Privacy Policy

1. Website babaoo.com
2. Babaoo mobile application

1 – WEBSITE BABAOO.COM

What is the purpose of our Confidentiality Policy?

Babaoo SAS, which manages the babaoo.com website, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of reliability and trust.

In this respect, our Personal Data Privacy Policy is a clear demonstration of our desire to ensure that Babaoo SAS complies with the rules applicable to the protection of personal data and, more specifically, those of the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy intended for?

Our Privacy Policy applies to you, wherever you live, as long as you are at least 15 years old, whether you are a customer, a candidate for a position within Babaoo SAS, or a visitor to the babaoo.com website.

If you are under the legal age detailed above, you are not authorised to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email to rgpd@babaoo.com.

If you believe that we are holding personal data about your children without your consent, please contact us at the dedicated address detailed above.

Why do we process your personal data and on what basis?

We process your personal data mainly for the following purposes:

• browse our website, benefit from our services (e.g. discover our educational video game, our research unit, etc.) and so that we can respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our general terms of use and our legitimate interest in providing you with the best possible service.
• follow us and comment on our publications on social networks on the basis of our legitimate interest in having a dedicated page on social networks.
• receive our newsletter informing you of all the latest news about our services on the basis of your consent.
• apply for a position at Babaoo SAS on the basis of discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.
• operate the videos on our site on the basis of our legitimate interest in offering you content in video format.
• allow documents to be downloaded on the basis of our general conditions of use.

How did we obtain your personal data?

Your data is collected directly from you if you are a customer of our services, a “simple” visitor to our website https://babaoo.com/, or a candidate for a position within Babaoo SAS, and we undertake to process your data only for the purposes described above.

On the other hand, when you voluntarily publish content on the pages that we publish on social networks, you acknowledge that you are entirely responsible for any personal information that you may transmit, whatever the nature and origin of the information provided.

What personal data do we process and for how long?

We have summarised the categories of personal data and their respective retention periods below:

• For private individuals, personal identification data (e.g. surname, first name) and contact details (e.g. email address) are kept for the entire duration of the service, plus the statutory limitation periods, which are generally 5 years.
• For professionals, personal identification data (e.g. surname, first name, position, company, department, etc.) and contact details (e.g. e-mail address and business telephone number, etc.) are kept for the entire duration of the service, plus the statutory limitation periods, which are generally 5 years.
• Email address to receive our newsletter, retained until the end of your newsletter subscription.
• The information on your CV and covering letter will be kept for the duration of the recruitment process and for 2 years from the date of your application.
• Statistical data relating to the viewing of our videos, which is anonymised and stored indefinitely.
• Connection data (e.g. logs, IP address, etc.) kept for 1 year.
• Cookies are generally kept for a maximum of 13 months. For more details on how we use your cookies, you can consult our cookies policy, which can be accessed at any time on our website.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you. At the most, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to keep all your personal data for the duration of the case, even after the retention periods described above have expired.

What rights do you have to control the use of your personal data?

The applicable data protection regulations give you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.

• The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
• The right to rectify any personal data that is incorrect, obsolete or incomplete.
• The right to object to the processing of your personal data for commercial prospecting purposes.
• The right to request the deletion (“right to be forgotten”) of your personal data that is not essential for the proper functioning of our services.
• The right to limit your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
• The right to data portability, which allows you to recover part of your personal data so that it can be easily stored or transmitted from one information system to another.
• The right to give instructions on what should happen to your data in the event of your death, either through you or through a trusted third party or beneficiary.

For a request to be taken into account, it must be sent directly by you to rgpd@babaoo.com. Any request that is not made in this way cannot be processed.

Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.

We will respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request is technically complex or if we receive a large number of requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, particularly if it is repetitive.

Who can access your personal data?

Your personal data is processed by our teams and by our technical service providers for the sole purpose of operating our service.

We would like to point out that we check all our technical service providers before recruiting them to ensure that they scrupulously comply with the applicable rules on the protection of personal data.

WE GUARANTEE THAT WE WILL NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

Can your personal data be transferred outside the European Union?

The personal data processed by our website is exclusively hosted on servers located within the European Union.

In addition, we do our utmost to use only technical tools whose servers are also located within the European Union. However, if this is not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement all the technical and organisational means required to guarantee the security of your personal data on a day-to-day basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.

Do we use cookies when you browse our website?

Please note that we use cookies when you browse our website. For more information, please consult our Cookie Policy.

Who can you contact to obtain more information about the use of your personal data?

To guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) to our supervisory authority.

You can contact our DPO free of charge at any time at rgpd@babaoo.com to obtain more information or details on how we process your data.

How can you contact the CNIL?

You may at any time contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on +331.53.73.22.22.

Can the Confidentiality Policy be modified?

We may amend our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future.

Certified by Dipeeo ®

2 – BABAOO MOBILE APPLICATION

What is the purpose of our Confidentiality Policy?

