1. About this policy
Aara, the brand incorporated under trotty, a simplified joint-stock company ('société par actions simplifiée') with a share capital of 18,700.00 euros, with its head office at 9 rue des Colonnes, 75002 Paris, registered in the companies register of Paris under the number 922 435 516 ('Aara (inc. trotty)', 'we', 'us', 'our'), is the data controller of your Personal Data.We are committed to providing you with professional and valuable products and services whilst safeguarding your privacy.This Data Privacy and Cookies Policy ('Privacy Policy') covers our online data collection activities and outlines when, why and how we collect, use and otherwise handle (collectively 'process') personal information about users, providers and places ('Data Subject', 'you', 'your' or 'yours'). 'Personal Data' is any information relating to you, which can be used to personally identify you, either directly or indirectly.It also tells you how you can access and update your information and make choices about how your information is used.We may process your Personal Data, as described in this Privacy Policy.Where you use our application, we will process your Personal Data collected by using cookies in accordance with this Privacy Policy.We are committed to explaining to you how we process your Personal Data and how we respect your privacy in accordance with the European Regulation nᵒ 2016/679, the so-called General Data Protection Regulation ('GDPR'), the French Law n°78-17, the so-called Loi Informatique et Libertés ('LIL') and any guidelines and recommendations of the competent bodies and authorities, together (the 'Regulation'). We encourage you to read this Privacy Policy.Please note that when data is anonymised i.e. the Data Subject is not or no longer identifiable, the provisions and principles of the Regulation no longer apply.
2. How is your data collected?
Your Personal Data is collected directly from you in the context of your personal account and profile or when you seek to contact us.Technical information (e.g. IP address, information on your browser, etc.) is also transmitted to us by your terminal when you use our application.
3. What data do we process and why?
3.1 Categories of Personal Data
If you are a user, through your personal account and profile, we collect the following Personal Data:
civil status, first name, last name, date of birth, email address, phone number, city of residence (if disclosed), your preferences and knowledge in travel and lifestyle places (e.g. your likes on a restaurant, your prices preference), professional activity, gender
We also collect information related to your browsing activity on the application, e.g.: the type of terminal you use (smartphone, computer, tablet...), the operating system of your terminal, your internet service provider, the browser used, the IP address of your terminal, the geolocation of your terminal, your language preferences.
3.2 Purposes and legal basis
The purposes for which we collect your Personal Data and the associated legal bases for processing, include: Purpose, Logic, Enable the proper working of our application (including dealing with queries and requests made via our contact form), Our legitimate interest: management of the service, Collect your preferences, Your consent (unsolicited likes), Set up your profile based on your information and preferences, Performance of an agreement (Terms and Conditions of Use): management of the service, Suggest relevant recommendations based on your preferences, Performance of an agreement (Terms and Conditions of Use): management of the service, Connect the users, providers and places, Performance of an agreement (Terms and Conditions of Use): management of the service, Ensure the creation, security, personalisation and management of your personal account, Performance of an agreement (Terms and Conditions of Use): personal account management, Display a provider or a place’s media and information on the application, Performance of an agreement (Terms and Conditions): management of the service, Allow you to access and use the application (cookies and other tracers), Our legitimate interest: cookies strictly necessary for the provision of the service you have expressly requested (cookies and other tracers), Store information about your preferences, and allow us to tailor the application to your interests (cookies and other tracers), Your consent (cookies and other tracers), Prepare reports or compile statistics to improve our services (cookies and other tracers), Your consent (cookies and other tracers), Retain Personal Data required to meet legal obligations and to manage data disclosure requests from authorised authorities, Comply with our legal and regulatory obligations, Sending marketing communications concerning our Products or Services, Your consent if you are a consumer and our legitimate interest if you are a professional: developing our business
4. If you do not provide your personal data
If you choose not to provide the Personal Data we request, we may not be able to provide you with our services e.g. if you do not express your preferences, you may not be able to provide you with relevant recommendations.
5. How and when do we share data with third parties?
We do not sell, rent, distribute or otherwise make Personal Data commercially available to any third party, except that we may share information within our employees, with our service providers and other third parties for the purposes set out in this Privacy Policy:
We can share your Personal Data with our employees authorized by virtue of their functions and bound by an obligation of confidentiality;
We can share your Personal Data with providers (e.g. hotels, restaurants, etc.) when you request to make a booking;
We can share your Personal Data with third party service providers, whom we engage to provide various services e.g. services related to our application, IT services and solutions, etc. We have carefully selected these service providers and taken steps to ensure that your Personal Data is adequately protected. All of our service providers are bound by written contract to process Personal Data provided to them only for the purposes of providing the specific service to us and to maintain appropriate security measures to protect your Personal Data.
