Privacy Policy

ARTICLE 1 : Generalities

This Privacy Policy is published by SMART CITYVEST for its SUPERTRIPPER service (hereinafter referred to as “Supertripper” ), a simplified joint-stock company with a share capital of 411,460.79 Euros, registered in the Paris Trade and Companies Register under number 810 491 019, whose registered office is located at 6 rue des Bateliers, 92110 Clichy, reachable at number phone [01 .42.70.35.14]or by email at [contact@supertripper.com] [contact@supertripper .com], and duly represented by its Chairman, Mr Maxime PIALAT.

Supertripper pays particular attention to the processing of its Users’ personal data and complies with the law of 6 January 1978 known as “Informatique et Libertés” as well as the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, «RGPD»).

This privacy policy (hereinafter, the “Privacy policy”) is intended to inform the User of our practices regarding the collection, use and sharing of information that he or she will provide on our platform accessible from the supertripper.com address (hereafter, the “Platform”) and hosted by the Google Cloud platform (hereafter, the“Hosting”).

The Privacy Policy sets out how we collect and process personal data provided by the User.

The User is reminded that this Privacy Policy applies in addition to the General Conditions of Sale available at the following link: https://supertripper.com/fr/conditions-generales-vente

By accessing the Platform and subscribing to Supertripper’s Services, the User consents to the collection and processing of it Personal Data in the manner indicated herein.

You can request the erasure of your data at any time by sending an email to privacy@supertripper.com

ARTICLE 2: Definitions

  • Administrator: refers to the User with administrative rights on the Platform’s back-office.

  • Employee: refers to the people for whom the Administrator makes Reservations through his “multiple” account.

  • Cookies: refers to a text file that can be saved in a terminal when viewing the Sites or subscribing to a Service with browser software.

  • Data: refers to “any information relating to an identified or identifiable natural person (hereinafter referred to as” data subject “); is deemed to be an “identifiable natural person” a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity ”(Article 4 GDPR).

  • Sensitive Data: refers to any information concerning racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sexual life of the User. This Sensitive Data is only collected with the express consent of the User.

  • Travel Supplier: refers to the airlines, hotels, individuals, cars and other service providers that Supertripper uses in order to provide the best services for booking travel.

  • Host: refers to the entity offering the hosting of the Data collected via the Platform.

  • Platform: refers to the platform belonging to the Service Provider and operated in its own name allowing access to the Services and accessible at the address supertripper.com

  • User: refers to any natural person having access to the Site and using the services offered by Supertripper.

ARTICLE 3: Processing relating to your personal data

We collect your Data on the basis of our legitimate interest.

We are likely to collect and process the following Data:

3.1. Information directly transmitted by the User

By using our Platform, the User is required to send us information, some of which is likely to identify him. This is particularly the case when creating a User account, requesting a quote or even establishing contact, whether by phone, email or any other means of communication.

This information contains, among other things, the Data required to register for the service we provide on our Platform or to access any other of our services. This is the case in particular when the User enters the elements of his passport in the “My Account” area. These data include the first and last name, e-mail address, date of birth, gender, telephone number and password. This information is msndatory. Otherwise, Supertripper will not be able to provide the services offered by the Platform.

In addition, the Administrator is likely to insert in the Platform Data relating to his Employees. The Administrator is duly informed that, for the Data that he enters directly through the Platform for the management of the Reservations of his Employees, he acts as data controller.

3.2. The Data We Collect Automatically

During each of the User’s visits, we are likely to collect, in accordance with the applicable legislation and with his consent, if applicable, information relating to the devices on which our services are used or to the networks from which the User accesses to our services, such as (without this list being exhaustive) IP addresses, connection data, types and versions of internet browsers used, types and versions of browser plugins, operating systems and platforms, the content consulted. Among the technologies used to collect this information, we use cookies in particular, the management and configuration methods of which are defined in Article 10 hereof.

3.3. Why collect your Data? What are the purposes of the processing?

Supertripper collects the Data of its Users for the sole purpose of managing their travel reservations in order to ensure that they receive the best possible service.

We use the Data in particular to contact the User via the customer information provided when registering on the Platform and to inform them of any changes in the reservation or to communicate our special offers.

We also use the Data for analytical purposes to improve our online travel reservation services. Supetripper’s main objective is to make the Platform as accessible and customizable as possible so that it best meets the needs of each of its Users.

