Privacy Policy

Last Updated 18-01-2023

We take the protection of your personal data very seriously. 

rBlox ("We"), as a controller, is responsible for collecting and processing your personal data in relation to its activities.

Our business is to provide stronger tech infrastructure through internet optimization. For rBlox, the solution comes in the form network software which ensures security, scalability and performance which fits the needs of emerging tech businesses..

The purpose of this notice (the “Privacy Notice”) is to explain how we process your personal data and how you can control and manage them.

1. ARE YOU SUBJECT TO THIS NOTICE?

This Privacy Notice applies to you if you are ("You"):

  • one of our customers or in a contractual relationship with us;
  • a member of our customer family. Indeed, our customers may occasionally share with us information about their family when it is necessary to provide them with a product or service or to get to know them better;
  • a person interested in our products or services when you provide us with your personal data (in an agency, on our websites and applications, during events or sponsorship operations) so that we can contact you.
  • an employee of our corporate customers.

When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of their personal data and invite them to read this Privacy Notice. We will ensure that we will do the same whenever possible (e.g., when we have the person's contact details).

2. HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?

You have rights which allow you to exercise real control over your personal data and how we process them.

If you wish to exercise the rights listed below, please submit a request by mailing a letter to the following address
RBLOX, 8 avenue Jean Jaures, 92130 Issy les Moulineuax, France

or on our websites1 with a scan/copy of your identity card where required.

If you have any questions relating to our use of your personal data under this Privacy Notice, please contact our Data Protection Officer at the following address privacy@rblox.io.

2.1. You can request access to your personal data

If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing.

Your right of access may be limited in the cases foreseen by laws and regulations. This is the case with the regulation relating to anti-money laundering and countering the financing of terrorism, which prohibits us from giving you direct access to your personal data processed for this purpose. In this case, you must exercise your right of access with the Commission Nationale Informatique et Libertés (CNIL), which will request the data from us.

2.2. You can ask for the correction of your personal data

Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.

2.3. You can request the deletion of your personal data

If you wish, you may request the deletion of your personal data, to the extent permitted by law.

2.4. You can object to the processing of your personal data based on legitimate interests

If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defence of legal claims.

2.5. You can object to the processing of your personal data for commercial prospecting purposes

You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.

2.6. You can suspend the use of your personal data

If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request. You may request that we suspend the use of your personal data while we review your request.

2.7. You have rights against an automated decision

As a matter of principle, you have the right not to be subject to a decision based solely on automated processing based on profiling or otherwise that has a legal effect or significantly affects you. However, we may automate such a decision if it is necessary for the entering into or performance of a contract with us, authorised by regulation or if you have given your consent.

In any event, you have the right to challenge the decision, express your views and request the intervention of a competent person to review the decision.

2.8. You can withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.

2.9. You can request the portability of part of your personal data

You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may request that we transmit this copy to a third party.

2.10. How to file a complaint with the relevant Supervisory Authority - Commission Nationale Informatique et Libertés (CNIL)

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, which is usually the one in your place of residence, i.e., the CNIL (Commission Nationale de l'Informatique et de Libertés) in France.

3. WHY AND ON WHICH LEGAL BASIS DO WE USE YOUR PERSONAL DATA?

In this section we explain why we process your personal data and the legal basis for doing so.

3.1. Your personal data are processed to comply with our various regulatory obligations

Your personal data are processed where necessary to enable us to comply with the regulations to which we are subject, including banking and financial regulations.

3.1.1. We use your personal data to:

  • manage and report risks (financial, credit, legal, compliance or reputational risks etc.) that rBlox could incur in the context of its activities;
  • assist the fight against tax fraud and fulfil tax control and notification obligations;
  • record transactions for accounting purposes;
  • prevent, detect and report risks related to Corporate Social Responsibility and sustainable development;
  • detect and prevent bribery;
  • comply with the provisions applicable to trust service providers issuing electronic signature certificates;
  • exchange and report different operations, transactions or orders or reply to an official request from a duly authorized local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, law enforcement, state agencies or public bodies.

 3.1.2. We also process your personal data for anti-money laundering and countering of the financing of terrorism purposes

3.2. Your personal data are processed to perform a contract to which you are a party or pre-contractual measures taken at your request

Your personal data are processed when it is necessary to enter into or perform a contract to:

  • evaluate (e.g., on the basis of your credit risk score) if we can offer you a product or service and under which conditions (e.g., price);
  • provide you with the products and services subscribed to under the applicable contract;
  • enter into a contract with you. We may process personal data in order to register you as a new client, enter into a contract and perform it with you;
  • handle billing, invoicing and recovery;
  • provide you with services related to the preparation, delivery of tailormade project:
  • configure and quote your Project;
  • deliver your Project at the place of your choice, possibly with equipment related to electric Vehicle charging devices in partnership with selected providers;
  • provide reporting;
  • provide consulting services;
  • provide you with an access to our digital platforms. We may process personal data when you use our digital platforms for several purposes;
  • provide access to the rBlox premises and assets. We may process personal data when you visit us in our premises in order to maintain appropriate access and security control;
  • communicate with you. We may process personal data when you want to contact us, when you request us some information about our company or our services or when the contract needs to be updated;
  • manage existing debts (identification of customers with unpaid debts);
  • respond to your requests and assist you;
  • manage the end of the contract.

