Personal Data and Privacy Policy

Latest update : 07/09/2020

Woman choosing her privacy settings

Preamble

The protection of your privacy is important to Panga. That's why we created this policy about Personal Data Management and Protection of Privacy.

In the context of our solution for personal data protection, and our solution for Smart Buildings that respects the personal data of its residents, associated websites, associated applications, and related services, we are brought to collect, process and store personal data about you, in accordance with the European General Data Protection Regulation 2016/679, known as "GDPR".

  • Definitions

    PANGA SAS strives to make this document fully understandable by defining the following terms :

    Term(s) Definition

    « PANGA SAS »

    « Panga »

    « we »

    means the company PANGA SAS, with a share capital of 184 140€, registered in the Trade and Companies Registry of La Rochelle, FRANCE, under the SIREN number 813 476 660.

    « You »

    « yours »

    « your »

    means the natural person that uses PANGA SAS products or services, no matter the technical apparatus, for its own use or that of a third party.

    « User(s) »

    means any user of the applications, services and products of PANGA SAS.

    « Partners »

    means the natural and legal persons, the authorities and institutions, the services and products, as well as the applications and websites that are not directly managed by PANGA SAS, but which have a contractual relationship with PANGA SAS.

    « Policy »

    refers to this current document titled « Personal Data Management and Privacy Protection Policy of PANGA SAS ».

    « PyGuard »

    means the personal data protection solution of PANGA SAS.

    « NeHo »

    means the application Next Home of PANGA SAS, whose purpose is to deliver services and informations in real time inside of a building, on a tablet or a smartphone.

    « NeMa »

    means the online service platform provided by PANGA SAS, whose purpose is to manage smart buildings.

    « Panga's websites »

    « Websites managed by Panga »

    means the websites hosting content published PANGA SAS : www.panga.fr ; www.nema.panga.fr ; www.pyguard.fr ; www.hosen.io

    « Panga's services »

    means the services provided by PANGA SAS.

    « Panga's applications »

    means the applications provided and managed by PANGA SAS.

    « Panga's newsletters »

    means the occasional newsletters sent by PANGA SAS, about Hosen, PyGuard or NeHo.

    « GDPR »

    means the European Regulation 2016/679, known as the « General Data Protection Regulation ».

    « Data »

    « Personal Data »

    « Personal Information »

    means any information relating to an identified or identifiable natural person, directly or indirectly, such as « a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity », according to article 4 1° of the GDPR. For example, your name, your nickname, your e-mail address or your IP address are personal data.

    « Data processing »

    means « any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction », according to article 4 2° of the GDPR.

    « Consent »

    means any manifestation of will, free, specific, enlightened and unambiguous by which the concerned user accepts, through a declaration or a clear positive action, that personal informations about him are being processed.

Article 1 Principles governing the collection of personal data

By publishing this policy, Panga sets several objectives :

  • Loupe examinant un document

    Transparency

    Being transparent about the data that we collect : you will find in this policy explanations about data processing made by Panga (when, where, why and how we process your data).

  • Point levé

    Respect for rights

    Defending your rights : it is essential to Panga that every user can implement its GDPR rights (right of access, right to data portability, right to be forgotten...) .

  • Euro barré

    Ethics

    Your data will never be sold : we undertake not to sell your personal data. It is this core value of our identity that motivated the development of our project PyGuard.

Any question ?

Don't hesitate to contact our Data Protection Officer at the following address :

In accordance with the legislation in force, PANGA SAS collects personal data with your explicit consent (when you accept this policy for example), or during the execution of a contract with Panga. We may also process personal data whenever it is necessary for the legitimate interests we are pursuing, or those of third parties to whom we may disclose such data, for example to improve our products or services.

You can modify or withdraw your consent at any time by going in the parameters of your user account, or by contacting by e-mail our Data Protection Officer : DPO@panga.fr.

Products and Services

Choose a product to view the data processing we carry out :

Article 2 Collection of personal data on our websites

  • Audience statistics

    90d

    Whenever you are browsing Panga's websites, we store the following personal data in a format that prevents your identification as a natural person :

    Your IP address
    The date and time of your visit
    The reference to the webpage you visited

    These data are anonymized by the tool Matomo, recommended by the CNIL (the french National Commission on Informatics and Liberty).

