Purpose and Scope of this Policy
Purpose of this policy
“SHARIES” is the trading name of the company SAS SHARIES.
SHARIES’s approach is represented by security, confidentiality and continuous protection of personal data (the “Data”) of the users of its services, in accordance with current French and European regulations, specifically the French Data Protection Law [Loi Informatique et Libertés] of 6 January 1978, as amended (LIL) and the General Data Protection Regulation of 27 April 2016 (GDPR).
The purpose of this policy is to inform you of the rules that we apply with regard to Data protection. More specifically, it describes how we collect and process your personal data and how you can exercise your rights regarding this data.
We apply a strict policy to ensure the protection of your Data; thus:
We do not sell your Data to third parties
We ensure that your Data is always safe and secure Scope of the policy
This policy complements covers the use of:
our Sharies.co website and the services accessible from this site
our iOS and Android mobile applications as soon as you download them to your
This policy also covers contacts through social networks by SHARIES’s Customers or prospects, as well as prospects contacted by SHARIES (or its subcontracting partners), by email and/or telephone.
Status of Sharies and its customers
The Customers that are legal entities undertake to transmit this information to any natural person likely to be concerned by the Data processing carried out.
SHARIES undertakes to procure that all its partners or subcontractors comply with the applicable provisions.
The data we collect
Legal basis for collection
Data are collected based on a legal basis provided by the GDPR, namely your consent to the processing of your Data, when the processing of your Data is necessary for the performance of the contract by SHARIES or in order to take steps at your request prior to entering into a contract, based on a legal obligation or a legitimate interest of SHARIES (specifically for the purposes of risk management or the improvement of our offers and services according to the preferences of the Customers).
Data you provide us with
We collect your Data through forms that you fill in on our website or mobile applications to subscribe to our services or those of our partners. We also collect your Data when you correspond with us, specifically with our customer service, by email or telephone. In this case, we keep a copy of this exchange, for the periods indicated below. We may also collect your Data when you interact with us on social networks.
The categories of Data we process are as follows:
Identification data: surname, first name, place and date of birth, photo, ID document number, passport number or residence permit number, postal address, e-mail address, mobile phone number, gender, age, signature.
Authentication and identification data when using our website or our applications: user name, password, PIN code.
Professional and tax data: professional category, sector of activity, occupation, tax data, VAT declaration.
Banking and financial data: income, bank details, IBAN, SEPA Creditor Identification Number, number of cards held by each Customer.
Transaction data: date, time of transaction, amount, counterparty, transaction wording, country, MCC (Merchant Category Code), notes.
We are required to collect the above mentioned Data to comply with our legal obligations and to enable the conclusion of the lease contract. If you do not provide us with such Data, we will not be able to provide you with the services provided for in the master agreement.
We also collect your contact data and data of your interaction with us: messages, emails, calls, interaction on our sites, mobile applications and social networks.
Biometric data: short video, selfie, in order to allow SHARIES to comply with its regulatory obligations (complementary vigilance measure when entering into a relationship with a Customer) and to ensure the security of the Data and operations.
We also collect your Data when you connect to our website or mobile applications. The Data collected is as follows:
Technical connection information, specifically your IP address, the type and version of your browser, your time zone, installed plug-ins, the type of device you use to connect, the identification number of your terminal, your operating system, cookie data.
Information about your visits: the number of connections, connection times, pages visited, connection times, searches made, your response time, links you clicked.
Data from subcontractors: in order to improve our quality of service, we also collect Data from our subcontractors, in particular from advertising agencies or professional databases.
Data from third party applications: When you give us your consent, we may, for example, access the list of your contacts stored on your Facebook or Google profile.
Use of collected data
We only process your Data for specific, explicit and legitimate purposes. The purposes pursued are as follows:
To deal with your complaints, according to the procedure we implement.
To improve the service we offer you and to provide you with new features.
We also collect and process Data for other purposes:
To keep you informed about the changes in the service we offer, including new features in the Sharies account or new partnerships.
To facilitate your interactions with our services, specifically with our customer support, and to be able to help you in the best conditions.
To improve your navigation on our website or the use of our applications and to ensure that the content we display is tailored to your needs.
To allow you to give us your opinion on the services we offer you in order to constantly improve them.
To provide you with offers of products or services that are similar or that may be of interest to you, offered by us or our partners.
To ensure the security of your Data and operations.
Subject to your prior consent, to allow you to automatise certain tasks by connecting your Sharies account to third party applications.
To improve our quality of service, we may also record your telephone communications with our customer support.
Recipients of the data collected
The Data collected is intended for us and, when strictly necessary, for our subcontractors and partners involved in the provision of our services.
