Privacy Policy
The French version is authoritative and binding on all parties.
Updated on February 19, 2025
1. PREAMBLE
The company ENLAPS specializes in image capture and analysis for project monitoring.
Its services enable users to:
take photos or videos using Tikee cameras;
monitor, configure, and modify camera shooting sequences in real time using the Tikee Remote mobile application;
via the MyTikee web platform (https://my.tikee.io/): create, import, view, store, analyze, publish, and share media or analyses generated from images or videos captured by a Tikee camera.
As part of its activities, ENLAPS processes personal data concerning you.
This privacy policy informs you about:
the personal data processing operations carried out by ENLAPS;
the purposes and legal bases of such processing;
your rights and how to exercise them.
2. WHO IS THIS POLICY INTENDED FOR?
This policy applies to:
visitors to ENLAPS websites (corporate website and online store);
ENLAPS customers and prospects;
users of the MyTikee web platform and the Tikee Remote mobile application;
ENLAPS partners (ambassadors, influencers).
3. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
ENLAPS is the data controller for all processing activities described in this policy:
ENLAPS, a simplified joint-stock company (SAS) with share capital of €200,000
Registered with the Grenoble Trade and Companies Register under number 813 731 262
Registered office: 26 Avenue Jean Kuntzmann, 38330 Montbonnot-Saint-Martin, France
Represented by Antoine Auberton, acting as President and Publishing Director, duly authorized for the purposes hereof.
Contact details of the person in charge of the personal data use policy:
Mr. Benoît Farinotte
Email address: info@enlaps.fr
Telephone: +33 (0)4 58 00 57 30 (cost of a local call from a landline)
Available during customer service opening hours, Monday to Friday from 9:00 a.m. to 12:00 p.m. and from 2:00 p.m. to 6:00 p.m. (closed on Saturdays, Sundays, and public holidays).
4. PROCESSING OPERATIONS CARRIED OUT BY ENLAPS
ENLAPS carries out the following personal data processing operations as part of its activities. The detailed characteristics of each processing operation are presented in the tables below.
4.1. Purposes and Legal Bases of Processing
Processing
Purposes
Legal Bases
Commercial prospection
Prospect potential professional clients - Trade shows - LinkedIn - Website form (e.g., Downloading a business case - white paper)
Legitimate interest when prospection is addressed to professionals due to their function. Express and prior consent when prospection is addressed to individuals.
Pre-sales exchanges
Responding to information requests from a potential client - pre-contractual exchanges - establishing quotes
Legitimate interest and pre-contractual measures
Management of standard customer contracts
Negotiating, signing the contract, exchanges relating to the execution of the contract, invoicing, monitoring of services, customer loyalty
Execution of customer contracts - legitimate interest
Management of the online store
Online order management - Maintenance, hosting and security of the site - Tracker management (GA statistics, social network Pixels, marketing retargeting, cart abandonment recovery) - Chat
Execution of customer contracts - legitimate interest - Consent for trackers
Management of the showcase website
Subscription to the commercial newsletter - Contact form - Other forms (business case, etc.) - Chat - Display of team members - Becoming a partner - Tracker management (GA statistics, social network Pixels, marketing retargeting, cart abandonment recovery)
Legitimate interest - Consent for trackers
Management of the MyTikee platform
User account management: creation, management, deletion - Subscription order management - Platform security and maintenance - User services (e.g., camera location) - Tracker management (statistics, social network Pixels, marketing retargeting, cart abandonment recovery)
Legitimate interest - Execution of contracts - Consent for trackers
Management of the Tikee remote mobile application
User services (e.g., camera location)
Consent to geolocation (acceptance if from the mobile and specific camera setting). On the camera, the user can deactivate geolocation at any time.
Management of after-sales service and technical requests (customers)
Support service - incident management - responses to technical requests from clients - Camera returns
Execution of contracts - Legitimate interest
Sending of the technical newsletter
Providing information about the platform, the application (technical, new features, maintenance, etc.)
Legitimate interest - Execution of contracts
Sending of the commercial newsletter
Providing commercial information to customers and prospects
Legitimate interest - Execution of contracts
Statistics on the use of the platform and applications
Producing statistics on platform usage data (e.g., number of clients using a certain feature, which countries, etc.)