Babaoo SAS, which manages the Babaoo mobile application, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of reliability and trust.

In this respect, our Personal Data Confidentiality Policy precisely reflects our desire to ensure that Babaoo SAS complies with the rules applicable to the protection of personal data and, more specifically, those of the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy intended for?

Our Privacy Policy applies to you, regardless of where you live, as long as you are at least 15 years old and are a user of our Babaoo mobile application (e.g. parents, teachers or remedial staff).

If you are under the legal age detailed above, you are not authorised to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email to rgpd@babaoo.com.

If you believe that we are holding personal data about your children without your consent, please contact us at the dedicated address detailed above.

Why do we process your personal data and on what basis?

We process your personal data mainly for the following purposes

• To use and benefit from our service and all its features, (e.g. educational video game, choose your avatar, explore the world of babaoos, etc.), respond to your requests on the basis of our general terms and conditions of use.
• To manage user accounts (e.g. account creation, access to the service and account deletion) on the basis of our general terms and conditions of use.

To receive our technical emails (e.g. modification of passwords, etc.) which are essential for the proper functioning of our service on the basis of our general terms and conditions of use.

• To pay online on the basis of our general terms and conditions of sale.
• To guarantee and improve the security and quality of our day-to-day services (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms of use and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you when you use our Babaoo mobile application and we undertake to process your data only for the purposes described above.

What personal data do we process and for how long?

We have summarised the categories of personal data and their respective retention periods below:

• For private individuals, data of an economic and financial nature (e.g. bank account number, verification code, etc.) kept for the time required to complete the transaction and manage invoicing and payments, plus the statutory limitation periods, which are generally 5 to 10 years.
• For professionals, when there is confusion between the name of your organisation and your personal name (e.g. self-employed entrepreneurs, very small businesses, etc.), economic and financial data (e.g. bank account number, verification code, etc.) retained for the time required for the transaction and for managing invoicing and payments, plus the statutory limitation periods, which are generally 5 to 10 years.
• For private individuals, personal identification data (e.g. surname, first name) and contact details (e.g. email address) are kept for the entire duration of the service, plus the statutory limitation periods, which are generally 5 years.
• For professionals, personal identification data (e.g. surname, first name, position, company, department, etc.) and contact details (e.g. e-mail address and business telephone number, etc.) are kept for the entire duration of the service, plus the statutory limitation periods, which are generally 5 years.
• Connection data (e.g. logs, IP address, etc.) kept for 1 year.
• Email address to receive our technical messages, kept until your account is deleted.
• Cookies are generally kept for a maximum of 13 months. For more details on how we use your cookies, you can consult our cookies policy, which can be accessed at any time on our website.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you. At the most, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all data concerning you for the duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations give you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.

• The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
• The right to rectify any personal data that is incorrect, obsolete or incomplete.
• The right to request the deletion (“right to be forgotten”) of your personal data that is not essential for the proper functioning of our services.
• The right to limit your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
• The right to data portability, which allows you to recover part of your personal data so that it can be easily stored or transmitted from one information system to another.
• The right to give instructions on what should happen to your data in the event of your death, either through you, a trusted third party or a beneficiary.

For a request to be taken into account, it must be sent directly by you to rgpd@babaoo.com. Any request that is not made in this way cannot be processed.

Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.

We will respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request is technically complex or if we receive a large number of requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, particularly if it is repetitive.

Who can access your personal data?

Your personal data is processed by our teams for the sole purpose of managing applications.

We would like to point out that we check all our technical service providers before recruiting them to ensure that they scrupulously comply with the applicable rules on the protection of personal data.

WE GUARANTEE THAT WE WILL NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

Can your personal data be transferred outside the European Union?

Personal data processed by our Babaoo B2C and B2B mobile application is exclusively hosted on servers located within the European Union.

In addition, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement the following technical and organisational means to guarantee the security of your personal data on a day-to-day basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.

Technical safety measures

• Complex user passwords (“Front” side) imposed on connection.
• Database of user passwords (“Back” side) separated from identifiers.
• Complex user passwords (“Back” side) imposed on connection.
• 2FA.
• A/B Testing.
• Antivirus on Babaoo SAS team terminals.

Organisational security measures

• Locked offices.
• Information systems charter.
• Team awareness and training twice a year.
• Rules of good conduct.

Do we use cookies when you browse our mobile application?

Please note that we use cookies when you browse our mobile application. For more information, please consult our Cookie Policy.

Who can you contact to obtain more information about the use of your personal data?

To guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) to our supervisory authority.

You can contact our DPO free of charge at any time at rgpd@babaoo.com to obtain more information or details on how we process your data.

How can you contact the CNIL?

You may at any time contact the “Commission Nationale de l’Informatique et des Libertés” or “CNIL” at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on +331.53.73.22.22.

Can the Confidentiality Policy be modified?

We may amend our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future.

Certified by Dipeeo ®