Privacy policy of the Partoo mobile application

02/06/2022 version

INTRODUCTION

Protection of personal data and privacy is of great importance to Partoo. This Privacy Policy is designed to inform you about how we collect, use and transfer your personal data when you use the Partoo mobile application (the "App" or the "Application") in accordance with the rules on the protection of personal data ("GDPR").

Our privacy policy gives you more information about the gathering and handling of your Personal Information by Partoo as well as your rights. You will be notified of any changes or updates to this Privacy Policy.

Please contact us for any questions or concerns you may have regarding the use of your Personal Information using the contact information provided at the end of this document.

When you download and use the Application, you acknowledge that you have read and understood the dedicated Privacy Policy.

ARTICLE 1 – DEFINITIONS

"The Application" refers to the Partoo mobile application that you use to manage your business, downloadable from the Google Play Store and Apple App Store application stores on mobile or tablet.

"Data" refers to any information sent by the User to Partoo via the Application, including Personal Data.

"Personal data' refers to any data that is information concerning a physical person who is identified or identifiable, directly or indirectly, by reference to an identification number or to one or more factors specific to that person;

"Sensitive personal data" means any information about racial or ethnic origin, political, philosophical or religious views, trade union membership, health or sex life, and genetic or biometric data. The processing of Sensitive Data is, in principle, prohibited unless the person concerned has given his/her deliberate consent.

"Data Processor" refers to the physical or legal person who decides on the objectives and methods of a Data Processing operation, and in this specific case, Partoo.

"Sub-contractor” refers to the physical or legal person who processes Personal Data on our behalf and according to our instructions, in the context of the use of the Application.

"Processing" refers to any operation, or set of operations, relating to Personal Data, regardless of the process used (collection, registration organization, conservation adaptation, modification, extraction consultation, use, communication by transmission or dissemination or any other kind of provision, reconciliation) carried out by Partoo in the framework of the use of the Mobile Application.

"User" or "You/your" refers to any physical person using the Partoo Mobile App.

"Messages" refers to messages exchanged between a user and its customers in the

dedicated tab in the Partoo mobile application.

ARTICLE 2 – WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The Data Controller, who gathers and manages your data, is the company Partoo SAS (Simplified Joint-Stock Company) with capital of a 26,834.00 Euros, whose registered office is located at 130 Rue du Mont-Cenis in Paris (75018), registered in the Paris Trade and Companies Register, under number 803 425 404 ("Partoo").

ARTICLE 3 – TYPES OF PERSONAL DATA COLLECTED

While the Application is in use, we can collect the following categories of Personal Data may be collected, mainly conveyed when you create your personal account with Partoo:

• Marital status: Surname, first name,

• E-mail,

• Phone number,

• Password,

• Content of Messages (pictures and images included) and Notices from the dedicated tabs,

• Connection and navigation data within the Application in order to improve our services (IP address, device used, searches performed, path through the Application, URL of the website from which you arrived),

• Information that you are likely to pass onto us when you contact the customer service department (content of the discussion, nature of the complaint, etc.),

• Statistical information on the consultation of emails and push notifications that we send to you for statistical purposes and for business development.

We can also gather any Personal Data that you provide to us on your own initiative, when dealing with us (such as your order number, contact details, photographs, etc.). Kindly note that Partoo will never ask you to communicate sensitive Personal Data via the Application and we strongly recommend that you do not disclose any on your own free will, in order to ensure greater security of the information exchanged.

You agree to provide up-to-date, valid Personal Data and guarantee not to make any false declarations and not to provide any incorrect information. You must not communicate any Personal Data relating to third parties via the Application.

ARTICLE 4 - LOCAL STORAGE

The automatic installation of a token on the storage of the User's smartphone may occur when visiting the Application. The Token represents an encrypted identifier that allows the User to avoid having to enter his/her login and password each time he/she starts a session in the Mobile Application. The User Token does not contain any information about the User but only his unique identifier.

By browsing the Mobile Application, the User accepts the storage of this Token.

