Privacy Policy and Personal Data Management Policy

Last updated on 19/12/2019

The aim of this document is to inform you about the processing of personal data which takes place in the context of the operation of the contact platform operated by Wecasa.

Protecting the personal data we process is of the utmost importance to us and we do it with great care.

1. Definitions and vocabulary used

The purpose of this section is to define the most commonly used terms in the policy on personal data.

  • “Application” : means the mobile application operated by Wecasa for Customers only, and which is available on iOS and Android.
  • “Wecasa Pro Application” : means the mobile application operated by Wecasa for Partners only, and which is available on iOS and Android.
  • “Customer” : means any natural or legal person using the Platform with the aim of being put in contact with a Partner in order to receive an At-home Service.
  • “Booking” : means a booking of an At-home Service made by a Customer.
  • “Account” : means a User's personalised and dedicated digital space on the Platform.
  • “Partner” : means a service provider operating as a company or as self-employed, duly registered on the Platform, and possessing the necessary skills to provide At- home Services.
  • “Platform” : means the contact platform operated by Wecasa which is accessible via the Website, the Application and the Wecasa Pro Application, enabling the provision of Wecasa Services.
  • “At-home Service” : means the provision of services at home by a Partner to a Customer in the area of beauty, hair, massages, and any other provision of services at home offered on the Platform.
  • “Prospects” : means service providers active in the areas relating to At-home Services and who may be subject to prospecting by Wecasa.
  • “Regulation” : means Regulation (EU) 2016/279 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Law 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (Loi N°78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés) in the version in force of the date hereof.
  • “Wecasa Services” : means all services Wecasa provides to Users (such as putting Partners and Customers in contact, invoice and payment tools, insurance for At-home Services, etc.).
  • “Website” : means the website located at www.wecasa.co.uk, as well as all sub-domains.
  • “User” or “You” : means a Customer or a Partner who uses the Platform, or if applicable, a Prospect.
  • “Wecasa” or “We/Us” : means the SAS Wecasa, the data controller in accordance with the Regulation, registered with the Paris Trade and Companies Register under number 822 686 788, and located at 46-48, rue René Clair 75018 Paris.

With regard to the terms under the Regulation, they should be understood according to the meaning given to them in the GDPR. For example, personal data is defined as any information which is related to an identified or identifiable natural person.

If you would like more information regarding vocabulary specific to personal data, we would like to refer you to the glossary established by CNIL (National Commission on Informatics and Liberty) which can be found on their website at the following address: https://www.cnil.fr/en/glossaire.

You can also access the GDPR at the following address: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.

2. Identity and contact information of the data controller

For most cases of personal data processing on the Platform, the data controller is the company Wecasa.

For other data processing, we would like to inform you that the Users and Wecasa are "joint controllers", according to the GDPR. This means that Wecasa and the User share the responsibility for certain types of processing. This is required because of the way our service works, as explained later on.

In accordance with Article 26 of the GDPR, we have formalised this sharing of responsibilities in an agreement, an outline of which we provide to Customers; please refer to the attached appendix.

In addition, any User can contact Wecasa by email at [email protected].

We will endeavour to reply in a reasonable time frame.

3. Personal data collected

Most personal data is collected by Wecasa during the use of Services, which requires the provision of personal data in order to ensure the operation of Services. For example, you must provide data relating to your identity in order to create an Account.

There are two situations in which we may also collect certain data without you having an Account or using Wecasa Services:

  • Prospecting data: we collect personal data relating to Prospects directly from our business directories, in order to introduce professionals to our Platform and to offer them the opportunity to sign up.
  • Cookies and other trackers: simply browsing the Website or Applications may lead us to use cookies (for more information, please refer to our cookie management policy, available at the following address: https://www.wecasa.co.uk/page/cookie-policy).

In light of the above, Wecasa directly or indirectly collects the following personal data.

3.1 Data about the Customers

  • Identity data – title, name, surname, company name (if applicable).
  • Contact information – email address, postal address, phone number.
  • Transaction data – bank card numbers (in order to process payments, we work with Stripe, a third party payment services provider).
  • Technical data – Internet Protocol (IP) address, sign-in data (in particular, user ID and password), device used, browser.
  • Geolocation data – Geolocation of the address.
  • Marketing and communication data – Customer preferences for receiving marketing information from Wecasa, the Website pages visited, the page visitors come from.
  • Operational data – the interaction of Customers with the Wecasa Services and phone call transcriptions, "Chat box" discussions with Customers on the Website and the Application.
  • Information and communication between Customers through the Platform – different types of data which allow us to improve our knowledge of the use of the technological tools implemented by Wecasa, and to fight against fraud.

