Mobile Application Privacy policy

PRIVACY POLICY

  • Introduction

 At TodayIvote, we believe it is important for our customers and users to understand what information we collect, how we use it, and with whom it is shared.

 At TodayIvote, data controller for the processing of personal data mentioned in this document, we are committed to protecting your privacy and being transparent about our practices.

 Our privacy policy explains how TodayIvote (hereafter referred to as “TodayIvote” or “we”) collect, use and share information when you use our mobile applications (collectively referred to as our “Services”).

 Concerned with building a lasting relationship of trust with you that respects your rights and freedoms, we are committed to the protection of personal data.

 This privacy policy will be updated to reflect our current data collection, use and sharing practices and according to the applicable legal and regulatory context.

  • The principles applicable to personal data

 At TodayIvote we are committed to respecting the following principles in the context of the collection and use of personal data.

  • Legitimate and proportionate use of your data

 Personal data is continuously collected by TodayIvote for specific, explicit and legitimate purposes.

 The personal data collected by TodayIvote cannot be used subsequently in a manner incompatible with the initial purposes for which they were collected.

 For each treatment, TodayIvote undertakes to collect and process only data strictly necessary for the objective pursued.

  • Fair and transparent collection

 For the sake of loyalty and transparency vis-à-vis its users at TodayIvote we take care to inform the persons concerned of each processing that we implement by providing information.

 These data are collected fairly; no collection is carried out without the knowledge of the persons concerned and without their being informed.

  • Relevance, adequacy and minimization of the data collected

 The personal data collected is strictly necessary for the objective pursued by the collection. At TodayIvote we are committed to minimizing the data collected and keeping it accurate.

 The personal data collected is updated regularly and stored by us in secure databases.

  • Protection of personal data by design and by default

 We take all necessary precautions, whether physical, logical, administrative or organizational, to protect any personal information we may hold about you in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.

 At TodayIvote we have adopted internal policies and processes and implementing measures that respect the principles of personal data protection by design and personal data protection by default.

 Thus, when developing, designing, selecting and using applications, services and products that rely on the processing of personal data we take into account the right to the protection of personal data or ensure with their publishers that they meet legal requirements and ensure the protection of the data that will be processed there.

 As such, sensitive information sent between your device and third-party services is transferred in encrypted form using Secure Socket Layer (“SSL”).

 Also, anonymization was integrated from the design of the project and the deletion of the account of the non-parliamentary user will make the data produced by the user in the application unidentifiable.

  • The processing of your data

  • Legal bases and purposes of processing

TodayIvote implements various processing operations, the legal bases of which are as follows:

  • For the performance of a contract that we have with you (for example, if you use our Services).
  • To comply with a legal obligation to which we are subject (for example when we are obliged to comply with legitimate requests from competent authorities such as law enforcement).
  • For the purposes of our legitimate interests (such as personalizing your experience on our services), provided that such processing does not override your rights and freedoms.
  • Based on consent

TodayIvote implements various processing operations, the purposes of which are as follows:

  • Processing purposes based on your consent collected within the collection forms in order to benefit from the services: 
    • Creation of your user profile;
    • Creation of parliamentary profiles;
    • Creation and use of your secure access;
  • Purposes of processing based on compliance with our legal and regulatory obligations:
    • management of responses to official requests from public or judicial authorities empowered for this purpose.
  • Purposes of processing based on the pursuit of our legitimate interests:
    • the management of our activities;
    • Performance measurement;
    • Analysis of “crash reporting”
    • Application data
    • Improved user experience;
    • Improvement of the services provided;
    • Analysis of your data, in particular to send you targeted advertising;
    • the management of cookies not subject to consent.
  • Purposes of processing based on your consent:
    • the management of cookies and tracers subject to consent.

The purposes pursued on the basis of our legitimate interests are pursued with respect for your rights and freedoms.

If we are required to process your data for purposes other than those listed in the paragraph above, we will inform you, and take any additional steps that may be necessary.

  • Data that we process

We make a commitment to our users to only collect and process the data necessary for our activities. 

In order to provide our services to you, we collect certain information directly from the collection forms from you so that you can use our services. 

We keep the personal data that we collect only for the period necessary for the purposes of the processing and in accordance with the applicable legislation.

  • Information collected for the creation of your user profile

In order to establish the user profile, the application uses “Google Firestore” to store:

  • your postal code to determine the parliamentarians who represent you,
  • your year of birth to determine your age and authorize access to the service (> 16 years),
  • your socio-professional category and optionally your gender for statistical analysis of the data.

