PRIVACY POLICY
Last updated: October 1, 2025
1. PREAMBLE
Your privacy is important to us. OB2J (operator of the appaloosa.io brand) is committed to respecting your privacy and complying with all applicable laws and regulations regarding personal information we may collect about you, including via our websites https://www.appaloosa.io, https://www.appaloosa-store.com, and any other websites we own and operate.
Personal information means any information about you that can be used to identify you. This includes information about you as an individual (such as name, address, and date of birth), your devices, your payment information, and even information about how you use a website or online service.
If our site contains links to third-party sites and services, please note that these sites and services have their own privacy policies. After following a link to third-party content, you should read their published privacy policy regarding how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
This policy has been in effect since October 1, 2025.
2. IDENTITY OF THE CONTROLLER
OB2J
Simplified joint-stock company (SAS) with share capital of €1,010.50
Registered office: 9 impasse Rolland, 64200 Biarritz, France
RCS Bayonne 901 232 520
VAT: FR82901232520
Data Protection Officer (DPO):
Jérémy Bodokh
Email: dpo@appaloosa.io
3. INFORMATION WE COLLECT
The information we collect falls into two categories: “voluntarily provided” and “automatically collected.”
“Voluntarily provided” information means any information you knowingly and actively provide when using or participating in our services and promotions.
“Automatically collected” information means any information automatically sent by your devices when accessing our products and services.
3.1 Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. This may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances under which it occurred. This data may include technical details about your device, what you were attempting to do when the error occurred, and other technical information related to the problem.
Please note that while this information may not be personally identifying in itself, it may be possible to combine it with other data to personally identify individuals.
Retention period for technical logs: 30 days + an archive for 1 year
3.2 Device Data
When you visit our website or interact with our services as a customer, we may automatically collect data about your device when using our mobile fleet management (MDM/MAM) solution, such as:
- Device type
- Operating system
- Unique device identifiers
- Device settings
The data we collect may depend on your individual device and software settings. We recommend reviewing your device manufacturer’s or software provider’s policies to learn what information they make available to us.
Geolocation data (iOS and Android):
Our service uses geolocation data only in specific and controlled circumstances:
- Purpose: Locating a lost or stolen device reported by the company’s IT administrator
- Legal basis: Geolocation is disabled by default and is only activated upon the express request of an authorized customer administrator for the strictly intended purposes (one-off location of a lost or stolen device).
- Processing: Geolocation operates in real time only when a location request is initiated by the authorized administrator
- No retention: We do not retain geolocation history by default. We retain it when Lost Mode is enabled until Lost Mode is exited. When required by the employer and when such request complies with applicable regulations and the employee’s employment contract, real-time geolocation is retained for 2 months.
3.3 Personal Information
We may ask for personal information—for example, when you subscribe to our newsletter or contact us—which may include one or more of the following:
- Last name
- First name
- Professional email
- Company
- Job title
- Phone number
3.4 User-Generated Content
We consider “user-generated content” to be materials (text content, images and/or video, applications) voluntarily provided by our users for the purpose of being published, processed, or used on our platform. Any user-generated content is associated with the account or email address used to submit the materials.
Please note that any content you submit for publication will be made available in your private app store after publication (and any subsequent review or verification process). Once published, it may be accessible to users or to third parties to whom you have explicitly granted access via our API, who are not covered by this Privacy Policy.
3.5 Transaction Data
Transaction data refers to the data that accumulates through the normal operation of our platform. This may include transaction records, stored files, user profiles, analytics and other metrics, as well as other types of information created or generated when users interact with our services.
3.6 Marketing Data
We collect marketing data when you sign up for our newsletter or engage with our marketing content. This data is retained for the duration of your consent, which you may withdraw at any time.
Retention period: For as long as the contact’s consent remains valid
4. LEGAL BASES FOR PROCESSING (GDPR)
We only collect and use your personal information where we have a lawful basis. In such cases, we will collect and use your personal information lawfully, fairly, and transparently.
Our legal bases depend on the services you use and how you use them. This means we only collect and use your information on the following bases:
4.1 Consent
When you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the means we provide; however, this will not affect any use of your information that has already taken place.
Example: You may consent to provide your email address for the purpose of receiving marketing emails from us. Although you can unsubscribe at any time, we cannot recall an email we have already sent.
4.2 Performance of a Contract or Transaction
When you have entered into a contract or transaction with us, or in order to take preparatory steps prior to entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information to process and deliver your order.
4.3 Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as enabling us to provide, operate, improve, and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures undertaken to operate our services efficiently, marketing analytics, and measures taken to protect our legal rights and interests.
