Legal Notices

Privacy Policy

PRIVATE DISCUSS (also referred to hereafter as "we", "our", "us"), a simplified joint-stock company with a share capital of 75,000 euros, whose registered office is located at 304 Route Nationale 6, (69760) LIMONEST, registered under number 829 105 741 in the Lyon Trade and Companies Register, provides various messaging, internet calling, private, encrypted, secure, and collaborative communication services via its website and the PRIVATE DISCUSS web and mobile application (hereafter referred to as "Services").

As part of our Services, we are committed to maintaining the strictest confidentiality regarding your information (including your messages), and to complying with the rules on personal data protection arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter referred to as "GDPR" or "regulation") on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, acting as both Data Controller and Data Processor.

WHAT DOES THIS STATEMENT CONTAIN?

This Privacy Policy presents the information we collect and the impact this may have on you regarding the processing of your personal data. It also sets out the measures we take to protect the confidentiality of your personal information, the means implemented to ensure that exchanged information is not stored, and to give you control over the people with whom you communicate via our Services.

This Privacy Policy applies when your personal data is collected through the use of our Services, as well as in the context of your relationship, of whatever nature, with us.

This Privacy Policy supplements the legal notices and the General Terms of Use of PRIVATE DISCUSS, which describe the conditions governing your use of our Services and which can be consulted at https://private-discuss.com/en/general-terms/.

OVERVIEW OF THE COLLECTION AND PROCESSING OF YOUR PERSONAL DATA

As a Data Controller, we make every effort to ensure that your personal data, when using our Services, is:

  • Processed lawfully, fairly, and transparently;
  • Collected for specified, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
  • Kept for no longer than is necessary for the purposes for which it is processed;
  • Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures suited to the risks.

In order to be lawful, and in accordance with the regulation, the collection and processing of your personal data may only take place if they comply with at least one of the following conditions:

  • You have expressly consented to the processing;
  • Processing is necessary for the performance of a contract;
  • Processing fulfils a legal obligation;
  • Processing and collection of personal data are necessary for the legitimate and private interests pursued by the data controller or by a third party.

As a Data Processor, we guarantee that the processing purposes are described in the PRIVATE DISCUSS SaaS Licence Agreement (hereafter referred to as the "Agreement") signed between us and the Licensee Administrator.

The processing of the personal data of the Licensee Administrator's users is carried out solely for the determined purposes and instructions, and under the conditions provided for by the Agreement. The deletion of personal data is initiated at the end of and under the conditions specified in the Agreement, unless applicable law requires retention.

WHAT PERSONAL DATA DO WE COLLECT?

As a Data Controller, we collect various types of data in order to provide our Services and use them optimally:

Data relating to your identity

  • Last name
  • First name
  • Email address
  • Phone number
  • Job title

Data relating to your account

  • Profile picture (optional)
  • Connection status
  • Status message (optional)
  • "Last seen" status (may be visible to all people using our Services within your organisation)
  • Identifiers
  • Password
  • Contact list
  • Your groups or list of favourite contacts (optional)

Data relating to the connection and electronic equipment used

  • IP address
  • Mobile network information
  • Operating system used
  • Device model
  • Browser used
  • Time spent using our Services

Data and information relating to log files

  • Collection of service information
  • Diagnostics and performance
  • Information about your activity and use of our Services
  • Log files, logs, diagnostic, incident, and website performance reports

Collecting your data as Data Controller

We collect your personal data directly from you when you have contracted directly through a PRIVATE DISCUSS SaaS Licence Agreement.

The transmission of this personal data is necessary to provide you with access to and use of our Services. It is therefore your responsibility to ensure that this data is accurate and complete, and to update it as necessary. We are not responsible for the inaccuracy and/or obsolescence of data as provided by you or any person you authorise to use our Services.

We also collect data indirectly when you access, browse, log in to, and use our Services.

Collaboration with third-party providers. We work with third-party providers who help us operate, provide, improve, understand, customise, support, and market our Services. These providers may communicate information about you to us under certain circumstances.

