the degraded operation of our website in the event of your refusal to insert the cookies required for appropriate browsing.
What is a cookie?
A cookie is a small text file placed on your hard drive by a web page server. Cookies contain information that can then be read by the web server of the domain that issued the cookie. All the cookies we use are used throughout the site. We collect your information with Google Analytics and Zoho via forms.
‍

The service provider reserves the right to make any changes to this personal data protection clause at any time. If a change is made to this personal data protection clause, the provider undertakes to publish the new version on its site. The provider will also inform users of the change. If the user does not agree with the terms of the new wording of the personal data protection clause, they may delete their account.