4.4 Compliance with Law
In some cases, we may have a legal obligation to use or retain your personal information. These cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations.
5. COLLECTION AND USE OF INFORMATION
We may collect personal information from you when you perform any of the following actions on our website:
- Create an account
- Subscribe to a plan
- Sign up to receive updates from us via email or social media
- Use a mobile device or web browser to access your private app store
- Contact us by email, social media, or similar technologies
- Mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner incompatible with these purposes:
- Provide you with the core features and services of our platform
- Enable you to personalize your experience of our website
- Contact and communicate with you
- For analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms
- For advertising and marketing, including sending promotional information about our products and services and information about third parties we consider may interest you
- Enable you to access and use our website, associated applications, and associated social media platforms
- For internal recordkeeping and administrative purposes
- For security and fraud prevention, and to ensure our sites and apps are safe, secure, and used in accordance with our terms of use
- For technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine personal information voluntarily provided and automatically collected with general information or research data we receive from other trusted sources.
6. SECURITY OF YOUR PERSONAL INFORMATION
When we collect and process personal information, and for as long as we retain that information, we will protect it by commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
While we do our best to protect the personal information you provide to us, please be aware that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any passwords and their overall security strength, as well as the security of your own information within the bounds of our services. For example, you should ensure that all passwords associated with access to your personal information and accounts are secure and confidential.
7. RETENTION OF YOUR PERSONAL INFORMATION
We retain your personal information only for as long as we need it. This period may depend on what we are using your information for, in accordance with this Privacy Policy.
7.1 During the Subscription Term
If you have provided personal information as part of creating an account with us, we may retain this information for the lifetime of your account on our systems.
7.2 After Termination of the Subscription
Deletion within 30 days: If you terminate or delete your account, we will delete your personal information within 30 days following the deletion of your account.
During the termination notice period, you may request the return of your data in a usable format.
7.3 Legal Obligations
If necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation, or for archiving in the public interest, scientific or historical research purposes, or statistical purposes.
7.4 Marketing Data
Retention based on consent: Marketing data is retained for the duration of your consent, which you may withdraw at any time.
7.5 Technical Logs
Retention: 30 days and 1 year of archives.
8. CHILDREN’S PRIVACY
We do not aim any of our products or services directly at children under 16, and we do not knowingly collect personal information about children under 16 in accordance with the GDPR.
9. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
We may disclose personal information to:
- A parent, subsidiary, or affiliate of our company
- Third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics providers, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment system operators
- Our employees, contractors, and/or related entities
- Our existing or potential agents or business partners
- Credit agencies, courts, and regulatory authorities, in the event you fail to pay for the goods or services we have provided to you
- Courts, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise, or defend our legal rights
- Third parties, including agents or subcontractors, who assist us in providing information, products, services, or direct marketing
- Third parties to collect and process data
- An entity that buys, or to which we transfer, all or substantially all of our assets and business
9.1 Third Parties We Currently Use
We use the providers below for needs strictly necessary for the performance and improvement of our services. Where their processing involves transfers outside the European Union, such transfers are safeguarded (European Commission Standard Contractual Clauses and/or participation in the EU-U.S. Data Privacy Framework, as applicable), with additional technical and organizational measures.
Google Analytics
Purpose: Web audience and traffic analysis
Categories of data: Online identifiers (cookies/IDs), page views, navigation events, device metadata (IP truncated/anonymization if enabled)
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
HubSpot
Purpose: CRM, marketing automation, management of forms/newsletters, hosting of marketing pages and related cookies
Categories of data: Marketing data (name, professional email, company, job title), email interactions, pages viewed
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Intercom
Purpose: Customer support and live chat
Categories of data: Session metadata, name, professional email, support messages, limited usage events
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Stripe
Purpose: Online payments
Categories of data: Payer identity data, billing address, last 4 digits of card, payment tokens, KYC/anti-fraud logs
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Recurly
Purpose: Subscription management and recurring billing
Categories of data: Customer account identity, billing details, plan/subscription, billing history
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Segment
Purpose: Collection/management and routing of analytics events to authorized tools
Categories of data: Pseudonymized usage events, technical identifiers, timestamps
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Bugsnag
Purpose: Platform error management
Categories of data: Error traces, app/OS versions, technical identifiers, execution context (no application content)
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
New Relic
Purpose: Application performance monitoring (APM)
Categories of data: Performance metrics, technical traces, aggregated/pseudonymized logs
Primary processing region: EU and/or United States
Transfer basis outside EU (if applicable): SCCs and/or EU-U.S. DPF, as applicable
Important clarifications:
- Application perimeter in France: application data for our services (platform, app stores, device management) is hosted exclusively in France (see §10.1).
