CYTO Personal Data Privacy Policy
In this Data Protection Policy, "CYTO", "we" and "our" refer to "CYTO FRANCE SAS".
Article 1: Legal notices
CYTO FRANCE SAS, a simplified joint-stock company with capital of 2000 euros, registered with the RCS of Paris under the unique identification number 982865636, domiciled at 60 Rue François 1er, 75008, Paris, France
CYTO complies with all applicable French and European regulations relating to the protection of personal data, in particular the European Regulation of April 27, 2016, relating to the protection of individuals with regard to the processing of personal data and to the free movement of this data (known as "GDPR") and the Law of 6 January 1978 relating to data processing, files and freedoms (known as "Data Processing and Freedoms Law").
Article 2: Purpose
In its capacity as controller of your personal data (hereinafter referred to as “Personal Data”), CYTO wishes to inform you through this Data Protection Policy about:
The categories of your personal data that we collect and process;
The objectives pursued by the processing of your data (its purposes) and the retention periods for the data associated with each processing;
The legal bases on which the processing carried out is based;
The recipients and categories of recipients;
Transfers outside the European Economic Area;
Your rights regarding your personal data;
The security of your personal data.
This Data Protection Policy is addressed to and applies to you as individual customers and prospects of CYTO. It also applies to you if you are:
A person interested in our products, services or CYTO content (newsletters, etc.), who subscribes to CYTO news alerts, who interacts directly or indirectly with CYTO (via its customer service or social networks), or who consults the sites or participate in an event organized by CYTO;
A candidate interested in job offers published by CYTO on its website.
The Data Protection Policy is updated regularly to reflect changes in CYTO's practices as well as potential changes in the regulations applicable to personal data. CYTO invites you to consult it regularly in order to be aware of any modifications or updates made.
Article 3: Personal data collected and processed
CYTO may collect and process the following categories of personal data:
Civil status data and identification data: surname, first name(s), gender, date and place of birth, nationality, two-sided videos of one or more identity documents, proof of identity, and videos of authentication (which may be subject to biometric processing);
Contact details: postal addresses, email addresses, telephone numbers;
Data related to your personal situation: family situation, matrimonial regime;
Data related to your professional situation: professional situation;
Economic and financial information: income (amount, sources and supporting documents), tax residences, financial and tax situation, accounting data, consumption habits and uses;
Financial and transactional data (nature of operations, date, card payments, transfers, direct debits, amounts, descriptions, justifications for operations, bank details and other account data aggregated to your CYTO account, etc.);
Connection data related to the use of our services: identification and authentication data, logs, cookies and other tracers, browsing data on CYTO sites and applications;
Data from correspondence and communications between you and us, carried out remotely: interviews and telephone calls, postal and electronic mail, instant messaging, communications on social networks, claims or complaints or any other type of communication;
Connection data, data of the device used to connect to the application and data associated with the use of the CYTO application (dates and times of access to the CYTO service, data on computer or telephone equipment, data associated device usage, unique identifiers, crash data or cookies).
Data related to the products and services subscribed (type of product, method of payment, due date, amount);
Geolocation data (IP address or GPS data of the terminal used);
Data and information intended to be communicated to the public and shared with other customers within the CYTO application: profile and wallpaper photos, images, photos related to the operations carried out (which may be subject to biometric), comments and other messages;
Data provided in the context of additional services such as information relating to loyalty cards provided by the Customer or even the numbers as well as the e-mail addresses present in the Customer's address book (only if the Customer chooses to link his contact directories to the CYTO application in order to know which of its contacts use the CYTO application, and it being specified that this information transmitted is stored encrypted, by one-way public key). ;
Any other information or document necessary to find the origin and destination of funds for transactions carried out with your account.
This personal data is collected either directly from you by CYTO, or, if necessary, indirectly:
With the National Directory for the Identification of Physical Persons;
With the General Directorate of Public Finance;
With any judicial or financial authorities, State agencies or public bodies, within the limits of what is authorized by the regulations;
With the financial institution on whose books you have opened an account, which you may aggregate to your CYTO account, in connection with the provision of payment initiation and account information services.