As a Data Processor, we may access the personal data of users provided by the Data Controller in order to grant them optimal access to and use of our Services:

Data relating to users' identity

  • Last name
  • First name
  • Email address
  • Phone number (optional)

Data relating to their account use

  • Profile picture (optional)
  • Your status
  • Your identifiers
  • Password
  • Your groups and list of favourites (optional)

Data relating to the connection and electronic equipment used via our Services

  • IP address
  • Mobile network information
  • Device model
  • Internet browser used
  • Time spent using our Services
  • Operating system used

This personal data may be collected directly or indirectly by us or by the Licensee Administrator. Regardless of the method of collection, it is only processed under the instructions of the Licensee Administrator acting as Data Controller.

WHY DO WE COLLECT YOUR PERSONAL DATA?

As Data Controller, PRIVATE DISCUSS collects and processes any personal data concerning you in order to:

  • Create and manage your Administrator account;
  • Provide you with assistance in using our Services;
  • Improve, evaluate, and troubleshoot the use of our Services;
  • Research, develop, and test new features within our Services;
  • Carry out troubleshooting activities;
  • Respond to you when you contact us;
  • Verify your Administrator account and your activities on our Services, and examine any suspicious activity or breach of our General Terms of Use and ensure our Services are used lawfully;
  • Ensure the security and confidentiality of your Administrator account and your activities via the use of our Services;
  • Ensure the security and confidentiality of your communications;
  • Protect the rights, property, and safety of persons or of PRIVATE DISCUSS;
  • Respond to legal proceedings or governmental requests in accordance with applicable legislation or regulations.

As a Data Processor, we may access and process the personal data of any person authorised by the Licensee Administrator to use our Services.

Such access and processing is governed by an Agreement signed between PRIVATE DISCUSS and the Licensee Administrator, containing specific clauses on data protection. In this context, we process personal data solely on behalf of and under the documented instructions of the Licensee Administrator in accordance with the provisions of the said Agreement.

MANAGING YOUR INFORMATION

If you wish to manage, modify, restrict, or delete your information, the Licensee Administrator of your organisation can do so using the following tools:

Powers of the Licensee Administrator

Via the settings of our services:

  • Modify your settings for certain information accessible to other people
  • Delete a User's PRIVATE DISCUSS account at any time using the account deletion feature

Powers of the User

  • Manage your contacts, groups, and distribution lists
  • Use the blocking feature to manage the people you communicate with
  • Edit your name, profile picture, and status

Upon account deletion. When a PRIVATE DISCUSS account is deleted, unsent messages are removed from our servers, along with any other information we no longer need to operate and provide our Services.

Please note that deleting your account does not affect the information other people have about you, such as copies of messages you sent them.

PERSONAL DATA BREACH AND SECURITY

Connection security. You are informed that we cannot guarantee the security of your internet connection. Therefore, we cannot be held responsible for any breach of your personal data resulting from outages, connection difficulties, and/or an unsecured internet connection.

In the event of a breach. As Data Controller, we notify any personal data breach to the CNIL and, where necessary, to the natural persons affected by the breach.

When we act as Data Processor, the data breach will be notified to the Licensee Administrator under the conditions provided for in the Agreement concluded between us and the Licensee Administrator.

Access to your information. As Data Controller or as Data Processor, we take all useful precautions (physical, logical, administrative, or organisational) to preserve data security and prevent it from being distorted, damaged, or accessed by unauthorised third parties. Only our personnel, employees, and agents who are strictly authorised are permitted to access your personal data, in strict compliance with security and confidentiality obligations.

We can only be held liable for any breach of the security and confidentiality of your access rights to and use of our Services in the event of negligence or fault on our part.

With regard to your messages. We do not store your messages and communications during access to and use of our Services for security reasons. Once your messages (including your chats, photos, videos, voice messages, files, and location sharing information) have been transmitted, the duration for which your data is retained is configured by the Licensee Administrator of your organisation.

