Privacy Policy


1. Foreword

  1. The Company believes that trust is the key to successful and lasting relationships. In this regard, the protection of personal data and the privacy of its current and potential customers (the "  Users  ") is no exception.
  2. This is why the Company pays particular attention to only collecting and processing their personal data with the greatest care and in strict compliance with the applicable legal framework.
  3. In order to provide information in the most transparent manner possible, the Company has drawn up the following privacy notice. This notice is intended to explain in detail why and how Users' personal data is processed when they browse the  pleenk.com website  (the "  Site  ") and/or the Pleenk mobile application (the "  Application  ") or use the services offered by the Company (the "  Services  ").

2. Scope and purpose of this privacy notice

  1. This privacy notice (hereinafter the “  Privacy Policy  ”) aims to inform you, as a User, about how the Company, as data controller, processes information that can identify them, directly or indirectly (the “  Personal Data  ”), when they use the Site and the Application.
  2. This policy, accessible at any time on the Site and the Application, is the only applicable policy and prevails over all previous versions.
  1. When a User uses the Services, the Company processes his/her Personal Data for various purposes detailed below, each of which is duly legitimized by a valid legal basis.
  2. Browsing Information.  In order to enrich the User experience, the Company wishes to understand their interactions with the Services. This is why the Company needs to analyze various browsing information from its Application.
  3. Browsing information is not cross-referenced with the User's identity and is not used for marketing purposes.
  4. To do this, the Company relies on its legitimate interest which consists of (i) understanding how its Website and its Application are browsed; and (ii) improving the Services if necessary.
  5. Correspondence and communications.  The Company collects and processes Personal Data in order to respond to any questions, requests, or feedback that Users may submit to the Company, whether initiated by the Company or not. This Data is never shared with third parties.
  6. Thus, the collection and processing of Personal Data by this means can only take place following a question, request or feedback that is sent directly by post or email to the Company. Outside of this situation, Personal Data will never be collected by this means.
  7. This processing involves the collection of the following categories of Personal Data: (i) identification data (i.e. the information provided, including name and email address) and (ii) the content of the message(s) you send to the Company.
  8. This processing is based on the Company's legitimate interest in managing its relationships with Users.
  9. Account Management.  Users must create an account on the Platform to access the Services, which involves undergoing a significant Know Your Customer (KYC) procedure.
  10. To manage this account, and in particular to allow Users to access content reserved for account holders only, the Company collects and processes a certain number of the following Personal Data: first names and surnames; date and place of birth; age; nationality; email address or telephone number; IP address; digital asset portfolio details; copy of an official identity document. This Data is only communicated to third parties with the express consent of users.
  11. The legal basis for this processing lies in the need for the Company (i) to perform a contract to which the User is a party and (ii) to comply with its obligations regarding the fight against money laundering and terrorist financing (AML/CFT).
  12. Authentication Service.  To access the identity authentication service, Users must create an account and provide the Personal Data listed above (account management).
  13. The legal basis for this processing lies in the need for the Company (i) to perform a contract to which the User is a party.
  14. Order management . The Company may collect the following Personal Data necessary for order management and invoicing: bank details, account number, first and last names; email address; IP address; and digital asset portfolio details. This Data is only communicated to third parties with the express consent of users.
  15. The legal basis for this processing is the need to perform a contract to which the User is a party.
  16. Payment and withdrawal management . Payment and withdrawal management is carried out by a service provider external to the company, under the conditions specified below (4. Recipients of Personal Data). For the operation of the Services, Users must consent to the collection of Personal Data by service providers external to the Company. This data is the User's bank details as well as their first and last names, in accordance with the Company's general terms and conditions of sale.
  17. The legal basis for this processing lies in (i) the need to perform a contract to which Users are parties as soon as they become customers of the Company (management of purchases, withdrawals) as well as in (ii) compliance with legal obligations related to the fight against payment card fraud.
  18. Users are never forced to provide Personal Data that the Company may request. However, the Company draws their attention to the fact that if they refuse, access to the Services may be limited, suspended or even impossible.
  19. In any event, and regardless of the purpose sought by the processing in question, the Company will comply with a strict principle of data minimization and will therefore only collect and process the Personal Data necessary for the aforementioned purposes.