Through publications and databases made accessible by official authorities or by authorized third parties, or
Through websites and social networks containing information that you have wished to make public.
Within the framework of our legal and regulatory obligations of due diligence of the business relationship, we may also collect and process information from persons concerning you with whom we have no direct relationship: a member of your family, a relative, your employer, your legal representative, a personal contact. The collection and processing of this information is necessary for the purpose of researching the origin and destination of funds for transactions carried out with your account.
Certain categories of data or data collected by CYTO may be reconciled, in order to better meet the purposes described in article 4. These reconciliations were carried out by CYTO, taking care to use only the data strictly necessary for the fulfillment of the purpose of the processing (in application of the principle of minimization of data, provided for by the GDPR).
Article 4: Purposes of processing and retention period of personal data
1 - General provisions
CYTO processes the categories of personal data referred to in Article 3 depending on the situation, to meet different objectives or purposes. Each of these categories is associated with a data retention period beyond which it is no longer used, is archived and then anonymized and/or deleted. The purposes that justify the processing of your personal data are as follows:
The management of the business relationship, the CYTO account and/or the products and services subscribed to, in particular for the purposes of proof. Your personal data may be kept for a period of five (5) years from the end of the business relationship or, where applicable, from the end of any legal or recovery proceedings and/or the expiration of the applicable limitation periods.
Conducting opinion and satisfaction surveys and statistical studies. Your personal data may be kept for a period of three (3) years from the completion of the study.
The fight against fraud (examples: establishment of ratings or scores, detection of atypical transactions). Your personal data may be kept for a maximum period of five (5) years from the closing of the proven fraud file or the issuance of an alert in our systems.
Compliance with the legal and regulatory obligations incumbent on CYTO, in particular the obligations in terms of knowing the customer (known as "Know Your Customer"), the management of operational risk (in particular the security of computer networks, the protection of customers, the supervision and internal control, security of transactions as well as the security of the use of international payment networks), obligations in terms of financial security (fight against money laundering and the financing of terrorism and obligations in terms of sanctions and embargoes), obligations related to the determination of your tax status and compliance with associated tax regulations, ethics and the fight against corruption; data protection and all other obligations relating to the management and monitoring of compliance risks. Your personal data will be kept for a period of five (5) years from the generating event provided for by the regulations in force (example: in terms of activation, loading and use of electronic money, five years from execution of these operations).
The prevention and detection of criminal offenses and/or taking legal action (example: for the identification of seriously reprehensible behavior or acts such as violence against CYTO personnel). Your personal data may be kept for a period of five (5) to twenty (20) years, depending on the nature of the infringement, from the day of its observation. When legal proceedings are initiated, the data is kept until the end of these proceedings and the expiry of the applicable limitation periods.
Management of dormant accounts and data related to the search for data subjects. Your data may be kept for a maximum period of thirty (30) years depending on the cases provided for by the regulations in force.
The recording of your conversations and communications with CYTO, whatever their medium (e-mails, letters, telephone conversations, etc.). According to the applicable regulations, your personal data may be kept for variable periods which may not however exceed a period of five (5) years from their registration. The recording media or their reproduction will be kept for periods proportionate to the purpose of the recording in question (from 6 months for staff training purposes, to 5 years when the telephone recording is likely to be used for evidentiary purposes).
Accounting processing: accounting data may be kept for a period of ten (10) years in accordance with the legal provisions in force.
Cookies and other tracers. The lifespan of the trackers is a maximum of thirteen (13) months.
The activity of research or analysis for the purposes of process improvement and model development. Your data may be used to improve our internal control procedures or contribute to risk and compliance management. These data are kept for a determined period for each of these sub-purposes.
Commercial prospecting, the proposal of commercial offers adapted to your situation and your consumption profile, the realization of promotional offers and games, commercial animations and advertising campaigns. The data may be kept for a maximum of three (3) years from the end of the commercial relationship or for prospects, from the last contact. This data may be anonymized and aggregated in order to establish statistical reports.
Your data collected and processed in accordance with the aforementioned purposes may be kept for an additional period if the defense of a right or interest so requires, or in order to meet the requirements of French or European authorities such as the ACPR or the Autorité des marchés financiers (“AMF”). In this case, your data will not be used for other purposes, they will be kept in intermediate archiving and will only be accessible to authorized persons with a need to know (examples: legal department, compliance department, audit body and inspection).
