Greenfox user protection policy

Preamble

Foxintelligence publishes Greenfox, a free service which makes it easier for you to manage your email accounts by offering you a tool that calculate your carbon footprint.

In exchange for this free service, the transactional data extracted from the email accounts of users enables us to offer anonymised data to various third parties (businesses, non-profit organizations, schools, and universities) so that they can improve their products and services and refine their market knowledge.

We guarantee to you in this regard that we do not disclose to these third parties any personal data that relates to you, and the anonymisation tools that we use are tested and do not enable you to be identified subsequently in any way. You are also informed that we do not use any of your data for targeted advertising purposes. To enable Greenfox to work properly, we must carry out some processing of its users' personal data. We therefore act as a data controller, in that we determine the means and purposes of the processing of your data.

As such, we undertake to comply with the provisions of the General Data Protection Regulation (GDPR). Article 12 also requires us to inform you of the characteristics of the processing that we carry out with your data and the rights that you have in relation to it.

Purpose

The purpose of this Greenfox user data protection policy is to fulfill our obligation to be transparent and provide information by making you aware of all of the information required by the GDPR.

Respect for your privacy

We access your email account for the sole purposes of identifying transactional emails in order to extract the data that enables us to offer the carbon fooprint for your account and anonymized data for statistical, research, investment, or educational purposes.

Under no circumstances do we access the contents of your personal emails. With regard to transactional emails, we extract data in them without accessing them, unless we update our filtering and data extraction tools, in which case only a limited part of our teams may access these emails.

Please also note that we anonymise all personal data that relates to you to offer anonymized data for statistical research, investment or educational purposes for sale to various third parties (businesses, non-profit organizations, schools and universities).

Since anonymisation is an irreversible process that prevents any subsequent identification, anonymised data is no longer regarded as personal data.

Data processed

The data concerning you that we may process is as follows:

- identity and identification (surname, first name, date of birth, automatically generated ID, referral code associated with each user),
- contact details (email address(es) provided in order to create the Greenfox account and to be cleaned)
- transactional data concerning your online
-purchases (information about the item(s) concerned, payment type, delivery address, billing address if different, order number, user's consumption history)
- technical data (identification data, connection data, acceptance data and, where applicable, location data).

Origin of data

We collect your data from:

- data that you provide to us directly when you create your Greenfox account,
- data generated automatically from our services in order to identify you and make your access to Greenfox secure (application password, user ID)
- enriched data generated from our services by means of machine learning, data science and crawling tools in order to obtain additional information about your buyer profile (sex, town) and transactions carried out, not all enriched data is personal as not all of it can identify you or make you identifiable.

Legal basis

The legal basis of the processing carried out by Foxintelligence under this policy is to fulfill the general terms of use of Greenfox, which were agreed to by the user when creating his/her Greenfox account.

Purposes

We process your personal data for the following purposes:

- managing your registration with Greenfox,
- providing the carbon footprint for your email accounts,
- managing the relationship and interactions with you,
- dealing with requests to add or delete an email account associated with Greenfox,
- dealing with your requests to delete your Greenfox account,
- improving our services and audience measurements and, where applicable, satisfaction surveys,
- producing anonymised data which are offered for sale to third parties for statistical, research, investment or educational purposes

Recipients

The GDPR defines data recipients as individuals or corporations to whom/which personal data is communicated, regardless of whether they are a data controller or processor.

In this regard, recipients of your data, who have our permission or legal authority to access it, can be internal or external:
- internal recipients are members of our staff who are authorised to process your data according to their respective skills.
- external recipients are our processors (e.g. data host), or authorised services responsible for auditing (auditors), the civil service, the judicial authorities and law officers as part of their role, where appropriate.

Storage period

Your data is processed for a limited period which we decide in the light of the legal and contractual restrictions on us and, failing this, according to our needs.

We apply the following storage periods:
- if your account is deleted: immediate deletion of your data.
- if you are inactive without deleting your account: 3 years from the most recent activity in your account or the most recent contact with you.

