finance yourself with a repurchase agreement

Procedure for controlling and protecting personal or confidential data

DATE : 20/06/2023

 

SUBJECT:

This procedure for the control and protection of personal or confidential data (the " Data Protection Procedure ") has been implemented by RAIZERS in order to comply with the new regulatory obligations defined by Regulation EU 2020/1503 of October 7, 2020 on European providers of participatory financing services for entrepreneurs (the " Regulation "), certain provisions of which have been adapted into French law by Ordinance No. 2021-1735 of December 22, 2021 modernizing the framework relating to participatory financing.

 

SCOPE OF APPLICATION :

The Data Protection Policy applies to RAIZERS SAS (" RAIZERS ").

 

I. APPLICATION OF THE RGPD

 

For any collection and/or processing of personal data, the rules laid down by the General Data Protection Regulation 2016/679 of April 27, 2016 (the " GDPR ") apply.

It is recalled that the term " personal data " is defined by the RGPD as "any information relating to an identified or identifiable natural person (hereinafter referred to as a "data subject"); "An 'identifiable natural person' is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity."

The term " processing " is defined by the RGPD as "any operation or set of operations which may or may not be performed using automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".

 

 

II. PERSONAL DATA COLLECTED AND PROCESSED BY RAIZERS

1. Data collection

RAIZERS collects personal data from people who visit its platform (the " Internet Users ") or who register (the " Users ").

The personal data collected on the platform is that which enables RAIZERS to identify Users directly or indirectly with a view to providing the various services offered by the platform.

This may include personal data such as surname, first name, e-mail address, postal address, telephone number, date of birth, gender, connection data such as IP address, and browsing data such as cookies. Data must also be provided by Users for the purposes of paying a subscription or refund (IBAN, BIC, identity of bank account holder, securities account holder).

 

2. Data processing

This data is used for the performance of the contract between RAIZERS and the User, in pursuit of a legitimate objective or in the context of regulatory/legal obligations incumbent on RAIZERS as a provider of participatory financing services.

They are used by RAIZERS or by RAIZERS' service providers or subcontractors.

RAIZERS' "Personal Data Privacy Policy" sets out the rights of access, rectification and opposition of Internet users and users of the platform. It is available at the following address: https: //raizers.com/conditions-generales-utilisation and is reproduced in Appendix 1.

 

III. FRAUD PREVENTION & PERSONAL DATA PROTECTION

1. Security of personal data by CAPSENS

During the development of the platform, CAPSENS ensured its security, which is audited annually. These audits are carried out by an independent company.

As mentioned in the PSSI procedure ("Politique de sécurité des systèmes d'information"), an automatic audit is carried out for each major change to ensure that there are no known security flaws in the application's dependencies.

Users are automatically logged out after one hour of inactivity.

All exchanges to and from the server are encrypted using HTTPS protocol, and the robustness of the SSL certificate is audited every six months.

 

2. Security of personal data by RAIZERS

All web tools handling sensitive data used by RAIZERS employees are secured by strong passwords and double authentication. Each employee receives training on the subject on arrival, and accounts are verified by a technical project manager. Passwords for each web tool are changed quarterly by a technical project manager.

In the interests of confidentiality and security, all RAIZERS employees are bound by a confidentiality clause that governs their entire work.

RAIZERS Backoffice also disconnects after one hour.

 

IV. DATA RETENTION AND ACCESS

RAIZERS undertakes to keep, on a durable medium, all records relating to its services and transactions as well as all agreements made with its Internet Users and Users:

  • For a period of 10 years after the transaction date for all investments in equities and/or bonds;
  • For a period of 5 years beyond the repayment date for any loan investment; and
  • For 5 years in all other cases after termination of the contractual relationship.

 

RAIZERS undertakes to ensure that its Internet surfers and Users may at any time access the confidential and personal data they have provided to RAIZERS.

CAPSENS backs up the RAIZERS database every twenty-four (24) hours. This backup is carried out on a separate server from the production database and is seven (7) days old.

 

V. PERSON RESPONSIBLE FOR THE PROCEDURE AND REVISION

1. Responsible for the Data Protection Procedure

Amandine NAUDIN, RAIZERS' Legal Director, has been appointed as the person responsible for the Data Protection Procedure.

 

2. Revision of the Data Protection Procedure

The Data Protection Procedure is reviewed annually.

 

 

Appendix 1 Privacy Policy

 

(2) Personal Data Privacy Policy

Effective from 20/06/2023

RAIZERS has updated its privacy policy relating to Personal Data (hereinafter, the " Privacy Policy ") in order to inform the public of the means implemented to protect the privacy of persons who visit the RAIZERS Platform (hereinafter, the " Internet Users "), or register with it (hereinafter, the " Users ") in order to use the services offered on it, or any other natural person who provides RAIZERS with information or Personal Data.

1 - Person in charge of the processing of Personal Data

The data controller is the company that defines for what purpose and how your Personal Data is used:

RAIZERS SA, Rue des Alpes 5, 1201 Geneva, Switzerland, hereinafter referred to as " RAIZERS ".

2 - Nature of the data collected

The data collected on the RAIZERS Platform are those that allow RAIZERS to identify Users directly or indirectly in order to provide the various services offered by the RAIZERS Platform.

This may include personal data such as last name, first name, email address, postal address, telephone number, date of birth, gender or connection data such as IP address and navigation data such as cookies. Data must also be provided by Users for the purpose of paying a subscription or refund (IBAN, BIC, identity of the bank account holder, title account holder).