Your messages are stored and encrypted on our secure servers hosted in France. To improve performance and transmit multimedia messages more efficiently, we may retain this content on our servers for longer, depending on the choices made by the Licensee Administrator.

Automatic end-to-end encryption. We provide automatic end-to-end encryption as part of our Services, which cannot be disabled, when you and the people you communicate with use our Services. End-to-end encryption means your messages are encrypted both in transit and in storage to protect them so they cannot be read by PRIVATE DISCUSS or by third parties.

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We retain your personal data for a period not exceeding what is necessary for the purposes set out in this Privacy Policy. Beyond this period, your personal data may be archived to comply with the legal obligations to which we are subject.

Personal data enabling us to establish proof of a right or an Agreement is retained and archived in accordance with applicable provisions.

YOUR RIGHTS

Where PRIVATE DISCUSS acts as Data Controller, in accordance with the GDPR, every natural person has a right of access, rectification, objection, restriction of processing, and portability of their personal data. All of these rights may be exercised with PRIVATE DISCUSS, subject to providing valid proof of identity.

For any additional information relating to the protection of your personal data, we recommend that you contact the CNIL (https://www.cnil.fr/). We also remind you that every natural person has the right to lodge a complaint with this authority.

When PRIVATE DISCUSS, acting as Data Processor, receives a request from a natural person concerned by the processing of their personal data in the context of the performance of a PRIVATE DISCUSS SaaS Licence Agreement, we forward this request to the Licensee Administrator as soon as possible after receipt.

Taking into account the nature of the processing and under the conditions established in the Agreement, we will assist the Licensee Administrator, as far as possible, through appropriate technical and organisational measures, in fulfilling their obligation to respond to such requests. However, the Licensee Administrator remains responsible for the response to be provided to the natural person concerned.

ABOUT COOKIES

Information. A "Cookie" is a small computer file, a tracker deposited and read for example when browsing a website, reading an email, installing or using software, or a web or mobile application, regardless of the type of electronic device used (computer, tablet, or smartphone).

The absence of cookies at PRIVATE DISCUSS. The PRIVATE DISCUSS Services (website and web or mobile application) do not use any cookies or trackers. Furthermore, we do not allow third-party advertising banners in the context of using our Services.

IN THE CASE OF TRANSFER OR ASSIGNMENT

As Data Controller, all of our rights and obligations are freely transferable by us to any affiliated company in the context of a merger, acquisition, restructuring, sale of assets, or court order, without this list being exhaustive.

We may also transfer your personal data and information to our affiliated companies, successors, or new owners.

As Data Processor, in accordance with the above, we may transfer your personal data and information to our affiliated companies, successors, or new owners, following receipt, as soon as possible, of the written consent of the Licensee Administrator in their capacity as Data Controller.

CONDITIONS FOR AMENDING THE PRIVACY POLICY

This Privacy Policy can be consulted at any time at the following address: https://private-discuss.com/politique-de-confidentialite/.

We reserve the right to amend this Privacy Policy to ensure its compliance with applicable law.

It is your responsibility to consult this Privacy Policy regularly in order to be aware of any updates that may be made at any time by PRIVATE DISCUSS. Furthermore, please note that the date of the last update is indicated at the top of this Privacy Policy.

By continuing to use our Services, you confirm that you accept our Privacy Policy as amended. If you do not agree with our Privacy Policy as amended, you must stop using our Services.

We recommend that you regularly consult this Privacy Policy to be informed of any updates or changes.

If any clause of this Privacy Policy is declared null or contrary to the regulations or legislation, it shall be deemed unwritten but shall not result in the nullity of the other clauses of our Privacy Policy.

CONTACT

PRIVATE DISCUSS has appointed a GDPR contact, whose point of contact is dpo@private-discuss.com.

For any questions relating to this Privacy Policy, please contact us:

  • Via our "Contact" platform available at the following address: https://private-discuss.com/en/contact/.
  • By post at the following address: PRIVATE DISCUSS – 304 Route Nationale 6, 69760 LIMONEST.