Finally, we collect Data for legal and regulatory reasons, to process and resolve legal disputes, for regulatory inquiries or in the context of compliance with the applicable legislation.

3.4. The specific case of the Data of the minor person

Supertripper will verify, taking into account the technological means at its disposal, that the consent is given by the holder of parental responsibility with regard to the child, but this verification does not amount to an obligation of result.

3.5. The specific case of Sensitive Data

“Sensitive” Data includes all personal data including certain identification numbers issued by the government, religion, state of health or sexual orientation of the User. As this Data requires special protection in accordance with applicable law, we limit its collection to certain circumstances such as:

  • Data concerning your health which could be essential for us to provide you with suitable travel accommodation in particular and for example requests for access facilities;
  • Government-issued identification numbers, such as passport numbers to be provided in the “My Account” area.

You expressly consent to the collection and processing of such Sensitive Data. It is in fact in Supertripper’s legitimate interest to carry out such a collection for the strict purposes referred to herein.

ARTICLE 4: Who is responsible for processing?

PROCESSING

DATA CONTROLLER

When the User registers on the Platform and completes the above-mentioned Data:

The data controller is Supertripper.

When Supertripper collects information through cookies and other technologies:

The data controller is Supertripper.

When the Administrator manages reservations via the Platform on behalf of his Employees:

The data controller is the Administrator; Supertripper is the processor.

ARTICLE 5: Sharing your Personal Data with third parties

In some cases, we will have to share Users’ personal data with third parties in the strict context of the execution of service contracts, in particular with:

RECIPIENT OF DATA

PURPOSE

Travel Suppliers

Hotels, airlines, car rental agencies, owners, railway companies that Supertripper deals with to manage your travel reservations. In the event of a dispute, certain information such as your travel reservation confirmation may be provided as proof to the Travel Supplier.

The Hosting Company

The data collected by Supertripper is hosted on the AWS platform. For more information on the data privacy policy of the AWS platform, you can consult the following links: https://aws.amazon.com/en/compliance/ - https://docs.aws.amazon.com/fr_fr/whitepapers/latest/aws-overview/security-and-compliance.html - To contact the Hosting Company : https://aws.amazon.com/fr/contact-us/

STRIPE payment provider

To make payments for online travel reservations. To consult STRIPE's privacy policy: https://stripe.com/fr/privacy To contact STRIPE: https://stripe.com/contact?locale=fr

Competent authorities

We transmit personal data to law enforcement authorities as far as required by law or when we consider it strictly necessary for the prevention, detection or prosecution of criminal acts and/or fraud.

The transfer of personal data as set out herein may include transfers abroad to countries whose data protection laws do not provide an equivalent level of protection to those of the countries from the European Union. Therefore, where applicable, we only transfer your Personal Data to recipients offering an equivalent level of data protection.

ARTICLE 6: Obligations of Supertripper

6.1. As controller of the processing operation

As soon as we collect your Data under the conditions defined in Article 3 hereof, we assume the capacity of data controller.

In accordance with this quality, we are committed to:

  • Keep a register of the processing operations carried out via the Platform;
  • Put in place all the appropriate technical and organizational measures to ensure the security of the processing operations carried out, guarantee the protection of your rights and meet the requirements of the Regulations;
  • Restrict access to your Data to persons duly authorized for this purpose;
  • To have made our staff aware of and trained in the processing of Data, the provisions of the Regulations in force, and it consequences;
  • Never transfer your Data in any way to a third party without having duly informed you;
  • Guarantee all your rights of access, portability, erasure, rectification and opposition, limitation to your Data collected when using the Platform under the conditions defined herein;
  • Notify the competent supervisory authority of any security breach posing a high risk to your rights and freedoms within 72 hours of discovery of the breach;
  • After termination of the Contract with the Company, and if storage is no longer necessary, proceed with the destruction of your Data within a period in accordance with the Regulations in force.

6.2. As a subcontractor

As soon as the Administrator collects the Data of his Employees for the strict use of the Platform, he is duly informed that he takes on the quality of data controller, Supertripper being the subcontractor.

