Privacy Policy
We will always keep your personal data safe and confidential and will never sell your personal data while allowing you to manage your communication preferences at any time.
Lyzi, as data controller, is required to collect, process and store your personal data when you use our website lyzi.io or our mobile application. This concerns our customers but also prospects.
When we refer to “personal data”, we mean information:
• concerning you and of which we are aware;
• that can be used to personally identify you (for example, a combination of your name and postal address).
This policy sets out what information we collect, how we use it and your rights if you wish to change how we use your personal data.
If you have any questions about how we use your personal data, you can contact us at the following address: dpo@lyzi.fr
What personal data do we collect?
Lyzi may collect and process the following categories of personal data:
- identification data: title, surname, first name(s), gender, date and place of birth, nationality, front and back images of one or more identity documents, proof of identity, and authentication photographs (which may be subject to biometric processing);
- contact details: postal address, email address, telephone number;
- data relating to your professional situation: type of employment;
- economic and financial information: income (amount, sources and supporting documents), tax residence, consumption habits and practices;
- financial and transactional data: in particular the nature of the transactions, date, card payments, transfers, direct debits, amount, wording, justifications for transactions, bank details;
- connection data related to the use of our services: identification and authentication data, logs;
- Data collected from our remote interactions: instant messages, social media exchanges, customer support tickets, and other communications;
- Device data used to connect to the Lyzi app and data associated with its usage: including timestamps of access to the Lyzi service, phone specifications, device usage data, unique identifiers, and crash logs.
- Geolocation data: GPS data from the device used.
- Data and information intended to be shared publicly within the Lyzi app and with other users: profile and background images, photos related to completed transactions (which may be subject to biometric processing), comments, and other messages.
- Data provided as part of additional services such as phone numbers and email addresses from the Client's address book (only if the Client chooses to link their contact lists to the Lyzi app to identify which of their contacts also use the Lyzi app);
- Any other information or documentation required to trace the origin and destination of funds associated with transactions made using your account.
Enfin, lorsque cela est pertinent, certaines des données ou des types de données mentionnées ci-dessus peuvent être rapprochées afin de mieux répondre aux finalités décrites ci-après.
Ces rapprochements se font toujours en veillant à n’utiliser que les données strictement nécessaires à la réalisation de l’objectif poursuivi par le traitement (en application du principe dit de « minimisation » prévu par la réglementation applicable).
"How are your data processed and stored?
The personal data referred to in the preceding paragraph is processed, depending on the circumstances, for various purposes. Each of these purposes is associated with a type of personal data and a retention period after which this data is anonymized and/or deleted, except for certain data that may be archived with restricted access for a specific period.
The various purposes for which we process your personal data are as follows:
- The management of the business relationship, account, and/or subscribed products and services, particularly for evidentiary purposes. Your personal data may be retained for a period of five (5) years from the end of the business relationship or, if applicable, from the end of any legal or recovery proceedings;
- "The conduct of opinion polls, satisfaction surveys, and statistical studies. Your personal data may be retained for a period of three (3) years from the completion of the study;
- "The fight against fraud (e.g., establishing ratings or scores, detecting atypical transactions). Your personal data may be retained for a maximum period of five (5) years from the closure of a confirmed fraud case or the issuance of an alert in our systems;
- le respect des obligations légales et réglementaires qui incombent à Lyzi, notamment les obligations en matière de connaissance client, la gestion du risque opérationnel (notamment la sécurité des réseaux informatiques, la protection de la clientèle, la supervision et le contrôle interne, la sécurité des transactions ainsi que la sécurité de l’utilisation des réseaux de paiements internationaux), les obligations en matière de sécurité financière (lutte contre le blanchiment des capitaux et le financement du terrorisme et les obligations en matière de sanctions et embargos), les obligations liées à la détermination de votre statut fiscal et au respect des réglementations fiscales associées, l’éthique et la lutte contre la corruption, la protection des données et toutes autres obligations relatives à la gestion et au pilotage des risques de conformité.
