Libon Privacy Policy
The purpose of this Privacy Policy (“Policy”) is to describe the terms according to which Libon SAS, whose contact details are set out below, collects, processes and stores personal data concerning users of the www.libon.com website (“Website”) and the Libon service provided via the “Libon” smartphone application (“Libon Service”).
Using the Website and/or the Libon Service and their functionalities can effectively involve the collection and processing by Libon SAS, of personal data as defined by the EU General Data Protection Regulation n° 2016/679 of 27 April 2016 (“GDPR”) and French Law No 78-17 of 6 January 1978 (Loi Informatique & Libertés – “Data Protection Act”) in its current version (together, the “Applicable Laws”).
This Policy forms an integral part of the terms and conditions of use of the Website and/or the Libon Service. It may be modified at any time. Each new version of the Policy will apply as from when it is released online. In such case, the date of “last update” shown above will be modified.
1. Definitions
Within this Charter, in accordance with Applicable Laws, the terms and expressions below preceded by a capital letter shall have the following meanings:
"Application": refers to the "Libon" smartphone application (iOS and/or Android compatible) used to access the Libon Service;
"Beneficiary" means any natural person who benefits from the Libon Service, in particular in the case of a credit transfer;
"Data" : means any information relating to an identified or identifiable natural person, in particular a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity ;
"Website": refers to the www.libon.com website published by Libon;
"User" : refers to any individual using the Libon Website and/or Service.
2. Who is the data controller in charge of the Data processing implemented?
The data controller in charge of the Data processing implemented for the purposes of the Website and/or the Libon Service is Libon, a Société par Ac5ons Simplifiée with a share capital of EUR 66,612, registered in Paris (France) under company number 841 292 691, whose registered office is located at 23 rue d’Anjou, 75008 Paris (France), represented by its President (hereinafer, “Libon”, “We” or “Our”).
3. When is Data collected and processed by Libon?
Use of the Website and/or the Libon Service naturally implies the collection and processing of User Data. The Website can be used anonymously. However, the Libon Service cannot.
Thus, Libon may collect and process Data when the Website is browsed and/or the Libon Service is used, whether at the time of creation of a user account or during actual use of the Libon Service, particularly when a Product order is placed, as defined in the terms and conditions of use of the Libon Service. Similarly, Data relating to Beneficiaries is collected at the time of use of the Libon Service, in order to implement the functionalities of the said Libon Service.
The collection and processing of User Data and beneficiaries is essential for the Libon Service to function properly.
4) What are the purposes of the collection and processing of Data by Libon?
Libon processes User Data only for specified, explicit and legitimate purposes. Libon does not process such data in a manner incompatible with these purposes.
To this end, the purposes pursued by Libon are as follows:
- Identification of Libon Service Users ;
- Operation of the Libon Service (in particular for the implementation of its functionalities, for example the purchase of communication minutes, the transfer of money... and including invoicing, the handling of complaints, the improvement of the Libon Service...).
- Fighting fraud
- Marketing / Website analysis and commercial prospecting ;
- Website analysis
- Compliance with Libon's legal obligations.
5 - On what legal basis does Libon collect and process Data?
Libon does not perform any illicit collection and processing of Data. All the Data collected and processed is done so on a duly identified legal basis, in accordance with the Applicable Laws.
- contract or pre-contract requirements: the Website presents the Libon Service and enables internet users who are interested to discover its characteristics and, if they agree, to open a user account and use the Libon Service. Furthermore, most of the Data collected by Libon is necessary to enable the performance of the contract, formed by the terms and conditions of use of the Libon Service. The Data enables Libon to provide the Libon Service to Users who have ordered it, as well as to Beneficiaries whose contact details are provided by Users;
User consent: when using the Libon Service, Users can consent to the collection and processing of certain User Data. The collection and processing concerned is optional, not compulsory. Users can withdraw their consent at any time;
Libon’s legitimate interests: Libon can collect and process certain Data for which it has a legitimate interest. The purpose of such processing can be to secure the Libon Service (prevention of fraud) or improve it. The purpose can be to optimize use of the Website. It can also be to promote the Libon Service and any new functionalities.