- Excluded categories: we do not send application data (app store content, MDM/MAM data, operational geolocation data) to marketing/analytics tools beyond what is strictly necessary and pseudonymized/anonymized where possible.
- Data minimization & retention: we apply data minimization (adequate, relevant, and limited data) and retention periods consistent with each purpose (see §§7 and 13).
- Sub-processors: where these providers use their own sub-processors, they are contractually required to offer equivalent guarantees (Art. 28 GDPR).
- Updates: this list may change. We will publish any significant update in accordance with §16.
10. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
10.1 Data Hosting
The personal information we collect and process as part of our application services (platform, app stores, device management) is hosted and processed exclusively in France by our hosting provider:
Scalingo
Simplified joint-stock company (SAS)
Registered office: 13 rue Jacques Peirotes, 67000 Strasbourg, France
RCS Strasbourg 808 665 483
Scalingo certifications:
- SecNumCloud: IaaS infrastructure qualified SecNumCloud (the highest cloud certification level in France, issued by ANSSI)
- HDS (Hébergeur de Données de Santé): Certification for hosting health data
- ISO 27001: Certification for information security management
Location: Data centers located in Paris, France
Thus, application data hosted on our servers remains exclusively within French territory.
However, certain specific data (such as browsing, support, payment, or marketing data) may be processed by third-party providers located in other countries, as set out in section 10.2.
10.2 Third-Party Services
Some of our service providers (for example Google Analytics, HubSpot, Intercom, Stripe, Segment) may process data in other EU countries or, in some cases, in the United States.
Where such transfers outside the European Union are necessary:
- They are carried out in accordance with applicable legal requirements, including the GDPR;
- We protect the personal information transferred in accordance with this Privacy Policy;
- We use European Commission Standard Contractual Clauses, or other recognized legal mechanisms (such as the EU-U.S. Data Privacy Framework, as applicable);
- We implement additional technical and organizational measures to ensure an adequate level of protection.
11. YOUR RIGHTS AND CONTROL OF YOUR PERSONAL INFORMATION
11.1 Your Choice
By providing us with personal information, you understand that we will collect, hold, use, and disclose your personal information in accordance with this Privacy Policy. You are not required to provide personal information to us; however, if you do not, this may affect your use of our website or the products and/or services offered on or through it.
11.2 Information from Third Parties
If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about someone else, you represent and warrant that you have that person’s consent to provide the personal information.
11.3 Marketing Permission
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
11.4 Access
You may request details of the personal information we hold about you.
11.5 Rectification
If you believe that information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this Privacy Policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
11.6 Non-Discrimination
We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (e.g., processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services.
11.7 Data Breach Notification
We will comply with laws applicable to us in relation to data breaches.
11.8 Complaints
If you believe we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide full details of the alleged breach. We will promptly investigate your complaint and respond to you in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
You also have the right to contact a regulator or data protection authority in relation to your complaint. In France, the competent authority is the CNIL (Commission Nationale de l’Informatique et des Libertés): www.cnil.fr
11.9 Unsubscribe
To unsubscribe from our email database or opt out of communications (including marketing communications), please contact us using the details provided in this Privacy Policy, or unsubscribe using the opt-out mechanisms provided in the communication. We may need to request specific information to help us confirm your identity.
11.10 Contact to Exercise Your Rights
To exercise any of your GDPR rights, please contact our Data Protection Officer:
Email: dpo@appaloosa.io
We are committed to responding to you within a maximum of one month from receipt of your request.
12. GDPR-SPECIFIC RIGHTS (EU)
In addition to the rights mentioned above, if you reside in the European Union, you have additional rights:
12.1 Restriction of Processing
You have the right to request that we restrict the processing of your personal information if:
- You are concerned about the accuracy of your personal information
- You believe your personal information has been processed unlawfully
- You need us to retain the personal information solely for a legal claim
- We are considering your objection regarding processing based on legitimate interests
12.2 Object to Processing
You have the right to object to the processing of your personal information based on our legitimate interests or the public interest. If you do so, we must provide compelling legitimate grounds for the processing that override your interests, rights, and freedoms in order to continue processing your personal information.
12.3 Data Portability
You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV or another easily accessible machine-readable format. You may also have the right to request that we transfer this personal information to a third party.
12.4 Erasure
You may have the right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records.
