Privacy Policy

1. Definition and nature of the personal data

When written with an initial capital letter, the following terms and expressions will be considered as having the meaning attributed to them in the Terms of Services for the use of the Services.

During your use of the website https://restapp.io/ (hereafter referred to as the “Website”), we may require you to provide us with personal data concerning you, in order to access the Services proposed by the company RestApp.

For the purpose of this charter, the term “personal data” or “data” refers to all data making it possible to identify an individual, such as for example your last name, first names, company, postal addresses and e-mail addresses, telephone numbers, photos and videos uploaded to and generated on the Website, technical data (IP address, browser, operating system), data concerning your transactions on the Website, details of your purchases and subscriptions, bank card numbers and any other information you choose to provide about yourself.

2. Purpose of this charter

The purpose of this charter is to inform you of the means used by us to collect your personal data, in strict compliance with your rights.

We would like to inform you that during the collection and management of your personal data we comply with law n° 78-17 of 6 January 1978 concerning information technology, files and personal liberties in its current version, (hereafter referred to as the “Informatique et Libertés” law) and (EU) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter referred to as the “GDPR”).

3. Identity of the data collection manager

The data collection manager for the collection of your personal data is the company RestApp, a simplified joint stock company, registered in the Trade & Company Register of Bobigny under the no. 825 285 869, having its registered office at 111 avenue Victor Hugo 75784 Paris CEDEX 16, France (hereafter referred to as “Us” or “We”).

4. The collection of personal data

The legal basis for the collection of your personal data is as follows: 

• our legitimate interests when you voluntarily supply us with personal data during your visit to our Website, with this data then being collected to enable us to better respond to your requests for information concerning our Services; 

• your consent concerning social networking cookies, advertising cookies and audience analysis cookies; and 

• The collection of this data is necessary in order to fulfil the contract concluded when you use our Services on our website.

Your personal data is collected to meet one or several of the following end purposes:

• to manage your access to certain Services available on the Website and their use; 

• to perform customer management operations concerning contracts, training, invoices, customer relationship management and User training; 

• to constitute a database of registered Users, Clients and Prospects; 

• to send out newsletters, proposals and promotional messages. If you do not agree to this, we give the option to express your refusal on this point at the time your data is collected; 

• to draw up sales statistics and visitor statistics for our Services; 

• to manage payment issues and any possible disputes concerning the use of our products and Services; 

• to personalise our responses to your requests for information; and 

• to comply with our legal and statutory obligations.

During the collection of your personal data, we will inform you if certain data must obligatorily be entered or if it is optional. The compulsory data is required for the operation of the Services. Concerning the optional data, you are completely free to supply this or otherwise. We also inform you of the possible consequences of any failure to reply.

5. Transfers of personal data

Your personal data will not be transferred, rented, leased or exchanged to/with third parties.

6. Personal data retention period

We only store your data provided to us for as long as it is necessary to fulfil the respective purpose for which you have transmitted your data to us or to comply with legal requirements.

Log files are erased once the respective session has ended. Log files for security purposes and as a precaution against attacks on our websites are automatically erased after 7 days at the latest. 

The data and information obtained by analytical service providers are automatically erased after a pre-determined period (in case of Google Analytics 14 months).

7. Security

We take all appropriate organisational and technical measures to protect the security, integrity and privacy of your personal data, which includes preventing it from being deformed, damaged or accessed by unauthorised third parties. We also use secure payment systems fully compliant with the current state of the art and the applicable regulations.

On this point, we would like to inform you that we comply with the security measures introduced by our data host for your data, the company Google Ireland Limited, with the said measures being consultable at the following address: https://cloud.google.com/security/.

8. Hosting

We hereby inform you that your data is retained and stored for its whole retention period on the servers of the company Google Ireland Limited, located in Belgium, in the European Union.

Your data will not be transferred outside the European Union during the use of the Services we propose.

9. Accessing your personal data

Pursuant to law n° 78-17 of 6 January 1978 concerning information technology, files and personal liberties, and the General Data Protection Regulation, you have a right to access and where applicable to rectify or delete the data concerning you, by contacting:

• email address: hello@restapp.io

• postal address: 111 avenue Victor Hugo 75784 Paris CEDEX 16, France

The data subjects are reminded that the data is collected on the basis of our legitimate interests, as mentioned in article 4, and that at any time they may oppose the processing of the data concerning them. However, we may continue the processing operations if legitimate grounds exist for this processing which take precedence over your rights and liberties or if the processing is necessary to establish, exercise or defend our rights before the courts.

10. The right to stipulate instructions concerning the processing of data after your death

You have the right to specify instructions concerning the storage, deletion and communication of your personal data after your death.

