FIELD OF APPLICATION
This personal data protection policy (the “Policy”) is implemented by XR Studio (RCS Vienne B 877 979 633) and all its direct or indirect subsidiaries, namely
Tale-Vision (RCS Vienne B 897 655 635).
In the course of their respective activities, all group companies (hereinafter together the “Group”) collect and process personal data (hereinafter the “Personal Data”), as defined by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter the “GDPR”) and in compliance with it and all applicable regulations.
The Personal Data collected and processed by the Group relates to its customers, suppliers and partners.
In the Policy, the following words and expressions, whenever they begin with a capital letter, have the meaning given to them below:
- “Data Processor” means, for a Data Processing (as defined below), the person in charge of determining its purposes and means;
- “Sub-processor“: means, for a Data Processing (as defined below), a person processing Personal Data on behalf of the Data Controller, and under his instructions;
- “Data Processing“: means a processing of Personal Data, i.e. any operation or set of operations (automated or not) applied to Personal Data or sets of Personal Data.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
The Data Processing carried out by the Group meets the following purposes:
- Customer relationship management;
- Management of the relationship with partners and suppliers;
- Commercial prospecting;
- Web traffic management;
- User experience via digital media.
CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED
The Group respects the principle of data minimization; in other words, it only processes the Personal Data that are necessary to achieve the purposes set out above, namely:
- Customer relationship management:
This concerns the Personal Data necessary for the conclusion and execution of the contract, i.e. identification data (surname, first name) and the customer’s contact details (postal address, telephone number and e-mail address), as well as the customer’s tax data and bank details;
- Management of the relationship with partners and suppliers:
This concerns the Personal Data of the Group’s interlocutors with the said partners, namely their identification data (surname, first name) and the contact details of the interlocutor (postal address, telephone number and e-mail address);
This is Personal Data (last name, first name, postal and telephone numbers and e-mail address) communicated by the client, which are used by the Group for prospecting purposes in strict compliance with the applicable regulations;
- Web traffic management:
– Cookies collect information about the use of our site, such as areas visited and services accessed, IP address, browser type, access times. Such information is used exclusively for internal statistical purposes, in order to improve the quality of the services offered to you. The databases are protected by the provisions of the law of July 1, 1998 transposing the directive 96/9 of March 11, 1996 on the legal protection of databases.
– Some services offered by this site require data such as: name, position, company name, e-mail address and telephone number. This is the case when registering via the forms offered online, or in the “contact” section. It is possible to refuse to provide this personal data. In this case, the use of the services of the site is excluded, such as making contact, or receiving information letters called “Newsletters”.
- User experience via digital media:
This is data and statistics collected via applications and games developed by Tale-Vision, they include consumption habits, connection data (login, password), usage statistics (uninstallations, connection time, in-app purchases).
RECIPIENTS OF PERSONAL DATA
The Personal Data collected may be communicated to other Group companies, financial partners and suppliers, within the limits necessary for the purposes described above.
Personal Data is also communicated to and processed by the Group’s subcontractors within the limits necessary for the performance of the purposes described above.
Personal Data may also be transmitted to any authorized third parties in order to comply with the Group’s legal and regulatory obligations, and in order to comply with the legal and regulatory obligations of the recipients of Personal Data, as described above.
SECURITY OF PERSONAL DATA
The Group ensures the availability, integrity and confidentiality of the Personal Data collected and processed. All the technical and organizational measures adopted by the Group aim to preserve the security of the data and prevent it from being distorted, damaged or accessed by unauthorized third parties.
The data is hosted on the Group’s servers, all located in France.
DURATION OF RETENTION OF PERSONAL DATA
The Personal Data is kept by the Group for as long as necessary for its processing.
Personal Data may be kept for an additional period of time, in accordance with the applicable legal statute of limitations, depending on the category of Personal Data and the applicable national legislation.
RIGHTS OF THE PERSONS CONCERNED
The Data Processing carried out by the Group gives the following rights to the individuals concerned:
- the right to access, rectify and delete Personal Data under the conditions provided for by the regulations (Articles 15 to 17 of the GDPR)
- the right to limit the processing of their Personal Data under the conditions provided for by the regulations (article 18 of the RGPD);
- the right to withdraw consent at any time, when the Data Processing is based on consent, under the conditions provided for by the regulation (Article 13-2, point c, of the GDPR);
- the right to the portability of Personal Data under the conditions provided for by the regulation (Article 20 of the GDPR);
- the right to object to the Processing of Data, under the conditions provided for by the regulations (Article 21 of the GDPR);
- the right to define directives allowing access to data in the event of death;
- the right to lodge a complaint with the competent national authority for the protection of Personal Data.
To exercise any of the above mentioned rights, the concerned natural person will have to write by mail to X R Studio – To the attention of the Referent Personal Data – 562, Traversée d’Arcisse – 38890 SAINT-CHEF, or by e-mail to firstname.lastname@example.org. In both cases, the physical person will have to :
- specify the object of the request (right concerned),
- attach proof of identity, or that of his or her representative in the case of representation.
The Policy is subject to subsequent changes, linked to legal and regulatory developments.