For the interpretation and execution of this Policy, the terms used are defined as follows:

- “User”: Any person connecting and browsing the site www.gamby.fr.

- “Recipient”: natural or legal person who receives the communication of Personal Data, whether or not it is a third party.

- “Personal Data”/“Personal Data”: any information relating to a natural person identified or identifiable directly by his name or first name for example or indirectly in particular by reference to an identifier, such as an identification number, Location Data, an online identifier or to one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

- “Data subject”: identified or identifiable natural person whose Personal Data is processed.1

- “Data Controller”: natural or legal person, who alone or jointly with others, determines the purposes and means of the Processing. In this case, it is Gamby.

- “Subcontractor”: natural or legal person who processes Personal Data on behalf of the Data Controller.

- “Third parties”: authorized natural or legal person, public authority, public authority, service or body other than the Data Subject, the Data Controller, the subcontractor and the persons who, under the direct authority of the Data Controller or the subcontractor, are authorized to process Personal Data.

- “Processing”: any operation or any set of operations carried out or not carried out using automated processes and applied to Data or sets of Personal Data, such as collection, registration, organization, structuring, conservation, adaptation or modification, adaptation or modification, extraction, consultation, modification, modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, adaptation or modification, extraction, consultation, modification, or destruction.

- “Personal Data Breach”: a violation resulting, in an accidental or unlawful manner, in the destruction, loss, alteration, unauthorized disclosure of Personal Data transmitted, stored or otherwise processed, or otherwise processed, or in unauthorised access to such Data.

Types of Information Collected
‍
We collect Personal Data, in particular when Users complete the various collection forms available on the site. www.gamby.app.

Personal Information: When using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.

Personally identifiable information may include, but is not limited to:
- Email address
- Name and surname
- Phone number
- Address, State, Province, Postal Code/City
- Cookies and Usage Data

Usage Data: We may also collect information about accessing and using the service. This usage data may include information such as your Internet protocol address (for example, IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, the time spent on those pages, unique device identifiers, and other diagnostic data.

We only implement data processing if at least one of the following conditions is met:
- Consent has been obtained;
- A legitimate interest exists and justifies that we implement the processing of the personal data concerned;
- A contract binds us to the User;
- We are bound by legal and regulatory obligations that require the implementation of the processing of the personal data concerned.

The provision of Personal Data may be mandatory depending on the Processing, in order to allow us to respond to Users' requests. The absence of communication of Personal Data may make it impossible to achieve these purposes.

Thus, Personal Data is collected and processed for the following purposes:
- To provide and maintain our service,
- To notify you of changes to our service,
- To allow you to participate in the interactive features of our service when you choose to do so,
- To provide assistance,
- To gather analyses or valuable information in order to improve our service,
- To monitor the use of our service,
- To detect, prevent and treat technical problems.

We only process Personal Data for as long as is necessary to achieve the purposes for which it was collected, including to meet any legal or regulatory requirements.

To determine these durations, we take into account the following elements:
- The quantity, nature and sensitivity of Personal Data,
- The risk of harm resulting from the unauthorized use or disclosure of Personal Data,
- The purposes for which Personal Data is processed,
- The possibility of achieving these purposes by other means,
- Applicable legal requirements.

At the end of this period, they may be archived for administrative purposes.

Data that is subject to an archiving obligation pursuant to a legislative or regulatory provision will be archived under the conditions provided for by the texts in force.

We are committed to taking all necessary measures to avoid the transfer of personal data outside the European Union (EU) in order to ensure their protection.

Nonetheless, information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

We will then take all measures reasonably necessary to ensure that these transfers are made in exchange for appropriate guarantees in terms of confidentiality and security of the Data and in full compliance with applicable regulations. To do this, we can, for example, put in place guarantees among the following:
- Ensure that the country to which the personal data is transferred has received an adequacy decision from the European Commission under Article 45 of the GDPR or else;
- Conclude an agreement containing the standard clauses for the protection of personal data adopted by the European Commission under article 47 of the RGPD;
- Verify that the practices of potential subcontractors comply with the requirements of the RGPD;
- Implement additional security measures, in accordance with the recommendations of the European Data Protection Board available hither.

You can get confirmation as to whether or not your Personal Data is being processed, as well as some other information about how it is being used.

You also have the right to access your Personal Data, by requesting a copy of the Personal Data concerning you.

You may ask us to take steps to correct such Personal Data if it is inaccurate or incomplete.

You can request the deletion or deletion of your Personal Data, for example when there is no compelling reason for us to continue to use it or if its use is unlawful.

You have the right to limit or prevent the further use of your Personal Data.

The limitation of Processing does not prevent the storage of this Personal Data, but we will not be able to use it beyond the limits defined by you.

You have the right to recover and reuse certain Personal Data.

This right applies only to Personal Data provided by you, which we process with your consent and for the purposes of contract execution and which is processed by automated means.

Where appropriate, we will provide a copy of such Data in a structured, commonly used, and machine-readable format, where technically feasible. We may also transmit them directly to another Data Controller if this is technically possible.

You can object to certain types of Treatments, for reasons related to your particular situation, at any time.

We may continue to process such Personal Data if we are able to demonstrate that the Processing is justified or if it is necessary for the establishment, exercise or defense of legal claims.

When we process your Personal Data based on consent, you have the right to withdraw your consent at any time.

It is specified that the withdrawal of consent does not affect the legality of the Processing that took place before said withdrawal.

You have the right to provide us with instructions on the management (such as retention, deletion, and disclosure) of your Data after your death.

These instructions can be changed and/or revoked at any time.

In the event of a complaint and dissatisfaction with the response provided by us or if you consider that the Processing of your Personal Data does not comply with the applicable data protection regulations, you can file a complaint with the competent supervisory authority in matters of data protection. The Commission Informatique et Libertés (CNIL) is the data protection authority in France.

She can be contacted at the following postal address:
CNIL — 3 place de Fontenoy, TSA 80 715 334 — 75 334 Paris Cedex 07.

We may disclose your personal information in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- To protect and defend the rights or property of Gamby
- Prevent or investigate possible wrongdoing in connection with the service
- Protect the personal safety of users of the service or the public
- Protect yourself against legal liability.

In any event, we will only disclose this data in accordance with applicable legal and regulatory requirements.

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

However, we make our best efforts to ensure that your Personal Data is treated securely and confidentially, including when certain operations are carried out by subcontractors.

To this end, we implement appropriate Technical, Organizational and Physical Measures to avoid the loss, misuse, alteration and deletion of such Personal Data.

These measures are adapted according to the level of sensitivity of the Data processed and the level of risk presented by the Processing or its implementation.

If a Data security breach occurs, we will inform you as soon as possible and in accordance with the procedures specified by the legal and regulatory provisions in force.

We may employ third party companies and individuals to facilitate our service (“Service Providers”), to provide the service on our behalf, to perform service-related services, or to help us analyze how our service is used. These third parties only have access to your personal data to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

We ensure that only authorized personnel can have access to Users' Personal Data.

The Third Parties with whom we share this data do so in accordance with the specific purposes that we have identified. We put in place all appropriate measures to ensure that they are subject to confidentiality and security obligations in accordance with this Privacy Policy and applicable laws.

Our service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly recommend that you review the privacy policy of each site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of third party sites or services.

Our service is not intended for persons under the age of 18 (“Minors”).

We do not knowingly collect personally identifiable information from individuals under the age of 18. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal data from children without verifying parental consent, we take steps to remove that information from our servers.

We reserve the right to change our Privacy Policy at any time. Changes will take effect immediately after they are posted on our site.

When a substantial change to this Privacy Policy is made, we will inform you by inserting a text message on the home page of its E-shop.

However, we invite you to regularly consult this Privacy Policy to be informed of how your Personal Data is protected and processed.

If you have any questions or concerns about this privacy policy or your personal data, or to exercise your rights, please contact us via:
- E-Mail: team@gamby.fr,
- Postal mail: Gamby — 99, Avenue Achille Perreti, Neuilly-sur-Seine, 92200.