These instructions may be general, i.e. they cover all personal data concerning you. In this case, they must be recorded with a digital trusted third-party certified by the CNIL (French data protection authority).

The instructions may also be specific to the data processed by our company. In this case, you should send them to us using the following contact details:

• email address: hello@restapp.io

• postal address: 111 avenue Victor Hugo 75784 Paris CEDEX 16, France

When you send us such instructions, you expressly grant your consent for these instructions to be stored, transmitted and implemented in accordance with the terms mentioned in this document.

In your instructions, you may appoint a person with responsibility for their implementation. When you are deceased, this person will then be authorised to familiarise him/herself with the said instructions and to request that we implement them. Unless you have designated someone, your heirs will be authorised to familiarise themselves with these instructions and to request that we implement them.

You may modify or revoke your instructions at any time by contacting us using the above-mentioned contact details.

11. The portability of your personal data

You have rights concerning the portability of the personal data you have supplied to us, with this term being understood as referring to the data you have actively and consciously declared when accessing and using the Services, and the data generated by your activities during the use of the Services. We remind you that this right does not concern data collected and processed on any legal basis other than consent or the performance of the contract existing between us.

This right may be exercised free of charge, at any time, including at the time you close your account via the Website, in order to recover and store your personal data.

In implementing this right, we will send you your personal data by any means considered appropriate, in a standard, open, commonly used and machine-readable format pursuant to the state-of-the-art at the time.

12. Submitting a complaint to a supervisory authority

You have the right to submit a complaint to the relevant supervisory authority, (the Commission Nationale Informatique et Libertés for France), in the member state in which you have your normal place of residence, your place of work or the place in which the violation of your rights occurred, if you consider that the processing of your personal data covered by this charter constitutes a violation of the applicable laws and regulations.

This referral to the supervisory authority may be performed without prejudice to any other referral to an administrative or judicial authority. You also have a right to refer the matter to the administrative or judicial authorities if you consider that the processing of your personal data covered by this charter constitutes a violation of the applicable laws and regulations.

13. Limiting processing

You have the right to limit the processing of your personal data in the following cases:

• during the verification period we apply, if you discover that your personal data is inaccurate; 

• when the processing of this data is illicit and you wish to limit this processing rather than delete your data; 

• when we no longer require your personal data but you would like it to be retained in order to be able to exercise your rights; and 

• during the verification period concerning legitimate grounds when you have opposed the processing of your personal data.

14. Modifications

We reserve the right to totally or partially modify this charter at any time at our sole discretion. These modifications will take effect when the new charter is published. Your use of the Website following the application of these modifications constitutes acknowledgement and acceptance of the new charter. Failing this, if you are unhappy with this new charter, you must no longer access the Website.

15. Applicability date

This charter takes effect on February 25th, 2022.

This privacy policy describes how we process personal data when you visit our website.

1. What is personal data?

Personal data is all information relating to an identified or identifiable natural person. This may involve data that can be personally related to you, for example names, addresses, email addresses, or user behaviour.

2. Data Controller and Data Protection Officer

The data controller pursuant to Article 4 § 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter referred to as « GDPR ») is RestApp SAS. RestApp SAS, a French joint stock company (société par actions simplifiée), whose registered address is located at 111 avenue Victor Hugo 75784 Paris CEDEX 16, France, registered with the Paris Trade and Companies Register under number 825 285 869.

We have designated a data protection officer. You may contact our data protection officer under the postal address above – for the attention of the « Data Protection Officer »– and under the email address hello@restapp.io.

3. What personal data do we collect?

Our website is primarily for informational use. Interested users can inform themselves about our company and our products and services. The data and information we collect can be categorized as follows:

• Automatically collected data: When you access and use our website, we automatically collect information, including personal data, about the technologies you use and information about how you use these and our website.

• Log files and device information: Log files contain data that your browser automatically transmits to our web server. These log files contain information about : 

  • your IP address;

  • the date and time of the request;

  • the requested URL (the specific webpage);

  • the access status/HTTP status code;

  • the extent of transmitted data; 

  • the referrer-URL; 

  • the browser type and the browser language settings.

• Cookies: We use cookies. Cookies are small pieces of information that your browser automatically stores in your device’s memory. Cookies contain a variety of data, such as information about the websites you visit, the frequency of page views and the actions you take on our website. Further, these technologies are used to save your settings, e.g., in terms of language and interests. These data are pseudonymized, so that an allocation of the data to a particular user is no longer possible. 

Data and information provided by you: If you contact us with questions about our company and our products, we will store and process your personal data transmitted with the inquiry. If necessary, we will contact you and request further data and information to process your inquiry to your full satisfaction. 

