Crewise

Legal documents, informations and procedures

Crewise Legal Hub

YOU ARE READING AN AUTOMATED ENGLISH TRANSLATION OF A LEGAL DOCUMENT.

Be aware that the orignial version of this document, written in french language, is the only legally binding version. Also note that the terms used in this content should be understood in accordance with the applicable law in France.

Read original version (french)

Privacy Policy

This note aims to inform any user of the CREWISE mobile application, which aims to connect one or more members of a transport crew of any kind and in particular air or maritime (hereinafter referred to as "User"), on the one hand, with one or more providers (hereinafter referred to as "Provider") of all types of services for any transport crew or passenger of the said means transport, on the other hand, about how personal data identifying them is processed when using the application (hereinafter referred to as "Application").

Data Controller

CREWISE GROUP
SAS with a share capital of 900 €
46 Boulevard RISSO at 06300 NICE (France),
registered with the RCS of Nice under number 922 269 709
Email: support@get-crewise.com
Phone: +33 7 56 94 51 38
VAT number FR54922269709

DPO or GDPR Representative

Mr. Guillaume GRACIET - guillaume@get-crewise.com

Data Subject

Any User or Provider (when the Provider is a natural person) of the Application.

Purposes pursued by data processing, legal basis for processing, data collected and retention period

The data of the User or Provider of the Application that may be subject to personal data processing by the data controller, CREWISE, are all data directly provided by the User or Provider (direct collection) as well as data collected indirectly (indirect collection) which are as follows:

Purposes Legal Basis Indirectly collected data Retention period
Create an account and authenticate on the Application by email to allow the User or Provider to use the Application securely CREWISE's legitimate interest in securing the use of the Application
  • Email
  • Last name
  • First name
  • Profile picture
Data is retained for the duration of account use and, in intermediate archiving, up to a maximum of 36 months from the last session
Verify the email provided during the first login CREWISE's legitimate interest in securing the use of the Application
  • Identification data
  • Email address
Data is retained for the duration of the verification
Verify that the User is a member of a transport crew CREWISE's legitimate interest in ensuring the security of the Application and preventing fake reviews/comments, particularly on Providers by Users who are not members of a crew
  • Identification data
  • Professional proof allowing the User to attest to their status as a member of a transport crew
  • Cross-referencing the presented document with publicly available information
Data is used only for the duration of the verification (maximum 1 week) and is destroyed
Share and make public the profile of the User or Provider with any other User or Provider CREWISE's legitimate interest in sharing profiles to enable the connection of Application users
  • Identification data
  • Identification of the crew to which the User belongs
  • First name
  • Email
Data is retained for the duration of account use and in intermediate archiving for a maximum of 5 years for probative purposes
Allow any User to have a history of their exchanges and orders with all Providers *Consent
  • History of purchases made
For the duration of account use, unless the history is deleted by the User
Geolocate any User to allow them to quickly find a Provider *Consent
  • Location data
For the duration of account use
Allow CREWISE to respond to any contact request via the Application forms CREWISE's legitimate interest in responding to any request
  • Email
  • Exchanged messages
Data is retained for the duration of the exchanges and in intermediate archiving for a maximum of 5 years for probative purposes
Offer any User new offers or features of the Application CREWISE's legitimate interest in improving the Application and conducting commercial prospecting
  • Email
Unless opposed by the User, data is retained for the duration of account use and, in intermediate archiving, up to a maximum of 36 months from the last session
Allow "push" notifications at any time CREWISE's legitimate interest in improving the Application and conducting commercial prospecting
  • Application account
Unless opposed by the User, particularly through account settings, data is retained for the duration of account use and, in intermediate archiving, up to a maximum of 36 months from the last session
Ensure technical support for the Application CREWISE's legitimate interest in responding to any technical support request
  • Technical information about the phone (including the model)
  • Technical information about the operating system (including the version and preferred language settings)
  • Technical information about the Application
  • Date and time of connection
The data is kept for the duration of technical support and, in intermediate archiving, for up to 5 years for evidentiary purposes
Ensure compliance with the GDPR and in particular:
  • Delete the account inactive for more than 36 months
  • Respond to any request to exercise rights
Legal obligation
  • Exchanged messages
  • Identity document (only if there is doubt about the identity of the person making a request)
The data is kept for the time of the response provided and in intermediate archiving for up to 5 years for evidentiary purposes (except identity document - immediate deletion after presentation)
Hold and retain data that can identify anyone who contributed to the creation of content or any of the content of the services provided by CREWISE Legal obligation
  • Data on the identification of users of the services provided by CREWISE, on the technical characteristics of communications ensured by CREWISE, and on the location of terminal equipment.
According to legal prescription periods (notably article L. 34-1 of the Postal and Electronic Communications Code)
Ensure a secure order placement and financial transaction between the User and the Provider CREWISE's legitimate interest in ensuring the security of Application transactions
Allow any User to rate a Provider *Consent
  • Identification data
  • Date and time of the rating
  • Review and evaluation
The data is deleted upon withdrawal of consent by Users or (if no withdrawal of consent) for the duration of account use and up to 36 months from the last session
Inform the user of legal updates Legal obligation
  • E-Mail
The data is kept for the duration of application use and in intermediate archiving, maximum 5 years from the end of the account for evidentiary purposes

