Privacy policy
For Kangaruu, the preservation of Users’ personal data is important.Kangaruu commits to implementing suitable measures for safeguarding the protection, confidentiality, and security of users' personal data, in compliance with the current regulations in Europe outlined in Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 concerning the safeguarding of individuals in relation to the processing of personal data and the free flow of such information. This regulation revokes Directive 95/46/EC (General Data Protection Regulation) and specifically adheres to the national laws that enforce this Regulation.
The objective of this charter (the "Charter") is to provide Users with information and clarity regarding the collection and processing of their personal data by Kangaruu, acting as the data controller.
Users are encouraged to thoroughly read the Charter, print a copy, and retain it for reference.
By utilizing the Solution, the User agrees to all the terms outlined in the Charter concerning the collection and processing of their data for the specified purposes.
Users must furnish their personal data in digital format when utilizing the Solution.
1. Categories of personal data collected
No sensitive data is collected or processed by Kangaruu.
The User data that Kangaruu may collect and process may consist (without limitation) of the following data:
a) Identity: This includes the individual's full name, last name, first names, company name, address, telephone number (landline and/or mobile), fax number, email addresses, internal processing code for customer identification (excluding the national identification register registration number for individuals, social security number, bank card number, or identity document number). A copy of an identity document may be retained as evidence for exercising the right of access, rectification, or objection, or to fulfill a legal requirement.
b) data relating to means of payment: billing e-mail address, billing address, postal or bank statement, cheque number, credit card number, expiry date of the credit card, visual cryptogram (the latter not being kept, in accordance with the regulations in force);
c) data relating to the transaction such as the transaction number, details of the purchase, subscription, good or service purchased;
d) family, economic and financial situation: marital life, number of persons in the household, number and age of the child(ren) at home, profession, field of activity, socio-professional category, presence of domestic animals;
e) Data related to the management of the business relationship: This category encompasses documentation requests, trial requests, purchased products, subscribed services or subscriptions, quantities, amounts, frequencies, delivery addresses, purchase and service history, product returns, sales origin (seller, representative, partner, affiliate), correspondence with customers and post-sales services, customer and prospect interactions and feedback, and individuals responsible for customer relations.
f) payment details of invoices: payment terms, discounts granted, received, balances and unpaid not resulting in the exclusion of the person from a right, benefit or contract subject to authorisation by the Commission as provided for by Article 25-I-4° of the law of 6 January 1978 as amended;
g) the data needed to carry out loyalty, prospecting, research, polling, product testing and promotion measures, the selection of persons being possible only on the basis of analysis of the data listed above;
h) data relating to the organisation and processing of contests, lotteries and any promotional operations, such as the date of participation, the answers given to the contests and the nature of the prizes offered;
i) data relating to the contributions of persons submitting opinions on products, services or content, including their pseudonym;
j) data collected through the actions referred to in Article 32-II of the Act of 6 January 1978 as amended.
2. Principles applicable to the collection and processing of personal data
Legal basis for the collection and processing of personal data
Users’ personal data are processed by Kangaruu in the cases authorised by the regulations in force and under the following conditions:
Obtaining clear, specific, informed, and unambiguous consent from the User (or their legal representative in the case of minors or incapacitated individuals) for the processing of their personal data;
Gathering only the essential personal data required for fulfilling the User's request;
Adhering to legal and/or regulatory requirements imposed on Kangaruu (e.g., combating fraud and corruption);
Safeguarding Kangaruu's legitimate interests (e.g., ensuring the security of its IT network);
Utilizing Users' browsing information relevant to the collection and processing of personal data.
When using the Solution or certain related services, certain data are collected automatically such as the IP address, the reference of the navigation software used, the navigation data (date, time, content consulted, search terms used, etc.), the references of the operating system.
Among the technologies used to collect Users’ personal data, in order to improve the quality of its service and better meet their expectations, Kangaruu may use cookies and trackers, as well as “php” or equivalent sessions, which store the data, using a unique session identifier. These sessions keep said data in memory for Users’ browsing time.
The data collected during browsing are deleted at the end of the browsing session on the Solution, by the User or, if applicable, within a maximum period of 13 months from their collection.
Purposes of the collection and processing of personal data
Users can use the Solution without it being necessary to communicate personal data to Kangaruu.
Kangaruu collects and processes User data for the following purposes:
to execute the mission entrusted by the User, customer of Kangaruu, within the framework of the execution of the offer,
to use and improve the Solution and/or Kangaruu’s commercial offers, in particular in the context of surveys, surveys and other solicitations,
for billing and communication needs to the Payment Intermediary (as defined and identified in the Solution’s terms and conditions of use), for payment of Subscriptions,
for the purpose of sending and communicating Kangaruu newsletters, informative or commercial e-mail alerts and/or news to Users wishing to receive them,
to answer enquiries (online contact forms),
to respond to job applications (personal data collected: name(s), first name(s), e-mail, telephone number, CV, cover letters if attached,
to disseminate via the Solution and/or any social and communication networks and/or any other Kangaruu supports and materials, whatever the form or nature, existing or to come, the comments and/or opinions of Users on the said Solution and/or on Kangaruu,
for any measure or project that is more broadly in line with an objective of interest to Users or to improve the relationship and the customer experience,
to meet regulatory requirements in force or being adopted.