As a subcontractor, we are committed to:

  • Actively collaborate with the Administrator in the event of the exercise of Employees’ rights under the conditions defined in Article 9; to do so, it is expressly agreed that the Administrator must necessarily send any request to exercise the rights of Employees to Supertripper, which undertakes to process them within two (2) months of receipt;
  • It is agreed that Supertripper will be responsible for the register of processing operations carried out by the Administrator when collecting Data from its Employees;
  • Never transfer Users’ data to a third party other than the recipients mentioned above;
  • Allow the data controller every possibility of carrying out an audit of the processing operations carried out by Supertripper and of all the appropriate technical and organizational measures guaranteeing the security of processing, respect for the rights of the persons concerned and the requirements of the Regulations, it being specified that the Administrator must have notified Supertripper in writing with a minimum of thirty (30) calendar days’notice. The audit will be carried out at the expense of the Administrator and may only relate to the appropriate technical and organizational measures guaranteeing the security of processing, respect for the rights of the persons concerned and the requirements of the Regulations. The Director undertakes to appoint an independent auditor who is not a competitor of the Company on the SaaS market, validated by Supertripper, and subject to the signing of a confidentiality agreement. Supertripper undertakes to collaborate with the auditor in carrying out the mission, by providing him with the necessary information and by responding to his related requests. A copy of the audit report ptepared by the auditor will be given to each party, and will be examined jointly by them, who agree to meet for this purpose;
  • Restrict access to the Data to personnel strictly authorized for this purpose;
  • Collaborate with the data controller when a security breach occurs, in particular with regard to the need for notification to the competent supervisory authority, and implement all technical measures allowing the detection of breaches of User Data and Administrators likely to create a high risk for the rights and freedoms of the latter and making it possible to inform the data controller within a reasonable time.

ARTICLE 7: Obligations of the Administrator

As soon as the Administrator assumes the quality of data controller as defined herein, he undertakes to:

  • Have collected or obtain the User’s consent to the collection and processing of their Data before any collection, hosting or processing of their Data via the Platform; to do this, the Administrator is encouraged to first transfer this document to his Employees;
  • Collect Employee Data via the Platform for the use and management of their travel reservations; in the event of a purpose other than and unrelated to Supertripper and the Platform, the Administrator undertakes to duly inform the User in advance;
  • It is hereby agreed that the responsibility for the processing register rests with Supertripper;
  • Implement all the appropriate technical and organizational measures to ensure the security of the processing operations carried out, guarantee the protection of the rights of Employees through the processing operations, and meet the requirements of the Regulations;
  • Restrict access to the Data of both Directors and Employees to persons duly authorized for this purpose;
  • Sensitize and train its staff in the processing of Data, the provisions of the current Regulations, and their consequences;
  • Never transfer in any way whatsoever the Data of Employees and Administrators to a third party without having duly informed the User;
  • Never transfer Employee Data in any way whatsoever outside the European Union without having duly informed them;
  • Guarantee all rights of access, portability, deletion, rectification and opposition, limitation of Administrators and Employees to their Data collected when using the Application Service; to do so, the Administrator undertakes to notify Supertripper without delay of any request to exercise them;
  • Notify Supertripper of any security breach that poses a high risk to the rights and freedoms of Directors and Employees within 72 hours of discovery of the breach;
  • After termination of the Contract with Supertripper, and if storage is no longer necessary, destroy the Data of Employees and Administrators within a period in accordance with the regulations in force.

ARTICLE 8: Conservation period for collected data

We transmit personal data to law enforcement authorities as far as required by law or when we consider it strictly necessary for the prevention, detection or prosecution of criminal acts and/or fraud.

DURATION OF THE CONVERSATION

Retention for the entire duration of the contractual relationship, and 3 years from the end of the relationship.

Accounting data and supporting documents (travel reservations)

For questions of proof, 10 years from the date of booking.

Identity document of the User

Duration of the contractual relationship, and immediate termination at the end of the relationship. If the purpose of collecting the User's identity document is to exercise their rights under the conditions defined if after:

In case of exercise of the right of access or rectification: 1 year;

In case of exercise of the right of access or rectification: 1 year;

In case of exercise of the right of opposition: 3 years.
- Sensitive Data relating to the state of health of the User
- Immediate deletion after transmission to the Travel Supplier if necessary.

User bank details

5 years

Cookies

13 months after their placement.

