INTRODUCTION

This Privacy Policy describes how Starton, “the Company”, (SAS, Société par actions simplifiée, registered to the Trade Register of Paris under number 882006133, 6, Boulevard Saint-Denis, 75010 Paris) handles and process your Personal Data.

As responsible for processing the data it collects, Starton undertakes to comply with the framework of the legal provisions in force. It is up to the Customer to establish the purposes of its data processing, to provide its prospects and customers, from the collection of their consents, with complete information on the processing of their Personal Data and to maintain a register of treatments consistent with reality. Whenever Starton processes Personal Data, takes all reasonable measures to ensure the accuracy and relevance of the Personal Data regarding the purposes of our Services.

DEFINITIONS

• “User” means: the user who navigates through our website
• “We” means Starton
• “Website” means our website starton.com
• “Services” means services provided by Starton
• “Content” means a set of contents on the website such as text, images, videos etc.
• “Personal Data” means all information which allows, in any form, directly or indirectly, the identification of physical person to whom they apply
• “Information” means all data subject to be held for the management of the customer relationship and for the purposes of analysis and statistics
• “Providers” means third-party service acting on our behalf

COLLECTION OF INFORMATION

INFORMATION THAT USER PROVIDES

We collect Personal Data when User signs up for its accounts or in any other way provides us with its Personal Data. We also collect its Personal Data based on its web activity and activity in emails We send, including how to use the Website and Services and from third parties sources.

The categories of Personal Data We process are the following:

1. Names and surname or nickname
2. Company name
3. Address or Company address
4. Company VAT number
5. Browser information, e.g. type and version of browser, any website from which you have been referred, which time zone you visit us from; pages you visit on our website; your IP-address and a rough location estimate based on your IP-address; information about your web activity or your interaction in emails we send to you; information on your use of our Services.

BUSINESS OPERATIONS AND SERVICES

This includes, the Services User request or access, such as accessing or using the Services, creating, and managing user accounts, and communicating about our Services.

PERFORMING OUR SERVICES

User’s Information may be used to improve our Services, optimize our platform and User experience.

MARKETING

We also use Personal Data to communicate with User about our Services, to inform about our terms and conditions and to send marketing messages. User may opt-out from further marketing messages at any time by using the un-subscription link provided in every marketing message. Our processing for the purpose of direct marketing is based on our legitimate interest to promote our Services or on your prior consent.

We may also seek the User's consent to use Information for additional purposes that We communicate to it.

BILLING

User’s Information shall be used for billing’s purposes.

THIRD PARTY PROVIDERS

Within the limits of their respective attribution and for the purposes of the Services, the main people likely to have access to your Personal Data are mainly our agents.

We may engage third-party service providers to perform functions on our behalf, and these may include maintaining the Website or App, User authentication, responding to and sending email or other messages, data analysis, and other functions useful to Business Operations or the Services. Such third-party service providers will have access to personal Information to the extent needed to perform their function but will not be permitted to use this Information for other purposes.

TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EU/EEA

When our service providers, partners or any potential purchaser of our business or assets are located in or have business activities in a country outside the EU/EEA, we may transfer User’s Personal Data to such countries. In the event of such transfer, it will be by ensuring that the country in which the recipient is located ensures an adequate level of data protection, with EU 6 – step supplementary measures if necessary, or by use of standard contractual clauses that the European Commission has issued ensuring suitable measures to safeguard your rights and freedoms.

DATA RETENTION

We will only store your Personal Data for as long as necessary for the purposes of our service but no longer than 3 years of inactivity.

SECURITY

Security measures are made by us to ensure that the Personal Data We keep is secure. We maintain appropriate safeguards and security standards to protect your Personal Data against unauthorized access, disclosure, or misuse. We also monitor our systems to discover vulnerabilities to protect your Personal Data.

