Last updated on: 07/18/2024
ORNEST, acting as Data Controller, within the meaning of European Regulation No. 2016-679 of April 27, 2016 (known as “GDPR”) and the “Information Technology and Freedoms” law of January 6, 1978, as amended (hereinafter, together, the “Regulations”), attaches great importance to the protection of your personal data and your privacy.
The purpose of this policy is to inform you about how we collect, use and share the personal data that you provide to us via our website https://ornest.com.
In order to ensure a high level of protection in accordance with the applicable Regulations, the Policy may be updated. Therefore, we invite you to consult this page regularly. We will inform you by email of substantial changes. All changes relating to the main characteristics of the processing of personal data are considered as such.
If any of the clauses of the Policy should be declared null or contrary to the regulations, it will be deemed unwritten but will not result in the nullity of the other clauses of the Policy.
1. Definitions
The User is informed that the following terms or expressions will have, whenever they begin with a capital letter in the body of the Policy (including its appearances and its preamble), whether they are used in the singular or plural, masculine or feminine, the meaning attributed to them below:
- Announcement : means all graphic, textual and visual elements relating to an Article.
- Article : means any good that is the subject of an Advertisement.
- Account : means the account created by a User in order to access the Services.
- CGU : means the general conditions of use of the Platform.
- Data : means any information relating to an identified or identifiable natural person within the meaning of Article 4.1 GDPR.
- Tenant : means any User renting an Item.
- Location : means the rental of an Item.
- Renter : means any User placing an Item for Rental.
- Rental : means the procedure by which an Item is placed for Rental.
- Policy : means this personal data protection policy.
- Regulations : means the whole formed by European regulation n°2016-679 of April 27, 2016 and the “Information Technology and Freedoms” law of January 6, 1978, as amended.
- Data controller : means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing as defined in Article 4.7 of the GDPR.
- GDPR : means the General Data Protection Regulation 2016/679 dated 27 April 2016.
- Services : means all the services made available to the User by the Company on the Platform.
- Platform : means our website https://ornest.com.
- Services : means all the services made available to the User by the Company on the Platform.
- Company : means ORNEST, a simplified joint stock company with share capital of 15,000 euros, whose registered office is located at 24 Rue de Clichy – 75009 Paris (France), registered in the Paris Trade and Companies Register under number 949 650 709.
- User : means any person visiting the Platform, whether or not they have created an Account.
2. How is your consent collected?
This Policy is brought to your attention when you register on the Platform, any creation of an Account being subject to acceptance by the User of a form containing the following statement:
"By creating my account, I acknowledge having read the General Conditions of Use and the Confidentiality Policy of ORNEST. I accept these and undertake without reservation or restriction to respect their terms, conditions and methods."
Any User who has initially given their consent may withdraw it by sending a request to this effect by email to the following address: membres@ornest.com.
3. When is your Data collected?
The Data is freely communicated by Users:
When registering on the Platform and/or when creating an Account.
During the registration process, the User provides the following mandatory information: first and last name, email address, postal address, mobile phone number.
When verifying their identity.
During the identity verification process, the User:
- Attach a copy of a valid identity document (national identity card or passport),
- If applicable, attach a copy of proof of address,
- Take a selfie-type video following the relevant instructions.
The sole purpose of this procedure is to verify the authenticity of the information communicated to the Company by the User, and consequently the User's compliance with the conditions relating to the creation of an Account.
o By carrying out the identity verification referred to in article 4.2 of the T&Cs.
When using the Services.
When requesting a Rental, the Lessor completes the Article description form, providing the following information:
o Category,
o Subcategory,
o House,
o Model name,
o Dimensions or Size,
o State,
o Additional information.
In addition, the Lessor attaches photographs of the Article.
The Lessor and the Tenant communicate to the Company certain financial information, such as data relating to their means of payment (including the bank card number and its expiry date).
4. What Data do we collect?
We may collect the following Data directly from you:
- Identification data: the name, email or postal address, telephone number and social networks of the person concerned
- Transaction data and financial data: the amount of the subscription, data relating to your means of payment (including the bank card number and its expiry date), transaction numbers, information relating to invoices issued by the Company, pre-authorizations and security deposits.
- Connection data: logs, IP address, functions used, pages visited, configurations selected, timestamp of visits and search terms
- Browsing data: cookies, tracers, audience measurement, etc.
- Economic and financial data Transactional data
- Connection data
With respect to Data collected from other sources, we may also obtain your contact details and other personal information from our affiliates and other third parties.
