Privacy policy / notice

Definitions

Customer: Any user of the Bosca Pizza mobile application placing at least one order on said mobile application.

Order: A succession of acts leading to the customer selecting products and validating their purchase bypayment. An order is confirmed via an e-mail sent to the customer’s address.

 

Personal data (s) (or DCP): within the meaning of article 4.1 of the GDPR: “Any information relating to an identified or identifiable natural person; is deemed to be an "identifiable natural person" a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity; »»

 

Publisher: Appyness, 1 Allée Hames 59910 Bondues, France.

 

Operator: A legal person with a professional activity being thecommercial operation of an automatic pizza kiosk. The operator is bound by a contract with the brand.

Product: Products referenced and accessible on the Bosca Pizza mobile app.

GDPR: (General Data Protection Regulations) Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 relating to the protection of natural persons with regard to the processing of personal data and free circulation of this data.

 

User (s): Anyone using the Bosca Pizza mobile application.

 

Seller: The operator of the automatic distributor selected when ordering.

 

What is personal data?

Personal data is a concept defined by regulations, in particular the Data Protection Act of January 6, 1978 modified, such as:

"Any information relating to an identified natural person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements which are specific to them".

More concretely, these are the names, first names, electronic or postal addresses, photos and videos of a person. A number also constitutes personal data, including bank card numbers, loyalty code, or even the registration number of a vehicle. In general, all the information that makes it possible to identify a person, is personal data.

Conversely, when a fact is anonymized, that is to say that it then becomes impossible to identify the person concerned, it is not considered as a personal data.

 

What information is collected through the Bosca Pizza mobile application

The information collected when using the Bosca Pizza mobile application may be data relating to:

• identification (name, first names, date of birth, postal address, email address, identifier/password, loyalty code);

• Personal Information (gender, marital status, number of children, name and first names of children, date of birth of children, etc.);

• Professional life (function, business, socio-professional category, etc.);

• Purchases, including purchasing preferences;

• Banking data (credit card contact details); This data is not kept by the Publisher, neither by the brand or seller, nor by the payment merchant used on the Bosca Pizza mobile application.

• geolocation data;

• Information provided during requests for information or assistance or the purchase of products or services from the Publisher or the brand, including the information necessary to process your orders with the payment merchant concerned which may Include the amount of any transaction.

 

Personal data from minor

No personal information of minor people is collected, the products and services offered in the Bosca Pizza mobile application being intended only for the categories of people capable of subscribing to an act of purchase.

This is the reason why you are systematically requested from people who subscribe to the services, to enter their date of birth.

If a minor person provides a false date of birth to access the products and services of the Bosca Pizza mobile application by pretending to be an adult, we are unable to check it. On the other hand, at first request from one of their relatives, their data will be deleted from all the bases, after having carried out all the useful checks.

We encourage The parents and legal tutors to ask their children to never give their personal data, without authorization, when they are online.

 

Why collect personal data?

When a customer decides to place an order on the Bosca Pizza mobile application, some information is necessary to be able to process their order and allow it to create a user account.

Certain data such as those of the purchase basket or the amount of this basket, then make it possible to adapt the offer and provide a personalized service such as the possibility of recommending a basket whose content is identical to that of a previous order.

If you agree to receive information or commercial offers, it may be adapted to your user or buyer profile, thanks to the processing of your purchasing history. This is called "targeted advertising".

ADIAL undertakes, in accordance with the regulations, to apply the principle of "minimization" of data, namely to collect only the necessary data.

 

Data processing

Definition of DCP treatment controller

Bosca Pizza and the seller recognize that Adial does not deal with DCP in their name and/or on their behalf. ADIAL provides, however, via this contract, access to the features of its software, which allows it to be done. These provisions therefore organize Adial's responsibilities on the one hand and Bosca Pizza and the Seller on the other hand, with regard to all the legal provisions relating to the protection of personal data and for the sake of information people targeted by the collection and treatment of their DCP.

Bosca Pizza and the seller declare and accept:

• that they only determine the purposes and means relating to the DCP treatment (s)

• that they are and remain solely responsible for the processing (s) carried out via the software made available by ADIAL

• that they only assume all the legal consequences relating directly or indirectly to disputes, litigation and/or commitments of responsibilities related to the processing of DCPs

• that they are required to manage the response to the rights of people concerning their DCP.

Need a contract for data processing subcontracting by Adial

Any request from the brand or the seller aimed at requesting the Publisher an approach aimed at dealing with DCPs must be the subject of a duly signed contract between the parties on the basis of article 28.3 of the GDPR: "Treatment with a subcontractor is governed by a contract or another act (...) which links the subcontractor with regard to the controller, defines the object and the duration of treatment, nature and finality processing, type of personal data and categories of persons concerned, and the obligations and rights of the controller (…) ”).

In the absence of such a specific contract, the brand or the seller expressly renounces to engage the responsibility of the Publisher for all the legal consequences which could directly or indirectly relate to disputes, litigation and/or commitments of responsibility linked to the treatment of DCPs.

 

Limitation of liability of the Publisher

In the absence of a proven fault of the Publisher retained by a judgment at the bottom passed in force of deemed and insusceable of legal appeal, the brand raises and guarantees fully and at first request, the Publisher of all the legal and pecuniary consequences damaging which could affect it directly or indirectly due to a violation of legal and/or regulatory obligations relating to the protection of DCPs.

