Privacy policy

Privacy policy

Your privacy is a priority for OXLIN (hereinafter ("Oxlin" or "us")). In this regard, we are committed to respecting the personal data of our online users (hereinafter "you"), to treat them with the greatest care and to ensure the best level of protection in accordance with Regulation 2016/679 of 27 April 2016 relating to the protection of individuals with regard to the processing of personal data, the free movement of such data (hereinafter “GDPR”) and the applicable national law in this area.

By choosing Oxlin services, you have transmitted some of your personal data to us so that we can provide you this service, these will be treated confidentially in accordance with current provisions and in accordance with legal requirements at national level and international. By processing we mean any form of automated processing.

This concept covers any operation that we carry out on the basis of the personal data of a natural person, such as collection, recording, modification, deletion, consultation, communication, use, etc.

This policy informs you about:

  • The personal data we collect about you and the reasons for this collection,
  • The terms of use of your personal data,
  • Your rights over your personal data and the means to exercise them.
  1. Who is responsible for the use of your data as part of your relationship with our services?

The co-controllers for the Processing of your personal data described in this policy are Linxo Group and Oxlin whose head offices are located at Espace Wagner building E, 10 rue Parayre - 13290 Aix les Milles. This policy reflects the agreement between them to facilitate the exercise of your rights. Any questions or requests regarding the processing of your Data can be addressed to the following email address: dpo@oxlin.io or dpo@linxo.com. You can exercise your rights with respect to and against each of the co-controllers.

  1. Why do we collect your personal data and on which legal basis?

We collect personal data about you for various reasons.

Oxlin collects and uses your personal data to operate efficiently and provide you with the best experiences with its services.

Also note that we can only collect and use your personal data if this use is based on one of the legal basis determined by the GDPR (for example, your consent or the fulfillment of the contract concluded with us).

The table below specifically lists the purposes of use of your personal data by Oxlin, the corresponding legal basis and the type of personal data collected and / or processed.

Purpose of collecting your personal data

Legal Basis

Personal Data collected

1/The provision of Personal Finance ManagementService

The provision of a software package in hosted mode allows the collection of your banking data in order to transmit them to a third party allowing you access to this data or the exploitation of those here for other purposes than you have authorized.

The fulfilment of a contract concluded with you (article 6.1.b) of the GDPR), in this case the subscription to the Oxlin, Linxo or Linxo Premium service

Your consent to transmit your data to a third party of your choice authorized by Oxlin

Collected directly from you:

  • Email address
  • Bank details
  • Indirectly collected:
  • account number
  • Iban
  • Bank transactions
2 / The provision of the Direct Account service

The provision of a software package in hosted mode allows the collection of your banking data in order to transmit them to a third party allowing you access to this data or the use of it at other purposes that you may have authorized.

The fulfilment of a contract concluded with you (article6.1.b) of the GDPR), in this case the subscription to the Direct Payment service

Your consent to transmit your data to a third party ofyour choice authorized by Oxlin

  • Collected directly from you :
  • Email address
  • Bank details (1)
  • Indirectly collected:
  • account number
  • Iban
  • Bank transactions
3 / The provision of the Direct Payment Service

The provision of a software package in hosted mode allowing the initiation of payment transactions

The fulfillment of a contract concluded with you (article 6.1.b) of the GDPR), in occurrence of the subscription to the Direct Payment service

Your consent to validate the transaction

Collected directly from you:

  • Bank identifiers (1)
  • IP address
  • Name of the beneficiary (2)
  • Iban of the beneficiary (2)
  • Collected indirectly: Iban (3)
4 / Comply our regulatory obligations

In particular in the context of the fight against fraud, money laundering and the financing of terrorism

The need for Oxlin to comply with a legal obligation to which it is subject

Collected directly from you:

  • Email address
  • If applicable, identity and other information about you
5 / anonymization of data for statistical

This implies that the result of processing for statistical purposes does not allow any identification of the persons whose information was used.

This data, once anonymized, can also be used for various purposes:

  • To allow us to maintain the free part of the service and improve it by creating an income for us when reselling anonymous data for statistics
  • to allow us to have a better understanding of the targeted audiences.

OXLIN's legitimate interest in processing the personal data of its Customers in order to be able to maintain the free part of the OXLIN Service, to improve the services offered and to have a better understanding of the targeted audiences (Article 6.1) f. of the GDPR).

Indirectly collected:

Banking transactions

6 / user support

When you make a support request, your request is recorded in our incident database to be sure to deal with it efficiently. Our support may have to access the information processed by Linxo as part of the processing "provision of account aggregation services (extended) and payment initiation (extended) to diagnose and resolve certain incidents but none has instant access to your bank details.

The fulfillment of a contract concluded with you (article 6.1.b) of the GDPR), in this case assistance in the use of the Oxlin Services

Collected directly from you:

  • Email
  • address IP address
7) respond to your requests for information

When you make a request for information using our contact form.

If necessary (if you have consented to this treatment) send you advertisements on products marketed by our company.

