Data privacy policy

What is the purpose of this policy?

We attach great importance to the protection and confidentiality of your personal data, which we consider to be a sign of seriousness and trust.
The data privacy policy demonstrates precisely our desire to ensure compliance with the applicable rules on data protection and, in particular, those of the General Data Protection Regulation (“GDPR”).

In particular, the privacy policy aims to inform you about how and why we process your data as part of the services we provide.

Who is this policy aimed at?

The policy applies to you, wherever you live, whether you are a customer, candidate for a position within Bill-app, or a visitor to the  bill-app.fr/en website.

The policy only applies to processing that we carry out ourselves and not to processing that may be carried out using the functionalities of our service by our customers. If you would like information on the data processed by our customers using these functions, please contact them directly.

Why do we process your data?

As part of the services we offer, we have to process your personal data for the following reasons and on the following grounds :

  • To naviguer browse our website bill-app.fr/en and benefit from our services (e.g. digitalisation of your points of sale, optimisation of your order and preparation flows, etc.) and so that we can respond to your requests (e.g. requests for information, complaints, etc.) based on our general terms and conditions of sale, our general terms and conditions of use, and our legitimate interest in providing you with the best possible service.
  • To keep you informed of our latest offers and events by telephone and email based on our legitimate interest in building customer loyalty and prospecting potential new customers.
  • To follow us and comment on our publications on the social networks based on the general terms of use of the social network concerned (e.g. Facebook) and our legitimate interest in keeping our customers loyal: Facebook) and our legitimate interest in having a dedicated page on the social networks.
  • To apply for a position within Bill-app based on discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.
  • To guarantee and reinforce the security and quality of our services on a day-to-day basis (e.g. statistics, data security, etc.) based on our legal obligations, our general terms and conditions of sale and our legitimate interest in ensuring the smooth operation of our services.

Your data are collected directly from you when you connect to our website and use our services.

We undertake to process your data only for the reasons described above. In addition, we guarantee that none of your data will ever be sold to a partner or a third party. However, as soon as you voluntarily publish content on the pages that we publish on social networks, you acknowledge that you are entirely responsible for any personal information that you may transmit, whatever the nature and origin of the information provided.

What data do we process and for how long?

We have summarised the categories of personal data that we collect and their respective retention periods.

If you would like further details on the retention periods applicable to your data, please contact us at: rgpd@bill-app.fr.

  • Professional identification data (e.g. last name, first name, position, company, etc.) and contact details (e.g. professional email address, Linkedin, etc.) kept for the duration of the service provided, plus the statutory limitation period, which is generally 5 years.
  • Where there is confusion between the name of your organisation and your personal name (e.g. auto-entrepreneur, very small business, etc.), data of an economic nature and financial (e.g. bank account number, verification code, etc.) kept for the time necessary to provide the service.) retained for the time required to complete the transaction and to manage invoicing and payments, plus the statutory limitation period, which is generally between 5 and 10 years.
  • Data for the purposes of commercial canvassing, marketing (e.g. email address, etc.) kept for a maximum of 3 years from the last contact we have had with you.
  • Data indicated in the CV and covering letter kept for the duration of the recruitment process and then for 2 years from the date of your application.
  • Connection data (e.g. logs, IP address, etc.) kept for a maximum of 1 year from the date of your last contact with us) and retained for 1 year.

Once the above retention periods have expired, we delete all your personal data in order to guarantee your confidentiality for future years.

The deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to keep all your data for as long as the case is being processed, even after the retention periods described above have expired.

What rights do you have to control the use of your data?

The applicable data protection regulations grant you specific rights which you may exercise, at any time and free of charge, in order to control the use we make of your data.

  • Right to access and to copy de your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
  • Right to rectify any personal data that are incorrect, out of date or incomplete.
  • Right to oppose the processing of your personal data implemented for commercial prospecting purposes.
  • Right to request the erasure (“right to be forgotten”) of your personal data that are not essential to the proper functioning of our services.
  • Right to limitation of your personal data, which allows us to photograph the use of your data in the event of a dispute over the legitimacy of processing.
  • Right to portability of your data, which enables you to retrieve some of your personal data so that they can be easily stored or transmitted from one information system to another.
  • Right to give directives on the fate of your data in the event of your death, either through you or through a trusted third party or beneficiary.

For a request to be taken into account, it must be made directly by you to the address rgpd@bill-app.fr. Any request that is not made in this way cannot be processed.

Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.

We will respond to your request as quickly as possible, subject to a limit of three months from receipt, if the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any request excessive or unfounded in particular with regard to its repetitive.

Who may have access to your data?

We only disclose your data to those people duly authorised to use them to implement our services. This may include our staff in charge of implementing the service, accounting, marketing or even the security of our premises.

How do we protect your data?

We implement all the technical means and organisational means required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data (eg: passwords, training, “https”, reCAPTCHA, information systems charter, rules of good conduct, etc.)

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data are always hosted on European soil. Furthermore, we do our utmost to only recruit service providers who host your data within the European Union.

Should our service providers nevertheless transfer your personal data outside the European Union, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at the following address: rgpd@bill-app.fr.

How can you contact the CNIL?

You can contact the French data protection supervisory authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) at any time at the following address CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on +33 (0)153 732 222..

Can the policy be modified?

We may modify our privacy policy at  at any time in order to adapt it to new legal requirements as well as to new processing operations that we may implement in the future. You will of course be informed of any changes to this policy.

Certified by Dipeeo ®