3 - Purpose of the processing

The Personal Data will be used for the following purposes

  • Execution of the contract between RAIZERS and the User (see the General Conditions of Use):
    • To register and identify an Internet user or the User and/or to verify the conformity of their use of the RAIZERS Platform;
    • To protect the RAIZERS Platform and/or the User / an Internet user;
    • Ensure proper processing of the Subscription;
    • Development of statistics and tests.
  • Legitimate objective: the Personal Data collected may be necessary to pursue a legitimate objective such as all forms of communication with Internet users within the framework of the services offered on the RAIZERS Platform, it being specified that if an Internet user no longer wishes to receive communications, he or she may inform RAIZERS, which will unsubscribe him or her from all communications.
  • Legal obligation in the context of the activity of Provider of Participative Financing Services :
    • Know Your Customer Process;
    • Preventing conflicts of interest ;
    • Prevention of abuse, fraud or acts contrary to the Regulations ;
    • Respond to the request of an administrative or judicial authority;
    • Comply with its obligations regarding the prevention of money laundering and terrorist financing;

The User expressly consents to the transfer of his or her Personal Data between the different companies of the RAIZERS group.

In addition, for the purposes of operating the RAIZERS Platform, Personal Data is automatically collected by RAIZERS through cookies and other tracers. This is particularly the case for the IP address, the date and time of access to the RAIZERS Platform, the URL visited, the site of origin, the type of browser and the operating system. Thus, RAIZERS reserves the right to use the IP address of the User or of another Internet user in cooperation with his Internet service provider.

4 - Time of collection

The data collected by RAIZERS is freely communicated by the User.

Personal data is collected when using the RAIZERS Platform, in particular when the User :

  • Create an account on the RAIZERS Platform;
  • Navigate the pages of the RAIZERS Platform;
  • Enters into a contract and/or fills out a subscription form;
  • Send a request to RAIZERS via the contact form.

5 - Consent

The Privacy Policy is systematically brought to the attention of Users when they register on the RAIZERS Platform. Indeed, the creation of an account implies the express, full and complete acceptance by the User of this Privacy Policy.

IMPORTANT : NOTE TO THE INTERNET USERS

BROWSING THE RAIZERS PLATFORM AFTER THE PUBLICATION OF THIS PRIVACY POLICY CONSTITUTES ACCEPTANCE OF IT WITHOUT RESERVATION.

If the User wishes to withdraw his consent to the processing of his data, he may send a request to RAIZERS in the manner described in Article 8 below.

6 - Recipients of personal data

The recipient of the personal data collected on the RAIZERS Platform is primarily RAIZERS.

Other recipients may have access to personal data, such as service providers or subcontractors of RAIZERS. The list of recipients can be consulted at any time upon request by Users.

The Personal Data transmitted may, in the course of various operations, be transferred to a country within or outside the European Union.

In the event of a change of control of RAIZERS, an acquisition, a bankruptcy proceeding or a sale of RAIZERS' assets, the data collected by RAIZERS may be transferred to third parties.

7 - Shelf life

To ensure the proper processing of financial transactions, your personal data must be kept and updated regularly throughout the time you are a party to an investment.

In order to meet legal and/or regulatory obligations and/or to respond to requests from authorities authorized to make such requests, your personal data will be retained for the following periods in accordance with your situation:

  • For a period of 10 years beyond the date of the transaction for all equity investments;
  • For a period of 5 years beyond the repayment date for any loan investment; and
  • For 5 years in all other cases after termination of the contractual relationship.

8 - Right of access and rectification

The User must update the information concerning him/her on his/her Individualized Space. To delete his Individualized Space, the User may send an e-mail with his user name and password to RAIZERS. The User may at any time exercise his rights concerning the collection and processing of his Personal Data:

  • Right of access to Personal Data: to access the information that has been provided to Raizers ;
  • Right to rectification of Personal Data: to request the correction of any errors, outdated information or omissions in the information that has been provided to Raizers;
  • Right to withdraw consent: request that certain information provided by Raizers not be used for future processing or transfers;
  • Right to the portability of Personal Data: to request that Raizers send to a third party service the information that has been provided to Raizers within the limits of the legal reasons that justified the collection and processing of this data;
  • Right to the deletion of Personal Data: to request the deletion of information that has been provided to Raizers within the limits of the legal reasons that justified the collection of this data.

However, the User acknowledges that the processing carried out before the revocation of the said consent remains perfectly valid.

The User also has the right to object, without giving any reason, to RAIZERS profiling his or her data in the context of sending content or communications for commercial prospecting purposes. However, in accordance with Article 12.6 of the GDPR, for the exercise of these rights, RAIZERS, as the data controller, reserves the right to request proof of identity from the applicant. The Personal Data allowing the User's identity to be proven will subsequently be deleted once the request has been processed.

The User may exercise these rights by sending an email to [email protected] or to one of the following postal addresses

For Internet users residing in France:

RAIZERS SAS

15, rue du Colonel Driant - 75001 Paris

For Internet users residing in any other country:

RAIZERS SA

Rue des Alpes 5

1201 Geneva

Switzerland

9 - Response time

RAIZERS undertakes to respond to your request for access, rectification or opposition or any other additional request for information within a reasonable period of time, which may not exceed one (1) month from receipt of your request.

 

10 - Violation of Personal Data

In the event of a breach of Personal Data (Article 34 of the RGPD), Raizers undertakes to inform, in addition to the CNIL, the Users concerned (i.e. the owners of the Personal Data) as soon as possible, if these present a high risk for the rights and freedoms.