This information is collected on the basis of your consent and is necessary to access the services. 

This information is transmitted and stored on Google’s servers in Europe and is not transmitted to third parties without first being anonymized and / or aggregated. For more information, see the Google Firestore: privacy policyPrivacy and Security in Firebase

Regarding the use of your Email, if subsequently you no longer wish to receive from us any newsletter, marketing and promotional emails, or emails concerning legislative news, you can click on the link “to unsubscribe “in the email to unsubscribe and unsubscribe from email marketing and newsletter communications. Please note that even if you opt out of receiving marketing communications from any or all of our services, we may need to send you service-related communications.

  • Information collected for the creation of parliamentary profiles.

In order to establish a profile for each parliamentarian, in mandate or whose mandate has ended, the application uses “Google Firestore” to record:

  • surname and first name
  • group political affiliation 
  • official email address
  • link to the official photo
  • the votes in session.

This information is public data, collected automatically on the official websites of the National Assembly and the Senate under an open data license.

Regarding the use of the official email, the official email of mandated representatives will be provided to users of the application who wish to write to their representative (s) directly, from their own email address (not provided by todayIVote).

This information is transmitted and stored on Google’s servers in Europe and may be transmitted to third parties without being previously anonymized and / or aggregated. For more information, see the Google Firestore:  privacy policyPrivacy and Security in Firebase.

  • Information collected for the creation and use of your secure access

In order to establish secure and personal access to the user, the application uses Google Authentication for Firebase to collect login information such as your email address, your password, your IP address and connection tracers. The IP address and connection tracers are used to detect possible connection fraud.

This information is collected on the basis of your consent and is necessary to access the services. 

This information is transmitted and stored on Google’s servers in the United States and is not transmitted to third parties. For more information, see the privacy policy of Google Firebase Authentication:  Privacy and Security in Firebase

  • Information collected for the improvement of the user experience

In order to improve the user experience, the application uses “Google Analytics for Firebase” to collect anonymous information on user behavior such as user ID. device, number of sessions per user, session duration, operating system, device models, geography, first launches and updates of applications.

 This information is collected on the basis of your consent.

This information is transmitted and stored on Google Analytics servers distributed worldwide, and the reports are verified by our product developers to decide which features to work on. For more information, see Google’s privacy policy:  Privacy and Security in Firebase

  • Information Collected for Crash Reporting

The application uses a crash reporting tool, Crashlytics for Google Firebase, to send our developers reports on bugs and crashes encountered by users. 

 For the purpose of creating these reports, Crashlytics collects certain data about device status, unique device identifiers, device hardware and operating system information, as well as related information. the operation of the application and the physical location of a device at the time of failure.

This information is collected on the basis of your consent.

This information is transmitted and stored on Google servers located around the world and may be transmitted to third parties. For more information, see the Crashlyticsof Service: TermsCrashlytics and App Distribution Data Processing and Security Terms

  • Information Collected for Performance Measurementperformance

The application uses an applicationmeasurement tool, Performance Monitor for Google Firebase to send our developers reports on the performance of the application. In order to create these reports, Performance Monitor for Firebase collects certain data such as the user’s instance ID and IP address to observe access to resources and analyze performance events.

This information is collected on the basis of your consent.

This information is transmitted and stored on Google servers located around the world and may be transmitted to third parties. For more information, see the Performance Monitor Terms of Service for Firebase Services

  • Information collected for the display of targeted advertisements

The application displays advertisements provided by Google’s AdMob network. For the purpose of delivering personalized advertisements, AdMob collects certain phone data (Advertising ID, IP Address, Instance ID) to infer the interests or location of users and improve the relevance of the advertisements you see. .

Advertising IDs are collected based on your consent for the display of personalized advertising. Please note that by choosing non-personalized ads, you will still receive ads, but they will be less relevant to your interests.

This information is transmitted and stored on Google Analytics servers distributed worldwide and may be transmitted to third parties.

For more information, see the Google Ad Mob privacy policy: AdMob Rules and Restrictions – Google AdMob Help

Please note that by choosing non-personalized ads, you will still receive ads, but they will be less relevant to your interests.

  • Application Data You Provide to Us.

“Application data” is content generated by the user using our mobile applications. 

This information can include, but is not limited to, your postal code, your year of birth, your socio-professional category, your centers of interest, your favorites, your gender, your interactions (like, opinions and comments), names or identifier those with whom you interact, the media (such as photos and videos) and the times and dates the data was provided.

