Privacy statement

Trustpair, a French société par actions simplifiée, with its registered office located at 174, quai de Jemmapes, 75010, Paris, France, and registered with the Paris Trade and Companies Register under number 832 940 670, collects and processes personal data in its capacity as data controller and, to an extent, as data processor.

The data processed by Trustpair are collected, recorded and stored in accordance with the provisions of the law n°78-17 of 6 January, 1978 in its current version, as well as with the provisions of the General Data Protection Regulation (Regulation (EU) n°2016/679 “GDPR”).

Purposes and legal basis of the processing

The data collected by Trustpair as data controller under the meaning of the GDPR are mostly professional contact details of the representatives of Trustpair’s clients and prospects as well as, if applicable, the content of their requests and interactions with the website www.trustpair.fr (the “Website”), the application https://app.trustpair.fr, the API https://app.trustpair.fr/api/v1, and as a whole, any solution published by Trustpair (the “Applications”).

The data collected on the Website are collected with the consent of the data subjects, and for their pre-contractual relations with Trustpair when they request information on Trustpair’s products and services or apply to join Trustpair.

The data collected from the Applications are collected for the purpose of executing the contracts between Trustpair and its clients, and between the clients and their suppliers and beneficiaries.

The processing of these data is necessary for Trustpair to provide the services of the Website and Applications. It allows Trustpair to provide a fraud and payment error detection service, to know how the data subjects use or wish to use the services, to respond to requests (contact, demo, expertise) and to maintain its relations with clients and prospects.

When representatives of clients and prospects engage with Trustpair’s employees, the data collected may be used to send them newsletters and to follow up on their interests in the services.

Connection logs and accesses to the Website and the Applications are collected on the basis of Trustpair’s legitimate interest in securing the Website and the Applications and in preventing fraud.

Nature of the data collected as data controller

When using the Website, only the data marked with an asterisk are mandatory.

Trustpair mainly collects the following data from the Website: 

  • For the newsletter: email address;
  • In the chat: email address and business phone number, content of the messages sent;
  • To request a demonstration, participate in or receive the replay of a webinar, contact an expert or receive a personalized quote: name, surname, address;
  • To submit a partnership request: first name, last name, business email and phone number, company name, position and revenue, and replay of events/webinars if applicable; 
  • To submit a partnership request: first name, last name, professional email address and phone number, company name, content of the message;
  • To submit a job application: last name, first name, email address, phone number, photo, CV, cover letter.

Trustpair mainly collects the following data from the Applications:

  • To create the users’ account: Name, first name, professional email, administrator/user status;
  • To provide training to the client’s users: Name, first name, professional email and phone number, company, position, content/nature and dates of the training;
  • To provide support services: First and last name, professional email, content of the message, identity of the client, name of the verification operator, nature of the difficulty/bug, IP address;
  • To train its sales representatives: records of interactions between sales representatives and representatives of prospects and clients;
  • For invoicing purposes: Name, surname, position, professional contact details (email/ telephone/ employer’s name/ address), content of exchanges (emails, meeting notes, etc.).
  • To protect its interests in case of litigation: all exchanges with the party in litigation/pre-litigation, history of disputes, name/first names of contacts within the party in litigation/pre-litigation, order history, services provided, nature and requests, professional contact details (email and telephone number), content of exchanges (notes, memos, email, etc.).

Additionally, Trustpair collects, for the security of its IT system, the logs and technical information of connection to the Website and the Applications, namely: IP address, logs, identification of terminals, time stamps, origin of the mail server, use of the system, access, modification, extraction, and deletion of files/data and time spent on the computer system.

Sub-processing

When Trustpair processes IBANs containing personal data (such as when the IBAN provided for authentication belongs to someone who is self-employed or a shareholder of a client), Trustpair acts as a sub-processor of the client’s personal data under the meaning of the GDPR.

Trustpair collects the business telephone number, and in specific cases (self-employed/freelance/shareholders/policy holder): name, first name of the person, home address (on the IBAN) and telephone number.

When acting as a sub-processor Trustpair always follows the instructions of the client acting as data processor.

Data retention term

ProcessingRetention term 
  • Managing the relations with service providers and suppliers
  • Term of the contract
  • Managing relations with the clients
  • Term of the contract
  • Managing the relations with partner companies
  • Term of the contract
  • Market research (prospective clients)
  • 3 years
  • Managing partnership requests
  • 1 year
  • Newsletter subscription 
  • 1 year from the last opening of a newsletter by the data subject 
  • Information request submitted through the online chat services 
  • 1 year
  • Contact requests submitted through the Website (meet an expert, demo, quotation requests, etc.).)
  • 1 year
  • Billing
  • Term required for the payment
  • Creating users’ accounts on the Applications
  • Term of the contract
  • Team training
  • 6 months
  • Organizing online training and demo sessions
  • 1 year
  • Checking and verifying the bank details of a payment beneficiary
  • Term of the contract
  • Training sessions on how to use the Applications
  • 2 years 
  • Providing support services
  • 1 year
  • Overseeing logging to the IT system (Website, Applications, any app published by Trustpair)
  • 1 year
  • Litigation
  • Term of the litigation

Upon reaching the end of these terms, the data are deleted.

Hosting – Data access

Within Trustpair, access to the data is compartmentalized. The data is therefore only accessible to authorized individuals, for the purpose of their respective missions within Trustpair.

Trustpair does not sell the personal data it collects.

The data collected by Trustpair are stored in the European Union, in AWS data centers and, for some data, in Orange data centers.

Trustpair does not voluntarily transfer personal data outside the European Union. In the event that the development of Trustpair’s activities would lead to a one-time or ongoing transfer of data to a country outside the European Union that has not been granted an adequacy decision from the European Commission, Trustpair will take all necessary steps to ensure that this transfer is governed by a mechanism that provides sufficient guarantees for the security of the transferred data, including the use of the European Commission’s standard contractual clauses.

Rights of the data subjects

Data subjects have the right to access, modify, rectify, delete and, where applicable, object to a processing and request to port their personal data, in accordance with the Law n°78-17 in its current version and the provisions of the GDPR.

When an employee of a client requests to exercise his/her rights and Trustpair is acting as a data processor under the meaning of the GDPR, the requests are addressed to the client responsible for processing as the client alone determines the follow-up to these requests.

When the processing is based on the consent of the data subject, the latter can withdraw his/her consent at any time, without this affecting the lawfulness of the processing previously carried out on his/her personal data.

These rights can be exercised at the following email address: privacy@trustpair.fr.

Trustpair has also appointed a Data Protection Officer: the company Virtual-DPO. VIRTUAL-DPO can be contacted at any time through the email address: contact@virtual-dpo.fr or via its website www.virtual-dpo.fr.

In case of difficulties in connection with the management of their personal data, the data subjects may lodge a complaint with the CNIL or with any competent supervisory authority.