 

Duty of information, advice and alert of the customer by the Publisher

The Publisher has set up the software tools allowing the brand to comply with the provisions of the GDPR. However, in the event of identification of a difficulty potentially involving the violation of one or more provisions of the GDPR relating to the DCPs of customers, it is up to the brand to inform customers.

 

Declaration of compliance with the GDPR

The seller and the brand have in light of the laws in force the quality of data controller they operate. They guarantee the Publisher that they have carried out all the obligations that fall to them at the end of Law No. 78-17 of January 6, 1978 known as "IT & Liberties" and the GDPR. For the purposes of compliance with its obligations, they are informed by the Publisher that the location of the Publisher's servers is as follows: OVH - SAS with a capital of € 10,000,000 - RCS Roubaix - Tourcoing 424 761 419,00045 - Code code APE 6202A VAT number: FR 22 424 761 419 - Headquarters: 2 rue Kellermann - 59100 Roubaix - France. Regarding the transmission of DCP, the seller and the brand guarantee that they have informed the natural persons concerned of the use that is made of it.

 

How can you control the processing of your personal data?

The information that the customer accepts to entrust, through the use of the Bosca Pizza mobile application, remains their personal data and no one can deprive them of their fundamental right to have their data.

The customer therefore has the right to oppose or limit certain processing of their personal data.

If the customer wishes to access, rectify or even request the erasure of their data from the information systems of the brand and the sellers linked to them by contract, it is enough for them to write by email at the following address: hello@boscapizza.ie

The customer can also connect to the Bosca Pizza mobile application, in the "My Account" section, access and modify certain data.

The customer also has the right to portability of certain data. If he wishes to exercise this right, he is asked to contact the email address also above.

If the exercise of the rights of the customer has consequences, in particular restrictions or prohibitions for access to the products or services of the brand, the information will then be issued to them clearly so that they are able to make their decision in a lit and transparent way.

 

Means implemented to ensure the protection of personal data

The brand and sellers implement actions to meet the requirements of the regulation, and make it possible to reduce the risk of damaging personal data.

As part of the obligation to manage customer accounts provided for by the 2016 Regulation (EU) of the European Parliament and the Council of April 27, 2016 relating to the protection of natural persons with regard to the processing of personal data And to the free movement of this data, the Publisher reminds the brand and sellers that they keep a register of personal data processing (article 30 of the GDPR), to which the customer can access all or part, on request, addressed to hello@boscapizza.ie.

The brand and sellers are the sole judges of the need for their respective activities of the implementation of a data protection delegate (DPO) in charge of ensuring the keeping and regular update of This register on the basis of the provisions provided for by the regulation. In particular, for each new treatment implemented by the Publisher on request subject to a contract on the part of the brand or a seller, the DPO, within the framework of an internal procedure for validation of validation, controls its purpose and legitimacy with regard to the needs of the company but also and above all with regard to the risk of damage to data protection and the privacy of the persons concerned. In particular, its mission is to ensure that each of the treatments envisaged by the brand or sellers respects the principles of respect for privacy from the design of a solution or an application.

Finally, with regard to the security measures implemented to protect personal data from any risk of unauthorized disclosure or damage to their integrity, the brand and the sellers deployed the means at their disposal with their respective teams and their providers to minimize the risk of safety flaws.

The Publisher strives to maintain systems surveillance. Publisher's applications are analyzed in search of safety and vulnerability flaws and the Publisher takes the necessary precautions to avoid the loss, abuse or alteration of personal data. When certain services require calling on a third party, the Publisher selects its providers on the basis of safety and confidentiality criteria previously defined with regard to the issues, and systematically requires its subcontractors, a level of security which guarantees a Sufficient level of protection of the personal data they process on their behalf.

 

Location of personal data

The personal data of customers is stored with service providers, in their data centers located exclusively in France (OVH - SAS with a capital of € 10,000,000 - RCS Roubaix - Tourcoing 424 761 419,00045 - Code APE 6202A N ° VAT: FR 22 424 761 419 - Headquarters: 2 rue Kellermann - 59100 Roubaix - France).

The Publisher still demands from its accommodation providers for the entrusted data to be accommodated in Ireland.

If, for technical reasons or for specific needs linked to the maintenance of certain applications, personal data is accessible by third parties located outside the European Economic Area, the Publisher has previously ensured that the latter guarantees a sufficient level of protection of this data, by making them sign the standard contractual clauses of the European Commission.

 

Data retention period personal

The brand and the sellers say they are intended to always keep personal data safe and securely, only during the duration necessary to carry out the purpose pursued by the processing.

In this perspective, appropriate physical, technical and organizational measures are taken to prevent, as far as possible, any preservation of personal data beyond a maximum duration of 26 months, except for the data to be kept to answer to legal prescriptions.

Beyond this period, the brand offers customers to automatically and select the basic data.

 

Modification of personal data protection policy

This personal data protection policy may be updated regularly, in particular to take into account the changes to the law and the regulation. In the event that a customer has a registered account, the customer is informed of any modification of the policy by email to the email address linked to their account.

These changes come into force immediately when they are downloadable and available on the Bosca Pizza mobile application.