PRIVACY POLICY
At CYLIMIT, the protection of your personal data is a priority.
When you use the cylimit.com site (the "Site") and/or the CyLimit platform (the "Platform"), we may collect personal data about you.
The purpose of this policy is to inform you about how we process such data in compliance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the "GDPR").
Who is the data controller?
The data controller is CYLIMIT, a simplified joint stock company, registered in the Paris Trade and Companies Register under number 917 501 298 and whose registered office is located at 6 rue d'Armaillé - 75017, Paris ("We"),
What data do we collect?
Personal data is data that can be used to identify an individual directly or by cross-checking with other data.
We collect data in the following categories:
Identification data (name, first name, email address);
Data related to your NFT purchase;
Data related to your races (date of birth, nationality, times, results and rankings);
Connection data (connection logs, encrypted passwords);
If you choose to sign in using a third-party authentication service (e.g., Google or Facebook), certain data such as your name and email may be collected from that service. By choosing this method, you agree that the service may share this information with us. We do not collect your third-party account password.
Browsing data (IP address, pages viewed, date and time of connection, browser used, operating system, user ID, IFA);
Economic and financial data? (credit card data);
Your public wallet address;
Any information you wish to send us as part of your contact request.
Mandatory data are indicated when you provide us with your data.
On what legal grounds, for what purposes and for how long do we keep your personal data?
Objectives | Legal basis | Shelf life |
To allow you, via the creation of your account, to buy NFT available on our Site via your Metamask account or our electronic wallet, to play the fantasy game and to access the secondary market of NFT resale | Performance of the contract you have with Us | When you have created an account: your data is kept for the duration of your account. Your connection logs are kept for 6 months or 1 year. If your account is inactive for 2 years, your personal data will be deleted if you do not respond to our reactivation email. In addition, your data may be archived for evidential purposes for a period of 5 years. |
Carry out operations relating to the management of our customers concerning contracts, orders, invoices, and follow-up of the contractual relationship with our customers | Performance of the contract you or your company have with Us | Personal data is kept for the duration of the contractual relationship. In addition, your data (with the exception of your bank details) are archived for evidentiary purposes for a period of 5 years. Your credit card information is stored by our payment service provider. The data relating to the visual cryptogram or CVV2, written on your bank card, are not stored. |
Build a file of customers and prospects | Our legitimate interest in developing and promoting our business | For customers: data is kept for the duration of the contractual relationship. For prospects: data is kept for a period of 3 years from your last contact, for prospecting purposes. |
Send newsletters, solicitations and promotional messages | For customers: our legitimate interest in building customer loyalty and keeping customers informed of our latest news For prospects: your consent | The data is kept for 3 years from your last contact with Us or until you withdraw your consent. |
Respond to your information requests | Our legitimate interest in responding to your requests | The data is kept for the time necessary to process your request for information and deleted once the request for information has been processed. |
Comply with the legal obligations applicable to our activity | Comply with our legal and regulatory obligations | For invoices: invoices are archived for a period of 10 years. The data related to your transactions (except for bank data) are kept for 5 years. |
Organize contests and promotional operations | Our legitimate interest in retaining our customers and offering them gifts | The data is kept for the duration of the games or promotional operations and may be archived for 5 years for evidential purposes. |
To elaborate statistics for the purpose of measuring the audience of the site | Our legitimate interest in analyzing the composition of our customer base and improving our services | The data is kept for 12 months |
Delivering personalized advertising | Your consent | The data is kept for 12 months. |
Manage requests to exercise rights | Our legitimate interest in responding to your requests and keeping track of them | If we ask you for proof of identity, we will only keep it for as long as it takes to verify your identity. Once the verification is complete, the proof of identity is deleted. If you exercise your right to opt-out of receiving marketing communications: we keep this information for 3 years. |
Who are the recipients of your data?
Will have access to your personal data:
The staff of our company ;
Our subcontractors: hosting service provider, newsletter sending service provider, audience measurement and analysis service provider, e-mail service provider, secure payment service provider, online form creation tool, accounting service provider;
If applicable: public and private organizations, exclusively to meet our legal obligations.
Will your data be transferred outside the European Union?
Your data is kept and stored for the duration of the processing on the servers of Amazon Web Services (AWS), located in the European Union.
Within the framework of the tools we use (see article on the recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools:
or the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection deemed sufficient and adequate to the provisions of the GDPR;
or the data is transferred to a country whose level of data protection has not been recognized as adequate for the RGPD: in this case these transfers are based on appropriate safeguards indicated in Article 46 of the RGPD, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
What are your rights to your data?
You have the following rights with respect to your personal data:
Right to information: this is precisely the reason why we have drafted this policy. This right is provided for in articles 13 and 14 of the RGPD.
Right of access: you have the right to access all: ; your personal data at any time, in accordance with Article 15 of the GDPR.
Right of rectification: you have the right to rectify your inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR
Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
Right to erasure: you have the right to request that your personal data be erased, and to prohibit future collection of your personal data on the grounds set out in Article 17 of the GDPR.
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts, in accordance with Article 77 of the GDPR.
The right to set up instructions for the retention, deletion and disclosure of your personal data after your death.
Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to request its transfer to the recipient of your choice.
Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Note, however, that we may continue to process them despite this objection, for legitimate reasons or the defense of legal rights.
You can exercise these rights by writing to us at the address below. We may ask you to provide additional information or documents to prove your identity.
What cookies do we use?
To learn more about cookie management, please see our Cookie Policy.
Contact point to exercise your rights
Contact email : contact@cylimit.com
Contact address: 6 rue d'Armaillé - 75017, Paris
Changes
We may amend this policy at any time, in particular to comply with any regulatory, legal, editorial or technical developments. These changes will apply as of the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any significant changes to this Privacy Policy.
Effective date: 02/12/2022