The collectin and processing of User Data and beneficiaries is essential for the Libon Service to function properly.
6) What data is collected and processed by Libon?
As a matter of principle, Libon only processes Data collected directly from Users or resulting from the use of the Libon Service. As an exception, Libon may receive Data collected from Users by a third party.
In detail, Libon processes the following categories of data:
- Contact data: when signing up for the Libon Service, the User must enter their mobile telephone number, which becomes their ID for the Libon Service. Furthermore, where a purchase is made via the Libon Service, an email address and postal address is requested to enable Libon to issue the corresponding bill, which is sent to the User by email. In addition, the Beneficiary's telephone number may need to be provided by the User in order to implement the functionalities of the Libon Service (particularly in the case of credit transfer).
- Identification data: when a User browses the Website, Libon may collect certain information concerning such browsing, such as the IP address of the terminal used, the location of the terminal, the internet user’s path on the Website (particularly the pages browsed), and even certain data collected by way of cookies, provided that the internet user gives their consent. Furthermore, when a User uses the Libon Service, Libon may collect the IP address of their terminal as well as their identity card number so that, if a call is made to the support service, it can check the ownership of the mobile telephone number. For advertising and/or analytical purposes concerning the User, Libon collects three sorts of mobile advertising ID:
o Apple Advertising Device Identifier (AADI): an advertising device identifier provided by Apple as part of its iOS advertising infrastructure.
o Android Advertising ID: an advertising ID supplied by Google as part of Android.
o Facebook application user ID: ID corresponding to a person using an application retrievable via the Facebook SDK.
- User’s contacts list: when the Libon Service is activated on the User’s mobile terminal, Libon sends a request to access their contacts list on the terminal. The information in the contacts list remains on the User’s terminal and is not sent to Libon’s servers, except for anonymous aggregated data (number of contacts (to optimize certain algorithms), and top three countries called). No authorisation is necessary to be able to use the Libon Service: the User can refuse access to their contacts list and call their correspondents by dialling the relevant telephone number. The Beneficiaries' Data in connection with the use of the credit transfer service are referred to above ("contact data").
- Login and browsing data: access to and use of the Libon Service (which screens are viewed, etc.) to optimize customer experience. Once the User Account is created, the Libon Service stores certain data concerning the use of the Libon Service, such as call reports and data concerning the microphone sensors (duration of calls, numbers called, callers’ numbers, etc.).
- Economic and financial data: purchase history and consumption. However, no User banking details are recorded: in the case of purchases via mobile app marketplaces (Google Play or Apple AppStore), the payment data (credit cards, etc.) is processed by the marketplaces and is subject to the terms and conditions of their respective operators. Libon does not therefore have access to such Data. In the case of purchases via the Libon Service, the payment data (credit card number, etc.) is processed by the secure payment platform and is subject to its terms and conditions. Libon does not store any payment information.
- Equipment and technical data: telephone model, screen resolution, MCC and MNC (country and telephone operator), version of Android OS or Apple OS, type of network used (3G, 4G, 5G, Wi-Fi, etc.).
- Location data: based on the IP address of the User’s terminal, solely in the context of fraud prevention (particularly for bank cards).
7 - For how long does Libon store Data?
Libon stores User Data in an identifiable form solely for the time strictly necessary to fulfil the purpose of the processing concerned. Hence, schematically:
- Data concerning use of the Website is stored for twenty-four (24) months. Cookies storage periods are explained in Our cookies policy;
- Data concerning the User’s account and their use of the Libon Service is stored for as long as the account is active and up to three (3) months after the User’s last connection;
- Data relating to Beneficiaries that has been necessary for the transfer of credit is retained as long as the User's account remains active; Data relating to Beneficiaries that has been used simply to inform Beneficiaries of the crediting of their account is not retained;
- other Data is stored for as long as the account is active and up to three (3) months after the User’s last connection.
8. With whom is the Libon Service User Data shared?
The Data collected is primarily intended for Libon's internal departments and its partners or subcontractors, in order to ensure the proper functioning of the Libon Service.