ARTICLE 5 - MANDATORY AND OPTIONAL NATURE OF THE PERSONAL DATA COLLECTED

Some Data is required for the proper functioning of the Application. You will be informed of the mandatory nature of the information requested at the time of collection. Failure of providing such Data will prevent us from granting you access to the Application.

All data is optional unless otherwise indicated. It is therefore up to you to decide whether to provide this information.

ARTICLE 6 - REASONS FOR COLLECTING PERSONAL DATA

Partoo collects your Personal Data In the framework of the Mobile Application for the following reasons:

• Improving the service we provide to you via the Application (fixing bugs, adding new features, etc.)

• Drawing up statistics and audience measurements

• Analyzing the conversations contained in the "Messages" tab in order to propose automated responses,

• Tackling fraud and ensuring data security

• Implementation of the applicable legal, regulatory and administrative provisions

Depending on the case, Partoo processes Your Personal Data on one of the following legal grounds:

• You have expressed your prior consent to the processing of Your Data,

• The implementation of a contract between you and us,

• Our legal obligations,

• We have a "legitimate interest" in the sense of the applicable legislation on the protection of Personal Data. In this case, we will consider your interests and fundamental rights in determining whether the processing is legitimate and lawful.

ARTICLE 7 - WHO HAS ACCESS TO YOUR PERSONAL DATA?

6.1. Our staff

The collected Personal Data are processed by duly authorized persons within Partoo in order to meet your needs and to improve the Mobile Application.

6.2. Our sub-contractors

In the context of the Mobile Application, Partoo uses Sub-contractors who process Personal Data on behalf of and according to the instructions of the company. In order to protect the security and confidentiality of Your data, and in compliance with the requirements of the GDPR, we require our subcontractors to submit sufficient and appropriate technical and organisational guarantees. Partoo resorts to sub-contractors located in countries with a high level of safety for appropriate protection either because they are subject to the provisions of the GDPR or, according to Article 45 of the GDPR, because they benefit from a decision of suitability of the European Commission. Otherwise, Partoo undertakes to implement any appropriate mechanism to ensure an adequate level of protection of Data and in particular the Standard Contractual Clauses drawn up by the European Commission. Further information on the guarantees offered by our sub-contractors can be requested from the following email address: support@partoo.fr.

6.3. Other possible recipients

If applicable, Partoo may transmit Your Personal Data to organizations, third parties, administrative or judicial authorities in the following cases:

• To fulfil our legal and regulatory obligations,

• To identify, prevent or deal with fraudulent activities, security breaches or any other

  technical issues,

• To assert a legal right.

Be assured that Partoo will not pass on Your personal data to third party partners in order to carry out business operations without Your prior consent.

ARTICLE 8 - FOR HOW LONG WILL YOUR PERSONAL DATA BE KEPT?

Partoo keeps your Personal Data, in a form that allows you to be identified, for as long as the company to which you are attached is a customer of Partoo. Your data will be kept for 3 years from the end of your business relationship with Partoo. You may also have your Personal Data archived which involves restricted, limited and justified access, for the time necessary (i) to comply with Partoo's legal, tax, accounting and regulatory obligations and/or (ii) to enable us to enforce a legal claim, before being permanently deleted.

ARTICLE 9 – HOW DO WE ENSURE THE SECURITY AND CONFIDENTIALITY OF YOUR PERSONAL DATA?

Partoo is committed to processing your Personal Data in a legal, fair, transparent, proportionate, and relevant way, strictly within the framework of the purposes pursued and announced, for the duration necessary for the processing of operations to be carried out and in a secure way.

Partoo implements and updates technical and organizational measures to ensure the security and confidentiality of your Data by preventing them from being distorted, destroyed, damaged, or disclosed to unauthorized third parties. To this end, Partoo has taken measures of physical, electronic and organizational protection to prevent any loss, misuse, unauthorized use, access or distribution, modification or destruction of Personal Data. As all Personal Information is confidential, it is restricted to employees, service providers and sub- contractors who have a strict need to know in the course of their assignment. All the persons having access to Your Personal Data are linked by a confidentiality obligation and risk disciplinary measures and/or penalties in case of failure to comply with these obligations. Nevertheless, it is important that you take care to prevent unauthorized access to your Personal Data by providing only the Data that is strictly necessary to process your request via the Application.