2 - Provisions specific to remote identity verification
In order to verify your identity remotely and to comply with its legal and regulatory obligations relating to identification, identity verification and knowledge of its customers, CYTO is required to collect the following data directly from you:
A video on both sides and in color of your official identity document (national identity card or European passport or valid residence permit) and,
An authentication video, i.e. a video of your face called a "video selfie", produced in color with the front camera of your mobile phone, of sufficient quality and brightness and showing no digital alteration (presence of filters).
To do this, you must authorize access to CYTO to the microphone and the front and back cameras of your mobile phone, then film yourself for a few seconds and speak a random sentence. The videos thus recorded are viewed by one of our specially authorized employees in order to authenticate you. Once you have authenticated, the video is no longer accessible by our collaborator: it is automatically kept in semi-intermediate archiving.
Nota Bene: Specific technical processing of biometric data (within the meaning of Article 4.14 of the GDPR), captured during the video of your face, is carried out by CYTO for the purpose of verifying your identity remotely. This specific technical processing of facial images makes it possible to confirm the unique identification of a client based on their physical, physiological or behavioral characteristics. It also allows the detection of the "living" character of the customer's face to verify that it has not been subject to physical or digital alteration. These biometric data are considered sensitive within the meaning of the GDPR. In order to use this processing in accordance with article 9 of the GDPR, we justify a specific need to identify our customers to allow access to our services, under the control of the Commission Nationale de l'Informatique et des Libertés (known as “CNIL”).
You are always free to choose whether or not to make an authentication video. You can choose to follow the alternative identity verification process, offered by CYTO, without any additional constraint, incentive or particular consideration.
3 - Specific provisions for requests deemed sensitive
CYTO may ask you to make an authentication video (a video of your face called a "video selfie") in order to allow you to make requests, deemed sensitive, relating to the modification of your security data and/or during the process of recovering access to your CYTO account (examples: forgetting your password, changing your telephone number or blocked account).
To this end, you must authorize access to CYTO to the microphone and to the front and back cameras of your mobile phone, then film yourself for a few seconds and state your request orally. The videos thus recorded are viewed by one of our specially authorized employees in order to authenticate you. Once you have authenticated, the video is no longer accessible by our collaborator: it is automatically kept in semi-intermediate archiving. No biometric processing of these images is performed by CYTO.
You are always free to choose whether or not to make an authentication video. You can choose to follow the alternative path for the processing of requests deemed sensitive, offered by CYTO, without additional constraint, incentive or particular consideration.
4 - Provisions specific to profiling
CYTO implements profiling processing, i.e. processing consisting in evaluating certain aspects of its customers concerning their economic situation, their preferences or personal interests, the analysis of their behavior, or even their location and their movements.
This profiling processing has different purposes, mainly to secure your operations, fight against fraud, personalize the relationship, commercial prospecting or to better meet our obligations relating to the management and management of compliance risks.
In the case of commercial prospecting, the processing consists of analyzing some of your data in order to establish profiles that correspond to you. These profiles allow us to send you personalized offers more suited to your needs, your expectations or your situation.
For each of these profiling treatments, an in-depth analysis is carried out in order to determine whether the treatment must be based on your consent, the legitimate interest of CYTO, or on another legal basis (the performance of a contract, an obligation legal).
If the profiling is based on your consent: we ensure that your consent is obtained, after having informed you explicitly and transparently about the use of your personal data. We also allow you to withdraw your consent at any time.
If the profiling is based on CYTO's legitimate interest: we will have carried out a prior analysis allowing us to ensure, for each processing operation envisaged, that your interests and fundamental rights are respected and that you can reasonably expect that your data be used in this context. We allow you at any time to oppose this processing, under the conditions provided for by the regulations and according to the methods described in article 6.
5 - Provisions specific to fully automated decisions
In cases where CYTO implements data processing involving fully automated decision-making, including profiling, and producing legal effects concerning you or significantly affecting you, this processing is based on one of the following legal bases : your consent, the performance of a contract, the legitimate interest of CYTO or a legal obligation. This processing is carried out in accordance with the applicable regulations, and accompanied by appropriate guarantees.