At the date of this document release, this includes credit verification or fraud prevention agencies (KOUNT), Firebase, CleverTap, Crashlytics, HockeyApp, Facebook, Anovo, Google and Apple.
Data may also be transmitted to and processed by Libon's partners. This concerns situations where partners are involved in providing services. This may also involve processing to which you are asked to consent.
In particular, Data is transmitted to MPS in order to implement the money transfer service. No Data is transmitted to MPS if this money transfer service is not used. The processing of Data by MPS is governed by the privacy policy of MPS, to which separate consent is offered.
Lastly, the Data can be shared with the competent authorities, at their request, as part of legal proceedings, legal investigations, and requests for information by the authorities, or to comply with other legal obligations.
9. Does Libon transfer Data internationally?
Yes. Considering that the Libon Service enables calls to be made to telephone numbers all over the world, some of the User Data collected may be processed abroad, including outside the European Union. For example, when a call is made to a country, the User’s telephone number appears on their correspondent’s terminal.
In any case, Libon takes the necessary steps with its suppliers and partners to guarantee that the Data is adequately protected, in accordance with the Applicable Laws.
In particular, Libon implements appropriate contractual guarantees to ensure the security and confidentiality of the Data transferred internationally.
10. What rights do Users and beneficiaries have in respect of their Data?
Libon respects Users’ and beneficiaries rights in accordance with the GDPR and the Data Protection Act.
Accordingly, any individual whose Data is collected by Libon in the context of the Libon Service has the right to request access to the Data stored by Libon and the rectification or erasure thereof, or even the restriction of the processing or the refusal of the processing thereof. Beneficiaries also have the rights set out above and may exercise them in the same way as Users.
However, in the event of any restriction or refusal of processing, Libon may no longer be able to supply the Libon Service functionalities. Furthermore, in the event of the exercise of the right of refusal or the right to be forgotten, some information may nevertheless be stored by Libon to comply with its legal obligations. In particular, a Recipient's opposition to the use of his or her telephone number by LIBON will prevent the implementation of the credit transfer service.
Furthermore, in the event of the exercise of the right of refusal or the right to be forgotten, some information may nevertheless be stored by Libon to comply with its legal obligations.
Users or beneficiaries are also entitled to give instructions concerning the storage, erasure, and disclosure of their personal data afer their lifetime. In the absence of any such instructions, their Data will be stored as indicated above, unless their heirs request earlier erasure thereof.
To exercise these rights, Users can send an email to our Data Protection Officer (DPO) at the following email address: thomas@sheepapps.com, or send a letter to the following postal address:
LIBON
Protection of Data Privacy
23 rue d'Anjou
75008 PARIS
France
Users must attach to all correspondence a copy of their identity document. Libon does not store this document after verifying the User’s identity.
In addition, any User may object to telephone canvassing by registering on the www.bloctel.fr Application.
Finally, any User has the right to lodge a complaint with the competent supervisory authority for data protection, namely the CNIL for France: www.cnil.fr.
11 - How is Libon Service User and Beneficiary Data protected?
In its capacity as data controller, Libon undertakes to implement and maintain, at its cost, appropriate technical and organisational measures for the processing and security of the Data, in accordance with Articles 32 to 34 of the GDPR and Article 70-13 of the Data Protection Act.
Libon will ensure that such technical and organisational measures are constantly adapted to the specific risks inherent to its processing operations, considering the nature of the information that may transit through the Libon Service, including to protect the Data against any accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access.
Accordingly, Libon implements the following technical measures:
- all connections to the Website and from the Application to Libon’s services are encrypted (TLS v1.2 / TLS v1.3);
- all connections to the Libon Service are stored and can be viewed by Libon (IP v4/v6, OS, browser, location, page(s) browsed, etc.);
- All connections involving the User’s profile are subject to authentification (PBKDF 2/ 0Auth 2.0).
In respect of organisational measures, Libon implements the following:
- the level of access to information and data differs according to the profiles concerned (RBAC with 0Auth 2.0 scopes, redirection to a 401 or 403 response in case of unauthorized access and audit logs).
Libon further undertakes to maintain, update, and store complete and accurate records of the personal data processing it implements. The records contain details of its processing operations.
The community's favorite app