As a user, your Personal Data can be transmitted to a provider when you want to book a visit at their venues because you have interests in their venues.
We may also share your Personal Data with:
our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice;
any other third party if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property and/or safety of Aara (inc. trotty), its personnel and others;
any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation; or
investors and other relevant third parties in the event of a potential sale or other corporate transaction related to Aara (inc. trotty).
Last, we can use anonymised and aggregated data to make statistics on users’ preferences e.g. statistics on visits, on the number of bookmarks or interests for one venue. The Regulation does not apply in this situation.
6. International Transfers of Data
The transfer of your Personal Data to and between us and providers potentially located all over the world, service providers or other recipients may involve your Personal Data being sent outside of the European Economic Area (“EEA”), to locations that may not provide the same level of protection as those within the EEA countries, including to third countries that are not covered by an adequacy decision of the European Commission.
However, we may only transfer your Personal Data outside of the EEA:
where the transfer is to a place or by a method or in circumstances that is regarded by the European Commission as providing adequate protection for your Personal Data;
where you have explicitly consented to the transfer by ticking a specific box in your personal account and after having been informed of the possible risks of such transfers.
You can request further details about the safeguards that we have in place in respect of transfers of Personal Data outside of the EEA by contacting us at: che@aara.app
7. How long do we store data?
It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement – Terms and conditions of use with you). However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:
legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
the establishment, exercise or defence of legal claims (e.g. for the purposes of a potential dispute).
Whilst we continue to process your Personal Data, we will ensure that it is processed in accordance with this Privacy Policy. Otherwise, we securely delete or anonymise your Personal Data once it is no longer needed.
Mainly, we retain the Personal Data:
complaints, questions, queries: 3 years following a complaint, question or query that has been closed;
contact form: 3 years after your request;
subscription to a newsletter: as long as the Data Subject does not unsubscribe;
personal account creation: until your account is deleted;
If you would like to have more specification on retention period of your Personal Data for a particular purpose, you can contact us at: che@aara.app
8. How do we protect your data?
We acknowledge that your Personal Data may be confidential. We will maintain the confidentiality of and protect your Personal Data in accordance with our Privacy Policy and all applicable laws, including the GDPR.We have implemented technological and operational security measures in order to protect your Personal Data from loss, misuse, or unauthorised alteration or destruction. Such measures include the use of firewalls, encryption, proper access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data. These measures ensure an appropriate level of security in relation to the risks inherent in the processing and the nature of the Personal Data to be protected.Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.We will notify you promptly in the event of any breach of your Personal Data that might expose you to serious risk.
9. Links to Third Party Websites
Links or references to other websites or applications may appear within our application. We do not control these websites or applications. You should be aware that this Privacy Policy does not apply to any website or application other than the application operated by Aara (inc. trotty). Visitors to other websites or applications are encouraged to read those privacy policies before exploring them.
10. Your rights
The following section explains your rights that you may exercise. The various rights are not absolute and each is subject to certain exceptions or qualifications in accordance with the Regulation.
The right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data. This is why we are providing you with the information in this Privacy Policy and in any legal notices or terms and conditions provided to you.
The right of access – you have the right to obtain from us confirmation as to whether or not your Personal Data is being processed by us, and about certain other information (similar to that provided in this Privacy Policy) about how it is used. You also have the right to access your Personal Data, by requesting a copy of the Personal Data concerning you. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person's rights.
The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g., if we have the wrong name or address for you).
The right to erasure – this is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to keep using it or its use is unlawful. This is however not a general right to erasure and there are some exceptions, e.g. where we need to use the information in defence of a legal claim or to be able to comply with a legal obligation.
The right to restrict processing – you have the right to ‘block’ or suppress the further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Data, but may not use it further.
The right to data portability – you have the right to obtain and reuse certain Personal Data for your own purposes across different organisations (being separate data controllers). This only applies to your Personal Data that you have provided to us that we are processing with your consent and for the purposes of contract fulfilment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine readable format or (where technically feasible) we may transmit your data directly to a separate data controller.
The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by Aara (inc. trotty), any of the Affiliates, or by a data recipient. We will be allowed to continue to process the Personal Data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we will no longer process your Personal Data for such purposes.
The right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal.
The right to provide us with directives regarding the use of your personal information after your death – you have the right to provide us with instructions on the management (e.g., retention, erasure and disclosure) of your personal information after your death. You can change or revoke your instructions at any time.
The right to lodge a complaint – if you believe that we do not comply with applicable data protection laws, you have the right to lodge a complaint before any competent data protection authority.
