Demander une démo

DATA PROTECTION CHARTER – ACTION POSITIVE


ACTION POSITIVE is committed to ensuring the protection of the personal data of the Users of its Websites / applications in the best conditions. Therefore, ACTION POSITIVE undertakes to comply with Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms, amended by European Regulation 2016/679 of 27 April 2016 on the protection of personal data.

The commitments described in this personal data protection charter also meet the values and principles of behaviour of ACTION POSITIVE.

By registering on one of ACTION POSITIVE's Websites/Applications, the User accepts the collection and use of his or her personal data in the manner described in this Data Protection Charter.

This Personal Data Protection Charter describes how ACTION POSITIVE processes Users' personal data. This charter also applies to other channels for the collection of personal data, in particular telephone / email when the User contacts ACTION POSITIVE.

These provisions relate to the processing of personal data for which ACTION POSITIVE is the data controller, in accordance with the General Data Protection Regulation.

This Charter applies in addition to:
  • the provisions of the General Terms of Use of ACTION POSITIVE;
  • information specific to each new treatment, accessible on appropriate media (e.g. online forms, etc.);
It may be modified at any time, in order to comply with any regulatory, jurisprudential and/or technical developments.

For any questions relating to this Data Protection Charter or the exercise of your rights, you can contact the DPO as defined in this charter at the addresses indicated in this charter.


1 - Definitions

For the purposes of this appendix and notwithstanding any other definition provided for in the Affirmative Action Terms and Conditions, these terms beginning with a capital letter, whether in the singular or plural, have the following meanings:

Personal data: any information relating to an identified or identifiable natural person, i.e. who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.

Processing of personal data: any operation or set of operations relating to such data, by any means whatsoever (collection, recording, organisation, storage, modification, extraction, consultation, transmission, dissemination or any other form of making available, alignment or interconnection, as well as blocking, erasure or destruction).

Cookie: information deposited on an Internet user's hard drive by the server of the site he or she is visiting. It can contain several pieces of data: the name of the server that deposited it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and save information.

Local Authority Partner: Any local authority likely to purchase the services of ACTION POSITIVE and in particular cities (town halls), departments, regions, (industrial and commercial public services), EPCIs (Public Collaborating Establishments) and any company providing a public service on behalf of the State or any other local authority

Client: Any organization that may purchase ACTION POSITIVE's services, including companies, universities, schools, and associations.

User: Any person who has created an account on one of the ACTION POSITIVE sites/applications


2- Data Controller - DPO

ACTION POSITIVE has appointed a Data Protection Officer who can be contacted at the following address: secu-data@linka.eco.


3 – Data collected

ACTION POSITIVE collects Users' personal data in order to offer them specific services and to offer them the opportunity to carry out challenges around ecology To then anonymise the data to offer them to Local Authority Partners for remuneration in order to promote the ecological transition at the level of the territories, and more generally to enable them to better meet the needs of their constituents in terms of ecology; or to offer them to Clients for a fee in order to reduce the ecological footprint of their organization and more generally to enable them to better meet the needs of their community.

The mandatory or optional nature of the data provided is indicated at the time of collection by ACTION POSITIVE.

The personal data that may be collected by ACTION POSITIVE are:
  • Your first name, last name, e-mail, zip code;
  • Pseudonym;
  • Age;
  • Personal life information (e.g., presence of children in the household, use of a car, vegetarian or vegan diet);
  • Connection tracking data (IP address, cookies, etc.).


4 – Purpose of the processing of personal data & legal basis for data collection

ACTION POSITIVE ensures that it explicitly determines the purposes for which it collects personal data, and that it collects only the personal data that is strictly necessary for the purpose of said processing. These purposes are respected throughout the life of the processing.

For each data processing, specific information is provided at the device level in order to inform the data subject of this purpose of the processing, its legal basis, the data collected, the recipients or categories of recipients of the data, the retention periods, the exercise of the rights of the data subjects over their data and the way in which they can exercise these rights.

If it is intended to use the collected data for purposes other than those for which they were initially collected, the data subjects will be informed in advance and must give their consent.

The User's consent will be requested in particular when ACTION POSITIVE wishes to share non-anonymised data (email, surname, first name) with the Partner Local Authorities. No non-anonymised personal data may be transmitted to partner Local Authorities without the express consent of the User.

By accepting this document, the User consents that non-anonymized data (email, surname, first name) may be shared with his/her organization, in the event that it has become a Client of ACTION POSITIVE, and provided that the latter has received a second consent from the User; in order to foster ecological collaboration between them.

Some data may also be processed, subject to the express consent of the User.

The purposes for which ACTION POSITIVE processes the data are the following:
  • The management of the relationship with Users,
  • Proposing ecologically related challenges to Users,
  • Transmission of anonymised data and anonymised statistical analyses to Local Authority Partners or Clients, including anonymised answers to questions prior to registration on the Linka mobile application,
  • Transmission of non-anonymised data (surnames, first names, emails) to Local Authority Partners, subject to having received the User's prior consent,
  • Transmission of non-anonymised data (surnames, first names, emails) to Clients, associated with the challenges carried out and the needs expressed, provided that the Client has received the User's prior consent, so that the Client can identify the winners of the potential primes and the claimants within it,
  • Establishment of a ranking between Users completing the challenges, it being specified that only the pseudonym will be visible in the ranking,
  • Establishment of a ranking between the Users of a Client completing the challenges in which the name and surname will be visible exclusively to the person responsible for the game of this Client, provided that the Client has received the prior consent of the Users, so that the game manager(s) of that Client can identify the winners of the potential prizes,
  • The management of the activation and marketing animation of the Websites / applications,
  • More generally, any purpose referred to in Article 2 of Deliberation No. 2012-209 of 21 June 2012 creating a simplified standard concerning the automated processing of personal data relating to the management of users and prospects.

For the following purposes, your data is necessary for the purposes of the legitimate interests pursued by ACTION POSITIVE:
  • Statistical analyses;
  • Sending invitations on time;
  • Updates to our User file;
  • Surveys carried out by Local Authority Partners on the website/application


5 - Recipient of the data and means of data collection

The personal data collected is intended for ACTION POSITIVE. They may, subject to satisfying the purposes set out above, be transmitted to the subcontracting companies to which ACTION POSITIVE may call in the context of the performance of its services.

In this context, personal data is hosted in France and may not be transferred to a member country of the European Union or not.

Except for commercial actions carried out with Local Authority Partners or with Clients, under no circumstances does ACTION POSITIVE transfer or rent personal data to third parties who are not service providers of the company (hosting / web developer / etc.).

However, the disclosure of personal data to third parties may occur in the following cases:
  • With the express permission of the persons defined by the data;
  • At the request of the legally competent authorities, on judicial requisition, or in the context of legal proceedings;

Means of collection:

Personal data may be collected:
  • When opening a User account following the User's request (filling in information form(s), collection of documents necessary for the service(s) subscribed to, etc.)
  • When updating the User's profile
  • When the User fills in the "Contact us" banner on the website or application;
  • Automatically when the User visits the website or application (browsing URL, cookies, etc.) when the User has consented to the collection of cookies
  • Automatically when the User connects to his Client account on the website or application (login credentials, etc.).


6 – Data retention period

The retention periods for personal data collected by ACTION POSITIVE may vary depending on the processing and are governed by:
  • The time necessary to achieve the purpose;
  • A legal retention period;
  • A fixed term for regulatory or control reasons.
At the end of this retention period, this data is archived, deleted or anonymised, in accordance with the requirements of the CNIL and in compliance with the preservation of the exercise of the rights of individuals in connection with the legal limitation and retention periods for strictly limited reasons authorised by law.

According to Article 5 of Deliberation No. 2016-264 of 21 July 2016 (NS-048):
"Personal data relating to Clients may not be kept for longer than is strictly necessary for the management of the commercial relationship.

However, data that makes it possible to establish proof of a right or a contract, or that is kept in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period not exceeding the period necessary for the purposes for which they are kept, in accordance with the provisions in force. »

According to the standards in force, any document issued or received by a company in the exercise of its activity must be kept for certain minimum periods during which the administration can carry out a posteriori checks. These limitation periods are established by various reference texts depending on the nature of the documents to be kept and the related legal obligations.

Since the implementation of the GDPR, any document referred to in the paragraph above and containing personal data on natural persons must not have its maximum retention period exceed these limitation periods.

The retention periods set out in the table below are therefore the minimum AND maximum intermediate archiving retention periods of any document containing personal data of natural persons:

User Data
  • Data categories and associated documents: Personal data of User accounts
  • Retention period: 5 years
  • Reference text: Article 110-4 of the Commercial Code

  • Data categories and associated documents: Login data for User accounts
  • Retention period: Duration necessary to manage the relationship with the User
  • Reference text: Article 5 of deliberation n°2016-264 of 21-07-201

Data Potential Users
  • Data categories and associated documents: Identification and contact data (name / first name / city / Mail / etc...)
  • Retention period: 3 years from the date of their collection by the DPO or from the last contact from the potential User
  • Reference text: Article 5 of deliberation n°2016-264 of 21-07-2016

  • Data categories and associated documents: Browsing data and cookies through the website
  • Retention period: 1 year
  • Reference text: Article 5 of deliberation n°2016-264 of 21-07-2016

Details about cookies:

ACTION POSITIVE sites/applications may install cookies on the User's computer, smartphone or tablet. A cookie is a small text file that is transferred to the User's computer, smartphone or tablet through their internet browser. He is saved on the hard drive of his terminal when he visits our sites/applications.

Cookies allow ACTION POSITIVE to recognise the User on subsequent visits to the site, to offer him content likely to be of interest to him, but do not allow him to be identified. It simply creates a random number that records information relating to the navigation of the computer or terminal on the site. The storage period of this information is 1 year from the date of data recording.

The User may object to the recording of "cookies" by configuring the browser according to the procedure specific to each browser. Nevertheless, the cookie is essential for the proper functioning of the site's services. Thus, if the Internet user configures his computer in such a way that no cookie is installed, certain features of the site/application may not be available.


7 – Users' rights

In accordance with Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms, amended by European Regulation 2016/679 of 27 April 2016 on the protection of personal data, the User has a set of rights for the management of his data.

The User concerned by the processing of his or her data has the right to access, rectify, limit and portability information concerning him/her. They may also, for legitimate reasons, object to the processing, request the deletion of data concerning them, or withdraw their consent at any time, unless these rights have been overridden by a legislative provision.

Right to information (Art. 13 GDPR)
ACTION POSITIVE collects information about the User and must provide him with clear information on the use of his data and the exercise of his rights.

Right of access (Art. 15 GDPR)
The User concerned may request information on the personal data that ACTION POSITIVE holds concerning him or her and obtain a copy of this information free of charge.

Right to rectification (Art. 16 GDPR)
The User concerned may at any time request that his or her personal data be rectified if it is inaccurate, completed or updated.

Right to erasure or right to be forgotten (Art. 17 GDPR)
The user concerned may, at any time, request the erasure of his or her personal data processed, subject to the exceptions provided for in Article 17.3 of the GDPR, when:
  • This data is no longer necessary for the purpose of the processing for which it was collected,
  • The Data Subject User withdraws his/her consent on which the processing is based and there is no other legal basis for continuing the processing,
  • The user concerned exercises his or her right to object to the processing and there are no overriding legitimate grounds for continuing the processing
  • This data must be erased to comply with a legal obligation,
  • This data is linked to unlawful processing,
  • This data is collected for a service intended for minors, and protected adults.

Right to restriction of processing (Art. 18 GDPR)
The User may request that ACTION POSITIVE store their data but limit its use, for the time it takes to verify the accuracy of their data or the lawfulness of the disputed processing, or for the time it takes to balance their interests with those of the data controller, or when the retention of the data is no longer essential but the data subject opposes the deletion of their data.

Right to portability (Art. 20 GDPR)
The User may request, subject to the exceptions provided, to retrieve the personal data that he or she has provided, and which are processed with his or her consent or for the performance of a contract or in an automated manner.

Right to object and withdraw consent (Art. 21 GDPR)
The User may object, for reasons relating to his or her particular situation, to the processing of his or her personal data, unless ACTION POSITIVE presents legitimate and compelling reasons for the processing or the processing is necessary for the establishment, exercise or defence of legal claims.

Right not to be subject to automated individual decision-making, including profiling (Art. 22 GDPR)
The User may object to the making of a decision based exclusively on automated processing, producing legal effects concerning him or her or significantly affecting him/her.

The User may also issue directives relating to the fate of his or her data after his or her death.

Exercising the User's rights
ACTION POSITIVE implements the means to facilitate and guarantee the exercise of the rights of the persons whose data is processed.

In this context, ACTION POSITIVE has appointed a DPO who receives requests to exercise the rights of individuals on the processing of their data and has created a single address for complaints. These requests can be sent to:

Or by electronic means to: secu-data@linka.eco, specifying in the header of the message, the subject of the request [e.g. rights on personal data]

Or by post to the following address: SAS ACTION POSITIVE - To the attention of the DPO - 23 rue Gramme 75015 Paris.

It is clarified that where the data subject submits a request in an electronic form, the response information shall be provided electronically where possible, unless the data subject requests otherwise. When the communication of information is made by another medium, it is free of charge to the applicant.

The personal data that will be communicated in the context of the exercise of a right of access will be communicated on a personal and confidential basis. As such, for an access request to be taken into account, it must be accompanied by proof of identity.

ACTION POSITIVE may also request additional information to respond to the exercise of a right of individuals over their personal data. In any case, ACTION POSITIVE will endeavour to respond to the request within a reasonable period of time and in any event, within the time limits set by law.

Finally, and in the event of an unsatisfactory response, individuals may file a complaint with the CNIL (Commission Nationale Informatique et Liberté, 3 place Fontenoy – TSA 80715 – 75334 Paris cedex, www.cnil.fr).


8 – Security

ACTION POSITIVE has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being distorted or damaged or accessed by unauthorised third parties. Any questions about the security of your data stored on our server and/or the linka.eco, app.linka.eco, app.actionpositive.fr, app.actionpositive.fr/accueil-entreprise websites can be addressed to secu-data@linka.eco;

However, ACTION POSITIVE only has an obligation of means concerning the security of personal data and must put all the technical means in its possession to ensure said security. In no case is it a safety obligation.

As a data controller, ACTION POSITIVE undertakes to implement the appropriate technical and organisational means to guarantee at all times an appropriate level of protection against the risks of breach of the privacy of the persons whose data it processes and the risks of alteration, destruction, unlawful use, disclosure or unauthorised access to their personal data.
ACTION POSITIVE staff are trained and made aware of the confidentiality of personal data.


9 – Modification of the Privacy Policy

ACTION POSITIVE reserves the right to change this Privacy Policy in order to comply with changes in the laws and regulations in force.
Changes made will be notified via our website or by email.


10 – Applicable law and jurisdiction

This charter relating to the protection of your personal data is governed by French law. Any dispute concerning it would fall under the exclusive jurisdiction of the French courts.


Last updated: August 19, 2024