ARTICLE 9: The rights you enjoy and their exercise

The User is informed that he/she has access to the Data collected and processed by Supertripper pursuant to Act No. 78-17 of 6 January 1978 known as the “Data Protection Act” and the RGPD:

  • a right to forget;
  • a right of access;
  • a right of rectification;
  • a right to erase;
  • a right to restriction of processing;
  • a right of opposition;
  • a right to the portability of your data.

To exercise their rights, the User is invited to write to the following address: data@supertripper.com. In the event of reasonable doubts, Supertripper may request proof of identity. Supertripper will have a maximum period of two (2) months to respond to the request made by the User.

In addition, the User is informed that he can, if he considers that his rights have not been respected, he may file a complaint with the CNIL by going to the following link: https://www.cnil.fr/fr/cnil- direct/question/844.

It is also specified to the User his possibility to organize the fate of his Personal Data after his death in accordance with Article 40-1 of the Data Protection Act.

ARTICLE 10: Cookies Information

A Cookie is a text file that can be saved in a terminal (computer, tablet or smartphone) when consulting the Platform, as well as when registering to it from browser. A Cookie allows the person who issues it to recognize the relevant device each time the device accesses particular content containing cookies from the same issuer.

Each time the Online Platform is used, cookies and other tracking technologies are used in several ways. They allow the Platform to function, analyze traffic or are used for advertising purposes. These technologies are used by us directly or by our business partners, including third party service providers and advertisers with whom we work.

Supertripper informs the User to use the following Cookies and for the following purposes:

TYPE OF COOKIE

PURPOSES

Website analysis tools: Google Analytics; Mixpanel; Hotjar; LinkedIn Analytics.

These Cookies are installed for the purpose of analyzing the traffic on the Platform, as well as the behavior of the User. In addition, these Cookies make it possible to improve the performance of the Platform by adapting the presentation of the display preferences of each User. These Cookies also make it possible to identify which content of the Platform interests the User the most, by retracing their journey. Finally, LinkedIn Analytics Cookies make it possible to determine the precise events of the User who have arrived on the Platform via LinkedIn.

Facebook Connect social media sharing cookie.

These Cookies are used to track the behavior of the User during campaigns launched by Supertripper on Facebook.

LinkedIn Ads advertising cookie; Facebook Custom Audience.

These Cookies allow: To launch advertising via LinkedIn, and to follow the User journey, in particular on the click-through rate; To identify Users on the Platform in order to offer them content appropriate to their taste on the Facebook social network.

BROWSER

SETTINGS

Internet Explorer

In Internet Explorer, click on the “Tools” button, then on “Internet Options”; General tab, under "Browsing history", click on "Settings"; Click on "View files"; Click "Name" to sort all files alphabetically, and browse the list until you see files beginning with the prefix "Cookie". (All Cookies have this prefix and usually the name of the website that created the Cookie); Select the Cookies that concern you and delete them; Finally, close the window which contains the list of files, then click twice on the "OK" button to return to Internet Explorer.

Firefox

Browser “Tools” tab then “Options” menu; In the window that appears, choose "Privacy"; Click on "Show Cookies"; Locate the affected files, select them and delete them; Finally, you can specifically choose the Cookies you want to delete or keep.

Safari

In the browser, choose the “Edit” menu, then “Preferences”; Click on the "Security" button; Click on "Show Cookies"; Select the Cookies concerned and click on "Delete"; You can also click on “Clear all”; Finally, after deleting the cookies, click on "Done".

Google Chrome

Click on the “Tools” menu icon; Select "Options"; Click on "Advanced options" then on "Confidentiality"; Click "Show Cookies"; Select or delete the affected files; Finally, click on "Close" to return to your browser.

ARTICLE 11: Deleting of the User account

The User can at any time delete the account he has created. It is however agreed that the current invoices are due to the Company.

In the event of an account deletion, the User will no longer have access to the Data previously processed via the Platform.

In order to unsubscribe, the User will inform the Company at the following email address: hello@supertripper.com.

ARTICLE 12: Changes to the Privacy Policy

Supertripper reserves the right to modify this agreement when such modification seems necessary in response to local, technical or commercial developments. The User will be informed of the modification of this agreement.

ARTICLE 13: How to contact us?

In case of necessity or questions regarding the protection of his personal data, the User is invited to contact us at the address data@supertripper.com or can go to the CNIL website accessible at the address https://www.cnil.fr/fr