Also and indirectly, it is possible that we collect your Data indirectly, since we are likely to use tracking tools such as browser cookies and other similar technologies on our Site https://ornest.com and in the communications we send you. To learn more, we invite you to consult our Cookie Policy.
5. Why do we collect your Data (legal basis and purpose of collection) and how long are they kept?
The legal basis that allows us to process your personal data depends on the purpose for which it is collected.
We collect your Data on the following legal bases and for the following purposes:
Collection based on a contract:
- Creation and/or management of an Account,
- Procedure for verifying the identity of a User,
- Rental Management,
- Management of claims and incidents,
- Management of payments and/or unpaid debts,
- Communication between a User and the Company.
Collection based on User consent:
- Marketing and communication (including newsletter),
- Sponsorship program, “TRUST” program,
- Cookie management (audience analysis cookies, performance cookies),
- Management of the rights you have over your Data.
Collection based on the Company’s legitimate interests:
- Changes to the T&Cs and the Policy,
- Suspension or deletion of an Account in the event of fraudulent use of the Account and/or the Services,
- Management of the reliability and security of Rentals,
- Protection of Articles.
Collection based on legal obligations:
- Response to requests from competent authorities (governmental, regulatory, administrative and judicial),
- Protection against fraud and abuse,
- Legal prescription.
In any event, the Data is kept in our active database for the entire duration of the commercial relationship, i.e. until the Account is deleted.
Upon expiry of this period, the Data may be kept in an archive database for a period which does not exceed the aforementioned retention purposes and/or the limitation periods applicable in accordance with the legal provisions in force.
6. Who are the recipients of your Data?
Original recipient
The recipient of the Data on the Platform and/or when using the Services is, firstly, the Company.
The Data is not communicated to third parties except those designated below, when such communication is necessary in the context of the performance of the Services.
Internal and affiliated recipients
Your Data may be processed by our internal collaborators, employees and legal representatives.
Subcontractors and service providers
As part of our activity, and for external processing needs, your Data may be communicated to subcontractors, service providers or other third parties in order to provide the following products and services:
- Management of tracers and cookies,
- Development and management of the Platform,
- Identification of Users,
- Payment management,
- Messaging Management as this term is defined in the Platform’s T&Cs,
- Management of insurance and guarantees,
To date, the Company's service providers are as follows:
- Klaviyo,
- Stripe,
- Onfido.
The Company requires all its subcontractors and service providers to implement all necessary technical and organizational measures, on an ongoing basis, to retain your Data and ensure a level of protection equal to that required by the Company.
In this respect, when the entity concerned is located outside the European Union, or in a country which does not have regulations similar to the Regulations, the Company governs its contractual relationship with the latter by adopting an appropriate contractual mechanism.
Insurance
In the event of an incident, certain Data may be communicated by the Company to its insurer:
- Name and contact details of the responsible user
Legal Disclosure
Finally, we may also disclose your Data:
- To comply with any legal mandate, law or legal process, including requests from competent authorities (governmental, regulatory, administrative and judicial);
- If we believe that disclosure is necessary or appropriate to protect the rights, property or safety of ORNEST, its customers or other stakeholders.
7. How do we secure your Data?
We have implemented technical and organizational security measures to ensure the security, integrity and confidentiality of your Data.
8. What are your rights regarding the processing of your Data?
In accordance with the provisions of the Regulations, you have various rights regarding the collection and processing of your Data. a right of access and a right of rectification of your Data.
As such, you benefit from:
- A right of access to back Data,
- A right to rectify your Data,
- A right to the erasure of your Data,
- A right to limit the processing of your Data,
- A right to object to the processing of your Data,
- A right to the portability of your Data,
- A right to define guidelines relating to the fate of your Data in the event of death.
When the processing of your Data is carried out on the basis of your consent, you can withdraw it at any time. However, you acknowledge that the processing carried out before the revocation of your consent remains perfectly valid.
In accordance with Article 12.6 of the GDPR, for the exercise of these rights, we reserve the right to ask you to prove your identity. We inform you that the Data used to prove your identity will be deleted once we have responded to your request.
You can exercise these rights by sending an email to membres@ornest.com or a letter to the following address:
24 rue de Clichy, 75009 Paris France
We have one month to respond to any request relating to the exercise of your rights. This period may be extended by two months due to the complexity or excessive number of requests.
Finally, you have the right to file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), in particular on its website www.cnil.fr.