This information is transmitted and stored on Google’s servers in Europe and is not transmitted to third parties without first being anonymized and / or aggregated. For more information, see the Google Firestore: privacy policyPrivacy and Security in Firebase.

  • Data subjects

The people concerned by the processing we carry out are:

  • Data

recipients To achieve the purposes described above and within the limits necessary for the pursuit of these purposes, the collected data that we collect may be transmitted to all or part of the following recipients:

  • the internal services of TodayIvote authorized to manage our relationship with you (such as the support service);

We may also disclose your personal information to third parties:

  • in the event that we sell or buy a business or assets;
  • if todayIvote or substantially all of its assets are acquired by a third party;
  •  if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of todayIvote, our customers or others. This includes exchanging information with other businesses and organizations for the purposes of fraud protection.
  • lawyers, court officers and ministerial officers, administrative or judicial authorities seized of a dispute where applicable, in the context of compliance with obligations legal obligations incumbent on todayIVote or to enable todayIVote to defend its rights and interests;
  • Data retention periods

Respecting the right to be forgotten, we keep the personal data that we collect only for the period necessary for the purposes of the processing and in accordance with the applicable legislation.

The data that we collect will therefore be kept for the time necessary to accomplish the purposes described above, plus the statutory limitation period. 

Following the user’s request or reaching the maximum retention period, the deletion process will be carried out manually and regularly until the process is automated.

In order to determine our data retention periods, we have taken into account that the time scale of the legislative process is as follows in France:

  • The mandate of deputies lasts 5 years. 
  • A deputy can be re-elected without time limit (10, 15, 20 years …)
  • Out of 2,940 bills and bills tabled between June 2017 and November 2020:
  • 56 were rejected, in an average time of 66 days (max 625 days)
  • 168 were accepted, in an average time of 227 days (max 936 days)
  • 2716 are still under discussion for an average of 587 days (max 1267 days)

On the basis of this scale the data retention period is adapted to:

Allow the non-parliamentary user not to lose his profile information even if he is inactive within a period of 36 months.

After 36 months of inactivity of the non-parliamentary user, and without a response to a reminder from us (as well as to the deletion of the account), anonymization of the data and conservation for 10 years to allow the creation of comparative statistics between 2 legislatures (the current one and the previous one = 5 years + 5 years)

Storage of parliamentary users’ data for 10 years following the end of the last term in order to be able to use the data in the application over a period equivalent to 2 legislatures.

More specifically, we organize our data retention policy as follows: 

Purposes

Retention period

Management of our relationship with you, including responses to contact requests that you send us

The time it takes to process the request which may add the rules of legal prescription

The management of responses to official requests from public or judicial authorities empowered for this purpose

The time for processing the request to which the rules of legal prescription can be added

The management of cookies

13 months maximum

Creation of the user profile: 

  • Socio-professional categories
  • Interests (Overseas Territories; Education; Social issues, etc.)
  • Year of birth (optional), Gender (optional)
  • Country
  • Postal code concerning the users

This information is kept for the duration of the use of the service until the user requests the deletion of his account or after 36 months of inactivity, and without response to a follow-up from us, after which the profile data will be subject to an anonymization process and will be kept for statistical and commercial exploitation purposes for a period of 10 years (2 following legislatures).

Creation of the parliamentary profile:

  • First name, Last name, Official email address, official photo of parliamentarians (whether or not using the application, in office or having served) are collected from the official profile of each parliamentarian
  • Data of parliamentarians collected from the official profile of each parliamentary
  • Membership of a political party of parliamentarians
  • Membership of a parliamentary group of parliamentariansparliamentarians ‘
  • Interventions insessions,
  • Votes in parliamentarians’ sessions

This information is kept after the end date of the last mandate for statistical and commercial purposes for a period of time of 10 years.

Creation and use of secure access:

  • Email addresses
  • User passwords
  • IP addresses (for detection of abuse)

Email and password are kept for the duration of use of the service until the The user requests the deletion of his account or after 36 months of inactivity, and with no response to a reminder from us, after which the authentication data is deleted from the active and backup systems within 180 days. For the detection of abuse, the registered IP addresses are kept for a few weeks and then deleted

Improved user experience:

  • Unique identification number for mobile (Android ID for Android and IDV for Apple) = provided by the phone it uniquely identifies a device to the application servers
  • Instance identification for Application Analytics = provided by the application, it uniquely identifies the instance of the application in use with the collecting platformapplication usage statistics
  • Country(based on IP address)

This information is kept at user level and is set at 14 months maximum. Aggregated and anonymous reports are kept indefinitely

Analysis (crash report):

  • Instance identification for Application Firebase = provided by the application, it uniquely identifies the instance of the application in use from of the platform hosting theapplication
  • Country(based on the IP address)

This information is kept for 90 days.

