The BetaSeries website (the “Website”) lists series and films and describes and provides the latest news about them. It allows Users to recommend series and/or films.
It also allows Users to sign up for an account. Once Users (or “Members”) have signed up for an account, they have access to various features (e.g. series tracking, schedule, synchronisation and suggestions etc.) and can publish and share information within the BetaSeries community (messaging, forums and comments).
It was designed and created by BetaSeries.
Personal data processing is governed by French Data Protection Act No. 78-17 of 6 January 1978 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, referred to as the “GDPR”.
In general, data is collected and used to provide, improve, protect and promote the BetaSeries services.
Date of publication and effective date: 4 March 2022
Previous applicable version(s) available by clicking HERE
Any amendments will take effect immediately after publication, but will only apply to persons using the BetaSeries services after the publication of the amendments.
The pages of the Website should be consulted regularly to keep abreast of any changes. Alternatively, BetaSeries may be contacted directly in that respect.
CHAMP D’APPLICATION DANS L’ESPACE
Personal data is stored in France for the services provided on the BetaSeries Website. Personal data may be transferred outside the European Union, depending on the location of the partners of BetaSeries listed below in the appendix.
In such cases, BetaSeries undertakes to ensure a sufficient, appropriate level of data protection equivalent to the level required in the EU (European Union), through foreign legislation recognised as providing sufficient protection to the rights held by data subjects or by implementing additional measures to ensure an appropriate level of protection.
RESPONSABLE DE TRAITEMENT
BetaSeries, represented by MVBEST, its President, in turn represented by Mr Maxime Valette, acts as the data controller for any personal data processing.
BetaSeries SAS, 21 Rue de Verdun, 51100 Reims [email protected]
PERSONAL DATA PROTECTION OFFICER (DPO)
57 rue Talleyrand - 51100 Reims
CATEGORIES OF PERSONAL DATA COLLECTED
BetaSeries will only collect and process the data that is strictly necessary for the purpose of its task.
Accordingly, BetaSeries undertakes to only collect the following types of personal data, provided by data subjects or collected by BetaSeries or its partners through the use of the Website and its applications:
- Basic data (first name, last name, gender, country code, business activity code, postal address).
- Contact data (email address).
- Data for online accounts for synchronisation with external services: profile username, authorisation key (access token or cookie), list of profiles for which BetaSeries is given special access rights (Facebook, Twitter, Instagram and LinkedIn etc.), date of creation, connection times, language, episodes or films viewed by the linked profile.
- Data about the use of the tool (time and features used).
- Metadata/communication data (device identifiers, IP addresses, location data). Device information may be used to identify abuse, prevent and combat computer fraud (spamming and hacking etc.) or correct a bug.
- BetaSeries may need to connect to profiles and access the application used by an external service (for example, Twitter or LinkedIn), to analyse profiles. In such a case, the account name, account ID, access token, secret token and their expiration date will be stored. BetaSeries processes data through the Facebook Connect and Apple Connect services, allowing Members to create and access their accounts quickly and easily.
- Additional data provided by Members to complete their profile: this data is used to optimise the use of the account (and, in particular, to earn experience points awarding advantages such as goodies and personalised badges). The information requested is optional only and the account will work properly without that information.
Some of that information is provided by users when they sign up for an account and also, once the account has been created, when adjusting the settings of their account. Personal information is collected through forms available on the pages of the relevant platforms, such as the registration form or the form used by Members to update their profile.
If the data identified as mandatory in the fields of those forms is not provided, this may impede or prevent the creation of an account and the services to be provided by BetaSeries. Some information may also be collected by BetaSeries passively (from a user’s point of view), for example through the use of the Website, including action taken in an account, identifiers used on the device, IP addresses and location data.
PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING & PERSONAL DATA RETENTION PERIODS
The table set out below shows, for information purposes only, the maximum, statutory retention periods for personal data.