Dans le cadre de ces finalités, vos données personnelles pourront être partagées entre les entités de Lyzi. Elles seront conservées pour une durée de cinq (5) ans à dix (10) ans à compter du fait générateur prévu par la réglementation en vigueur (exemple : en matière d’activation, de chargement et d’utilisation de la monnaie électronique, cinq ans à compter de l'exécution de ces opérations) ; - The prevention and detection of criminal offenses and/or the bringing of legal proceedings (e.g., for the identification of seriously reprehensible behavior or acts such as violence against Lyzi's personnel). Your personal data may be retained for a period of five to twenty years, depending on the nature of the offense, from the date of its discovery. Where legal proceedings are initiated, the data shall be retained until the end of such proceedings and the expiration of the applicable limitation periods;
- The management of dormant accounts and data related to the search for the individuals concerned. Your data may be retained for a maximum period of thirty (30) years in accordance with the provisions of the Eckert Law;
- The recording of your conversations and communications with Lyzi, regardless of the medium (emails, letters, chat, etc.). In accordance with applicable regulations, your personal data may be retained for varying periods, which shall not exceed five (5) years from the date of recording. The recording media or their reproductions shall be kept for periods proportionate to the purpose of the recording in question (6 months for training purposes);
- Accounting processing: Accounting data may be retained for a period of ten (10) years in accordance with applicable legal provisions;
- Research and analysis activities aimed at improving processes and developing models. Your data may be used to improve our internal control procedures or to contribute to risk and compliance management. These data are retained for a specific period for each of these sub-purposes;
- Commercial prospecting, the proposal of commercial offers tailored to your situation and consumption profile, the implementation of promotional offers and games, commercial animations, and advertising campaigns. Data may be retained for a maximum period of three (3) years from the end of the commercial relationship or, for prospects, from the last contact. This data may be anonymized and aggregated to produce statistical reports;
Certains traitements spécifiques, de par les données personnelles qu’ils impliquent ou leur finalité, imposent l’application de dispositions additionnelles.
Personalization of services
The personal information collected may be used to:
- Provide and improve our services.
- To process your requests and orders.
- To send you promotional communications, subject to your consent.
- To comply with our legal obligations.
- To prevent and detect fraud or other illegal activities.
If the processing is based on your consent, we ensure that it is obtained after you have been explicitly and transparently informed about the use of your personal data, with the possibility of withdrawing it at any time.
You also have the right to object to these processing activities at any time, in accordance with the conditions provided for by the regulations and as described in this policy.
Where Lyzi implements data processing operations involving fully automated decision-making, including profiling, which produces legal effects concerning you or significantly affects you, such processing shall be based on one of the following legal grounds: your consent, the performance of a contract, our legitimate interests or a legal obligation. Such processing shall be carried out in accordance with applicable regulations and with appropriate safeguards.
If such profiling has legal consequences for you, you may request human intervention, in particular to obtain a review of the decision, to express your point of view, to obtain an explanation of the decision or to contest the decision.
Legal basis for processing personal data
Lyzi's data processing activities are based on one of the following legal grounds:
- the performance of any contract concluded with you (for example, our terms and conditions);
- compliance with the legal and regulatory obligations applicable to Lyzi (e.g., anti-money laundering and counter-terrorism financing);
- the pursuit of Lyzi's legitimate interests (such as fraud prevention, research and development, marketing, including profiling);
- consent (e.g., for the use of biometric data for identification purposes);
Can we share your data?
Your personal data may be shared depending on the purposes for which it is processed:
- to Lyzi group companies, its partners, subcontractors and service providers. This communication only takes place as part of a processing operation pursuing one of the purposes described in this Policy;
- in compliance with applicable regulations, to third parties in France or abroad for the purpose of establishing, safeguarding or defending a legal right, as part of administrative or criminal investigations conducted by one or more regulators, in order to comply with commitments made to them or in the context of any type of legal proceedings;
- to certain regulated professions such as chartered accountants, lawyers, for the purpose of providing regulatory reports or acting in defense of our rights;
- to payment initiators and account information service providers, only if you consent or at your request.
Transfer of data outside the European Economic Area (EEA)"
Par ailleurs, vos données personnelles peuvent, dans la limite de ce qui est autorisé par la réglementation applicable, être communiquées aux organismes officiels et aux autorités administratives et judiciaires habilitées de pays non-membres de l’EEE, notamment dans le cadre des réglementations sur la lutte contre le blanchiment des capitaux et le financement du terrorisme, les sanctions internationales et embargo, la lutte contre la fraude et la détermination de votre statut fiscal.
Your rights
You have the right to access your personal data, the right to rectification, erasure, and restriction of processing, as well as the right to data portability. You may also withdraw your consent at any time, object, on grounds relating to your particular situation, to the processing of your personal data, or establish general or specific directives regarding the fate of your personal data after your death.
You may also, at any time and free of charge, without having to justify your request, object to the processing of your personal data for direct marketing purposes. If your objection does not concern direct marketing, Lyzi may refuse to comply with your request if:
- there are legitimate and compelling reasons for processing the personal data or that the data is necessary for the establishment, exercise or defence of legal claims;
- You have given your consent to the processing of your data. In this case, you must withdraw this consent rather than object;
- the processing is necessary for the performance of a contract to which you are party;
- We are legally required to process your personal data.
- The processing is necessary to protect the vital interests of the data subject or of another natural person.
You may exercise your rights and contact the Data Protection Officer according to the following procedures:
- At the following postal address: SAS Proofeo - 25, rue de la Libération - 92500 Rueil-Malmaison FRANCE ;
- by email at : dpo@lyzi.fr
Security
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, Lyzi shall notify the CNIL (French data protection authority) of the breach within the statutory time limit.
In the event that such a breach is likely to result in a high risk to your rights and freedoms, Lyzi shall inform you as soon as possible of the nature of the breach and the measures taken to address it.