GOTLR PRIVACY POLICY

Document updated on July 26, 2021

Please read this privacy policy carefully to understand how your personal data is collected, processed and stored when you use the GOTLR App, accessible via the stores Apple Store and Google Play.
All personal data collected on the application are processed under the responsibility of GOTLR, registered in the Paris Trade and Companies Register under number 848 506 861 and having its registered office at 59 Rue de Ponthieu B562, 75008 Paris, France.
Within the meaning of the regulations applicable to personal data, GOTLR is therefore responsible for processing.
This privacy policy describes:
I. How GOTLR uses your personal data
II. How GOTLR shares your personal data
III. How GOTLR protects your personal data
IV. Where GOTLR hosts and transfers your personal data
V. How you can exercise your rights relating to your personal data
VI. Updates to the privacy policy
VII. How to contact us

__________

I. HOW GOTLR USES PERSONAL DATA
GOTLR may use your personal data for the following purposes:
⦁ Create your user account on the mobile application;
⦁ Manage orders for products and/or services;
⦁ Publish and manage the reviews left on the products and/or services ordered on the mobile app;
You send our newsletter following your subscription to the newsletter;
⦁ Respond to your contact request made from our website.
Most of the processes listed above are necessary for the performance of the contract with GOTLR when you use our mobiel app to order the products and/or services.
However, the processing of your personal data in order to send you our newsletter is based solely on your consent to receive our newsletter, which you can withdraw at any time. If you do not consent to the sending of the newsletter, please note that this will not prevent you from creating your customer account and placing orders on our mobile app.

II. HOW GOTLR SHARES YOUR PERSONAL DATA
Within GOTLR, and for each processing purpose, personal data concerning you is collected, processed and stored by GOTLR's authorized staff, only within the framework of their respective competencies, and in particular by customer service, marketing department and IT department.
We do not share personal data with other companies, organizations and individuals unless one of the following circumstances applies:
(1) Sharing with prior consent: after obtaining your consent, GOTLR will share the information you have authorized with specific third parties or categories of third parties provided when collecting your consent.
(2) Sharing with our service providers: GOTLR may also disclose your information to companies that provide services for us or on our behalf. These service providers include companies that offer IT services such as our hosting provider or email provider, delivery services for our products, Our payment solution partner for user verification (KYC) or that offer marketing activities on our behalf. These service providers may use your information only for the purpose of providing you with services on behalf of GOTLR.
(3) In fulfillment of a legal obligation, sharing in accordance with laws and regulations: GOTLR may share your information as stipulated by laws and regulations in order to resolve legal disputes or as stipulated by judicial or administrative authorities under the law.
GOTLR will ensure the legality of any sharing of personal data through data processing clauses with the companies with which your personal data is shared, obliging them to comply with this privacy policy and to take appropriate security and confidentiality measures when processing personal data.

III. HOW GOTLR PROTECTS YOUR PERSONAL DATA
GOTLR attaches great importance to the security of your personal data and has adopted common industry practices to protect your personal data and prevent unauthorized access, disclosure, use, modification, damage or loss of this information.
We have also taken the necessary precautions to have our hosting provider preserve the security and confidentiality of the data and, in particular, to prevent it from being distorted, damaged or communicated to unauthorized persons.
GOTLR also adopts the following organizational measures:
(1) We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant as necessary, with regard to the purposes for which it is processed.
(2) We retain your personal data for the period strictly necessary for the purpose of the processing unless the retention of your data is required or permitted by law. For example, we keep data related to the execution of your orders for the period required by law for the purpose of keeping accounting records, i.e., a maximum of 10 years from the fiscal year concerned.
(3) We deploy access control mechanisms to ensure that only authorized personnel can access your personal data.
In the event of a personal data breach, GOTLR will comply with the legal and regulatory requirements applicable to the notification of personal data breaches to the competent supervisory authorities and/or data subjects.

Our payment partner OBVY secures the transactions. Sharing your identity documents for verification is mandatory to meet regulatory requirements.

These checks are necessary to combat fraud, money laundering and terrorist financing, and to ensure the security of the transactions and the users who initiated them.

The processing of this verification data is carried out by Mangopay, a subsidiary of Crédit Mutuel Arkéa.

All data related to identity verification are collected through secure channels. Servers and data are hosted by financial industry professionals and Mangopay partners. This includes declarative data as well as transmitted identity documents.

No commercial or marketing use will be made of the data transmitted. The sole purpose of these data is to meet regulatory obligations.