No method of transmission over the Internet, and no method of electronic storage, is completely secure. We cannot therefore guarantee absolute security. If we become aware of a security breach, We will notify affected users so that they can take appropriate action. Our incident notification procedures consider our legal obligations, whether at national or European level. We are committed to fully informing User of all matters relating to the security of their account and to providing them with all the information necessary to help them comply with their own regulatory reporting obligations.

No Personal Data is published without User’s knowledge, exchanged, transferred, assigned, or sold to third parties.

Only the takeover of the Company and its rights would allow the transmission of said information to the prospective purchaser who would in turn be bound by the same obligation to store and modify data with respect to the User

RIGHT OF ACCESS, RECTIFICATION, AND OBJECT

User has the right to information regarding which of its Personal Data We process and to access and rectify such Personal Data. User may access and amend some of the Information We keep on You through your account settings.

RIGHT TO ERASURE

User may request that We erase its Personal Data without undue delay in the following circumstances:

• The Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• User withdraws its consent on which the processing is based (if applicable) and there is no other legal ground for the processing.
• User objects to our processing of Personal Data, and We do not have any overriding legitimate grounds for the processing.
• The processed Personal Data is unlawfully processed.
• The processed Personal Data has to be erased for compliance with legal obligations.

User may be aware that We cannot be held responsible for the uses of the blockchain made by User, and that it is important to understand that Personal Data cannot be deleted once it has been saved on the blockchain.

To make a request and erase all data concerning the User, an email with such a request will need to be sent to rgpd@starton.com.

RIGHT TO OBJECT

User has the general right to object to our processing of its Personal Data when it is based on our legitimate interest. If User objects and We believe that We may still process your Personal Data, We must demonstrate compelling legitimate grounds for the processing which override its interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

User’s Personal Data will not be processed for purposes related to direct marketing if User opposes such processing.

RIGHT TO DATA PORTABILITY

If Its Personal Data has been provided by User and our processing of its Personal Data is based on its consent or on the performance of a contract with User, it has the right to receive the Personal Data concerned in a structured, commonly used and machine-readable format in order to transmit these to another service Provider where it would be technically feasible and can be carried out by automated means.

RIGHT TO WITHDRAW CONSENT

When our processing of User’s Personal Data is based on its consent, User has the right to withdraw its consent at any time. User may withdraw its consent through your account settings by deleting its account. Please note that the lawfulness of processing based on consent before its withdrawal is not affected.

CHANGES TO OUR PRIVACY POLICY

We may make updates or changes to this Privacy Policy. When required We will inform User in an appropriate manner on the Website and We ask User to then carefully read through the updated Privacy Policy.

COOKIES POLICY

Cookies are text files placed on your computer and include information such as your domain name, internet access provider, operating system, as well as the date and time of access. Cookies do not in any way risk damaging the User's terminal.

We may process this Information when User navigates through the website, such as the pages consulted, the searches carried out. This Information allows us to improve the Content of the Site, the User’s experience.

Cookies related to ease the navigation and/or the provision of the Services can be configured by the User.

The browser allows User to accept or not to save the cookies in the terminal or, on the contrary, that they are rejected systematically or according to their transmitter. User can also configure the browser software so that the acceptance or refusal of Cookies is offered to You from time to time before a Cookie is likely to be saved in your terminal. We inform User that, in this case, it is possible that the functionalities of his navigation software are not all available.

If User refuses the registration of Cookies in its terminal or its browser, or If User deletes those which are registered there User is informed the experience on the Site may be limited. This could also be the case when the Website or one of its service providers cannot recognize, for technical compatibility purposes, the type of browser used by the terminal, the language and display settings or the country from which the terminal appears to be connected to the Internet.

COOKIES LISTED

The list below is organized in three categories of Cookies:

AUTHENTIFICATION

TRACKING

FUNCTIONAL

CONTACT DETAILS

If User has any questions about our Privacy Policy or Cookies Privacy, the data that We hold, or if User has any complaints or otherwise would like to exercise one of its data protection rights on how its data is processed, please contact us at DPO@starton.com