4. How do we use the data we collect from you? On what legal basis is the use based?

We use, store and process information, including personal data, on you, for the following purposes and on the following legal basis: 

1. Provision, improvement, development and security of the websites: We use log files to make the website, including its functionalities, available to you. We also use the information and data to optimize our website and to ensure the security of our IT systems. For this purpose, your IP address must remain stored for the duration of the session.

We use log files as part of our legitimate interest in the availability and continuous development of our website. The legal basis for the use of the log files is Article 6 (1) (f) GDPR.

2. Analysis: We use the information and data generated by cookies to analyse the use of our website. This enables us to find out more about the number of visits to a web page, user behaviour or the length of your stay and to draw conclusions about which content on our website is particularly interesting and which is less interesting for visitors. Usage patterns illuminate areas of a website that are confusing or underused, allowing us to improve customer experience and build better features. Technical data help us to perform root cause analysis as bugs and errors are often particular to a specific web browser or device type. This information helps us build and ship fixes faster. For these purposes, we use the analytical service of

• Google Analytics of Google, LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, US. This is a tool that provides us with information about the use of the website. The information and data are collected these cookies are transferred to Google. Google will use this information to compile aggregated evaluations of the use of our website. 

Further Information about Google Analytics can be found under http://www.google.com/intl/de/analytics/learn/privacy.html.

Please note that the data retrieved from the described tools exist in pseudonymized form without personal information directly and without further ado identifying you as a person. We further configured the tools so that the data do only contain as less information as required to achieve the analytical purposes. In particular, we have activated the IP anonymization option which masks your IP address before it is transmitted to the providers’ servers in the US. This procedure makes the IP address untraceable.

Once you visit our website, we will ask you to provide your consent to the implementation of cookies for analytical purposes. The legal basis is Article 6 (1) (a) GDPR.

3. Communication: We use the data that we request from you or that you provide to us in connection with your enquiry when you contact us in order to respond to your enquiry as quickly and efficiently as possible. You may contact us through customary means (i.e., e-mail or postal service) and via our live-chat opportunity which we implemented into our website. The messenger tool comes from Intercom, a solution provided by Intercom, Inc.,19505 52Nd Ave W Ste A Lynnwood, WA 98036, US. This tool places cookies on your device creating a unique identifier and keeping track of the conversations. Information on how Intercom complies with applicable data protection standard can be found here: https://www.intercom.com/help/en/articles/1385437-how-intercom-complies-with-gdpr. 

The use of your data in the context of communication with you generally corresponds to our legitimate interest pursuant to Article 6 (1) (f) GDPR. 

5. Will the data and information on me be shared with others?

Generally, the data and information obtained from you are only shared with others according to the need-to-know principle. Only the relevant departments and contact persons receive insight into your personal data to the extent necessary to enable them to perform their tasks.

Besides that, we will share the information and data processed through cookies with our cooperation and service partners as explained above. 

6. Will data also be transmitted to recipients outside the European Union or outside the European Economic Area (EEA)?

We share personal information with contractors located in non-EEA countries. We ensure that the recipient either has an adequate level of data protection (e.g. based on an adequacy decision of the EU Commission for the respective country, a self-certification of the recipient for the EU-US Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or sufficient consent.

We can provide you with an overview of the recipients in third countries and a copy of the concretely agreed regulations to ensure the appropriate level of data protection. Please contact our data protection officer under the e-mail address indicated above.

7. How long will my data be stored?

We only store your data provided to us for as long as it is necessary to fulfil the respective purpose for which you have transmitted your data to us or to comply with legal requirements.

Log files are erased once the respective session has ended. Log files for security purposes and as a precaution against attacks on our websites are automatically erased after 7 days at the latest. 

The data and information obtained by analytical service providers are automatically erased after a pre-determined period (in case of Google Analytics 14 months).

8. What rights do I have?

In accordance with applicable data protection law, you have the right to access, to rectification, to portability and to erasure of your personal data. You have the right at any time to withdraw your consent with specific data processing operations. In case of cookies you can withdraw your consent by deleting the cookies from your device using the respective functionalities of your browser. Further, you can prevent the storage of cookies in various ways, by

• Setting your browser not to accept cookies. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

• Downloading and installing the browser add-on offered by Google for “Google Analytics” under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

You have the right to object to processing of personal data which is based on our legitimate interests according to Article 6 (1) (f) GDPR. 

To exercise your rights, please contact us or our data protection officer by e-mail hello@restapp.io, by postal service under the address indicated above.

Your right of complaint to a supervisory authority: Without prejudice to the rights described above, you have the right of complaint to a supervisory authority, in particular in the Member State of your place of residence, work or suspected infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

9. No automated decision-making

We do not use technologies allowing automated decision-making, including profiling.