The categories of recipients of the collected Data are as follows:
Web hosting providers;
Providers in charge of analysis and marketing (soliciting prospects by email or
telephone, contact with Customers)
Banking and financial services providers and payment solutions;
Customer service support providers;
Business intelligence solutions;
Auditors, lawyers, external legal advisers;
Partners in the fight against money laundering;
Supervisory authorities, regulators and public authorities and administrations;
Your Data may also be transmitted to the competent authorities, at their request, in the context of legal proceedings, requests for information from the authorities or simply to comply with legal obligations.
Cookies and Web Tags
Security of storage and transmission to third parties
The Data we collect is stored on the servers of our provider Contabo, which ensures a high level of security. These servers are located within the European Union, in Germany and in the United States
Transmission to third parties
For the purposes of the service, we may transfer some of your Personal Data to our subcontractors, some of whom are located outside the European Union or the European Economic Area. In this case, we ensure that they are located in a country considered adequate by the European Union in terms of Data protection or we ask them to contractually commit to implement equivalent measures to ensure the protection of your Data (European Commission’s standard contractual clauses and additional measures if necessary - copies of which are available from SHARIES’s DPO).
The transmission of your Data via the Internet is secured through the HTTPS connection protected by an SSL certificate (SHA-256/RSA Encryption). We are audited very regularly by security specialists in the banking sector to ensure that our systems are properly protected. Access to your Sharies account is secured by your username and password which must be strong enough and not shared. For the most sensitive actions, we use a 2-factor authentication system. This is done by sending and entering a 6-digit code by SMS or through a third party application.
Data storage period
We store your Data only as long as is necessary for the purposes for which they were collected. In accordance with our obligations your transaction data will be stored for a period of 2 years following the closure of your account and the end of our contractual relationship.
With regard to the telephone communications that we record, these will be stored for a maximum period of 60 days as from the recording.
Rights of users
In accordance with the applicable regulations, you have rights when your Data is processed:
Right of access: you have the right to obtain confirmation from us as to whether or not Data concerning you are being processed and to receive a copy of all the Data that we hold on you under the conditions provided for in Article 15 of the GDPR.
Right to portability: when the processing is based on your consent or on a contract and is carried out using automated processes, you may, under the conditions provided for in Article 20 of the GDPR, receive from us Data concerning you in a structured, commonly used and machine-readable format, in particular for the purposes of transmit Data to a third party. Where technically possible, you also have the right to have your Data transmitted directly to this third party.
Right to rectification: in accordance with article 16 of the GDPR, you have the right to request the rectification of the Data we hold on you if the latter are incomplete or inaccurate. In this case, we may ask you to verify the new Data provided.
Right to be forgotten: if one of the reasons provided for in Article 17 of the GDPR allows it, you can ask us to erase your Data. The applicable regulations provide for exceptions to the exercise of this right, specifically when processing is necessary to comply with a legal obligation that requires the processing of your Data, such as the fight against money laundering and the financing of terrorism.
Right to restriction: in the cases provided for in article 18 of the GDPR, you can obtain from us the restriction of the processing of your Data.
Right to object: in accordance with Article 21 of the GDPR, you may object at any time for reasons relating to your particular situation to the processing of your Data based on our legitimate interest, including for profiling purposes, except for legitimate and compelling reasons that would prevail or for the establishment, exercise or defence of rights in court. When your Data is processed for marketing purposes, you have the right to object at any time to such processing, including profiling related to such marketing.
Right to withdraw your consent: where it constitutes the legal basis for the processing of your Data, you have the right to withdraw your consent to the processing of your Data at any time, which shall not render unlawful any prior processing based on such consent.
Right related to automated decision-making and profiling: you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This right is subject to exceptions as provided for in Article 22 of the GDPR, in particular where automated decision making or profiling is necessary for entering into, or performance of, a contract. In this case, the data subject retains the right to obtain human intervention by the data controller, to express his or her views and to challenge the decision.
Right to lodge a complaint: you can lodge a complaint with the supervisory authority located in the Member State where you are, in France this is the CNIL (Commission Nationale de l’Informatique et des Libertés).
Right to issue advance directives: you have the right to issue directives concerning the storage, erasure and communication of your Data after your death. These directives are either general or specific.
Exercising your rights
You can exercise your rights by sending a request to our Data Protection Officer (DPO) or to our Customer Support at the addresses below. All applications for the exercise of a right must be accompanied by an identity document of the applicant, containing photograph of the applicant. A reply will be sent to you within one month of receipt of your request. To this end, we may request additional information or documents from you.
Contact us - Contact details
If you have any questions regarding the processing of your personal data or if you have any comments, requests or complaints regarding their confidentiality, you can contact our Data Protection Officer:
● By mail to the following address: SAS SHARIES - Délégué à la Protection des Données [Data Protection Officer], 7 rue Magdebourg, 75116 Paris, France
● By e-mail to the following address: [email protected]