IV. WHERE GOTLR HOSTS AND TRANSFERSYOUR PERSONAL DATA

Your personal data will be hosted within the hosting infrastructures of our hosting provider, GOTLR, located in France.

Where such transfers exist, we ensure that such transfers of personal data are regulated in accordance with applicable regulations in order to ensure an adequate level of data protection, either by an adequacy decision by the European Commission or through legal instruments such as data transfer contracts incorporating the European Commission's Standard Contractual Clauses.
For any request concerning the recipients and transfers of data that we make outside the European Union, please contact us at the addresses indicated in the "CONTACT page’’.

V. HOW YOU CAN EXERCISE YOUR RIGHTS RELATING TO YOUR PERSONAL DATA 
You have a right to access, rectify, delete, limit, oppose the processing of your personal data, as well as the right to define guidelines on the fate of your data after your death and the right to the portability of your personal data.
You can contact us at any time at the addresses indicated in the "CONTACT page" section below in order to exercise your personal data rights under the conditions set out by applicable regulations. You must indicate what right you intend to exercise and all the details necessary for us to respond to your request.
These rights are exercised under the conditions laid down by the applicable regulations.
The right of access means that you can ask us at any time to tell you if we process personal data about you, and if so, to tell you what personal data is concerned and the characteristics of the processing(s) carried out.
The right to rectification means that you can ask us to rectify your personal data when it is inaccurate. You can also request that your personal data, if incomplete, be completed to the extent that it is relevant to the purpose of the processing in question.
The right to erasure means that you can request to erase your personal data, in particular, when:
Their conservation is no longer necessary for the purposes for which they were collected;
Your personal data is processed on the basis of your consent, you wish to withdraw this consent, and there is no other legal basis that could justify the processing;
You have objected to the processing of your personal data and therefore wish it to be deleted;
Your personal data has been unlawfully processed;
Your personal data must be deleted to comply with a legal obligation that is provided for either by European Union law or French law.
The right to limitation means that you can ask us to limit the processing of your personal data
When you dispute the accuracy of your personal data for a period of time, allowing us to verify the accuracy of it;
When following processing established as non-compliant, you prefer limiting the processing to completely erasure of your personal data;
When we no longer need your personal data for the purposes of processing but it is still necessary for you to establish, exercise or defend legal rights;
When you have objected to the processing of your personal data and you want a limitation of processing for the period allowing us to verify whether the legitimate reason you invoke is justified.
The limitation of processing means that the processing of your personal data will then mean the sole storage of your corresponding personal data. We will then no longer perform any other operations on the personal data in question.
The right to object means that you can object to the processing of your personal data, where such processing is based on the pursuit of GOTLR's legitimate interest. The right to object is exercised subject to proving a legitimate reason relating to your particular situation. We will then cease the processing in question unless there are legitimate and compelling reasons for justifying the prosecution in accordance with applicable regulations.
The right to define guidelines on the fate of your data after your death allows you to make known your instructions regarding the storage, erasure and communication of your personal data after your death.
The right to portability means that you can ask us, under the conditions set out by applicable regulations, to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to you, or to ask us to transmit it directly to a third party of your choice where legally and technically possible.
When we process your personal data on the basis of your consent, you finally have the option to withdraw your consent at any time by contacting the addresses indicated in the “CONTACT page” section or by clicking on the unsubscribe link in each of our communications.
However, the withdrawal of your consent does not call into question the validity of the processing carried out before this withdrawal.

VI. UPDATES TO THE PRIVACY POLICY
GOTLR reserves the right at any time to modify or update, in whole or in part, this privacy policy due to changes in the applicable regulations on the protection of personal data or the data processing carried out.
Any substantial change to the privacy policy will be notified to you by email when you have provided us with a valid email address and will be published on the website. We recommend that you regularly review this privacy policy in order to have a perfect knowledge of our commitments regarding the security and protection of your personal data.

VII. HOW TO CONTACT US
If you have any questions, comments or suggestions, please contact us by visiting the contact us page or submitting them to contact@gotlr.com.
Or by post mail to GOTLR SS 59 Rue de Ponthieu B562 75008 Paris France.
If you are not satisfied with GOTLR's response to a request to exercise rights in accordance with Article V above or wish to report a breach of applicable data protection regulations, you have the right to lodge a complaint with the CNIL by mail (CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07) or on its website (www.cnil.fr), or with the data protection authority of the country in which you habitually reside or work.

GOTLR the new generation application, designed to make your daily life easier. Enjoy Everything, everywhere, by everyone.

en_USEnglish