Retention period for personal data
The period for which Users’ personal data are kept depends on the purpose concerned.
In this context, Users’ personal data are kept for the time necessary to complete their request.
In the absence of any realization, personal data are deleted within the deadlines recommended by the Commission Nationale Informatique et Libertés (CNIL), after a period of three years from their collection on the Solution, subject to :
the legal possibilities and obligations regarding archiving,
obligations to keep certain data, for evidential purposes, and/or to make them anonymous.
The personal data of the User, customer of Kangaruu, collected and processed, for the purposes of executing offers, are retained for the time necessary to manage the contractual relationship.
By way of derogation, the personal data required for the establishment of proof of a right or a contract are archived in accordance with legal provisions (5 or 10 years after the end of the commercial relationship as the case may be).
3. Recipients of personal data collected
The personal data gathered is solely designated for internal use by Kangaruu and will not be shared or disclosed to third parties, except for the purposes outlined in article 2 above, concerning Kangaruu User clientele. In this context, the billing details of Kangaruu Users will be shared with the Payment Intermediary for processing payments related to the Subscriptions subscribed to or renewed by the User.
Access to the collected personal data is restricted to authorized personnel within the group and service providers of Kangaruu who may need to process the data, subject to the possibility of sharing with regulatory or inspection authorities as required by current legislation and/or regulations or to comply with judicial or administrative directives.
In accordance with applicable regulations, Kangaruu reserves the right to utilize Users' personal data, after ensuring complete anonymization, for purposes such as statistics, analysis, and potential sharing or transfer to third parties.
4. Transfer of personal data
The personal data of the Users collected are hosted in France.
In the context of its recourse to affiliates or service providers located outside the European Union, Kangaruu undertakes to verify that appropriate measures have been put in place to ensure that Users’ personal data enjoy an adequate level of protection.
5. Protection measures put in place by Kangaruu
Kangaruu collects and processes Users’ personal data in compliance with current regulations.
In instances where it is essential and authorized to disclose a User's personal data to third parties, Kangaruu takes measures to ensure that these third parties commit to providing the same level of protection to the personal data as Kangaruu does. Kangaruu requests confirmation from each contractual partner regarding their compliance with relevant regulations in this regard.
Kangaruu puts in place technical and organisational measures to ensure that the storage of Users’ personal data is secure for the duration necessary for the exercise of the purposes pursued.
Kangaruu draws Users’ attention to the fact that no transmission or storage technology is totally infallible.
Also, in the event of a proven breach of Users’ personal data, likely to create a high risk for Users’ rights and freedoms, KANGARUU will inform the competent supervisory authority of such breach in accordance with the procedures provided for by current regulations.
Users must exercise caution to prevent any unauthorized access to their personal data and in particular to their computer and digital terminals (computer, smartphone, tablet in particular).
6. User Rights
In accordance with current regulations, Users are entitled to the following rights, subject to legal and regulatory limitations:
**Right to information regarding the collection and processing of personal data**
Kangaruu commits to providing Users with accessible, accurate, and transparent information on the collection and processing of their personal data.
**Access Rights / Right to Erasure ("Right to Be Forgotten") / Right to Rectification / Right to Object / Right to Restrict Processing**
Users have the right to access their personal information held by Kangaruu at any time. They are entitled to receive an electronic copy (administrative fees may apply for additional copies).
Each User can request the deletion or correction of inaccurate or outdated personal data. Kangaruu may retain certain data as required by law or for legitimate purposes.
Users can object for legitimate reasons:
- The use of their personal data for direct marketing purposes
- The reuse of their personal data for purposes other than those specified in Article 2, except when fulfilling legal or regulatory obligations.
Users have the right to request that the processing of their personal data be limited to what is strictly necessary. This right applies when:
- The accuracy of personal data is contested
- The processing of personal data is deemed unlawful, and the User requests restrictions on its use instead of deletion
- Kangaruu no longer requires the User's personal data but is necessary for legal rights
- The User objects to the processing of personal data based on the controller's legitimate interest, with overriding legitimate grounds.
**Right to Lodge a Complaint with a Supervisory Authority**
Users who believe that Kangaruu's efforts to protect their personal data do not uphold their rights can file a complaint with the relevant supervisory authority (e.g., CNIL or other authority listed by the European Commission).
**Right to Data Portability**
Users have the right to request their personal data in a structured, commonly used, and machine-readable format from Kangaruu. They can also request the transfer of their data to another controller.
**Right to Determine Post-Mortem Data Processing**
Users can establish guidelines for the handling of their personal data after death, which Kangaruu must adhere to. In the absence of such directives, heirs have certain rights, including access and objection.
**User Rights Exercise**
To facilitate Users' requests, Kangaruu has appointed a Data Protection Officer (DPO). Users can contact the DPO at privacy@kangaruu.io or Kangaruu, 90 cours Lafayette, 69003 Lyon, France.
Users can also access letter templates on the CNIL website (www.cnil.fr) to assist in exercising their rights. Kangaruu may verify Users' identities before processing requests.
The DPO will respond to User requests promptly, within one (1) month of identity verification. In complex cases, this period may be extended by two (2) months, with the User informed of the reasons for the delay.
7. Charter Amendments
Kangaruu reserves the right to update the Charter to comply with legal changes or enhance its data processing and protection policy. Any amended version will be published online with the date of the Last Update and requires Users' prior acceptance.