Your consent (article 6.1.a) of the GDPR) and in this case your desire to be contacted by our services

Oxlin's legitimate interest (Cf. article 6.1.f) of the European Data Protection Regulation), namely to promote our products and attract new customers.

Collected directly from you:

  • Email address
  • Name of your employer

(1) Depending on the interface offered by your bank, this information can be transmitted directly to your bank or to Oxlin
(2) Depending on the case, this information can be transmitted directly by the beneficiary

(3) Iban depending on the case, this necessary information can be obtained indirectly or directly
  1. Cookies and other trackers

In order to improve your experience when using our sites and applications, we use cookies to store connection information and provide a safe connection, collect statistics in order to optimize the functionality of the site and tailor the content to your interests. The data collected may also give rise to commercial canvassing if you have not opposed these solicitations.

When consulting our sites and applications, information relating to your browsing may be saved in "Cookies" files installed on your terminal (computer, tablet, smartphone, etc.) subject to your choices. The information below allows you to better understand how cookies work and to configure them via the "Cookie management" section in the menu.

What is a cookie?

A cookie is a small text, image or software file, containing information, which is saved on the hard drive of your terminal (eg: computer, tablet, smartphone, or any device allowing you to browse the Internet) on the occasion of the consultation of a website or an application with your browser software. It is transmitted by a website server to your browser. The cookie file relates in particular to the pages visited, the advertisements on which you clicked, the type of browser you use, and allows its issuer to identify the terminal in which it is registered, during the period of validity or recording of the cookie concerned.

If your terminal is used by several people and when the same terminal has several navigation software, we cannot be sure that the services and advertisements intended for your terminal correspond to your own use of this terminal and not to that of another user.

Which cookies are placed?

Strictly necessary cookies that do not require your consent:

Certain browsing data must legally be retained to enable us to ensure the security of our electronic communication services.

Among its mandatory technical cookies we place:

 

Functional cookies (necessary):

They help make a website usable by allowing basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

- Cookiebot: https://www.cookiebot.com/fr/privacy-policy/

 

Audience measurement cookies (statistics):

They make it possible to carry out visit statistics and to analyze the use of the site or our application in order to be able to improve its performance and improve the quality of our services.

They can also enrich our knowledge of your areas of interest on the site or our application.

- Google Analytics: https://policies.google.com/privacy?hl=en-US

 

Marketing cookies:

Marketing cookies are used to track visitors across websites. The aim is to display advertisements that are relevant and interesting to the individual user and therefore more valuable to publishers and third party advertisers.

- Salesforce: https://www.salesforce.com/company/privacy/

What is the conservation period of these cookies?

All optional cookies placed for our services have a validity period of 6 months or less. The duration of taking into account your refusal to the installation of these cookies is also 6 months.

Some of the mandatory technical cookies issued and deposited for our services are kept while the session is taken into account by the browser; other mandatory technical cookies are valid for one year.

Who are the data controllers?

Data collected by Oxlin: statistical monitoring and personalized advertising purposes:

The co-controllers are Linxo Group and Oxlin

  1. With whom do we share your personal data?

We NEVER share your personal data without your express consent. For example, if YOU wish to share your personal data with a third-party service partner of OXLIN, an authorization window will appear and the transfer can only be carried out with your authorization.

  1. Do we use subcontracting partners?

As part of our activities, we may sometimes use partners as subcontractors for some of the treatments listed above. Of course, we always do this while ensuring optimal protection of your data: the subcontracting partners who host the data are not authorized to access your personal data.

We make sure that all our partners comply with the obligations of the GDPR. Most of our partners are located in the European Union, and for those who are in the United States, we make sure, in accordance with the GDPR, that they sign standard clauses for the protection of personal data or comply with the rules. restricting them, among other things, from accessing your personal data.

  1. Your Rights

You have the right to consult and have your personal data corrected free of charge.

You can also request your right of erasure, portability, opposition under the same conditions, as well as lodge a complaint with a supervisory authority (in France, the CNIL: www .cnil.fr).

To request these rights, all you have to do is send us a request indicating your first and last names and, in the subject line, indicate which right you wish to exercise.

Your written request must be signed and accompanied by a photocopy of your identity document (valid identity card or passport). The request must also specify the address to which we must send you the response.

We will make every effort to ensure that the requested actions are taken as soon as possible and no later than one month after receipt of the request and the supporting documents necessary for its processing.

In the event of a particularly complex request, the regulations provide that this period may be exceptionally extended by two months.

DPO contact details
Postal Email address
DPO of Oxlin
Espace Wagner building E, 10 rue Parayre
13290 Aix les Milles
dpo@oxlin.io

 

  1. How long do we keep your personal data?

Oxlin implements measures to ensure the security of personal data, such as access control, intrusion and data protection. The data relating to the user are kept in the main system for the duration of the contractual relationship, which ends under the conditions set by article "Resolution and termination" - a period to which is added a backup period of 13 months maximum (except regulatory requirements).