In most cases, data is actually retained for a shorter period. However, the time taken to delete data and information from backup servers and storage systems may vary. In addition, compliance with statutory, accounting and tax obligations may affect how long data is retained by BetaSeries, as mentioned below.
|Purposes||Legal bases||Maximum retention period|
|Creating a personal account||Contract (acceptance of the ToU)||3 years after last activity|
|Managing/configuring a personal account||Consent||3 years after last activity|
|Managing the Website and associated services and features||Contrat (acceptation des CGU)||3 years after last activity|
|Emailing notices from BetaSeries||Consent||3 years after last activity|
|Sending newsletters from BetaSeries||Consent||3 years after last activity|
|Managing and providing access to the Website (through technical cookies)||Legitimate interest in providing access to the Website||13 months|
|Statistics and Website audience measurements||Consent||13 months|
|Purposes||Legal bases||Maximum retention period|
|Producing pseudonymised statistics for business customers||Consent||3 years after last activity|
|Mailings (goodies etc.)||Consent||3 years after last activity|
As required by law, personal data is kept for no longer than is necessary for the purposes for which it was collected.
The mentioned data is retained for Members as long as their account remains active. Members may delete their account at any time. In such a case, their data will be immediately deleted from the servers.
Data may be stored in intermediate archives after the end of the above-mentioned periods to meet statutory or contractual obligations.
CATEGORIES OF DATA SUBJECTS WHOSE DATA IS COLLECTED
RECIPIENTS OF PERSONAL DATA
Personal data may only be accessed by the persons authorised by BetaSeries. This access is required to allow them to perform their tasks.
For example, personal data may be transmitted to providers (IT data processors, for example) authorised and granted privileges by BetaSeries, instructed by it for the performance of its tasks for the purposes set out above. They may also be transmitted to the partners of BetaSeries for the purposes set out above.
In all cases, those with effective access to the personal data will always be trusted third parties. This does not in any way reduce the liability of BetaSeries for the personal data processing operations performed by data processors.
BetaSeries may transfer some data to partners located in third countries.
In any event, BetaSeries ensures that its providers and partners are subject to the GDPR-related legislation under European Union law or to legislation providing sufficient, appropriate protection to personal data as required under the GDPR. If this is not the case, additional measures will be implemented to secure an appropriate level of protection for Users and Members.
BetaSeries has drawn up and signed a data transfer contract with NPD, a company organised and existing under the laws of the USA. It complies with Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (Text with EEA relevance).
In particular, NPD has agreed, in the contract, to adopt technical and organisational measures to protect the security of data (information security programme including documented internal policies, standards and procedures, revised at least once a year; risk management information programme; audit logs for access, events and security; SOC team tasked to manage information and security events; periodic internal and external penetration testing; independent external audit leading to certification). Those measures form an integral part of NPD’s Information Security Management System (ISMS).
BetaSeries collects and processes personal data for its own needs. Personal data will not be sold by BetaSeries but, once pseudonymised, it may use the data for statistical purposes or sell it to its partners for the same purpose.
BetaSeries provides pseudonymised statistics to various partners, to provide information about Users/Members expectations to businesses to improve audiovisual services. This also generates revenue for BetaSeries from the BetaSeries service, which has been provided free of charge and ad-free for over 10 years.
BetaSeries may also transmit personal data, to a reasonable extent, to third parties to:
ensure compliance with applicable laws and regulations,
address requests issued by judicial, administrative or state-run authorities,
perform a public security or public or common interest task,
prevent attacks and fraud affecting its services, solutions or users,
safeguard the rights, property, integrity and security or interests of BetaSeries,
deter and prevent serious personal injury to any individual.
Lastly, data may be transferred as part of a restructuring, merger or sale of assets or business operations by BetaSeries. Where appropriate, data subjects will be individually informed to allow them to take appropriate action in such circumstances.
SECURING PERSONAL DATA
The personal information collected by BetaSeries is kept in a secure environment. All those working for it are bound by an obligation to maintain the confidentiality of personal data.
BetaSeries has specifically trained teams tasked to protect and monitor the security of personal data and bound by an obligation to maintain the confidentiality of that information.
Accordingly, BetaSeries and its teams implement technical, organisational, logical and physical security measures to protect the collected data from any accidental or intentional manipulation, any loss or destruction or any access by unauthorised persons.
BetaSeries uses the following main measures to protect the security of personal information:
- All data is stored on secure servers, hosted in data centres monitored 24/7.
- Passwords and similar data are all encrypted in its databases and all uses are recorded.
