BODYGUARD is concerned about the protection of Users’ personal data and is committed to protecting them in accordance with the applicable regulations and in particular Regulation (EU) No. 2016/679 of 27 April 2016 known as the “General Data Protection Regulation” or “GDPR” and Law No. 78-17 of 6 January 1978 as amended, known as the “Data Protection and Freedom Law” (together the “Data Protection Regulations”).
It is reminded that for any minor under 15 years of age, only legal representatives can give valid consent to the collection and processing of personal data and supervise the use of the application.
The “User” is understood to mean any natural person benefiting from the BODYGUARD moderation module set up on his or her account for the use of various social networks (e.g. YOUTUBE) as well as any person whose content is likely to be moderated by this module.
Personal data” refers to all types of information, data and content, which enable a natural person to be designated or identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
When it collects the Users personal data of , BODYGUARD carries out processing of such data for which it is qualified as a “data controller” within the meaning of the aforementioned texts. In this respect, BODYGUARD undertakes to comply at all times with the requirements of the Regulations applicable to the protection of personal data and to process Users’ personal data only in accordance with the conditions set out below.
1. Personal data processed and purposes of processing
Access to BODYGUARD’s services is via the User’s account on the platform of its social network where it wishes to use the Services (hereafter the “Platform”). Through an API, BODYGUARD links the User’s Account to his account on the Platform (e.g., YOUTUBE or TWITTER account).
When BODYGUARD processes the User’s personal data for the purposes detailed in the table above, BODYGUARD is referred to as a “joint controller” with the Platform or as a “processor” when BODYGUARD acts exclusively on behalf of and for the account of the Platform and on its instructions. The User is invited to read the Platform’s personal data protection policy carefully in order to be informed of the processing carried out by the Platform on his/her personal data. Under no circumstances shall BODYGUARD be liable for the processing operations carried out by the Platform on the User’s personal data.
As BODYGUARD’s Services are connected to the Platform via an API, BODYGUARD only accesses the User’s personal data by “delegation” (authorisation and instruction) from the Platforms (e.g. YOUTUBE or TWITTER account). Therefore, BODYGUARD does not directly collect the User’s personal data. Any data communicated to BODYGUARD in the context of the use of the Services is deemed to have been collected and communicated in accordance with the regulations.
Within the framework of the Services, BODYGUARD may process the following personal data:
- Username: Moderation services ; Storage ; management relationship with user; statistics ; anonymization
- Pseudonym (Screen name): Moderation services ; Storage ; management relationship with user; statistics ; anonymization
- URL of user photo: Moderation services but photo not stored; management relationship with user; statistics ; anonymization
- Number of followers (if available): Moderation services ; Storage ; management relationship with user; statistics ; anonymization
It is specified that BODYGUARD does not access users’ Platform Accounts and does not retain the content thereof subject to the treatments explained in the table above.
2. Retention period of the User’s personal data
BODYGUARD will retain the User’s personal data for as long as the User’s BODYGUARD Account is active. Upon closure of the User’s Account, for any reason whatsoever, BODYGUARD will archive the User’s personal data for the legally required period of time for the purposes of preventing and combating fraud, as well as for evidentiary purposes for the establishment, exercise or defence of a legal claim. Beyond this period, the User’s personal data will be anonymised.
3. Recipients of personal data
4. Security measures implemented
BODYGUARD is committed to ensuring the security and integrity of the User’s personal data. To this end, BODYGUARD implements and maintains strict technical, legal and organisational measures to ensure the security and confidentiality of the Application and, more generally, of its information system, adapted to the nature of the personal data processed and the risks presented by their processing. These measures are designed to (i) protect personal data against destruction, loss, alteration, disclosure to unauthorized third parties, (ii) ensure the restoration of the availability of personal data and access to them within appropriate time limits in the event of a physical or technical incident.
These measures are regularly tested, analysed and evaluated in order to constantly ensure their effectiveness and, consequently, the security of processing.
5. Rights of the User over his personal data
The User has at any time, the following rights on his personal data:
- Right of access: to obtain confirmation of the processing of his personal data as well as a certain amount of information on the processing, it being understood that this information is in any case given in this personal data protection policy ;
- Right of rectification: to obtain the rectification of personal data when they are inaccurate or incomplete;
- Right to erasure (“right to forget”): to obtain the erasure of personal data when it is no longer necessary for the purposes for which it was collected or when the User objects to the processing of his/her personal data. The User acknowledges and accepts that this right is not available to him/her when his/her personal data is processed for the purposes of preventing and combating fraud;
- Right to limit processing: to obtain the limitation of the processing of personal data when the User contests the accuracy of the data, when the period for storing the data has expired but the User still needs to keep the personal data for the establishment, exercise or defence of a right in court, or if the User has opposed the processing;
- Right of portability: to obtain communication of the personal data that the User has communicated to BODYGUARD in a readable format, or to request BODYGUARD to transmit the personal data that the User has communicated to another data controller;
- Right to object: to object at any time, on grounds relating to his/her personal situation, to the processing of his/her personal data, in particular where such objection relates to commercial prospecting, including profiling. The User acknowledges and accepts that this right is not open to him/her when his/her personal data is processed for the purposes of preventing and fighting against fraud;
- Withdrawal of Consent: Withdrawal of consent to the future processing of his personal data by BODYGUARD, where the processing is based on consent ;
- Right to lodge a complaint: to lodge a complaint with the “Commission Nationale de l’Informatique et des Libertés” if the User considers that the processing carried out by BODYGUARD constitutes a violation of his/her personal data.
The User’s rights with regard to his or her personal data may be exercised at any time by contacting BODYGUARD by email at the following address: [firstname.lastname@example.org]. Proof of identity will be requested.