Performance measurement:

  • Instance identification for Application Firebase = provided by the application, it uniquely identifies the instance of the application in use with the platform hosting the application
  • IP address

Performance data linked to the instance and to the IP address for 30 days

Performance data anonymized for 90 days

Targeted advertising display:

  • Unique advertising identifier for mobile (AdID for Android and IDFA for Apple) = provided by the phone it identifies a device uniquely to advertisers
  • Unique mobile identification number (Android ID for Android and IDV for Apple) = provided by the phone it uniquely identifies a device to application servers
  • Identification of instance for Application Firebase = provided by the application, it uniquely identifies the instance of the application in use with the platform hosting theapplication
  • IdenInstance identification for Application Analytics = provided by the application, it uniquely identifies the instance of the application in use with the platform collecting statistics on the use of theapplication
  • Country(based on the (IP address)

Data associated with advertising identifiers (for example, Apple ID for advertisers or Android advertising ID) is retained for 60 days. Data retention at user level is set at 14 months maximum. Aggregated and anonymous reports are kept indefinitely

User application data:

  • Written comments from users, 
  • “like” type reactions on content offered in the application (bills and private members’ bills)

For the entire period of use of the service:

– until the user deletes the created content himself (deletion of a comment, withdrawal of a reaction).

– until the user requests the deletion of his account or after 36 months of inactivity, and without a response to a reminder from us

After which the account data will be subject to an anonymization process and will be kept for statistical and commercial purposes for a period of 10 years (2 legislatures).

Application data of parliamentarians:

  • Written comments from parliamentarians, 
  • “like” type reactions on content proposed in the application (bills and private members’ bills)

Throughout the term of office until the parliamentarian deletes for the mandate itself the content created (deletion of a comment, withdrawal of a reaction).

After that the content produced during the mandate of a parliamentarian will be kept for a period of 10 years from the end of the last mandate of the parliamentarian (2 following legislatures) by virtue of the exercise of the right to freedom of expression and of information;

Aggregated data used for statistical purposesfor statistical

Unlimitedpurposes

  • Security of your data

At TodayIvote we attach particular importance to the security of your personal data.

We have implemented technical and organizational measures adapted to the degree of sensitivity of personal data, in order to ensure the integrity and confidentiality of the data and to protect them against any malicious intrusion, any loss, alteration or disclosure to third parties. unauthorized third parties.

We regularly carry out audits to verify the correct operational application of the rules relating to data security.

We are therefore committed to taking the physical, technical and organizational security measures necessary to:

  • protect its activities; 
  • preserve the security of the personal data of its users,

Against any access, modification, distortion, disclosure, destruction or unauthorized access of the personal data it holds.

However, the security and confidentiality of your personal data are based on individual best practices, so you are invited to remain vigilant on the issue.

In accordance with our commitments, we choose our subcontractors and service providers carefully and impose on them:

  • a level of protection of personal data equivalent to its own;
  • use of personal data or information solely to ensure the management of the services that they must provide;
  • strict compliance with the laws and regulations applicable to confidentiality and personal data;
  • the implementation of all appropriate measures to ensure the protection of personal data that they may need to process;
  • the definition of the technical and organizational measures necessary to ensure safety.

At TodayIvote, we enter into contracts with our subcontractors, in accordance with legal obligations, precisely defining the terms and conditions for processing personal data.

  • Children

Our Services are not directed to children under 16 and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under the age of 16, we will delete that information.

  • Transfer of data outside the European Union

todayIVote may transfer some of your data outside the European Union for the processing identified below. For each of these treatments, we indicate the purposes, the entities and recipient countries, the categories of data transferred, the retention periods as well as the framework measures. 

Purpose

Entities / recipient countries

Categories of data

Retention

periods Framework measures

Creation and use of secure access

This information is transmitted and stored on servers in the United States 

Email addresses and User passwords.

 

IP addresses (for the detection of abuse)

During the entire period of use of the service until the user requests the deletion of his account or after 36 months of inactivity, and without a response to a reminder from us, after which authentication data is deleted from active and backup systems within 180 days.

