This document also sets out your rights concerning the data we hold about you. For any request for additional information, please contact our Data Protection Officer whose contact details are specified below.
The company Flash Contrat will be referred to hereinafter as "papernest", "we", "us" or "our".
The person responsible for processing the personal data of users collected via the aforementioned Site and
The company Flash Contrat, a simplified joint stock company (SAS) registered under French law, with a capital of 25,000 euros, whose registered office is located at 157 Boulevard Macdonald, 75019 Paris, RCS (Paris B 809 710 858), SIREN number (809 710 558), represented by Mr. Philippe de la Chevasnerie, Chairman and Mr. Benoît Fabre, Managing Director.
The Data Protection Officer (or "Data Protection Officer", "DPO") is:
Mr. Pierre Dubail, domiciled at the same address as the Data Controller and whose email address is: firstname.lastname@example.org.
The competent supervisory authority shall be, as appropriate:
For any information regarding your personal data, you can contact the Data Controller or the DPO at the postal address previously indicated, or by email at the following address:
What personal data do we collect?
Personal data is any information relating to a natural person from which that person can be identified,
directly or indirectly, such as his or her first and last name, email address or telephone number.
In the course of our business, we may collect your personal data when:
We may also receive information from third parties, in this case our partners, when you sign a contract with
one of them through us (for example, to confirm that we have taken into account and validated the said
The collection of your data by us is a prerequisite for the conclusion of contracts with our partners (energy, telephone and internet suppliers, insurers, other service providers). You have the right to refuse to provide the information requested. However, this may compromise the processing of your requests relating to the services offered by the Data Controller. When certain information is mandatory to access specific functionalities, of the Site or the App, the form indicates the mandatory nature at the time of data entry.
The personal data we collect is essentially the information you provide us directly when you initiate a subscription (or cancellation) process on our App or by telephone via our Call Center. This data includes:
Please note that our telephone experts, duly authorised for this purpose, may collect, as a complementary measure, certain personal data concerning you, other than those expressly provided for in the fields of the forms of the various routes, by taking notes in a free field of our CRM provided for this purpose, only when this proves to be strictly necessary for the processing of your requests. The content of this field is automatically and irreversibly destroyed 3 months after it has been entered. You have the right to specifically object to this processing and for this purpose you can contact our Data Protection Officer at the above-mentioned addresses.
When you take out a contract through us with one of our partners (energy supplier, internet box provider, insurance company, etc.) this partner may share information with us relating to the contract in question.
In addition to the information you provide directly, we collect a certain amount of data relating to your connection, your navigation and your interaction with our services.
In order to improve the quality of the user experience delivered by our Call Center, to optimize the training of our operators in this respect, and to evaluate them, your calls are likely to be recorded. This recording is not systematic. Recordings are kept for a period not exceeding six months. You may, if you wish, object to this treatment by contacting our DPO at the above-mentioned address.
How do we use the data we collect?
We only process your personal data when we have a relevant legal basis for doing so. Depending on the purpose, the processing we carry out may be appropriate:
The data we collect and process is strictly necessary for the purposes specified below:
|Category of data processed||Purposes of processing||Legal Basis||Storage life|
|Identification data, data necessary for the qualification of your needs and the subscription to the various offers||
||3 years from your last activity (subscription, connection to the App,
incoming call, click in an email) or from the closing of your user account (+5 years in
Please note that the "notes" entered by the operators in the margin of the calls are automatically deleted 3 months after they are entered.
|Data required to take out contracts with our partners||
||3 years from your last activity (+5 years in archiving base)|
|Connection and navigation data on the Site and/or the App||
||13 months from the deposit of cookies|
|Contact data (email address, telephone)||
To communicate with you in general, and more specifically to:
3 years from your last activity (+5 years in archiving base)
You can unsubscribe from our emails at any time by clicking on the unsubscribe link at the bottom of each email
|Data obtained from our partners necessary for the conclusion of a contract||
||3 years from your last activity (+5 years in archiving base)|
|Telephone conversations via our Call Center||
||6 months from collection|
|Proof of identity||
Who are the recipients of the data we collect? Why do we give them this information?
We strive to treat your personal data in a private and confidential manner.
The data collected or processed when using our services are intended for the entities of papernest, more specifically for the persons authorized and empowered internally who by their functions need to know them for the purposes of the aforementioned processing.
These data may also have as recipients:
Apart from the cases listed above, personal data concerning you may only be disclosed in application of a law, a regulation, or by virtue of a decision of a competent regulatory or judicial authority, or, if necessary, for the purposes of the Data Controller to protect your rights and interests.
How long do we keep your personal data?
Your data is kept on an active basis for a period of 3 years from the date of your last activity on the App
(subscription to a contract, connection) or via our Call center (incoming call), or from the closing of your
We may retain certain personal data for a longer period of time, including after the closure of your account, to fulfill our legal obligations regarding retention or those of our partners and to defend or enforce our rights. At the end of the aforementioned 3-year period, your data may thus be archived for 5 years in a dedicated archive with restricted access. These data are kept in their entirety, in view of the purposes pursued.
