top of page

Data management policy charter  personal

Carbonapp, a simplified joint-stock company whose head office is located at 42 Rue du Stade 50 370 BRECEY, (hereinafter the "Agent") in its capacity as data controller, attaches great importance to the protection and respect of your private life. This Charter aims to inform you, in accordance with Regulation No. 2016-679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Rules”), our practices regarding the collection, use and sharing of information that you provide to us through our website (the “Site”) and our Services.

The objective of this support is to inform in a clear and precise manner the purchaser (the “Customer”) and his Employees of the Services made available, of all the processes of collection, operation, management, archiving and destruction of his personal data.

1. The data we collect

By using the Site and the Services, you are required to send us information relating to natural persons likely to be identified, directly or indirectly, and therefore constitute personal data (hereinafter referred to as "Data". ). This is particularly the case when you browse the Site or when you contact us.

This information contains in particular the following data:

    A) Personal data that you communicate to Carbonapp

Contact Data: means the data you provide when contacting us through our contact form or by sending us an email, such as your name, surname, email address and telephone number.

Connection or browsing data: refers to the data that we collect during your browsing on the Site and the Services such as in particular the date, time of the connection and / or browsing, the MAC address of your computer, the type browser, browser language, your IP address, pages viewed and for how long.  

We collect the Personal Data of Internet users who wish to: find out more about our activities (via the contact form), receive our news (via our newsletter) posted on the site .

    B) Cookies

A "cookie" (or "tracker") is a connection cookie which designates a text file that can be saved in a dedicated space on the hard drive of your terminal (computer, tablet, or smartphone), on the occasion of the consultation of a service accessible online. A cookie allows its issuer to identify the terminal in which it is registered, during the period of validity or registration of the cookie. The cookie therefore does not allow you to be identified as such; it is used to record your browsing information on the site.

During your visits to the site, information relating to your browsing may be recorded in “Cookies” files installed on your terminal, subject to the choices you have made regarding cookies and that you can change at any time. These cookies allow personalized navigation for the User and are also used for analytical purposes (audience measurement).

You will be notified of the existence of cookies and their purpose (s) as soon as you log on to the site, by the presence of an information banner at the bottom or top of the page. 'Home.

The deposit and the reading of cookies on your terminal require your prior consent, by clicking on "I accept". However, you can configure your browser to refuse cookies or customize the cookie settings by clicking on a "Find out more" link. If you accept the use of cookies, your agreement will be valid for 13 months. It will then be necessary to renew your agreement at the end of this period.

If cookies are refused, or if you delete those stored there, we inform you that you will no longer be able to benefit from a certain number of functions which are nevertheless necessary to navigate in certain areas of our website. If necessary, we decline all responsibility for the consequences related to the degraded functioning of our services resulting from the impossibility for us to record or consult the cookies necessary for their functioning and which you would have refused or deleted.

Finally, a distinction should be made between the cookies we issue on our site and those issued by third parties. As such, be aware that cookies may be placed from time to time on certain pages of the site by third parties (advertisers or others). This is the case, for example, for cookies from the social network Facebook. We inform you that we have no control over the use of cookies by third parties.


2. How do we use the data we collect?

We use the Data we collect in order to:  

  • Enable the implementation, management, operation and improvement of the Site and the Services

  • Manage the commercial relationship (invoices, after-sales service) and follow up on your contact requests, 

  • Enable the proper performance of the Services under the best conditions 

  • Communicate with Clients and improve the quality of our services, namely answering Clients' questions and informing clients of the Agent's news. 

  • Resolve any possible dispute or settle any problem in the context of the use of the services of the Agent.  

When the Data is collected, you will be informed if certain Data must be completed or if they are optional. The Data identified by an asterisk within the collection form are mandatory. Otherwise, the execution of your request may be restricted.  

Any use of Personal Data for a purpose other than those set out above in our Privacy Policy will require your express prior consent.


3. Who are the recipients of the data we collect and for what reasons do we transmit this data to them?

    A) Data processed by Cabonapp

The Data collected is intended for us in our capacity as data controller.  

Our IT department and our sales / marketing department are recipients of the Data for the implementation, management, operation and improvement of the Site and the Services, as well as for the management of your account allowing you to access certain of our Services.

Our communication department and our sales / marketing department are recipients of the Data for sending our newsletter.

Our communication department and our sales / marketing department are recipients of the Data for the management of the commercial relationship and your contact requests.

    B) Data transferred to authorities and / or public bodies

In accordance with the regulations in force, we may be required to disclose the Data to the competent administrative or judicial authorities on request and in particular to public bodies, auxiliaries of justice, ministerial officers, bodies responsible for carrying out debt collection, exclusively to meet legal obligations, as well as in the case of the search for perpetrators of offenses committed on the internet.  

As part of the achievement of voluntary carbon offsetting, the Deliverables may be transmitted to the Ministry of Ecological and Inclusive Transition and shared between the Client and the Project Owner.


    C) Data transferred to third parties

While browsing the Site, your personal data may be transmitted to external service providers. These third parties provide a service on our behalf and on our behalf in order to allow the proper functioning of the Services.                                                        

We use subcontractors and service providers for the purposes of:  

  • Hosting of our Sites, via our subcontractor;

  • Management and sending of our mailing and our newsletter, via our subcontractor SendinBlue;

  • Bookkeeping, via our subcontractor In-extenso;

  • Administrative management, sending emails and sms, via our subcontractors SendinBlue and PipeDrive, Google Suits, In-extenso

Likewise, we may need to share your information and Personal Data with companies, councils or third parties in order to:

  • Apply the Privacy Policy and the General Terms and Conditions of Sale of the site in force, including to note any breaches thereof;

  • Protect against any infringement of the rights, property or security of the company Carbonapp and its users, in application and in compliance with the law.