If you request the deletion of your personal information, we will inform you of the impact of deletion on your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will outline in response to your request.
Deletion timeframe after termination: If you terminate or delete your account, we will delete your personal information within 30 days following the deletion of your account.
Please note that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, such as certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
13. USE OF COOKIES
We use “cookies” to collect information about you and your activity on our site. A cookie is a small piece of data that our website stores on your computer and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on the preferences you have specified.
Please refer to our Cookie Policy for more information.
14. BUSINESS TRANSFERS
If we or our assets are acquired, or in the unlikely event that we cease operations or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any party who acquires us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
15. LIMITS OF OUR POLICY
Our website may link to external sites that are not operated by us. Please note that we have no control over the content and policies of those sites and cannot accept responsibility for their respective privacy practices.
16. CHANGES TO THIS POLICY
At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here at the same link by which you access this Privacy Policy.
If the changes are significant, or if required by applicable law, we will contact you (depending on your selected communication preferences) as well as all our registered users with new details and links to the updated or amended policy.
Where required by law, we will obtain your permission or give you the opportunity to opt in or opt out, as applicable, of any new uses of your personal information.
17. ROLE OF CONTROLLER / PROCESSOR
The GDPR distinguishes between organizations that process personal information for their own purposes (known as “controllers”) and organizations that process personal information on behalf of other organizations (known as “processors”).
OB2J acts as:
- Controller for data we collect via our website and our marketing services
- Processor for data that our customers (companies using appaloosa.io) entrust to us for the management of their mobile fleet
Where we act as a processor, our customers (the companies) are the controllers and determine the purposes and means of processing their data. A data processing agreement compliant with Article 28 of the GDPR can be put in place upon request.
18. CONTACT US
For any questions or concerns regarding your privacy, you can contact us using the following details:
Data Protection Officer (DPO):
Jérémy Bodokh
Email: dpo@appaloosa.io
General support:
Email: support@appaloosa.io
Postal address:
OB2J
9 impasse Rolland
64200 Biarritz
France
Document updated on October 1, 2025 — Version 2.0
Privacy Policy
Your privacy is important to us. It is OB2J SAS's (Appaloosa) policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://www.appaloosa.io, https://www.appaloosa-store.com, and other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
This policy is effective as of August 3rd 2021.
Last updated: August 3rd 2021
Information We Collect
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Device Data
When you visit our website or interact with our services, we may automatically collect data about your device when using Mobile Device Management or Mobile Application Management, such as:
- Device Type
- Operating System
- Unique device identifiers
- Device settings
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
Personal Information
We may ask for personal information — for example, when you subscribe to our newsletter or when you contact us — which may include one or more of the following:
- Name
User-Generated Content
We consider “user-generated content” to be materials (text, image and/or video content, apps) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.
Please be aware that any content you submit for the purpose of publication will be made available to your private app store after posting (and subsequent review or vetting process). Once published, it may be accessible to users or third parties you gave access through our API which are not covered under this privacy policy.
Transaction Data
Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
Legitimate Reasons for Processing Your Personal Information
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Collection and Use of Information
We may collect personal information from you when you do any of the following on our website:
- Register for an account
- Purchase a subscription
- Sign up to receive updates from us via email or social media channels
- Use a mobile device or web browser to access your private app store
- Contact us via email, social media, or on any similar technologies
- When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features and services
- to enable you to customize or personalize your experience of our website
- to contact and communicate with you
- for analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
- to enable you to access and use our website, associated applications, and associated social media platforms
- for internal record keeping and administrative purposes
- for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use
- for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, If you provide us with your location, we may combine this with general information about currency and language to provide you with an enhanced experience of our site and service.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
- a parent, subsidiary, or affiliate of our company
- third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment systems operators
- our employees, contractors, and/or related entities
- our existing or potential agents or business partners
- credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
- third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
- Google Analytics
- Segment
- Intercom
- Stripe
- Recurly
International Transfers of Personal Information
The personal information we collect is stored and/or processed in France, and Ireland, or where we or our partners, affiliates, and third-party providers maintain facilities.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
Your Rights and Controlling Your Personal Information
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
Use of Cookies
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.
Please refer to our Cookie Policy for more information.
Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data Processor
The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, OB2J SAS, located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.
Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:
Consent From You
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. You may consent to providing your email address for the purpose of receiving marketing emails from us. While you may unsubscribe at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Performance of a Contract or Transaction
Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.
Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Your Rights and Controlling Your Personal Information
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
Julien Ott
support@appaloosa-store.com