    Panga collecte ces informations techniques afin de détecter d'éventuels problèmes (comme la disparition d'une page ou une attaque par déni de service), mais également pour réaliser des statistiques d'audience de ses sites web.

    These data are stored in France, and kept for 90 days, except in case of opposition by the concerned person.

  • Contact form

    2 years

    You can send us a message using the contact forms of our websites. In order to properly reply to your demand, you have to provide us with the following informations :

    Your first and last name
    Your company (optional)
    Votre e-mail adress
    The subject of your request
    The body of the message

    These data are kept for 2 years after the last exchange or the processing of your request, in a folder only accessible by our staff in charge of communication, or if applicable by the other services involved.

    In the event that your request would show an interest in keeping in touch with news of our products or services, we would suscribe you to our newsletter, and your data would be sent to the subcontractor MailJet. Mailjet's data centers are located in the European Union, specifically in Frankfurt, Germany and St. Ghislain, Belgium, and hosted by Google Cloud Platform.

    Pour plus d'informations : fr.mailjet.com/privacy-policy/

    In the event that your request would establish the beginning of a business relationship, your data would be sent to the subcontractor HubSpot Inc in the context of our prospective relationships, and will therefore be transferred to the United States and other locations where HubSpot subsidiaries and their subsequent subcontractors operate. HubSpot is hosted by AWS (Amazon Cloud Services).

    More informations : legal.hubspot.com/fr/dpa

  • Newsletter

    until unsubscribing

    You can subscribe or give your consent to receive our newsletters by ticking the checkbox in our contact form. In order to send you these newsletters, we collect the following data :

    Your first and last name
    Votre e-mail adress
    Subscription date
    Statistics related to the newsletter service

    These data will be kept as long as you stay subscribed. At any time, you can withdraw your consent to unsubsribe, using the link at the bottom of our newsletters.

    Your data are processed by the subcontractor MailJet. Mailjet's data centers are located in the European Union, specifically in Frankfurt, Germany and St. Ghislain, Belgium, and hosted by Google Cloud Platform.

    More information : mailjet.com/privacy-policy/

  • Cookies

    90d

    Interface Usage Data

    A cookie is an element which does not allow user identification, but is used for store informations related to a user browsing habits on a specific website.

    As a user, you are informed when visiting our websites that cookies may be automatically installed on your browser in order to track your navigation, measure traffic and collect your consent. The audience measurement informations collected are anonymized as soon they are recorded, and used solely for this purpose.

    The websites www.panga.fr, www.nema.panga.fr, www.pyguard.fr and www.hosen.io use the tool Matomo and follow the configuration guidelines set by the CNIL, the french National Commission on Informatics and Liberty.

Article 3 Personal Data collection for the services and applications NeHo and NeMa

Whenever you are browsing Panga's websites, we store the following personal data in a format that prevents your identification as a natural person :

  • Collected data

    2 years

    Contact information: title, first name, last name, postal address and apartment number, phone number, e-mail address, IP address
    Comments, discussions and images sent through the chat, or in the ticket manager for maintenance purposes
    Data related to sensors and connected devices (temperature sensor, thermostat, lights, etc)
    Energy consumption bill
    Video streams (if there are any surveilance cameras)

The collected data, which is necessary for the operation of the services, is not necessarily accessible or readable by Panga.

  • Cookies

    90d

    Interface Usage Data

    A cookie is an element which does not allow user identification, but is used for store informations related to a user browsing habits on a specific website.

    We realize usage statistics of our NeMa and NeHo solutions (on smartphone and tablet) using analytics cookies. You can refuse this data processing at any time by going to the application settings.

Panga collects these personal data because they are necessary for the proper functioning of the services that we offer, such as user account management or building operability and maintenance. You may be asked to communicate your personal data when you subscribe to one our services. In addition, Panga and its partners may exchange and use this personal, anonymized data for statistical purposes, for example.

Smooth operation of services and maintenance

When you share content with other users using our services, we collect the information necessary for the proper functioning of these services, such as messages sent and received, and their recipients. We use this information to process your requests and to provide appropriate products or services.

Communication and information

The personal data we collect allows us to inform you about the latest product announcements, software updates and upcoming Panga events that concern you.

From time to time, we may use your personal data to send important notifications, such as communicating changes to our terms of use and policies. Because this information is important to your relationship with Panga, you may not opt-out of receiving these communications.

