The aim of this document is to inform you about the processing of personal data which takes place in the context of the operation of the contact platform operated by Wecasa.
Protecting the personal data we process is of the utmost importance to us and we do it with great care.
The purpose of this section is to define the most commonly used terms in the policy on personal data.
With regard to the terms under the Regulation, they should be understood according to the meaning given to them in the GDPR. For example, personal data is defined as any information which is related to an identified or identifiable natural person.
If you would like more information regarding vocabulary specific to personal data, we would like to refer you to the glossary established by CNIL (National Commission on Informatics and Liberty) which can be found on their website at the following address: https://www.cnil.fr/en/glossaire.
You can also access the GDPR at the following address: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
For most cases of personal data processing on the Platform, the data controller is the company Wecasa.
For other data processing, we would like to inform you that the Users and Wecasa are "joint controllers", according to the GDPR. This means that Wecasa and the User share the responsibility for certain types of processing. This is required because of the way our service works, as explained later on.
In accordance with Article 26 of the GDPR, we have formalised this sharing of responsibilities in an agreement, an outline of which we provide to Customers; please refer to the attached appendix.
In addition, any User can contact Wecasa by email at firstname.lastname@example.org.
We will endeavour to reply in a reasonable time frame.
Most personal data is collected by Wecasa during the use of Services, which requires the provision of personal data in order to ensure the operation of Services. For example, you must provide data relating to your identity in order to create an Account.
There are two situations in which we may also collect certain data without you having an Account or using Wecasa Services (Comment for Parallel Avocats: to be confirmed by Wecasa):
In light of the above, Wecasa directly or indirectly collects the following personal data.
The table below details the different personal data which Wecasa processes, its purpose and its legal basis.
The purpose of processing is defined by Wecasa. It states the specific reason why we process the data in question.
Conversely, the legal basis is exhaustively listed in the GDPR (Article 6) and we detail below the legal basis which we have selected for each type of processing.
|Processing||Purpose(s)||Data concerned||Legal basis|
|Creating a Customer Account||Enables consumers to sign up to Wecasa and have an account in order to use Wecasa Services||Identity data, Contact information||Performance of a contract: The T&Cs|
|Creation of a Partner Account||Enables Partners to sign up to Wecasa and have an account in order to use Wecasa Services||Identity data, Professional identity data, Contact information, Bank data||Performance of a contract: The T&Cs|
|For a Customer to make a Booking||Enables Customers to book an At- home Service on the Platform||Identity Data, Contact Information, Transaction data||Performance of a contract: The T&Cs|
|Connecting a Customer and a Partner||Enables a Partner to provide an At- home Service at the Customer's home||Identity data, Contact information, Geolocation data||Performance of a contract: The T&Cs|
|Creation of a dedicated profile for each Partner||Enables Wecasa to ensure the most relevant connections possible||Identity data, Professional identity data, Assessment data, Profile data||Wecasa legitimate interests|
|Payment of an At- home Service||Enables Customers to pay for their At-home Service via Wecasa and the payment services offered on the Platform||Identity data, Contact information, Transaction data, Bank data||Performance of a contract: The T&Cs|
|Partner payment and invoicing||
Enables Partners to be paid via the payment services offered on the Platform.
Enables Wecasa to invoice the Customer in the name, and on behalf of, the Partner
|Identity data, Contact information, Bank data||Performance of a contract: The T&Cs|
|Prospecting for service providers||Encourages service providers to sign up to, and offer their services on, the Platform in order to create a community of partner users||Identity data, Contact information||Wecasa legitimate interests - to have as many listed service providers on the Platform as possible|
|Customer relationship management||Enables Wecasa to manage its community of Customers, to make promotional offers, to inform the Customer about new features of Wecasa Services||Identity data, Contact information, Marketing and communication data||Wecasa legitimate interests - to manage and develop its clientele|
In order to operate Wecasa Services, we use a number of digital tools operated by third-party companies. In this context, some personal data is sent to them.