* Withdrawal of consent - The User is informed that they can withdraw their consent at any time for any processing based on their consent.

Mandatory or optional nature of responses

Any field marked with an asterisk requires a mandatory response to allow the data controller to process the request submitted to them. Other fields are optional.

Source of data

The personal data processed comes from the data entered directly by the User or the Provider of the Application in the Application (direct collection) or from technical data generated during the use of the Application (indirect collection).

Recipients

Internally: the personal data processed by the data controller is transferred only to the internal services authorized to process them according to the purposes.

Externally: the personal data processed by the data controller may be transferred, depending on the purposes and only after the data controller ensures compliance with legal conditions, to the following persons:

  • technical subcontractors (data hosts,)
  • payment services,
  • authorized authorities (tax services, justice, ...),
  • financial services (accountants),
  • legal services (lawyers, advisors, ...).

Transfers outside the EU

No data is transferred outside the European Union.

User Rights

Any User of the Application has the following rights, subject to proving compliance with legal conditions:

  • Right of access to their data (article 15 GDPR)
  • Right to rectification of their data (article 16 GDPR)
  • Right to erasure of their data (article 17 GDPR)
  • Right to restriction of processing (article 18 GDPR)
  • Right to data portability (article 20 GDPR)
  • Right to object (article 21 GDPR)
  • Right to define directives regarding the fate of their data after their death

For more information, the User and the Provider are invited to consult the explanations of the French authority, the CNIL, regarding these different rights, accessible at the following link: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles.

CREWISE does not perform any data profiling.

Exercise your rights

Any concerned person can exercise their rights by simple mail sent to 46 Boulevard RISSO at 06300 NICE (France)
or by email addressed to: support@get-crewise.com

In case of reasonable doubt(s) about the identity of the concerned person, they are informed that the company CREWISE may request the presentation of an identity document to ensure the exact identity of the person making any request and avoid communication of data to an illegitimate third party.

The company CREWISE reserves the right not to respond favorably to any request in the following cases:

  • Inability of the User to prove their identity;
  • If the request prevents the company CREWISE from fulfilling its regulatory or legal obligations;
  • If the request involves disproportionate costs or too much effort.

Right to lodge a complaint with a supervisory authority

If the concerned person believes, after contacting the company CREWISE, that their rights are not being respected, they can contact a supervisory authority, particularly in the Member State where their habitual residence, place of work, or the place where the violation was committed is located, if they consider that the processing of personal data concerning them constitutes a violation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

In France, the competent authority is the National Commission for Informatics and Liberties (CNIL) which can be contacted by post at the address 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 or on its dedicated online form.

Modification of this policy

This policy may be modified at any time, particularly due to legislative or jurisprudential developments related to the protection of personal data. Any modification will take effect immediately after its publication.

Update

Update date: 08/04/2024