Improvement of our products and services

We use your personal data to create, develop, use, publish and improve our products, services, content and for data loss prevention purposes. We may also use your data for internal purposes such as audits, data analysis and research to improve Panga's products, services and customer communications.

The interface usage data retrieved using analytics cookies, and all data related to your user account are stored in France, and will not be resold under any circumstances.

Article 4 Collection of Personal Data in PyGuard Services

When you use PyGuard, the box collects personal data in order to be able to monitor to whom these data are transmitted, and possibly to be able to modify or block them :

  • Digital Safe

    as long as you use PyGuard

    Whenever you become a user of PyGuard ans our services, we have to collect, with your consent, a whole set of informations about you in order to build your digital safe :

    Contact information : first name, last name, date of birth, gender and title, postal address, e-mail address, phone number, IP address, nickname
    Bank details
    Data related to sensors and connected devices (temperature sensor, thermostat, lights, etc)
    Various accounts : usernames and passwords
    The different types of profiles you use

    PyGuard collects these personal data because they are necessary for the proper functioning of our services. These data can thus be modified, anonymized or blocked when you use the Internet on a daily basis. PANGA SAS cannot access these personal data, which are stored locally on the PyGuard box in your home.

  • Blocking unwanted connections

    as long as you use PyGuard

    PyGuard also collects personal data related to web traffic in order to block unwanted connections, categorize websites and secure your local network. The following data is collected :

    Your IP and MAC addresses
    The name of your device
    Your device type
    The IP addresses of websites
    The quantity of exchanged data
    The number of exchanged messages
    The public informations of the site owner (whois)
    The IP geolocation of the website
    The reason for closing a connection (normal or by PyGuard)

    Panga sends the FQDN (Fully Qualified Domain Name) of websites to R2C-Sytem, which develops the solution MyDataBall, in order to improve the artificial intelligence that categorizes websites. These data are stored on the PyGuard box and kept as long as you remain a user of PyGuard and its services, then destroyed.

  • Personal Data Interception

    as long as you use PyGuard

    PyGuard and its plugin identify the personal data transferred to third party websites, blocking or modifying the data in the queries, depending on what the user decides to share on the internet. The PyGuard box and the plugin can thus access the following personal data :

    Personal Data identified in requests

    In particular identity, contact, connection, geolocation, and financial data (surname, first name, gender, date of birth, e-mail address, phone number, login, username, password, GPS coordinates, IP address, postal address, city, region, country, language, credit card number, credit card holder, expiration date, etc).

    Potentially all data passing through the internet

    Such as your browsing history, the history of any action made through the internet such as a purchase, comments, posts, photos sent, received emails, etc.

    Potentially all data visible during web browsing

    Such as websites revealing the user's health, political party, religious beliefs, etc. Panga cannot access to this sensitive data.

    These data processing are necessary for the proper functioning of the service of modification or blocking of personal data provided by PyGuard. PANGA SAS does not have access to this personal data.

    When you use PyGuard's services, you consent to the processing of such data. You may change your mind and refuse such processing at any time by contacting our Data Protection Officer by e-mail at the following address : DPO@pyguard.fr.

    Ces données sont stockées en France et conservées pendant toute la durée d'utilisation des services PyGuard, puis détruites.

  • Cookies

    90d

    In order to perform statistics about the use of our PyGuard solution, the user can accept analytics cookies the first time he logs in. We will then collect the following data :

    Your public IP address (only the first 2 bytes)
    The name and version of your operating system
    Your browser (name, version, rendering engine, components)
    Your device type (desktop, mobile, tablet, etc)
    Your screen resolution
    The duration and number of sessions
    The date of visits
    Your actions (pages browsed, buttons and links clicked)

    The data are stored in France. You can refuse this data processing at any time in the parameters of your account.

By using PyGuard's services, you consent to the processing of such data. You may change your mind and refuse such processing at any time by contacting our Data Protection Officer by e-mail at the following address : DPO@pyguard.fr.

Article 5 Personal Data collection for the services Hosen

Whenever you use the Hosen demonstration prototype, we collect the following data :

  • Collected data

    24h

    IP and MAC addresses
    The name of the device
    The urls of the visited websites
    The timestamp of visits

Conservation of data

The personal data collected by PyGuard are stored and processed locally on the box, for a duration of 24h.