3.2 Data about the Partners

  • Identity data – title, name, surname, ID card number, date of birth.
  • Professional identity data – SIRET number or Kbis extract with the company name and RCS registration number, intracommunity VAT number, authorisation of personal services.
  • Contact information – postal address or headquarters, email address, phone number.
  • Bank data – bank account details.
  • Technical data – Internet Protocol (IP) address, sign-in data (in particular, user ID and password), pages visited on the Website, the page visitors come from.
  • Operational data – the interaction of Partners with the Wecasa Services and phone call transcriptions, "Chat box" discussions with Partners on the Website and the Application.
  • Assessment data – information about qualifications, degrees and the certification of Partners.
  • Profile data – photo, Partner score determined by our algorithm which is based on various criteria, Customer reviews following satisfaction surveys.
  • Technical data – Internet Protocol (IP) address, sign-in data (password), device used.
  • Geolocation data – Geolocation of the Partner.
  • Information and communication between Partners through the Platform – different types of data which allow us to improve our knowledge of the use of the technological tools implemented by Wecasa, and to fight against fraud.

3.3 Data about Prospects

  • Identity data – title, name, surname.
  • Personal identity data – company name, RCS registration number, SIRET number.
  • Contact information – postal address, email address, phone number.
  • Operational data – the interaction of Prospects with Wecasa employees and phone call transcriptions.

4. The types of processing we carry out, their purpose and their legal basis

The table below details the different personal data which Wecasa processes, its purpose and its legal basis.

The purpose of processing is defined by Wecasa. It states the specific reason why we process the data in question.

Conversely, the legal basis is exhaustively listed in the GDPR (Article 6) and we detail below the legal basis which we have selected for each type of processing.

Processing

Purpose(s)

Data concerned

Legal basis

Creating a Customer Account

Enables consumers to sign up to Wecasa and have an account in order to use Wecasa Services

Identity data, Contact information

Performance of a contract: The T&Cs

Creation of a Partner Account

Enables Partners to sign up to Wecasa and have an account in order to use Wecasa Services

Identity data, Professional identity data, Contact information, Bank data

Performance of a contract: The T&Cs

For a Customer to make a Booking

Enables Customers to book an At- home Service on the Platform

Identity Data, Contact Information, Transaction data

Performance of a contract: The T&Cs

Connecting a Customer and a Partner

Enables a Partner to provide an At- home Service at the Customer's home

Identity data, Contact information, Geolocation data

Performance of a contract: The T&Cs

Creation of a dedicated profile for each Partner

Enables Wecasa to ensure the most relevant connections possible

Identity data, Professional identity data, Assessment data, Profile data

Wecasa legitimate interests

Payment of an At- home Service

Enables Customers to pay for their At-home Service via Wecasa and the payment services offered on the Platform

Identity data, Contact information, Transaction data, Bank data

Performance of a contract: The T&Cs

Partner payment and invoicing

Enables Partners to be paid via the payment services offered on the Platform.
Enables Wecasa to invoice the Customer in the name, and on behalf of, the Partner

Identity data, Contact information, Bank data

Performance of a contract: The T&Cs

Prospecting for service providers

Encourages service providers to sign up to, and offer their services on, the Platform in order to create a community of partner users

Identity data, Contact information

Wecasa legitimate interests - to have as many listed service providers on the Platform as possible

Customer relationship management

Enables Wecasa to manage its community of Customers, to make promotional offers, to inform the Customer about new features of Wecasa Services

Identity data, Contact information, Marketing and communication data

Wecasa legitimate interests - to manage and develop its clientele

5. Recipients of your personal data

5.1. Third-party companies we work with in order to operate Wecasa Services

In order to operate Wecasa Services, we use a number of digital tools operated by third-party companies. In this context, some personal data is sent to them.

For example, the management of payments and the handling of funds are run by Stripe, a payment services provider which has the necessary authorisation to practice this activity. In this context, Customer payment data and Partner financial data are sent to Stripe in order to ensure the operation of the Platform.

Likewise, as the data controller, we use the software suite produced by the company Zoho for the management of relationships between Users and Prospects. This software helps us to manage customer services, for example, by allowing us to track requests in a structured manner, and to integrate a chat box to the Wecasa Services. In this context, some of your personal data is sent to Zoho, which therefore acts as a processor for Wecasa.

In general, your data may be sent to third-party companies, but this transmission will be in line with the framework for the use of digital tools provided by third-party service providers.

In that respect, Wecasa has implemented organisational and contractual measures, and has undertaken the necessary verifications to ensure that the third parties who have access to your personal data comply with the applicable regulations with regard to the protection of personal data.