- Production data is backed up several times a day and encrypted in off-site storage facilities to prevent any accidental loss.
- The BetaSeries Website is protected by dynamic firewalls that detect and prevent DDoS and XSS attacks.
BetaSeries has also set up a monitoring system to detect potential vulnerabilities and attacks.
However, as nothing can provide a maximum level of security, there is always a degree of risk when transferring personal information online. A breach of the security of computer systems may still occur and in such a case, BetaSeries undertakes to inform the appropriate authorities immediately. It will also notify the relevant data subjects if there is a threat to personal data in accordance with the terms set out in the GDPR.
BetaSeries will do everything reasonably possible to prevent security breaches and assist the authorities with their investigations.
DROITS DES UTILISATEURS ET MODALITES D’EXERCICE
In compliance with the GDPR and the French Data Protection Act and related orders, natural persons whose data is processed have certain rights:
- Right of access: data subjects may ask BetaSeries to access, download or provide a copy of the data held by it. The information must be provided in a commonly used electronic form. Data subjects will be asked to confirm their identity by producing proof of their identity.
- Right to rectification: data subjects have the right to ask BetaSeries to rectify their data if inaccurate or incomplete.
- Right to erasure: data subjects may ask BetaSeries to erase their data in the following cases:
- if the data is no longer necessary in relation to the purposes for which it was collected,
- if the only legal basis is consent and the data subject has withdrawn consent,
- if data subjects have validly objected to the processing of their data,
- if the data processing is unlawful,
- if it needs to be erased to comply with EU or French law,
- if the data was collected about a minor.
- Right to restrict processing: data subjects have the right to restrict the processing of their personal data in the following cases:
- if the accuracy of the data is challenged (during the verification period),
- if the data processing is unlawful,
- if the storage of the data is necessary for the establishment, exercise or defence of legal claims,
- if the data subject objects to the processing of the data pending verification that BetaSeries has an overriding legitimate ground.
- Right to object to processing: in some cases, for example direct marketing and profiling, data subjects have the right to object to the processing of their personal data without any need to prove a specific ground. However, they must provide a legitimate reason to object to any processing of their data based on the need to perform a task carried out for reasons of public interest or to pursue a legitimate interest.
- Right to data portability: whenever processing is based on consent or a contract or performed by automated means, data subjects have the right to receive their personal data that they provided to BetaSeries in a structured, commonly used and machine-readable format, so that it can be forwarded to another data controller of their choice. They also have the right to have the data forwarded directly to another data controller. They may also decide what is to happen to their data after their death and choose the third party to receive the data (or not) from BetaSeries. As soon as BetaSeries becomes aware of a death and unless it had been instructed otherwise by the data subject, it undertakes to destroy the data unless it needs to be retained as proof or to fulfil a statutory obligation.
- Right to withdraw consent: this right may be exercised at any time.
- CNIL complaints and/or proceedings: if data subjects allege a breach of the GDPR but their requests are not upheld by BetaSeries and attempts to negotiate an out-of-court settlement of the dispute fail, the data subjects may lodge a complaint with the CNIL and/or issue proceedings before the appropriate court.
Data subjects may exercise their rights by submitting a request to:
Cabinet Virginie Viola 57 Rue Talleyrand, 51100 Reims, France [email protected]
Proof of identity must be enclosed with the request.
ANNEX: PARTNERS LIST
|Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France||Email information campaigns and delivery platform|
|Help Scout, 131 Tremont Street, 3rd Floor, Boston, MA 02111-1338, USA||CRM system|
|Slack Technologies, Inc., 155 5th Street San Francisco, California 94103, USA||Telecommunication services (team chat)|
|HeightHQ, Inc., 222 Broadway, New York, NY 10038, United States||Project management software|
|Functional Software, Inc., 1 Baker Street Suite 5B, San Francisco, CA 94117, USA||Error monitoring and reporting|
|Sirdata SAS, 20 rue Saint-Fiacre, 75002 Paris, France||Enhancement of advertising cookies|
|Facebook France, 28 rue de l'amiral Hamelin, 75116 Paris, France||Enhancement of advertising cookies|
|NPD, 900 West Shore Road, Port Washington, New York 11050, U.S.A.||Contractual data transfers|