Your rights

You have the following rights with regard to your personal data:
- a right to ask us to confirm that data which concerns you is being processed, to access this data and to request a copy of it (right to access and copy).
- a right to have any data concerning you which is inaccurate or obsolete corrected (right of rectification).
- a right to ask for your data to be erased when you no longer wish to use Greenfox (right to erasure).
- a right to receive data concerning you which you have communicated to us in a structured, widely-used and machine-readable format (right to portability).
- a right to give instructions in relation to the processing of your data if you die (post-mortem right).

However, you are informed that you do not have a right to restrict or object to the processing of your data as the requirements for these rights to be exercised as laid down in the applicable regulations are not met in this case.

The right to erasure is exercised automatically when you delete your Greenfox account, as this results in immediate and automatic deletion of your personal data, unless you instruct otherwise.

With regard to the right to data portability, you have a functionality in Greenfox which enables you to exercise it and recover all of the data that you provided to us when you signed up for Greenfox.

Lastly, in the Settings section of your Greenfox account, we give you a right to opt out of being among the group of users whose transactional data we use to produce anonymised data for statistical, research, investment or educational purposes for our clients.

The other aforementioned rights must be exercised exclusively by you in writing, either by email to contact@Greenfox.io or by mail to the address Foxintelligence 1 rue de Metz 75010 Paris.

If we have any doubts about your identity, we reserve the right to ask you to provide proof of your identity, which will be deleted immediately after your identity has been verified.

Processing

The GDPR defines a processor as any individual or corporation who/which processes personal data on a data controller's behalf.

If we decide to enlist any processor of our choice to process your data, we will ensure that the latter honours his/her/its obligations under the GDPR and will undertake to sign a written contract with him/her/it which will require him/her/it to perform the same obligations that we fulfil ourselves in relation to data protection. We also reserve the right to carry out an audit of our processors in order to ensure that they are fulfilling their obligations.

Security

We take the technical and organisational measures that we deem appropriate to combat unauthorised destruction, loss, alteration or disclosure of personal data in an accidental or unlawful manner.

These measures include:
- managing permissions and restrictions of data access rights,
- using secure identification processes such as the application password to synchronise the user's email account and Greenfox,
- using tested data pseudonymisation and anonymisation techniques. Anonymisation is mandatory prior to any communication of data for statistical, research, investment or educational purposes to various third parties (businesses, non-profit organizations, schools and universities)
- implementing back-up measures,
- implementing encryption measures (private keys),
- implementing traceability measures for each database.

If a processor is used, we undertake to make him/her/it contractually subject to security guarantees through appropriate technical and organisational measures.

Data breach

In the event of a data breach, we undertake to report it to EDPB in the manner stipulated by the GDPR.

If the breach poses a high risk to you, we undertake to warn you about it if you are affected and to give you the necessary information and recommendations.

Data protection officer

We have appointed a responsible for data protection, Mr Louis BALLADUR, whom you may contact at the following address for any queries concerning your data: louis@foxintelligence.io.

We also have hired a lawyer, Mr Eric BARBRY, to act as an independent DPO for Foxintelligence. He can be contacted at dpo-foxintelligence@racine.eu.

Cross-border flows

We reserve the right to implement cross-border flows outside the EU for data that we process, and you will be informed of them. In this event, we will ensure that your rights are respected and will sign, if necessary, one or more contract(s) to manage these flows with the receiving country/countries in accordance with the requirements of the applicable regulations.

Processing register

We keep an up-to-date register, which is available to EDPB, of processing operations in which processing of the data of users of the Greenfox application is recorded.

Contact details

For any queries that you may have about the processing of your data, you may contact us at the address contact@Greenfox.io.

As permitted by law, you may also contact EDPB at the following address: Rue Wiertz 60, B-1047 Brussels or by email: edpb@edpb.europa.eu on 01-53-73-22-22.

Changes

If changes are made to the applicable regulations or if new functionalities in Greenfox which affect the processing of your data are implemented, we reserve the right to amend this policy. Notice of any new policy will be given before it enters into force.