In the event that this profiling has legal consequences for you, you can request the intervention of a human person, in particular in order to obtain a re-examination of your situation, to express your own point of view, to obtain an explanation of the decision taken or to challenge the decision.
6 - Provisions specific to cookies and other tracers
By cookies or other tracers, we mean the tracers deposited and read, for example, when consulting a website, reading an e-mail, installing or using software or a mobile application, regardless of the type of terminal used.
You are informed that during your visits to our sites or when using one of our applications, cookies and tracers may be installed on your terminal equipment.
When necessary, we obtain your consent prior to the installation of such tracers on your terminal equipment, but also when we access data stored on your equipment.
For more information, you can consult CYTO's Policy on the use of trackers and cookies at any time.
7 - Provisions specific to access to your telephone directory and telephone records
Telephone conversations between you and our dedicated customer services (customer service, compliance, anti-fraud etc.) may be subject to telephone recordings for the purposes of staff training, evaluation or improvement. the quality of our products and our services, as proof in the context of the fight against fraud, money laundering and the financing of terrorism and for the purposes of verifying your identity in the context of the exercise of your rights over your personal data. Prior to any registration, we inform you and you have the right to oppose it.
CYTO allows you to link the contacts directory of your mobile phone to the CYTO application in order to know which of your contacts use our services like you. To achieve this reconciliation, we must collect the numbers and email addresses present in your address book. We do not carry out any other processing of this data (only an imprint and not a collection of the raw data is carried out). This information is transmitted and stored encrypted, by one-way public key. You can disable this feature at any time in the CYTO app.
Article 5: Legal bases of the processing carried out
The processing carried out by CYTO is based on one of the following legal bases:
The execution of the contract concluded with you (examples: the management of an electronic money or payment account, the delivery of means of payment, the subscription of insurance loss or theft of means of payment, information relating to transactions made through CYTO).
This legal basis establishes the processing of the following data: civil status data, identification data, contact details, data related to your personal and professional situation and economic and financial information, financial data and transactional, data related to the products and services subscribed to and data from correspondence and communications between you and us.
The purposes of this processing are: the management of the business relationship, the CYTO account and/or the products and services subscribed to, its management as well as the implementation of the associated insurance, the supply of information concerning the CYTO services (updating up-to-date contracts / terms of use of the services or information relating to the performance of the CYTO services).
Compliance with the legal and regulatory obligations incumbent on CYTO as an electronic money institution authorized to provide payment services.
This legal basis establishes the processing of the following data: civil status data, identification data, contact details, data related to your personal and professional situation, economic and financial information, financial data and transactions, data related to the products and services subscribed to, data resulting from correspondence and communications between you and us and any other information or document necessary to find the origin and destination of funds for transactions carried out with your account.
The purposes of this processing are: customer knowledge, operational risk management, constant vigilance on the business relationship, the fight against money laundering and the financing of terrorism, the application of sanctions and embargoes , the obligations related to the determination of your tax status and compliance with associated tax regulations, ethics and the fight against corruption, the management of dormant accounts and data related to the search for data subjects, data protection and all other obligations relating to the management and monitoring of compliance risks.
The pursuit of CYTO's legitimate interests (examples: commercial prospecting, surveys and the sending of personalized communications, the prevention of fraud, the analysis of the use made by customers of the CYTO services and of the application or the creation of data sets to test the effectiveness of the compliance tools put in place by CYTO).
This legal basis establishes the processing of the following data: civil status data, identification data, contact details, data related to your personal and professional situation, economic and financial information, financial data and transactional, data related to the products and services subscribed to, connection data related to the use of our services, cookies, data from correspondence and communications between you and us and geolocation data.
The purposes of this processing are: the prevention of fraud, the prevention of unpaid debts, the collection and management of litigation (amicable, over-indebtedness and legal litigation), the management of complaints, the management of estates, the fight against financial crime, the prevention and management of incivility towards our employees, the security of our networks, the surveillance of our premises, in particular by a video surveillance system, the analysis of our risk in terms of entering into a business relationship, research and development activities, the management of statistical studies and satisfaction surveys for the purpose of improving customer knowledge, commercial prospecting, profiling and marketing segmentation and our communication activities.