The registered IP addresses are stored for a few weeks and then deleted

Clauses Standard contract approved by the European Commission 

Improved user experience

This information is transmitted and stored on servers distributed worldwide

– Instance identification for Application Firebase = provided by the application, it uniquely identifies the instance of the application being run use with the platform hosting the application

– Instance identification for Application Analytics = provided by the application, it uniquely identifies the instance of the application in use with the platform collecting statistics from use of the application

– Country (based on IP address)

This information is kept at user level and is set at 14 months maximum. Aggregated and anonymous reports are kept indefinitely

Standard contractual clauses approved by the European Commission 

Analysis (crash report)

This information is transmitted and stored on servers distributed worldwide

Application Firebase = provided by the application, it uniquely identifies the instance of the application in use with the platform hosting the application

– Country (based on IP address)

This information is kept for 90 days.

Standard contractual clauses approved by the European Commission 

Performance measurement

This information is transmitted and stored on servers distributed worldwide

– Instance identification for Application Firebase = provided by the application, it uniquely identifies the instance of the application in use with the platform hosting the application

– IP address

– Performance data related to the instance and IP address for 30 days

– Performance data anonymized for 90 days

Standard contractual clauses approved by the European Commission 

Display of targeted advertising

This information is transmitted and stored on servers distributed worldwide

Unique advertising identifier for mobile (AdID for Android and IDFA for Apple) = provided by the phone it uniquely identifies a device with advertisers

– Number of Unique identification for mobile (Android ID for Android and IDV for Apple) = provided by the phone it uniquely identifies a device to the application servers

– Instance identification for Application Firebase = provided by the application , it uniquely identifies the instance of the application in use with the platform hosting the application

– Instance identification for Application Analytics = provided by the application, it uniquely identifies the instance of the application in use with the platform collecting statistics on the use of the application

– Country (based on the IP address)

Associated data advertising identifiers (for example, Apple ID for advertisers Android Advertising ID) are retained for 60 days.

Data retention at user level is set at 14 months maximum to allow seasonality studies.

Aggregated and anonymous reports are kept indefinitely

Standard contractual clauses approved by the European Commission 

todayIVote has taken all necessary and appropriate measures to ensure a level of protection and security of personal data equivalent to that offered within the European Union. To regulate these transfers, todayIVote uses standard contractual clauses approved by the European Commission, concluded with each of its partners when the service providers are not established in a country benefiting from protection equivalent to that applied in Europe and recognized by a decision. of the European Commission.

  • Your rights and their methods of exercise

  • The content of your rights

You have the following rights relating to data concerning you:

  • right to information;
  • permission to access ; 
  • right of rectification; 
  • right of erasure (unless they are necessary for the performance of the services, or they are necessary for TodayIvote to comply with its legal obligations or to ascertain or exercise its rights);
  • right to define directives relating to the fate of your data after your death, and this with a trusted third party, certified and responsible for ensuring that your wishes are respected, in accordance with the requirements of the applicable legal framework. 

Under the right of access, we may ask you to pay a reasonable fee based on administrative costs for any additional copy of the data to that which will be communicated.

You also have:

  • a right to obtain restriction of processing;
  • a right to the portability of the data provided; 
  • a right of opposition.
  • The right to object

You can request to exercise your right to object to the processing of personal data concerning you for reasons relating to your particular situation when the processing is based on the legitimate interest of TodayIvote. This right of objection also applies to profiling. 

In the event of the exercise of such a right of opposition, we will stop the processing except when there are compelling legitimate reasons for the processing which prevail over your interests, rights and freedoms or for the establishment, exercise or defense of a legal right. 

You can also object to any processing related to prospecting without it being necessary to invoke reasons relating to your particular situation.

  • The exercise of your rights

The communication of specific post-mortem directives and the exercise of your rights are carried out by e-mail at the address support@todayivote.com specifying the information allowing to establish your identity.

  • Withdrawal of consent

You can also withdraw your consent at any time, in cases where it has been requested (the withdrawal of your consent will not affect the lawfulness of the processing carried out before the withdrawal of consent).

  • Filing a complaint

If you feel, after contacting us, that your rights to your data have not been respected, you can file a complaint with the National Commission for Informatics and Freedoms.

  • Changes to this Policy 

We may change our privacy policy and although these changes may be minor, we encourage our users to check this page regularly. Any major changes having a significant impact on our users will be communicated on the todayIvote site and in the app.

By continuing to use todayIvote after these changes become effective, you agree to be bound by the revised policy.

  • Questions

If you have any questions regarding our terms of use please contact us at support@todayivote.com.

This privacy policy was last updated on December 18, 2020.

en_US