Legitimate interest
Testing, performance optimization, and improvement of the platform and mobile application, including using modeling and/or machine learning methods, including for continuous improvement
Testing, performance optimization, and improvement of the platform and mobile application, including using modeling and/or machine learning methods, including for continuous improvement
Legitimate interest
Partnership management
Management of partnerships with ambassadors and influencers
Execution of contracts
4.2. Personal Data Collected
Processing
Categories of personal data collected
Commercial prospection
Last name, first name, job title, email, phone number, professional address
Pre-sales exchanges
Last name, first name, job title, email, phone number, professional address, identified needs, notes
Management of standard customer contracts
Last name, first name, job title, email, phone number, professional address, SIRET (for sole proprietorships), relevant order, exchanges
Management of the online store
For technical management of the site (maintenance, hosting), the data processed are those stored on the site as well as connection data (IP address, logs, identifiers, terminals, etc.)
For orders: address, VAT number, order content, order number, phone number
For trackers, the data processed are connection data (IP address, terminals, etc.)
Management of the showcase website
For technical management of the site (maintenance, hosting), the data processed are those stored on the site as well as connection data (IP address, logs, identifiers, terminals, etc.)
For trackers, the data processed are connection data (IP address, terminals, etc.)
Management of the MyTikee platform
User account data: last name, email, employer's name, country, customer account
Order data: address, VAT number, order content, order number, phone number
Operational data: access logs and IP address
Usage data (e.g., number of cameras, number of projects, etc.)
Camera usage data: camera geolocation (from the mobile device or from the camera)
For trackers, the data processed are connection data (IP address, terminals, etc.)
Management of the Tikee remote mobile application
Camera usage data: camera geolocation (from the mobile device or from the camera)
Management of after-sales service and technical requests (customers)
User account data: last name, email, employer's name, country, customer account
Customer account data: last name, first name, job title, email, phone number, professional address, SIRET (for sole proprietorships), relevant order, exchanges
Sending of the technical newsletter
Emails of customers and/or users, platform usage data (e.g., those with an active camera)
Sending of the commercial newsletter
If customer: email, platform usage data (e.g., those with an active camera)
If prospect: email
If the prospect comes from a site form (e.g., business case): last name, first name, job title, email, phone number, professional address
Statistics on the use of the platform and applications
Usage data (e.g., number of cameras, number of projects, etc.)
Last name, email, country, subscription-related data
Testing, performance optimization, and improvement of the platform and mobile application, including using modeling and/or machine learning methods, including for continuous improvement
Images from cameras
Camera location
Partnership management
Person's identity data: first name, last name, email, phone number, job title, address
4.3. Data retention periods
Processing
Retention Period
Commercial prospection
3 years from the collection or the last click or contact from the person
Pre-sales exchanges
3 years from the last contact from the person
Management of standard customer contracts
Customer contract retained for the duration of the contract + 10 years
Management of the online store
For technical management of the site, data is only retained for the time necessary for the technical operation (a few months);
For trackers, data is retained for a maximum duration of 25 months. The lifespan of trackers is a maximum of 13 months. At the end of this period, consent is requested again
For orders: 10 years from the end of the contract
Management of the showcase website
For technical management of the site, data is only retained for the time necessary for the technical operation (a few months);
For trackers, data is retained for a maximum duration of 25 months. The lifespan of trackers is a maximum of 13 months. At the end of this period, consent is requested again
Management of the MyTikee platform
Account: Automatic data deletion if the account is inactive for 2 years and there is no active subscription: after one year of inactivity, a notification is sent to warn that the account will be blocked in 30 days; after one year of blocking, a notification is sent to warn that the account will be deleted in 30 days. Once the account is deleted, the data is deleted within a maximum period of 45 days max.