The choice of this legal basis is made after a rigorous balancing of the interests pursued by CYTO with your interests, if you are concerned by the processing, and the evaluation of the reasonable expectations in this regard. We put in place safeguards to preserve your interests, fundamental rights and freedoms (examples: rights of information, right of opposition and limitation of processing).
Consent for specific treatments.
This legal basis establishes the processing of the following data: civil status data, identification data, contact details, data related to your personal and professional situation, economic and financial information, financial data and transactional, data related to the products and services subscribed to, connection data related to the use of our services, data from correspondence and communications between you, geolocation data, data and other information intended to be communicated to the public and shared with other customers within the CYTO application.
The purposes of this processing are: commercial prospecting by post or electronic mail, by SMS/MMS, by telephone call, the deposit and reading of advertising cookies, the management of offers and promotional games and the hosting of communication zones at the public within the CYTO application.
The legitimate interest of the customer (example: the creation of data sets to test the effectiveness of the compliance tools put in place by CYTO, the recording of part of the customer calls in order to assess the level of quality of our services, the fight against fraud).
This legal basis bases the processing on the following data: civil status data, identification data, contact details, data related to your personal and professional situation, recordings of some of the customer calls.
The purpose of this processing is to: assess the quality of CYTO services, improve the user experience, prevent fraud, communicate with CYTO's support and anti-fraud teams.
The choice of this legal basis is made after a rigorous balancing of the interests pursued by CYTO with your interests, if you are concerned by the processing, and the evaluation of the reasonable expectations in this regard. We put in place guarantees to preserve your interests, fundamental rights and freedoms (examples: rights of information, right of opposition and limitation of processing).
Article 6: Recipients
Your personal data may be communicated according to the purposes pursued:
To partners, principals, agents, intermediaries and insurers, subcontractors and service providers of CYTO (Floa, PayLead, Treezor, Bitpanda, Braze, Google Cloud Platform) This communication only occurs in the context of processing that pursues the one of the purposes described in article 2;
In compliance with the applicable regulations, to third parties in France or abroad for the purposes of establishing, safeguarding or defending a legal right, in the context of administrative or criminal investigations by one or more regulators , compliance with commitments made to them or in the context of legal disputes of any kind.
To certain regulated professions such as auditors, lawyers, in order to provide regulatory reports or to act in defense of our rights.
To payment initiators and account information service providers, only with your consent or at your request (examples: Budget Insight, Tink).
Pursuant to Article L. 511-34 of the Monetary and Financial Code, the personal information collected may be transmitted by our partners to other entities belonging to the same group of companies (branches and subsidiaries).
Article 7: Your rights
Under the conditions and limits authorized by the applicable regulations, you have the following rights:
Access your personal data,
Have your personal data rectified, updated and erased, it being specified that erasure can only take place when:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
You have withdrawn your consent on which the processing was based and there is no other legal basis justifying it,
You have objected to the processing of your data for reasons relating to your particular situation and there are no overriding legitimate grounds to pursue it,
The personal data has been unlawfully processed,
Personal data must be erased to comply with a legal obligation provided for by Union law or by French law to which CYTO is subject,
To oppose the processing of your personal data for reasons relating to your particular situation and that there is no compelling legitimate reason to pursue it,
Oppose the processing of your personal data for the purposes of commercial prospecting, including profiling related to this prospecting (see Article 8);
Receive the personal data concerning you and which you have provided to us, for automated processing based on your consent or on the performance of a contract, and request the portability of this data to a third party,
Request a limitation of the processing of personal data that we operate concerning you when:
You dispute the accuracy of the personal data for a period allowing the controller to verify the accuracy of the personal data,
You oppose the erasure of data concerning you when the processing is unlawful,
We no longer need the data but they are still necessary for you to establish, exercise or defend legal rights,
You have objected to the processing of your data, pending verification of whether the legitimate grounds pursued by CYTO prevail over yours.