The transfer to an intermediate archiving database is irreversible and the data stored there can no longer be reintroduced into an active database.
We transfer these data concomitantly to our Big Data platform for statistical purposes. This data, which is 100% irreversibly anonymised after the aforementioned 3-year period, is useful to us to compile statistics on the development and performance of our business.
Certain personal data are subject to a shorter retention period, which cannot exceed:
What security measures are applied to your data?
The security of your personal data is important to us. Because we want you to use our services with complete
confidence, we are committed to ensuring the protection of the data you entrust to us. To this end, we have
put in place physical, technical and organisational measures to ensure that your personal data is protected
against unauthorised access, accidental loss, destruction or damage.
To this end, we use firewalls to prevent unauthorised persons from accessing your information.
For added security, we use the AES-256 encryption algorithm to encrypt all data at rest on our application and statistical analysis systems. In addition, access to production databases is controlled and secured (IP filtering, access management policy) and access keys to computer servers are themselves encrypted, managed in accordance with the FIPS 140-2 standard, and their access is logged.
Concerning payment data: we do not store any data relating to bank cards. We delegate to Stripe, a certified payment intermediary, the secure processing of this data.
When the subscription takes place by telephone via our call center and the call concerned is audio recorded, a masking function allows the part of the conversation containing your bank card data to never be recorded. This information is entered directly into the interfaces of the partners for whom you have selected contracts, without it being stored by our services at any time.
Several specific procedures have been put in place within our internal organisation to optimise the security of your data and minimise the risks of disclosure:
What are your rights regarding your personal data?
You have the following rights in relation to your Data:
The right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
The right to have your Data rectified if it is inaccurate or incomplete.
The right to request that we delete or remove your Data from our systems.
The right to "block" us from using your Data or limit the way in which we can use it.
The right to object to our use of your Data including where we use it for our legitimate interests.
The right to request that we move, copy or transfer your Data.
Where the processing is based on your consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal of your consent. To do so, simply contact us at the above-mentioned address.
we are likely to contact you by telephone to finalise the subscription of a contract that you have initiated with us, by telephone or directly on our website, or to offer you a service similar to the one(s) that you have already subscribed to with us (provided that you have given us your telephone number). You have the right to object to your personal data being canvassed by telephone.
You have the right to issue instructions regarding the storage, deletion and disclosure of your personal data after your death. In order to define these instructions, we invite you to contact our Data Protection Officer at the above-mentioned address
You have the right to lodge a complaint about the way we handle or process your data with the competent national supervisory authority (see 1.2).
We undertake to respond to your requests within a reasonable period of time, which may not exceed 1 month from receipt of your request, and to notify you of any operation carried out by our services in accordance with your requests.
If your user account is closed, we will in principle keep your personal data for a period of no more than 3 years. However, you have the right to object to this processing, by exercising your right of deletion in accordance with the methods described above.
Cookies are small text files that are automatically deposited on your computer, smartphone or tablet when you
visit websites. They are stored by your browser.
Cookies are not malicious. They are not programs or viruses that can damage your terminal.
For more information about cookies in general, you can visit: www.allaboutcookies.org and http://youronlinechoices.com/fr
We use 2 types of cookies:
This allows us to identify the contents / features that are of most interest to our users in order to make
our service evolve in the right direction. For example, by ensuring that you can easily find what you are
looking for on our App.
Advertising cookies are only used to measure the performance of the campaigns that we activate on social networks, i.e. to identify the share of our traffic attributable to this access lever.
No advertising is displayed on our Site or on our App and none of your data is marketed to third party partners.
Cookies have a limited lifetime of 13 months after their first deposit on your browser.
The registration of a cookie on your terminal is subject to your will, which you can express and
modify at any time through the settings offered by the browser you use to access our Site or our
If you have accepted in your browser the deposit of cookies on your terminal, the cookies integrated in the pages you have consulted may be temporarily stored in a dedicated area of your terminal. Only their sender will be able to read them.
If you wish to delete the cookies already stored on your device and set your browser to refuse any new cookies, you can go directly to the cookie settings of the browser you use to access our Site or our App.
Please note, however, that disabling cookies may affect the proper functioning of our App. Certain features of the Site may no longer be accessible, for which we cannot be held responsible.
In order to exercise your choice, you may consult the following pages, depending on the browser you are using:
This configuration differs on mobile or tablet:
If you would like more information on cookies and how to control them, you can consult the ICO website which provides a complete guide https://ico.org.uk/your-data-matters/online/cookies/ or the following website http://www.youronlinechoices.com/ where you will find simple instructions on how to manage cookies depending on the browser you are using.
appear in this article. All changes will be effective immediately upon posting.
We will notify you of any such changes by email to the email address you have provided, or by posting a
notice directly on our Site and Application.
We invite you to consult this document regularly in order to be aware of the most recent version.