Order data is retained for the duration of the subscription + 10 years
IP addresses and logs for a maximum period of 12 months
Geolocation data is retained as long as the client keeps the images in their account
For trackers, data is retained for a maximum duration of 25 months. The lifespan of trackers is a maximum of 13 months. At the end of this period, consent is requested again
Management of the Tikee remote mobile application
Geolocation data is retained as long as the client keeps the images in their account
Management of after-sales service and technical requests (customers)
The duration of the contract + 10 years
Sending of the technical newsletter
As long as the contract is ongoing - 3 years from the end of the contract or the last contact (same)
Sending of the commercial newsletter
If prospect: 3 years from the collection or the last contact from the person
after this period, consent is required to continue sending the commercial newsletter
If customer: as long as the contract is ongoing - 3 years from the end of the contract or the last contact (same)
Statistics on the use of the platform and applications
As long as the account is active and the client is a client - 5 years from the deletion of the account
Testing, performance optimization, and improvement of the platform and mobile application, including using modeling and/or machine learning methods, including for continuous improvement
Processing is carried out as long as the images / camera location are available on the platform. The data is deleted once the customer account is deleted (45 days max)
Partnership management
The duration of the contract + 10 years
5. RECIPIENTS OF YOUR DATA
Your personal data may be communicated to the following recipients:
5.1. Categories of sub-processors
ENLAPS uses sub-processors for the performance of certain services:
Hosting of the platform, mobile application, and data
Customer Relationship Management (CRM)
Online store management
Corporate website management
Invoicing and payments
Emailing and marketing
Instant messaging and online chat
Telephony
Appointment scheduling
Statistics generation
These service providers act as sub-processors of ENLAPS and are bound by sub-processing agreements guaranteeing the security and confidentiality of your data in accordance with the GDPR.
Some trackers belong to third-party companies that act as independent data controllers. They determine their own purposes and means of processing. They must be cited in the policy and a link provided to their own cookie policies. These third-party publishers include, in particular:
Google (analytics and advertising): https://policies.google.com/technologies/cookies
Meta (Facebook, Instagram): https://www.facebook.com/privacy/policy/
Plausible Analytics (analytics): https://plausible.io/data-policy
5.2. Authorities and jurisdictions
In the event of a legal obligation, your data may be communicated to the competent authorities (tax administration, judicial authorities, control bodies, etc.).
6. SECURITY MEASURES
The data controller implements appropriate technical and organizational measures to ensure a level of security adapted to the risk, notably:
The pseudonymization and encryption of personal data
Means to guarantee the constant confidentiality, integrity, availability, and resilience of processing systems and services
Means to restore the availability and access to personal data within appropriate timeframes in the event of a physical or technical incident
A procedure aimed at regularly testing, analyzing, and evaluating the effectiveness of the technical and organizational measures
The data controller takes measures to ensure that any natural person acting under their authority and having access to personal data only processes them upon instruction from the data controller.
7. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
The data controller may be required to transfer personal data outside the European Union through certain subcontractors.
The data controller undertakes that these transfers will be made to countries presenting an adequate level of protection, as defined by the European data protection authorities, and/or with appropriate safeguards pursuant to Article 46 of the GDPR (in particular the implementation of standard contractual clauses).
-----For MyTikee Services: the platform hosting is entrusted to AWS (Ireland Region - Dublin area) by the subcontractor Amazon Web Services EMEA SARL.
In accordance with Article 12 of the AWS DPA, transfers outside the EEA may exceptionally be carried out only: (a) when strictly necessary to provide the services requested by the Client, or (b) upon imperative legal obligation.
These transfers are framed by the Standard Contractual Clauses approved by European Commission Implementing Decision (EU) 2021/914 and by the additional measures detailed in the document “DATA PROCESSING AGREEMENT” (DPA).
8. AUTOMATED DECISION-MAKING
No entirely automated decision-making is carried out.
9. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
The data subject of a processing operation may define directives regarding the retention, erasure, and communication of their personal data after their death. These directives may be general or specific.
The data subject of a processing operation also benefits from a right of access, objection, rectification, erasure, portability, and limitation of processing concerning all of their personal data.
The request must indicate the first name and last name, email or postal address of the data subject, and be accompanied by a photocopy of an identity document bearing the holder's signature.
10. COMPLAINT
The data subject of a processing operation has the right to lodge a complaint with the competent supervisory authority (in France, the Commission Nationale de l'Informatique et des Libertés - CNIL) if they consider that the processing of personal data concerning them constitutes a violation of the General Data Protection Regulation.
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Telephone: 01 53 73 22 22
Website: www.cnil.fr