Where the processing is based on your consent, withdraw that consent at any time, and there is no other legal basis for doing so.
In addition, you have the possibility of communicating to us directives relating to the conservation, erasure and communication of your data after your death, which directives can also be registered with "a certified digital trusted third party". These directives may designate a person in charge of their execution.
These rights cannot, however, have the effect of contravening the rights of the heirs or allowing the communication of information to which only the latter can legitimately have access.
You can exercise your rights as well as contact the CYTO Personal Data Protection Officer as follows:
By post sent to the following address: CYTO FRANCE SAS, 60 Rue François 1er, 75008 Paris France, Data Protection Officer, Joachim Valot.
By email sent to the following address: support@appcyto.com.
Finally, you have the right to lodge a complaint with the CNIL (3, place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - www.cnil.fr), the supervisory authority in charge in France of compliance with obligations in terms of personal data.
Article 8: Commercial prospecting
1 - Commercial prospecting by e-mail and automaton
If you are a natural person not acting for professional purposes, we can prospect you by e-mail, automatic dialer or SMS/MMS when you have given your consent at the time of collection of your e-mail address or your contact details. personal, or when you are already a customer and the prospecting concerns products or services similar to those already subscribed. Each commercial prospecting electronic message contains a link allowing you to unsubscribe.
If you are a natural person acting in a professional capacity, your e-mail address may be used to send you commercial prospecting by e-mail for purposes related to your profession. You can exercise your right to object to commercial prospecting at any time.
Generic professional addresses assigned to a legal person (company) are not subject to the principles of consent, prior information and do not benefit from the right of opposition.
Messages and notifications related to the administrative management of a product or service previously subscribed (alerts, changes to the contractual and pricing documentation, etc.) do not fall within the scope of commercial prospecting.
The configuration of the messages and notifications that you may receive from us can be carried out within the framework of the subscribed service, it being understood that some of these notifications may come under regulatory obligations and be of an imperative nature.
2 - Prospecting by telephone
We may also contact you by telephone. In accordance with article L.223-2 of the Consumer Code, you are informed that you can register on a list of opposition to Bloctel cold calling. However, despite this registration, we can canvass you by telephone when there are current contractual relations unless you have previously opposed it or if you object during the call.
Article 9: Transfers outside the European Economic Area (EEA)
The processing of your personal data by CYTO in accordance with the agreed purposes (see article 5) is likely to involve transfers to countries that are not members of the European Economic Area (EEA), whose legislation on protection of a personnel differ from those of the European Union.
In particular, your personal data may, within the limits of what is authorized by the applicable regulations, be communicated to the official bodies and to the authorized administrative and judicial authorities of countries that are not members of the EEA, in particular within the framework of the regulations on the fight against money laundering and the financing of terrorism, international sanctions and embargoes, the fight against fraud and the determination of your tax status.
When transferring personal data to non-EEA countries, a precise and demanding legal framework governs this transfer, in accordance with applicable European regulations, in particular by signing Standard Contractual Clauses approved by the European Commission. . In addition, appropriate security measures are in place to ensure the protection of personal data transferred outside the EEA.
The standard contractual clauses are available on the CNIL website (www.cnil.fr).
For more information about these international transfers of personal data, you can contact CYTO's Data Protection Officer according to the procedures in Article 7 hereof.
Section 10: Security
CYTO takes all the physical, technical and organizational measures necessary to protect the confidentiality, integrity and availability of your personal data, in particular against loss, accidental destruction, alteration and unauthorized access.
CYTO also strives with the greatest vigilance to maintain a high standard of security and confidentiality of your personal data by raising the awareness of our employees and business partners and training our employees in data protection, by setting up contained controls, by implementing tools and setting up practices aimed at obfuscation, anonymization, encryption and encryption of data in order to ensure the protection of your personal data against internal risks and external data leaks.
In the event of a breach of personal data concerning you, presenting a risk to your rights and freedoms, we will notify the CNIL within the regulatory deadline. In the event that this violation presents a high risk to your rights and freedoms, we will inform you as soon as possible of the nature of this violation and the measures implemented to remedy it.