4. Recipients of Personal Data

  1. The Company shares Personal Data with third-party service providers and suppliers who assist the Company in achieving the objectives specified in this Privacy Policy. As subcontractors of the Company, service providers and suppliers may have access to Personal Data for the sole purpose of carrying out the tasks entrusted to them. The Company ensures that service providers and suppliers provide sufficient guarantees for the performance of the task and comply with applicable laws and regulations.
  2. As part of the identity authentication service, the Company shares Users' personal data with Partners only after agreement via the Pleenk interface of the User concerned. In this case, the Partner acts as a subcontractor of the Company. The Company ensures that Partners only process data for the purposes determined in this policy, that they provide sufficient guarantees for the execution of the mission and comply with applicable laws and regulations.
  3. Where applicable, the Company shares Personal Data with the competent courts and any other governmental and/or public authority requesting access to Personal Data, to the extent legally permitted.
  4. In any event, the Company only communicates Personal Data to the above-mentioned recipients on a strict need-to-know basis and only to the extent necessary to achieve the duly identified processing objectives.
  5. If the Company considers that it is not necessary to keep the User's Personal Data in its active database, the Company will archive them and ensure that access to them is limited to a small number of people with a real need to access the Personal Data in accordance with the Company's legal obligations.

5. Retention periods

  1. The Company retains Personal Data for a limited period which may not exceed under all circumstances the time necessary to achieve the objectives described in Article 3 of this privacy policy.
  2. Correspondence and communications.  Personal Data resulting from User questions, requests or feedback is not kept for more than five (5) years after the last contact initiated by the User.
  3. Account Management . The Company will retain Personal Data until the account is closed. However, if the Company needs to retain Personal Data for evidentiary purposes beyond the date of closure of your online account, the maximum retention period applicable will then be in accordance with legal limitation periods.
  4. Order management . With regard to order management, Personal Data will be kept for the entire duration of the commercial relationship and ten (10) years after this duration for accounting obligations.
  5. Payment management . Personal Data is stored:

in the event of a purchase and sale transaction, until the performance of the service;

in the event of a subscription, until the last payment due date, if the subscription does not provide for automatic renewal;

  1. Regarding the retention of evidence in order to manage any potential claims, the data is retained for a period of 13 months, following the debit date. Data thus retained for evidentiary purposes must be kept in an intermediate archive and only used in the event of a dispute over the transaction.
  2. If the Company considers that it is not necessary to keep the Personal Data in the Company's active database, they will be archived and the Company will ensure that access to them will be limited to a small number of people with a proven need to access the Personal Data.

6. Transfer of Personal Data

  1. Personal data may be processed outside the territory of the European Union. In this situation, the Company takes all necessary precautions and ensures alternatively or cumulatively that (i) an adequacy decision has been taken by the European Commission concerning the country of destination; (ii) contractual clauses adopted by the European Commission or the supervisory authority have been signed with the recipient; (iii) the recipient adheres to an approved code of conduct or certification mechanism.

7. User Rights

  1. Users have various rights regarding the processing of their Personal Data. These are as follows:

right to request from the Company access to their Personal Data and their rectification or erasure;

right to request from the Company the restriction of processing concerning the User;

right to object to the processing of Personal Data;

right to portability of Personal Data;

right to give instructions regarding the use of Personal Data after the User's death; and

right to lodge a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), the competent supervisory authority.

  1. To exercise their rights or for any questions regarding the protection of Personal Data, Users must make a request accompanied by proof of identity by mail addressed to the Company at HYPERWEB, 66 avenue des Champs Elysées, 75008 Paris, France, or by email to  help@pleenk.com .
  2. The Company strives to respond without undue delay and at the latest within one (1) month after receipt of the request. The Company reserves the right to extend this period to three (3) months in the case of a complex request.
  3. The Company is committed to protecting Personal Data and complying with the applicable legal framework regarding Data protection.
  4. This is why the Company collaborates with Users. Thus, Users undertake to inform the Company if the Personal Data they have shared with the Company becomes obsolete or inaccurate.
  5. Furthermore, in the event that Users provide the Company with information that can identify, directly or indirectly, any other natural person (for example, Users have sent a request to the Company and shared Personal Data about another natural person in the email), they represent and warrant that, before sharing such information with the Company, such other natural persons have received this Privacy Policy and, to the extent applicable, have consented to the processing of their Data.

8. Security

  1. The Company undertakes to take appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data processed.

9. Cookies

  1. Users are informed that information called  Cookies  may be transmitted to their browser or equipment by the Service when using the Website. When first browsing the Website, a “Cookies” banner may be displayed and ask to accept, refuse or configure  Cookies .
  2. The maximum retention period for  Cookies  is thirteen (13) months from the moment they are placed on the User's browser or equipment. At the end of this period, new consent will be required.
  3. Users can accept, refuse and/or delete some or all  Cookies .
  4. Users are informed that refusing certain  Cookies  may affect the provision of the Service provided and navigation on the Website, to the extent that these  Cookies  are necessary for the Company to provide the Site.
  5. Cookies  can be  configured in the browser's help menu, at the following URLs: