Privacy Policy

Privacy Policy

Your privacy is important to us and we take it very seriously. This privacy policy describes the information we collect about you (hereinafter “You” or the “Customer”), through or via, in whole or in part, our website or one of our social media pages, but also and more generally in the context of your relationship with us, and how we process it (see information on how we collect, process, and use your personal data).

Regular Finance (formerly Tech For Change), a simplified joint stock company with capital of €2,157,996, whose registered office is located at 41 rue de la Chaussée d'Antin 75009 Paris, registered with the Paris Trade and Companies Register under number 849 355 565 (hereinafter “Regular” or the “Company”) hereby undertakes therefore undertakes to implement all necessary measures to ensure processing in accordance with applicable regulations, in particular European Regulation 2016/679 on the protection of personal data (hereinafter the “GDPR”) and the French Data Protection Act of January 6, 1978.

By using the website www.regular.eu (hereinafter referred to as the “Site”), the Regular Service, or the mobile application on iOS or Android, you agree to this privacy policy (hereinafter referred to as the “Policy”). This Policy is intended to set out the terms and conditions for the processing of your data in connection with your use of the Site and the Regular Service. Regular reserves the right to modify this Policy at any time. If a modification is made, we undertake to publish the new version on the Site with mention of the date of the last update. It is therefore your responsibility to check the Site regularly to stay informed of any changes. 

1. INFORMATION ON THE SITE

Information concerning the protection of your Personal Data can be found in this Privacy Policy.

The purpose of this Privacy Policy is to provide information on how Regular collects, processes, protects, stores, shares, and deletes Customers' personal data.

For the purposes of this document:

- the term “Data” refers to all Customer data. This includes, in particular, data related to the customer account, data accessible from the interfaces made available by Regular, or the data defined below (Identification Data, Personal Data);

- the term “Identification Data” refers to the data that allows the Customer to access their Personal Space, consisting of an email address and a password;

- the term “Personal Data” refers to all personal information concerning a Customer, a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to them;

- the term “Personal Account” refers to an individualized environment, accessible via the Regular mobile application and the Regular website, and dedicated to the use of the Regular service.

2. PERSONAL DATA CONTROLLER

The information provided by the Customer is intended for Regular Finance SAS, which is dedicated to the development of its Regular service. As such, Regular Finance SAS determines the purposes for which personal data is processed. It is therefore the data controller within the meaning of Article 4(7) of the GDPR.

3. PURPOSES OF PROCESSING

4. PRIVACY OF PERSONAL DATA

Regular attaches the utmost importance to the confidentiality of Personal Data. As such, Regular takes all necessary precautions to preserve their confidentiality and declares that it works with trusted subcontractors who are renowned for the reliability of their services and the high level of protection they afford to the confidentiality of Personal Data.

5. PROCESSED DATA

6. LEGAL BASIS

The collection of the Customer's express and unambiguous consent to the processing, collection, sharing, and analysis of their Personal Data is carried out through the acceptance by signature of the GTU and constitutes the legal basis for this Policy.

7. RECIPIENT OF THE DATA

The data is transmitted to Regular and encrypted, and may also be processed securely by the following subcontractor, within the meaning of Article 4 – 8) of the GDPR:

- the identity verification service of DocuSign International (EMEA) Limited, 5 Hanover Quay, Grand Canal Dock, Dublin D02 VY79 Ireland.

The aforementioned subcontractor has limited access to Customer data in the context of performing the services and has a contractual obligation to use it in accordance with the provisions of applicable regulations on the protection of personal data and to implement organizational and technical measures to ensure the security of Customer data.

8. SECURITY

Regular implements organizational, technical, software, and physical data security measures to protect Customers' personal data from alteration, destruction, and unauthorized access. All Personal Data collected is stored on our servers within the European Union and in accordance with applicable regulations (GDPR).

9. DATA LIFECYCLE

The Customer's Identification Data and Personal Data are recorded when they register and each time they update their data in their Customer Area.

Identification Data is collected through DocuSign International (EMEA) Limited.

All Data collected is transferred to Regular's servers and databases. The Data is structured and reorganized by Regular so that it can be used in an agreed format. The Data can be viewed and updated at the Customer's request. The Data is not kept for longer than is necessary for the purposes for which it was collected.

10. DATA RETENTION PERIOD

Les données à caractère personnel conservées ne le sont que le temps strictement nécessaire aux fins pour lesquelles ces données ont été recueillies et dans les mesures permises par les lois applicables. La durée de conservation des données personnelles du Client varie en fonction de la finalité du traitement. En application des obligations liées à la lutte contre le blanchiment des capitaux et le financement du terrorisme, elles peuvent être conservées au maximum pendant cinq (5) ans à compter de la fin des relations contractuelles entre Regular et le Client (en vertu de l’article L.516-12 du Code Monétaire et Financier). En outre, des périodes de conservation sont prévues par le droit commercial et fiscal. Une fois le délai de conservation écoulé, Regular supprime définitivement les Données Personnelles du Client. Les données peuvent être détruites à tout moment sur demande du Client, à l’exception des données dont la conservation est obligatoire légalement.

11. CUSTOMER RIGHTS

The Customer has the following rights:

- The right of access: this is the right to obtain a copy of the personal information that Regular holds about them.

- The right to data portability: this is the right to obtain the data concerning them that Regular holds, in a structured and interoperable electronic format, and to have it transferred to another data controller.

- The right to rectification: this is the right to have incomplete or inaccurate personal information processed about them rectified.

- The right to request the erasure of their data: the Customer has the right to request the deletion of personal information processed about them, which Regular will do subject to its legal retention obligations.

- The right to restriction: this is the right for the Customer to obtain restriction of the processing of their personal information when they contest the accuracy of their data, when they believe that its processing is unlawful, or when they believe that Regular no longer needs to process their data unless the latter is unable to delete it due to a legal or other obligation.

- The right to object: this is the right to object to the processing of your data by Regular. Regular will comply with your request unless the processing is justified on legitimate grounds in accordance with the regulations in force.

- The right to withdraw consent: this is the right to withdraw your consent when it has been given.

- The right to lodge a complaint with the CNIL: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the CNIL if you consider that the processing of your personal data constitutes a violation of the applicable regulations (Art. 77 of the GDPR).

All of these rights may be exercised by the Customer by making a specific request and providing proof of identity (copy of national identity card or passport), by contacting customer support online or by post to Regular's registered office. The Customer will be informed of the measures taken in response to their request as soon as possible. However, Regular will not respond to requests that are manifestly unfounded or excessive. For security reasons and in case of doubt about the value and authenticity of the supporting documents provided by the Customer, Regular reserves the right to request any other supporting documents. In the event that the Customer requests the opposition to the processing of their Personal Data, the Customer may be asked to close their Account (in the event that Regular is unable to provide the Services concerned without the processing in question). The Customer is informed of their right to lodge a complaint with the competent supervisory authority responsible for data protection, namely the CNIL.

12. COOKIES

The Customer is informed that during visits to the Website, a cookie may be automatically installed on their browser. Cookies are text files, often encrypted, stored in your browser. They are created when a user's browser loads a given website: the website sends information to the browser, which then creates a text file. Each time the Customer returns to the same site, the browser retrieves this file and sends it to the website server. There are two types of cookies, which do not have the same purposes: technical cookies and advertising cookies:

- Technical cookies are used throughout your browsing session to facilitate it and perform certain functions. A technical cookie may, for example, be used to remember the answers entered in a form or the Customer's preferences regarding the language or presentation of a website, where such options are available.

- Advertising cookies may be created not only by the website on which the Customer is browsing, but also by other websites displaying advertisements, announcements, widgets or other elements on the page displayed. These cookies may be used, in particular, to carry out targeted advertising, i.e. advertising determined on the basis of the Customer's browsing.

The Site uses technical cookies. These are stored in the Customer's browser for a period not exceeding six (6) months.

The Site uses advertising cookies. The Customer may disable these cookies by clicking on a tab dedicated to this purpose on the Site (Refusal of advertising cookies). The Site uses or may use Google Analytics, which is a statistical audience analysis tool that generates a cookie to measure the number of visits to the site, the number of pages viewed and visitor activity. The Customer's IP address is also collected to determine the city from which they are connecting. This cookie is stored for 13 months. The Site reminds the Customer that they may refuse the use of cookies by configuring their browser. However, such refusal may prevent the proper functioning of the Site.

13. EXERCISE OF CUSTOMER RIGHTS