3.3. Your personal data are processed to fulfil our legitimate interest or that of a third party

Where we base a processing activity on legitimate interest, we balance that interest against your interests or fundamental rights and freedoms to ensure that there is a fair balance between them. If you would like more information about the legitimate interest pursued by a processing activity, please contact us at [insert email address].

3.3.1. In the course of our business as a provider of mobility services, we use your personal data to:

3.3.1.1. If you are a private lease customer or prospect:

  • • manage the risks to which we are exposed:
  • we keep proof of operations or transactions, including in electronic evidence;
  • we monitor your transactions to manage, prevent and detect fraud;
  • we carry out the collection of debts;
  • we handle legal claims and defences in the event of litigation;
  • we develop individual statistical models in order to help define your creditworthiness; 

3.3.1.2. For all categories of data subjects:

  • enhance cyber security, manage our platforms and websites, and ensure business continuity;
  • implement information technology solutions;
  • maintain information systems in operational conditions;
  • use video surveillance to prevent personal injury and damage to people and property;
  • enhance the automation and efficiency of our operational processes and customer services (e.g., automatic filling of complaints, tracking of your requests and improvement of your satisfaction based on personal data collected during our interactions with you such as phone recordings, e-mails or chats);
  • conduct statistical studies and develop predictive and descriptive models for:

commercial purpose: to identify the products and services that could best meet your needs, to create new offers or identify new trends among our customers, to develop our commercial policy taking into account our customers' preferences

  • safety purpose: to prevent potential incidents and enhance safety management;
  • compliance purpose (e.g., anti-money laundering and countering the financing of terrorism) and risk management;
  • anti-fraud purposes;
  • • organize contests, lotteries, promotional operations, conduct opinion and customer satisfaction surveys.

3.3.1.3. If you are an employee of our corporate customer:

  • • provide you with services related to the preparation, delivery or use and the management of Project including:
  • to configure and quote your Project;
  • to deliver your Project at the place of your choice;
  • to assist Partners and third-party maintainers;
  • to ensure maintenance;
  • • manage our customers’ accounts, manage the contractual relationship with our customers of whom you are an employee or to keep you informed about the development of our services;
  • • provide you with an access to our digital platforms. We may process personal data when you use our digital platforms for several purposes;
  • • manage resolution of disputes and assist you and answer your requests and complaints;
  • provide access to the rBlox premises and assets. We may process personal data when you visit us in our premises in order to maintain appropriate access and security control;
  • communicate with you. We may process personal data when you want to contact us, when you request us some information about our company or our services or when the contract needs to be updated;
  • provide reporting to our customers;
  • provide consulting services to our customers;
  • handle billing and invoicing;
  • manage the end of the contract.

3.3.2. We use your personal data to send you commercial offers by electronic means, post and phone

We want to be able to offer you access to the full range of products and services that best meet your needs.
Once you are a customer and unless you object, we may send you these offers electronically for our products and services.

We will ensure that these commercial offers relate to products or services that are relevant to your needs and complementary to those you already have to ensure that our respective interests are balanced.

We may also send you, by phone and post, unless you object, offers concerning our products and services as well as those of our trusted partners.

3.3.3. We analyse your personal data to perform standard profiling to personalize our products and offers

To enhance your experience and satisfaction, we need to determine to which customer group you belong. For this purpose, we build a standard profile from relevant data that we select from the following information:

- what you have directly communicated to us during our interactions with you or when you subscribe to a product or service;
- resulting from your use of our products or services;
- from your use of our various channels: websites and applications (e.g., if you are digitally savvy, if you prefer a customer journey to subscribe to a product, or service with more autonomy (selfcare));

Unless you object, we will perform this customization based on standard profiling. We may go further to better meet your needs, if you consent, by performing a tailor-made customization as described below.

3.4. Your personal data are processed if you have given your consent

For some processing of personal data, we will give you specific information and ask for your consent. Of course, you can withdraw your consent at any time.

In particular, we ask for your consent for:

  • tailor-made customization of our offers and products or services based on more sophisticated profiling to anticipate your needs and behaviours;
  • any electronic offer for products and services not similar to those you have subscribed to or for products and services from our trusted partners;
  • use of your usage data (cookies) for commercial purposes or to enhance the knowledge of your profile.

You may be asked for further consent to process your personal data where necessary.

4. WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

We collect and use your personal data, meaning any information that identifies or allows one to identify you.

Depending among others on the types of product or service we provide to you and the interactions we have with you, we collect various types of personal data about you:

If you are an employee of our corporate customer/prospect, we collect:
- Identification information: e.g., full name, gender, company;
- Contact information: (private or professional) postal address, e-mail address, phone number;
- Economic, financial and tax information: e.g., tax ID, tax status, country of residence;
- Data collected from our interactions with you: e.g., your comments, suggestions, needs collected during our exchanges with you in person and online during phone communications (conversation), discussion by e-mail, chat, chatbot, exchanges on our social media pages and your latest complaints. Your connection and tracking data such as cookies and tracers for non-advertising or analytical purposes on our websites, online services, applications, social media pages;
- Personalized login credentials or security features used to connect you to the rBlox website and apps.

Whether you are a private lease customer or an employee of our corporate customer, We may collect sensitive data such as health data, biometric data, or data relating to criminal offences, subject to compliance with the strict conditions set out in data protection regulations.

5. WHO DO WE COLLECT PERSONAL DATA FROM?

We collect personal data directly from you; however, we may also collect personal data from other sources.

We sometimes collect data from public sources:

  • publications/databases made available by official authorities or third parties (e.g., the Official Journal of the French Republic, the Trade and Companies Register, databases managed by the supervisory authorities of the financial sector);

websites/social media pages of legal entities or business clients containing information that you have disclosed (e.g., your own website or social media page);

  • • public information such as that published in the press.

We also collect personal data from third parties:

  • from our customers (companies or individuals);
  • from our business partners (including car manufacturers, car dealers, OEMs);
  • from service providers of payment initiation and account aggregators (service providers of account information);
  • from third parties such as credit reference agencies and fraud prevention agencies;
  • from data brokers who are responsible for ensuring that they collect relevant information in a lawful manner.

 

6. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

With recipients outside rBlox and processors

In order to fulfil some of the purposes described in this Privacy Notice, we may, where necessary, share your personal data with:

  • processors which perform services on our behalf (e.g., IT services, logistics, printing services, telecommunication, debt collection, advisory and distribution and marketing).
  • banking and commercial partners, independent agents, intermediaries or brokers, financial institutions, counterparties, trade repositories with which we have a relationship if such transmission is required to allow us to provide you with the services and products or execute our contractual obligations or transaction (e.g., banks, correspondent banks, depositaries, custodians, issuers of securities, paying agents, exchange platforms, insurance companies, payment system operators, issuers or payment card intermediaries, mutual guarantee companies or financial guarantee institutions);
  • local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, public authorities or institutions (e.g., the Banque de France, Caisse des dépôts et des Consignations), to which we are required to disclose pursuant to:
  • their request;
  • our defence, action or proceeding;
  • complying with a regulation or a recommendation issued from a competent authority applying to us;
  • service providers of third-party payment (information on your bank accounts), for the purposes of providing a payment initiation or account information service if you have consented to the transfer of your personal data to that third party;
  • certain regulated professions such as lawyers, notaries, or auditors when needed under specific circumstances (litigation, audit, etc.).

 

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis.

For transfers to non-EEA countries where the level of protection has not been recognized as adequate by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you, such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:

  • Standard contractual clauses approved by the European Commission;
  • Binding corporate rules.

To obtain a copy of these safeguards or details on where they are available, you can send a written request as set out in privacy@rblox.io.

 

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data over the period required to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating customer relationship management, and responding to legal claims or regulatory requests.

For instance:

  • Manage and report risk, monitor operations and transactions to identify deviation, prevent and detect fraud and fulfil tax control and notification obligations – 10 years after the end of the internal controls
  • KYC (Know Your Customer) - Perform a KYC analysis and check on clients (both companies and physical users) prior to signing a contract and classify them depending on the risk – 5 years after end of the contractual relationship with customer
  • Credit Risk Processing to build and monitor a credit risk file for each customer, manage credit risk analysis and decide what to do for credit collection – 5 years after end of the contractual relationship with customer
  • Invoice / Billing – Record transactions for accounting purposes and comply with legal obligations regarding financial security – 10  years after the invoice date
  • Improve the efficiency of our processes and services in case of complaint - 5 years after the end of the contractual relationship with our customer
  • Collect all B2C/B2B2C leads and make an offer - 3 years after last contact date
  • Provide customers with the products and services subscribed for services related to the preparation, delivery or use of licence  -  2 years after the event date
  • Research & Development in order to conduct statistical studies and develop predictive models – Duration of the R&D project  

 

9. HOW TO FOLLOW THE EVOLUTION OF THIS PRIVACY NOTICE

In a world where technologies are constantly evolving, we regularly review this Privacy Notice and update it as required.

We invite you to review the latest version of this document online, and we will inform you of any significant amendments through our website or through our standard communication channels.