11. How to exercise your rights
If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, contact our privacy correspondent at: che@aara.app.Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.We will generally respond to your request within one month of receiving your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.We will not charge you for such communications or actions we take, unless:
you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or
you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either charge for our reasonable administrative costs or refuse to act on the request.
If you are not satisfied with our response to your complaint or believe our processing of your Personal Data does not comply with data protection law, you can file a complaint to the relevant data protection authority, the French Commission Nationale de l’Informatique et des Libertés (“CNIL”).
12. Cookies
When you visit or interact with our application, we (or our third-party providers) may use 'cookies' or other similar technologies to personalize and enhance your experience. A “cookie” is a small piece of information sent to a visitor’s computer or other Internet-connected devices to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies are used in particular to make our application work, or work more efficiently, as well as to provide data to the application owners. Our application use required cookies, functional and preference cookies, advertising cookies, social networks cookies then analytics and performance cookies.When your prior consent is required for their use, the period of validity of the consent to the deposit of cookies is six (6) months. At the end of this period, we will ask for your consent again.When your prior consent is not required, the analytics cookies lifetime is limited to thirteen (13) months (this period is enough for a relevant comparison of audience measure) and information collected through the cookies is retained for a maximum of twenty-five (25) months.Our application uses:
Required cookies. They enable you to move from page to page and to use features on our websites while your browser remains open. If a user blocks these cookies via the browser then we cannot guarantee how the application will perform. For example, remembering the user is not a first time user to the application,
Functional and preference cookies. For example, functional cookies may be used to recognize you as a previous visitor in order to provide a more personalized experience (remembering the preferred language etc.). They are stored in your computer, device, or browser until you choose to delete them.
Advertising cookies. They are used to show you advertisements or to send you information based on your interests in connection with your use of the application as you browse the Internet outside our application. In particular, they are used to limit the number of times you see an advertisement and to help measure the effectiveness of an advertising campaign. These cookies are mainly controlled by advertising agencies and we do not always control their use.
Social network cookies. They allow our content to be displayed or shared with others, including on social networks such as Facebook, Twitter, LinkedIn, Instagram, etc. Even if you do not use these sharing buttons or applications, social networks may track your browsing on our application if your account or session is enabled on your computer at that time.
Analytics and performance cookies. They allow us to collect data concerning the applications, including the number of visitors, where the visitors have come from, and the length of time visitors spend on the applications, which allows us or third-party service providers to analyse how our applications are used and how our applications are performing. We use this information to improve our application and provide a better user experience. These can be enabled/disabled at any time by the user.
There are two ways to refuse the use of cookies.Either during your first visit to our application, you will be asked for your consent to the use of your data by cookies via a cookies banner displayed at the bottom of the page.Either the majority of web browsers accept cookies and similar files, but you can usually change your browser settings to prevent this. If for any reason you decide that you do not like our use of certain cookies, you can simply change your settings at any time. However, if you do so, some functionality of our applications may be lost.The setting of each browser is different. It is described in the browser's help menu.
Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Click the access Menu button and then choose 'Options' Choose 'Privacy & Security' Set the History Section on 'Use custom settings for History” Uncheck the box 'Accept cookies from websites' All changes you have made will be automatically saved.
Internet Explorer:
https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Select the Tool button, then Internet Options Select Privacy Tab, and then under Settings, move the cursor to the top to block all cookies or to the bottom to allow cookies, then click on OK
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=en
Select the Chrome menu icon Click on 'Settings' At the bottom, click on 'Advanced' Under 'Privacy and security,' click on 'Content settings' Click on 'Cookies' Turn 'Allow sites to save and read cookie data' on or off.
Safari:
https://www.apple.com/legal/privacy/en-ww/cookies/
https://support.apple.com/en-gb/guide/safari/sfri11471/mac Click on 'Settings' - 'Safari' - 'Privacy' - 'Cookies and website data' Then select 'always block cookies'
Opera: http://help.opera.com/Windows/10.20/en/cookies.html
If you have any specific questions about the use of cookies on our application, please feel free to contact us at any time by emailing che@aara.app with the subject line “Cookie Request.”
13. Our Contact
If you have any further questions or comments about our Privacy Policy, please contact us at: che@aara.app
14. Modification of this policy
If we decide to change the way we handle your information, we will post those changes in this Privacy Policy and also change the “Last Update” date at the top of the first page. For some changes, we will notify you more prominently and/or give you prior choice, depending on the legal requirements we will have to comply with. We reserve the right to make changes to our practices and this Privacy Policy at any time, provided that we follow the procedures above. We invite you to consult this Privacy Policy on a regular basis to be informed of the way in which Aara (inc. trotty) protects your Personal Data.