Cirkwi Privacy Policy

This section details the privacy policy of CIRCUITS SAS (hereinafter, the 'Company') regarding your personal data from websites, widgets, applications, APIs, or modules (hereinafter, the 'Service') published by the Company, in accordance with the General Data Protection Regulation which took effect on 05/25/2018 across Europe. It is an opportunity for the Company to demonstrate greater transparency regarding the data it collects and its use, in order to strengthen trust for any person (hereinafter, the 'User').

When the User uses the Service, they entrust certain personal data. This privacy policy is designed to help the User understand what data the Company collects, why it collects it, and what it does with it.

1. Rights Granted to the User by the GDPR

European data protection rules grant the User the following rights, among others:

• Right of access: The User has the right to obtain from the Company confirmation as to whether or not personal data concerning them are being processed and, where that is the case, access to the personal data and the following information.
• Right to rectification: If the Company processes personal data concerning the User, it strives, by implementing appropriate measures, to ensure that the personal data are accurate and up-to-date for the purposes for which they were collected. If personal data are inaccurate or incomplete, the User has the right to have the data rectified. To exercise this right, they may contact the Company at any time using the procedures described in the 'Company Contact Methods' section of these T&Cs. They may also modify the information provided in the settings of their Account accessible from the Service.
• Right to erasure of personal data concerning the User and right to restriction of processing: The User may have the right to obtain from the Company the erasure of personal data concerning them or restriction of processing of such data.
• Right to withdraw consent: If the User has consented to the processing of personal data concerning them, they have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to data portability: The User may have the right to receive the personal data concerning them, which they have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
• Right to object: The User may have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them.

To exercise any of these rights, the User may contact the Company at any time using the contact methods described in the 'Company Contact Methods' section of these T&Cs.

2. Description of Personal Data Collected

2.1 Types of Data Collected

The personal data that the Company collects from Users include, but are not limited to:

• their names and surnames;
• their postal address;
• their email address;
• their IP address (virtual address assigned to the connected device on the internet);
• their unique identifier and password;
• their phone number;
• transactions carried out via the Service, such as the registration of licenses and payments;

The Company may also collect and process data on how the User uses the Services, views the Contents, and other related activities.

In the context of registration and login using a third-party service, such as Google OAuth (Google LLC) or Facebook Login (Facebook, Inc.), the Service may collect personal data from the third-party service, including the User's email address (or phone number) and their names and surnames. It is noted that the use of a third-party service for registration or login is subject to the terms of use of the third party. Furthermore, registration or login using a third-party service results from a freely given choice by the User, in that the use of a third-party service is not the default method for registration or login and is only provided for convenience.

2.2 Cookies and Other Locally Stored Data

The Service may collect and store data (including personal data) on the User's device, using mechanisms such as web browser storage (cookies, local storage) and application data caches.

The Service stores in local storage or cookies:

• certain User preferences regarding the display of the Service, such as language
• the User's geolocation;
• the User's choice when they accept the recording of cookies

This information is only useful for the operation of the Service and the optimization of its ergonomics; they are not recorded on the Company's servers.

The Company participates in and complies with all Specifications and Policies of the IAB Europe Transparency & Consent Framework. It uses Consent Management Platform No. 92.

2.3 Use of Background Location Data

More specifically, the User's geolocation is used to guide the User when their device is in standby or when the application operates in the background, to suggest points of interest nearby and to provide a summary of their journey (duration, average speed, etc.).

2.4 Data Used by the Company's Technological Partners

The Company collaborates with partners who may write third-party cookies that are then used by them across their services. Here is a list, which may be amended depending on the needs of the Company, while remaining compliant with this privacy policy:

• Google / Google Adsense: The data contained in cookies inform Google about the pages, products, and services that the User has visited, and allow it to offer appropriate advertisements. Google writes both persistent and temporary cookies. The cookies do not store personal data. Deleting or disabling these cookies will not impair the functionality of the Service.
• Google Analytics: The Service may use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter 'Google'). Google Analytics uses cookies that are stored on the User's device, if they allow it, and facilitate the analysis of their use of the Service and its online functions. The information generated by the cookies about the use of the Service is transmitted to Google and stored by Google on its servers. On behalf of the Company, Google will use this information for the purpose of evaluating the User's use of the Service, compiling reports on activity, and providing other services related to activity and usage for the Company. The data received through Google Analytics may be combined with data obtained through the User's Account and used for the purposes described in this Privacy Policy. The Company has a legitimate interest in processing this information to improve its service for the benefit of the User. The User has the right to object at any time, for reasons relating to their particular situation, to such processing of their data by preventing their collection (including their IP address) by the cookie and the processing of these data by Google by following the link below and downloading the appropriate plugin for their browser: https://tools.google.com/dlpage/gaoptout. For more information on data collection via Google Analytics, see the following page: https://support.google.com/analytics/answer/6004245.
• DoubleClick (Google): The User can consult DoubleClick's privacy policy from their site: https://www.doubleclickbygoogle.com/. DoubleClick collects certain non-personally identifiable information in order to better target advertising. If the User wishes to refuse this collection, they can follow the instructions on the site for 'Opting out of advertising cookies,' and DoubleClick will replace their cookie with another one that does not contain a unique user identifier, thus preventing DoubleClick from collecting information about the User's internet use.

3. Purpose of Processing Personal Data

The controller of the personal data of the User is the Company, whose contact details are listed in the preamble of these General Conditions of Use. The management, sales, customer service, accounting, and technical departments have access to the information in the performance of their duties, when necessary. The personal data collected from the User and processed by the Company are intended to:

• allow the User to access the entire Service in an individualized and secure manner;
• establish general statistics on the traffic of the Service and the various sections contained therein;
• provide a support service and transmit to the User responses to their inquiries and various information;
• improve and optimize the Service and its performance;
• send by email to the User newsletters ('newsletter') on the development of the Service and the various sections of the Service;

4. Data Security

The Company assures the User that it recognizes the importance of providing them with a secure environment. Therefore, the Company implements precautions in line with customary practices and the state of the art to preserve the User's personal data against unauthorized access or unauthorized modification, disclosure, or destruction, in light of the nature of the data and the risks presented by the processing performed.

In particular:

• reviewing its data collection, storage, and processing practices, including physical security measures, to protect against unauthorized access to systems.
• limiting access to personal information to authorized services and individuals, who are subject to strict contractual confidentiality obligations.

5. Data Retention Period

5.1 Data Stored Directly by the Company

The Company undertakes to retain the User's personal data only for the time necessary to achieve the purposes for which they were collected and processed or, if applicable law provides for a longer storage and conservation period, for the duration prescribed by law. Personal data are then pseudonymized, anonymized, aggregated, or deleted.

5.2 Cookies and Other Locally Stored Data on the User's Devices

The Company informs the User through this privacy policy that web browsers and mobile devices allow them to limit the behaviors of locally stored data or disable them in the settings or options. The steps to do this are different for each browser, and the User can find instructions in the 'Help' menu of their browser. Through the browser or their device, the User can also view the cookies already registered, and delete them one by one or all at once. Cookies are text files so the User can open them and read their contents. The data contained within are often encrypted and correspond to a web session, so they only make sense to the Service that wrote them. If the User disables cookies, they will no longer be able to log in to their Account on the Service or use it properly.

6. Communications with the User

When the User sends an email or any other communication to the Company, it may use these communications to process the questions and respond to the User's requests. The execution of this service at the request of the User (Article 6, paragraph 1, point b) of the GDPR) constitutes the legal basis for processing these data.

At any time the User has the option to accept or refuse to receive communications from the Company, whether by mail, email, phone, or any other means they may specify. When the User agrees, in accordance with the provisions provided by the GDPR, the Company may send the User commercial or informational communications.

7. CNIL and GDPR Declaration

In accordance with the provisions of Law No. 78-17 of January 6, 1978, on Data Processing, Data Files, and Individual Liberties, amended by Law No. 2004-81 of August 6, 2004, the User is informed that the Company has made a simplified declaration to the CNIL registered under the number CAm0602969x. The Company commits to protecting all personal data of the User, which data are collected and processed by the Company with the strictest confidentiality, in accordance with the provisions of the aforementioned Law.

The Company also assures the User that any collections and processing of personal data are carried out in accordance with the 2018 General Data Protection Regulation.