Privacy Policy

Lyzi may collect and process the following categories of personal data:

• identification data: title, surname, first name(s), gender, date and place of birth, nationality, front and back images of one or more identity documents, proof of identity, and authentication photographs (which may be subject to biometric processing);
• contact details: postal address, email address, telephone number;
• data relating to your professional situation: type of employment;
• economic and financial information: income (amount, sources and supporting documents), tax residence, consumption habits and practices;
• financial and transactional data: in particular the nature of the transactions, date, card payments, transfers, direct debits, amount, wording, justifications for transactions, bank details;
• connection data related to the use of our services: identification and authentication data, logs;
• Data collected from our remote interactions: instant messages, social media exchanges, customer support tickets, and other communications;
• Device data used to connect to the Lyzi app and data associated with its usage: including timestamps of access to the Lyzi service, phone specifications, device usage data, unique identifiers, and crash logs.
• Geolocation data: GPS data from the device used.
• Data and information intended to be shared publicly within the Lyzi app and with other users: profile and background images, photos related to completed transactions (which may be subject to biometric processing), comments, and other messages.
• Data provided as part of additional services such as phone numbers and email addresses from the Client's address book (only if the Client chooses to link their contact lists to the Lyzi app to identify which of their contacts also use the Lyzi app);
• Any other information or documentation required to trace the origin and destination of funds associated with transactions made using your account.

The personal data referred to in the preceding paragraph is processed, depending on the circumstances, for various purposes. Each of these purposes is associated with a type of personal data and a retention period after which this data is anonymized and/or deleted, except for certain data that may be archived with restricted access for a specific period.

The various purposes for which we process your personal data are as follows:

• The management of the business relationship, account, and/or subscribed products and services, particularly for evidentiary purposes. Your personal data may be retained for a period of five (5) years from the end of the business relationship or, if applicable, from the end of any legal or recovery proceedings;
• "The conduct of opinion polls, satisfaction surveys, and statistical studies. Your personal data may be retained for a period of three (3) years from the completion of the study;
• "The fight against fraud (e.g., establishing ratings or scores, detecting atypical transactions). Your personal data may be retained for a maximum period of five (5) years from the closure of a confirmed fraud case or the issuance of an alert in our systems;
• Compliance with legal and regulatory obligations incumbent upon Lyzi, including know-your-customer obligations, operational risk management (including IT network security, customer protection, supervision and internal control, transaction security, and the security of international payment network use), financial security obligations (anti-money laundering and counter-terrorism financing obligations, and sanctions and embargo obligations), obligations related to the determination of your tax status and compliance with associated tax regulations, ethics and anti-corruption, data protection, and all other obligations relating to the management and control of compliance risks. For these purposes, your personal data may be shared among Lyzi entities and retained for a period of five to ten years from the event giving rise to the obligation under applicable regulations (e.g., for the activation, loading, and use of electronic money, five years from the execution of these operations);
• The prevention and detection of criminal offenses and/or the bringing of legal proceedings (e.g., for the identification of seriously reprehensible behavior or acts such as violence against Lyzi's personnel). Your personal data may be retained for a period of five to twenty years, depending on the nature of the offense, from the date of its discovery. Where legal proceedings are initiated, the data shall be retained until the end of such proceedings and the expiration of the applicable limitation periods;

• The management of dormant accounts and data related to the search for the individuals concerned. Your data may be retained for a maximum period of thirty (30) years in accordance with the provisions of the Eckert Law;

• The recording of your conversations and communications with Lyzi, regardless of the medium (emails, letters, chat, etc.). In accordance with applicable regulations, your personal data may be retained for varying periods, which shall not exceed five (5) years from the date of recording. The recording media or their reproductions shall be kept for periods proportionate to the purpose of the recording in question (6 months for training purposes);

• Accounting processing: Accounting data may be retained for a period of ten (10) years in accordance with applicable legal provisions;

• Research and analysis activities aimed at improving processes and developing models. Your data may be used to improve our internal control procedures or to contribute to risk and compliance management. These data are retained for a specific period for each of these sub-purposes;
• Commercial prospecting, the proposal of commercial offers tailored to your situation and consumption profile, the implementation of promotional offers and games, commercial animations, and advertising campaigns. Data may be retained for a maximum period of three (3) years from the end of the commercial relationship or, for prospects, from the last contact. This data may be anonymized and aggregated to produce statistical reports;

Personalization of services

The personal information collected may be used to:

• Provide and improve our services.
• To process your requests and orders.
• To send you promotional communications, subject to your consent.
• To comply with our legal obligations.

• To prevent and detect fraud or other illegal activities.

If the processing is based on your consent, we ensure that it is obtained after you have been explicitly and transparently informed about the use of your personal data, with the possibility of withdrawing it at any time.

You also have the right to object to these processing activities at any time, in accordance with the conditions provided for by the regulations and as described in this policy.

Lyzi's data processing activities are based on one of the following legal grounds:

• the performance of any contract concluded with you (for example, our terms and conditions);
• compliance with the legal and regulatory obligations applicable to Lyzi (e.g., anti-money laundering and counter-terrorism financing);
• the pursuit of Lyzi's legitimate interests (such as fraud prevention, research and development, marketing, including profiling);
• consent (e.g., for the use of biometric data for identification purposes);

Your personal data may be shared depending on the purposes for which it is processed:

• to Lyzi group companies, its partners, subcontractors and service providers. This communication only takes place as part of a processing operation pursuing one of the purposes described in this Policy;
• in compliance with applicable regulations, to third parties in France or abroad for the purpose of establishing, safeguarding or defending a legal right, as part of administrative or criminal investigations conducted by one or more regulators, in order to comply with commitments made to them or in the context of any type of legal proceedings;
• to certain regulated professions such as chartered accountants, lawyers, for the purpose of providing regulatory reports or acting in defense of our rights;
• to payment initiators and account information service providers, only if you consent or at your request.

You have the right to access your personal data, the right to rectification, erasure, and restriction of processing, as well as the right to data portability. You may also withdraw your consent at any time, object, on grounds relating to your particular situation, to the processing of your personal data, or establish general or specific directives regarding the fate of your personal data after your death.

You may also, at any time and free of charge, without having to justify your request, object to the processing of your personal data for direct marketing purposes. If your objection does not concern direct marketing, Lyzi may refuse to comply with your request if:

• there are legitimate and compelling reasons for processing the personal data or that the data is necessary for the establishment, exercise or defence of legal claims;
• You have given your consent to the processing of your data. In this case, you must withdraw this consent rather than object;

• the processing is necessary for the performance of a contract to which you are party;
• We are legally required to process your personal data.

• The processing is necessary to protect the vital interests of the data subject or of another natural person.

You may exercise your rights and contact the Data Protection Officer according to the following procedures:

• At the following postal address: SAS Proofeo - 25, rue de la Libération - 92500 Rueil-Malmaison FRANCE ;
• by email at : dpo@lyzi.fr