Article 11: Quality of host of CYTO
CYTO hosts public communication areas allowing you to participate in discussion forums, instant messaging systems or to distribute content. These areas of communication to the public are places over which CYTO has no control and over which only you, together with the other customers, have control and can publish. Consequently, CYTO cannot be considered as having the quality of editor of the content but exclusively that of host whose mission consists in making available to its customers technical means allowing the direct and permanent storage of information intended to be communicated to the public. In this respect, CYTO meets the definition of article 6.I.2 of law n° 2004-575 of June 21, 2004 on confidence in the digital economy (“LCEN”).
Paragraph 5 of I of article 6 of the LCEN specifies that:
“Knowledge of the disputed facts is presumed to have been acquired by the persons designated in 2 (of article 6 I 2 of the LCEN, i.e. the hosts) when they are notified of the following elements: the date of the notification ; if the notifier is a natural person: his surname, first names, profession, domicile, nationality, date and place of birth; if the applicant is a legal person: its form, name, registered office and the body that legally represents it; the name and address of the recipient or, if it is a legal person, its name and registered office; the description of the disputed facts and their precise location; the reasons for which the content must be removed, including the mention of the legal provisions and the justifications of facts; a copy of the correspondence addressed to the author or publisher of the contentious information or activities requesting their interruption, withdrawal or modification, or justification that the author or publisher could not be contacted. ".
As soon as CYTO has been notified of the allegedly illicit or indelicate nature of a content under the conditions provided for in paragraph 5 of I of article 6 of the LCEN indicated above, we will promptly implement the necessary measures so that the content is no longer accessible. These measures can range from the deletion of the content to the temporary or even definitive prohibition of the content hosting service, given the seriousness and the repetition of the offenses observed. CYTO also does not carry out general monitoring of the content beyond the assistance to repression, in particular the apology of crimes against humanity, incitement to racial hatred as well as child pornography, incitement to violence, in particular incitement to violence against women, as well as attacks on human dignity in accordance with the provisions of paragraph 7 of I of article 6 of the LCEN.
In addition, CYTO is not responsible for the content it hosts and cannot be held liable or held liable for the activities or information stored at your request, if it was not effectively aware of their illicit nature or of facts and circumstances revealing this character or if, from the moment it became aware of it, it acted promptly to remove this information or to make access to it impossible. In this regard, CYTO reserves the right to withdraw or suspend access to any content following receipt of a notification or if it has actual knowledge of the manifestly illicit nature of the content. Under no circumstances can CYTO be held liable for this withdrawal. In any event, CYTO cannot be held liable in any way in the event of content sharing by you.
Article 12: Data controller
12.1. General provisions
CYTO collaborates, under mandate, with payment and electronic money institutions and account information service providers approved by the ACPR, all joint controllers of the processing of Customers' personal data, in accordance with Article 26 of the GDPR.
Thus, CYTO and these establishments jointly define the purposes and means of this processing. Customers' personal data is only shared with these co-controllers for the purposes of performing the contracts established with CYTO.
The list of these providers is listed below:
Powens enables CYTO to provide its bank account aggregation and linked account information services for Clients. Powens' Privacy Policy can be accessed here.
Tink AB also enables CYTO to provide bank account aggregation and related account information services for CYTO Clients. Tink AB's Privacy Policy can be accessed here.
Treezor is notably an issuer of CYTO IBANs. Treezor's Privacy Policy can be accessed here.
CYTO and these entities are bound by mutual information obligations, in particular with respect to the following events:
Any breach of Customers' personal data;
Any recourse to a new subcontractor carrying out processing of the personal data of Customers outside the European Economic Area (EEA) and on behalf of CYTO.
As part of the provision of additional services, CYTO is also required to communicate your personal data to partners.
CYTO may also be required to communicate the personal data of its Customers to one of its suppliers or partners, provided that they have been anonymized beforehand. This anonymization consists of removing the following elements: surname and first name, e-mail address, telephone number, postal address and any other element making it possible to identify or contact the Customer directly.
All of the personal data of CYTO Clients is covered by professional secrecy under the conditions of Article L.511-33 of the Monetary and Financial Code.
These partners only have access to the data that is strictly necessary for them to perform the contracts established with CYTO.