For example, the management of payments and the handling of funds are run by Stripe, a payment services provider which has the necessary authorisation to practice this activity. In this context, Customer payment data and Partner financial data are sent to Stripe in order to ensure the operation of the Platform.
Likewise, as the data controller, we use the software suite produced by the company Zoho for the management of relationships between Users and Prospects. This software helps us to manage customer services, for example, by allowing us to track requests in a structured manner, and to integrate a chat box to the Wecasa Services. In this context, some of your personal data is sent to Zoho, which therefore acts as a processor for Wecasa.
In general, your data may be sent to third-party companies, but this transmission will be in line with the framework for the use of digital tools provided by third-party service providers.
In that respect, Wecasa has implemented organisational and contractual measures, and has undertaken the necessary verifications to ensure that the third parties who have access to your personal data comply with the applicable regulations with regard to the protection of personal data.
When a Customer is making a Booking, Wecasa sends some personal data to the Partner so that they can carry out the At-home Service at the Customer's home. It includes, for example, the Customer's name, surname, photo or home address. This is necessary for the smooth operation of Wecasa Services.
In these types of situations, we consider Wecasa and the Partner to be joint controllers according to the Regulation and to this end, we have a joint controller’s agreement with each of our Partners.
The outline of this agreement is detailed in the appendix of this document. This appendix enables Customers to learn more about the sharing of responsibility, which was decided between Wecasa and the Partners, for data processing by the Partner in the context of Wecasa Services.
The Users' data is processed throughout the duration of their relationship with Wecasa.
Thereby if you are a Customer, we process your personal data if your Account is active or when you make a Booking. If you are a Partner, we also process your data if your Account is active or if you provide At-home Services through the Platform.
Our relationship can be terminated by various situations, including: (i) you explicitly state your wish to terminate the T&C agreement and to give up the use of Wecasa Services, (ii) you ask for your Account, and all personal data associated with it, to be deleted or (iii) your Account is inactive during a specific period, set at 5 years for Customers and 5 years for Partners.
From the moment our relationship ends, we implement a retention policy for your personal data.
Wecasa has set the personal data retention period at 5 years, starting from when our relationship ends. We have chosen this retention period duration because of specific legal, fiscal and social obligations we have, and in particular, in view of the main statute of limitations for civil matters, which is equal to 5 years.
For data concerning Prospects, our policy is as follows: we retain the data for a period of three years, starting from the collection of this data or the last contact made by the Prospect (for example, a request for documentation or clicking on a hypertext link contained in an email).
Wecasa has implemented all the appropriate technical and organisational measures in order to guarantee the rights and freedoms of Users, particularly by protecting personal data against unauthorised access, destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed.
All software and digital tools which we use are password-protected and there is limited access to certain data (for example, only some people at Wecasa have access to the transaction data supplied by Customers and sent to our payment services provider).
In accordance with the Regulation, you have a certain number of rights relative to your personal data. The main rights are as follows:
The exercise of your rights is not unlimited (we reserve the right to not reply to requests which are manifestly unfounded or excessive) and each right is subject to conditions which are imposed by the Regulation.
Some of these conditions are applicable to most of the rights you have, and you will have to comply with them for each of your requests. In this respect, we would like to inform you of the following elements:
Moreover, the exercise of each of your rights may be restricted or limited due to certain conditions which are specific to the exercise of a given right.
For example, the right to erasure, as stated in Article 17 of the GDPR (also called the "right to be forgotten"), can only be exercised in specific, well-defined situations (there are "open cases").
In any case, the conditions specific to each right are reviewed during each request and we will endeavour to provide you with as clear an answer as possible.
We may regularly amend this personal data policy because the way in which we process personal data may change due to the evolution of our technology solution, our services or applicable rules. If this is the case, you will be informed of any updates, either by email or by way of a statement on our website, at least 8 days before a significant amendment of the personal data policy.