ARTICLE 10 – WHAT ARE YOUR RIGHTS TO YOUR PERSONAL DATA?

You may request this in writing from the following address:

Partoo SAS, 130, rue du Mont Cenis, 75018 Paris to access your personal Data, to request its rectification or limitation, deletion or portability, or to demand that it no longer appears in the Partoo database.

In accordance with the right to access in Article 15 of the GDPR, you are entitled to ask us for confirmation that your Personal Data is or is no longer the subject of Processing as well as the communication data relating to the processing operation (including its purposes, categories of Data processed and the recipients of the personal Data, how long the Data will be retained or the basis on which this period is determined, your rights to the personal Data and the right to make a complaint to a supervisory authority).

Pursuant to Article 16 of the GDPR, the right of rectification gives you the right to demand that we rectify, complete or update your Personal Data if it is inaccurate, incomplete, ambiguous or out of date.

Subject to the conditions set out in Article 17 of the GDPR, you may also request the deletion of your Personal Data.

Furthermore, you may request that the processing of your personal data be restricted in accordance with Article 18 of the GDPR, i.e., that your Personal Data be retained only for the purposes of:

• checking the accuracy of the Personal Data that is being challenged,

• serving you in the establishment, implementation or defense of your legal rights, even if the Company no longer has any use of them

• verifying whether the legitimate reasons pursued by Partoo prevail over yours in the event that you object to processing based on Partoo's legitimate interest,

• meeting your request to restrict the use of your data - rather than erase it - if the processing of your data is unlawful.

Based on your right to portability and in the circumstances set out in Article 20 of the GDPR, you may retrieve from Partoo the Personal Data you have provided to us, in a structured, commonly used and machine-readable format, for the purpose of transferring it to another data controller.

According to Article 21 of the GDPR, you may at any time object to the processing of your Personal Data, for the purposes of business marketing. To exercise your rights, simply address your request through one of the following:

• by email to the following address: support@partoo.fr

• by post to the following address Partoo SAS, 130, Rue du Mont Cenis, 75018 Paris

Partoo will respond to the request within 30 days of receipt. There is no charge for exercising these rights. However, in the event of a manifestly unfounded or excessive request, in particular with regard to their repetitive nature, Partoo reserves the right to (i) demand payment of a fee taking into account the administrative costs, or (ii) refuse to comply with the request.

ARTICLE 11 - WHAT HAPPENS IF YOUR PERSONAL DATA IS BREACHED?

If your Personal Data is breached in a way that could result in a risk to your rights and freedoms, Partoo will notify the authorities of the violation in the shortest possible time and, if possible, not later than 72 hours after having been aware of it. When an infringement of your Personal Data is likely to pose a high risk to the rights and freedoms of a User, Partoo will inform the User of this in the shortest possible time, subject to the exemptions provided for in Article 34 of the GDPR.

Notwithstanding any other administrative or judicial remedy, if You consider that the processing of Your Personal Data constitutes a violation of provisions of the applicable legislation, you can lodge a complaint to a competent supervisory authority such as the CNIL at the following address: National Commission for Information Technology and Civil Liberties, 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07

ARTICLE 12 - EXTERNAL LINKS

Should any part of the Application provide links to third party websites, these websites are not covered by this privacy policy. We assume no responsibility for the online collection of personal information on third party websites; we recommend that you read the privacy notices posted on those websites to understand their procedures for collecting, using and disclosing personal information.

ARTICLE 13 - CHANGES TO THIS PRIVACY POLICY

This privacy policy may be updated to reflect changes in amendments to the law, technical changes or business developments, in which case we will provide an updated version of this documentation.

You can determine when this Privacy Policy has been revised by checking the "Last Updated" date at the top of this Notice.

ARTICLE 14 – TO WHOM CAN YOU ADDRESS YOUR QUESTIONS?

Should You have any questions regarding the Processing of Your Personal Data, You may at any time contact Our ECD regarding any issues relating to the Processing of Your Personal Data and the exercise of their rights, at the following email address: clement.comoglio@partoo.fr