We only provide these third parties with the Data they need to provide their services, and we require that they do not use your Data for any other purpose. These third parties will only act in accordance with our instructions and will be contractually bound to ensure a level of security and confidentiality of your Data identical to ours and to comply with the applicable regulations on the protection of personal data.

In the event of data transfer outside the European Union, we undertake to do so in a secure manner and in accordance with applicable regulations, in particular with regard to the protection of personal data:

- Or by transferring the Data to a recipient located in a country that has been the subject of an adequacy decision from the European Commission certifying that it has an adequate level of protection;

- Either by performing or having executed the European Standard Contractual Clauses which have been approved by the European Commission as ensuring an adequate level of protection of your Data;

- Or by resorting to Binding Company Internal Rules validated by the competent data protection authorities;

- Or by resorting to all the appropriate guarantees referred to in Article 46 of the Rules.

Data transfers to the United States are governed by the European Union / United States Privacy Shield (EU - US PRIVACY SHIELD). Except in the event that a third party asks you to accept a confidentiality charter and its own conditions of use, the third-party companies having received communication of your personal data have undertaken to process your personal data only. for the implementation of our Services.  

We will never share, without having obtained your prior consent, your personal data with third-party companies for marketing and / or commercial purposes.


4. How long do we keep your data?

Your Data will not be kept beyond the period strictly necessary for the purposes pursued as set out in this Charter and in accordance with the Regulations and applicable laws.

In this regard, the Data of your account / profile are kept for the duration of the contractual relationship, then archived in accordance with the civil and commercial limitation period.  

Indeed, we keep your Data to ensure your identification when you log into your account and to provide you with the Services. Thus, when you unsubscribe, the Data will be erased and only kept in the form of an archive for the purpose of establishing proof of a right or a contract.

Data relating to the execution and management of contracts are kept for the duration of the contractual relationship, then archived in accordance with the civil and commercial limitation period.  

Contact data (excluding contract management) is kept for a period of 3 years from our last contact.  

When the retention periods expire, your Data is erased or anonymized so that it can be used without infringing your rights. However, your Data may be archived beyond the periods provided for the needs of research, observation and prosecution of criminal offenses for the sole purpose of allowing, as necessary, the provision of your Data to judicial authority.

Archiving implies that your Data will no longer be available online but will be extracted and stored on an autonomous and secure medium.  


5. How do we protect your data?

We take technical and organizational measures to guarantee the security, integrity and confidentiality of Data, and in particular to prohibit unauthorized access or the modification, disclosure, loss or destruction of your Data. . We ensure an appropriate level of security, taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks and their likelihood.

However, it is specified that since no security measure is infallible, we are not able to guarantee absolute data security.

In addition, you are responsible for ensuring the confidentiality of the password allowing you to access your Account. Do not share this information with anyone. If you share your computer, remember to log out before leaving a Service.


6. What are your rights over your Data?

In accordance with the laws and regulations applicable to the protection of personal data, you have a number of rights relating to your Data, namely:

- A right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible manner of the way in which your Data is processed. You also have the right to obtain (i) confirmation that Data relating to you is being processed and, where applicable (ii) to access such Data and obtain a copy thereof.

- A right of rectification: you have the right to obtain the rectification of inaccurate Data concerning you. You also have the right to complete Incomplete Data concerning you, by providing an additional declaration. In the event that this right is exercised, we undertake to communicate any rectification to all recipients of your Data.

- A right of erasure: in certain cases, you have the right to obtain the erasure of your Data. However, this is not an absolute right and we may for legal or legitimate reasons keep this Data.

- A right to restriction of processing: in certain cases, you have the right to obtain restriction of processing of your Data.

- A right to Data portability: you have the right to receive your Data that you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or to transmit them to a third party of your choice . This right only applies when the processing of your Data is based on your consent, on a contract or when this processing is carried out by automated means.

- A right to object to processing: you have the right to object at any time to the processing of your Data for processing based on our legitimate interest, a public interest mission and those for commercial prospecting purposes. This is not an absolute right and we can for legal or legitimate reasons refuse your request for opposition.

- The right to withdraw your consent at any time: you can withdraw your consent to the processing of your Data when the processing is based on your consent. The withdrawal of consent does not compromise the lawfulness of the processing based on the consent made before this withdrawal.

- The right to lodge a complaint with a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices.

- The right to give directives concerning the fate of your data after your death: you have the right to give us directives concerning the use of your Data after your death.

To exercise these rights, you can contact us at the following address: , Carbonapp, 42 Rue du Stade 50 370 BRECEY.

Note that we may require proof of your identity for the exercise of these rights.  


7. Amendments to the Charter

We may occasionally modify this policy, in particular in order to comply with any regulatory, jurisprudential, editorial or technical changes. If so, we will change the “last updated” date and indicate the date on which the changes were made. When necessary, we will inform you and / or seek your consent. We advise you to consult this page regularly to take note of any changes or updates made to our policy.  

For any questions concerning your personal data or if you wish to delete your Account, please contact us at the following postal address: Carbonapp, 42 Rue du Stade 50 370 BRECEY (indicating "Privacy - Data Protection"), or by email at . 

bottom of page