5.2. The Partners (for some Customer data), in order to fulfil Bookings

When a Customer is making a Booking, Wecasa sends some personal data to the Partner so that they can carry out the At-home Service at the Customer's home. It includes, for example, the Customer's name, surname, photo or home address. This is necessary for the smooth operation of Wecasa Services.

In these types of situations, we consider Wecasa and the Partner to be joint controllers according to the Regulation and to this end, we have a joint controller’s agreement with each of our Partners.

The outline of this agreement is detailed in the appendix of this document. This appendix enables Customers to learn more about the sharing of responsibility, which was decided between Wecasa and the Partners, for data processing by the Partner in the context of Wecasa Services.

6. Data retention period for your personal data

The Users' data is processed throughout the duration of their relationship with Wecasa.

Thereby if you are a Customer, we process your personal data if your Account is active or when you make a Booking. If you are a Partner, we also process your data if your Account is active or if you provide At-home Services through the Platform.

Our relationship can be terminated by various situations, including: (i) you explicitly state your wish to terminate the T&C agreement and to give up the use of Wecasa Services, (ii) you ask for your Account, and all personal data associated with it, to be deleted or (iii) your Account is inactive during a specific period, set at 5 years for Customers and 5 years for Partners.

From the moment our relationship ends, we implement a retention policy for your personal data.

Wecasa has set the personal data retention period at 5 years, starting from when our relationship ends. We have chosen this retention period duration because of specific legal, fiscal and social obligations we have, and in particular, in view of the main statute of limitations for civil matters, which is equal to 5 years.

For data concerning Prospects, our policy is as follows: we retain the data for a period of three years, starting from the collection of this data or the last contact made by the Prospect (for example, a request for documentation or clicking on a hypertext link contained in an email).

7. Security of your Data

Wecasa has implemented all the appropriate technical and organisational measures in order to guarantee the rights and freedoms of Users, particularly by protecting personal data against unauthorised access, destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed.

All software and digital tools which we use are password-protected and there is limited access to certain data (for example, only some people at Wecasa have access to the transaction data supplied by Customers and sent to our payment services provider).

8. Your rights

8.1 Your rights

In accordance with the Regulation, you have a certain number of rights relative to your personal data. The main rights are as follows:

  • Right of access : you have the right to know what data Wecasa has about you and obtain a copy of it.
  • Right to rectification and erasure : you have the right to request that erroneous or obsolete personal data about you be rectified or deleted.
  • Right to object and to restriction of processing : you have the right to object to the way in which Wecasa processes your personal data or to ask that it be restricted wherever possible, subject to any compelling legitimate grounds which Wecasa may have for continuing to process it.
  • Right to data portability : you can ask InMemori to send data about you in a structured, commonly used and machine-readable format in order to transmit it to another data controller, subject to that being possible.
  • The right to lodge a complaint with the CNIL : you can contact CNIL if you believe that Wecasa is not complying with certain rules relating to the protection of personal data.

8.2 Exercise your rights

The exercise of your rights is not unlimited (we reserve the right to not reply to requests which are manifestly unfounded or excessive) and each right is subject to conditions which are imposed by the Regulation.

Some of these conditions are applicable to most of the rights you have, and you will have to comply with them for each of your requests. In this respect, we would like to inform you of the following elements:

  • Identity : you must prove your identity for each request you make, and state the address which Wecasa should reply to (unless you send an email, in which case we will reply to the sending address). This is a basic requirement to prevent your personal data from being disclosed to third parties. In this respect, we would like to inform you that we have the right to ask you for additional information if we are unsure about your identity. The rights relating to your data are strictly personal. If you wish for a third-party to exercise them on your behalf, you must provide a mandate, as well as your identity and the identity of the authorised representative.
  • Response time : Wecasa will reply within a reasonable time frame, which we consider as one month in principle. However, this time frame may be extended to two months due to the complexity or number of requests you have submitted.
  • Free : the exercise of your rights is, in principle, free. However, we may ask you to participate towards some fees if your requests entail significant costs for us, especially if you request more than one copy of the information we provide.

Moreover, the exercise of each of your rights may be restricted or limited due to certain conditions which are specific to the exercise of a given right.

For example, the right to erasure, as stated in Article 17 of the GDPR (also called the "right to be forgotten"), can only be exercised in specific, well-defined situations (there are "open cases").

In any case, the conditions specific to each right are reviewed during each request and we will endeavour to provide you with as clear an answer as possible.

9. Amendment of the personal data policy

We may regularly amend this personal data policy because the way in which we process personal data may change due to the evolution of our technology solution, our services or applicable rules. If this is the case, you will be informed of any updates, either by email or by way of a statement on our website, at least 8 days before a significant amendment of the personal data policy.