The processing of these personal data is necessary for the proper functioning of the Hosen demonstration, you may therefore see a network vizualisation or graph of all the unwanted connections that are initiated when you browse a website for example.

Article 6 Commercial relationship

  • Clients, suppliers and subcontractors

    When you contract with Panga as a Customer, Supplier or Subcontractor, we can collect the following personal data :

    Marital status, identity, identification data, images : civil status, first name, last name, address, phone number(s), e-mail addresse(s)
    Personal life : household members, profession, personal acquaintances
    Professional life : company, field of work
    Data related to the follow-up of the commercial relationship : person(s) in charge of the customer relationship, date of calls and appointments, summary of the problem

    The processing of these personal data is necessary for the proper management of contracts and orders, as well as for the follow-up of the commercial relationship. When you contract with Panga, you agree to the processing of these data. These data are intended for PANGA SAS personnel in charge of marketing, communication, administration, legal or commercial relations, but also for public authorities when necessary.

    Conservation period

    • Customer files : 3 years starting from the end of the commercial relationship for customer files.
    • Contracts : 5 years in principle. When a contract is concluded electronically and when he deals about an amount superior to 120€, the written record is kept for a period of 10 years.
    • Orders, shipments, bills : 10 years.

  • Operations related to prospection

    3 years

    When you contact Panga as a prospect, we process the following personal data :

    Marital status, identity, identification data, images : civil status, first name, last name, address, phone number(s), e-mail addresse(s)
    Professional life: profession, field of work, socio-professional category, personal knowledge.
    Follow-up of the business relationship : lead status, contact owner, documentation requests, trial requests, correspondence with the prospect, comments from prospects, products that interest them (Smart Building or PyGuard).
    Use of an online communication service (social networks) : public user profile data and comments/posts published online

    Panga processes these personal data to manage and update its prospecting files, but also to carry out operations related to prospection (solicitation, promotion, surveys, loyalty actions, etc). As a prospect, you can oppose this processing, which will prevent you from receiving commercial solicitations from us.

    Conservation period

    These data are kept for 3 years starting from the end of the business relationship, or from the last data collection.

    The data are kept in a file accessible by Panga staff in charge of communication and, when appropriate, by other contributing services.

    The data processed by the subcontractor HubSpot Inc in connection with prospect relationships are transferred to the United States and other locations where subsidiaries of HubSpot and their subsequent subcontractors operate.

    A PANGA prospect can be subscribed to our newsletter, in which case the processed data will be sent to the subcontractor MailJet

    MailJet's data centers are located in the European Union, specifically in Frankfurt, Germany and St. Ghislain, Belgium, and hosted by Google Cloud Platform.

    More information : mailjet.com/privacy-policy/

Article 7 Personal data security

We make every effort to ensure the security of your data. The communication between our websites, services and our applications are encrypted. The communications with our partners are encrypted and carried out on a secure channel. Access to our databases and our administration tools is strictly monitored and restricted to certain staff members.

In the event where we would fall victim to a breach or disruption that compromises the security of your personal data, we undertake to inform the CNIL (the french National Commission on Informatics and Liberty) under the conditions described by the article 33 of the GDPR. We will inform you, as well as our concerned partners if necessary within 24 hours, following the conditions described by the article 34 of the same Regulation.

Article 8 Your rights

What are my rights ?

You have several rights depending on the type of processing carried out and the legal basis on which it is based (contract, legal obligation, consent, Panga's legitimate interest, etc) in accordance with articles 15, 16, 17, 20 and 21 of the GDPR.

How to exercise my rights ?

You may exercise your rights by contacting us at one of the following addresses :

In order for your request to be handled as efficiently as possible, do not forget to send us :

  • The processing concerned by your request
  • The rights that you wish to enforce
  • A copy of your identity document (we use this data to verify that the person making the request is indeed the person concerned by the processing).

If, despite all our efforts, you feel that your rights have not been respected, please be aware that you have the possibility to seize the CNIL (the french National Commission on Informatics and Liberty), or any other equivalent regulatory authority about personal data in your country, such as the ICO : https://ico.org.uk/make-a-complaint/

Article 9 Modification of this policy

This Policy is a living document, that may be changed or evolve at any time without notice. You can check the history of modifications here :

Every time this Policy is updated, users of NeHo, NeMa, Hosen and PyGuard services and products will be notified.