By clicking on “Accept all cookies”, you agree that cookies may be stored on your device in order to improve navigation on the site, to analyze the use of the site. Consult our privacy policy for more information.
PreferencesRefuseAccept

1POINT6 is now a subsidiary of BNP Paribas! LEARN MORE

Product
Marketplaces
Blog
About
Pricing
EN
TALK TO AN EXPERT
TALK TO AN EXPERT
EN
TALK TO AN EXPERT
TALK TO AN EXPERT

Privacy policy

Who are we?

1POINT6 is a website managed by 1POINT6, a simplified joint stock company with a share capital of €1,000, registered with the Paris Trade and Companies Register under No. 978027159, whose registered office is located at 10, rue de la Paix, 75002 Paris, France (hereinafter “1POINT6”).

1POINT6 is a website that provides professional users – (i) merchants affiliated with marketplaces that have implemented 1POINT6’s payment solution (hereinafter “Sellers”) or (ii) marketplaces themselves (hereinafter “Marketplaces”) (collectively referred to as the “User(s)”) – access to an online platform (hereinafter “Management Platform”) where they can use various services designed to support Users in their business relationships (hereinafter “Services”).

In this regard, 1POINT6 attaches great importance to protecting the privacy of its clients. In order to comply with applicable regulations on the protection of personal data (hereinafter “Applicable Regulations”), in particular the French Data Protection Act of 6 January 1978 (hereinafter “DPA”) as amended, and the Regulation (EU) 2016/679 of 27 April 2016, commonly referred to as General Data Protection Regulation (hereinafter “GDPR”), 1POINT6 has adopted the following common principles in its Privacy Policy, available on the website www.get1point6.com.

Capitalised terms not defined on this page refer to the definition provided in 1POINT6’s Terms and Conditions of Use.

Context

When you sign up on 1POINT6, use our services or interact with our teams, we pay particular attention to the way your personal data is processed, as we strive to protect personal data while developing high-quality services to continuously improve your experience on our website or application. In the interests of transparency, this Privacy Policy outlines how and why we collect personal data, and describes what rights users of the 1POINT6 website as well as Users who have agreed to our T&Cs (hereinafter “Users”) may exercise regarding this data.

1. In what context do we collect personal data?

1POINT6 operates as:
- a processor – under our status as a payment service provider for BNP Paribas, whose privacy policy is available at the following address – for any personal data related to the provision of payment services;
- a controller for any personal data processed in relation to an unregulated service provided through the 1POINT6 platform.

For personal data collected during your visit on the 1POINT6 website, please refer to our section on cookies.

2. What personal data do we process and for what purposes?

We only collect and use personal data necessary for our operations in order to provide you with personalised, high-quality services.


Personal data processed Legal bases Retention period*
1/ Identification and contact information (last name, first name, place and date of birth, etc.)
2/ Identification and authentication data, particularly when using 1POINT6 services (technical logs, computer traces, information on device security and use, IP address)
3/ Tax data (tax number, tax status, country of residence)
4/ Family situation (marital status, matrimonial regime, number of children)
5/ Employment information (employment status, remuneration, payslip)
6/ Various legal documents (deed of transfer, deed of succession, deed of sale of shares)
7/ Banking, financial and transactional data (bank details, card number, transaction data, including information on transfers, investor profile, value of your assets)

Purposes?
Regulatory information
Anti-fraud and AML/CFT		 Legitimate interest Legal obligation
 During the term of the contract and for 5 years after the end of the business relationship

1/ Data relating to interactions with 1POINT6 (chat, email, telephone) via our website and social media accounts
2/ Data relating to the use of products and services subscribed to in connection with banking, financial and transactional data

Purposes?
Statistical analysis
Journey improvement
Journey modelling 		Consent
Legitimate interest		 During the term of the contract and for 5 years after the end of the business relationship

1/ First and last names
2/ Data relating to interactions with 1POINT6 (chat, email, telephone)

Purposes?
Assistance for prospects or Users		 Implementation of pre-contractual measures
Legitimate interest		 Until consent is withdrawn
Maximum of 3 years

First name, last name, email address

Purposes?
Newsletters
Commercial operations		 Consent
Legitimate interest		 Until consent is withdrawn
Maximum of 3 years

First name, last name, email address, telephone number, education

Finalités ?
Recruitment**		 Consent 2 years from the date of application

 

*Please note that retention periods shall be suspendedif legal proceedings seeking to establish the liability of 1POINT6 or individualmembers of the company in the course of their duties are lodged.

 

**For more information on how we process personal datain our recruitment process, please refer to our dedicated page.

 

Additional information:

Implementation of pre-contractual measures: measurestaken prior to the signing of a contract, which facilitate its conclusion, evenin the absence of such a contract being entered into. These measures are onlytaken at your initiative.

Anti-fraud and AML/CFT: all legal and regulatory requirementsaimed at combating tax fraud, money laundering and terrorism financing. Theopening of an account may be approved or denied by an automated decision made byour systems.

Regulatory information: any information required bylaw, regulations, etc. that is necessary to open an account. Refusal to providesuch information shall prevent the account from being opened or result in itsclosure.

Improving the user’s experience: we are constantlystriving to improve our website and application to offer an ever smootherexperience through our services.

3. Can your personal data be disclosed?

In order to comply with our legal and regulatory obligations, we may be required to disclose personal data to the following parties:
- Financial or judicial authorities, government agencies or public bodies when they request this data from us on legitimate grounds or by court order;
- Certain regulated professions such as solicitors, notaries and auditors.

Such disclosure shall be made upon request and within the limits permitted by regulations.

We may also share your personal data with the following parties in order to provide you with the products and services you have requested or to assess the relevance or effectiveness of our marketing campaigns:
- Our subcontractors, partners, principals, agents, intermediaries, insurers and service providers (e.g. Azure Cloud). This transfer of personal data only takes place in the context of processing carried out for one of the purposes described in Article 2;
- Distributor intermediaries and business introducers who put you in contact with us;
- Companies that carry out commercial or market research for us.

We audit and document all organisational and technical measures put in place by our subcontractors. We always verify that sufficient security measures have been implemented to maintain an adequate level of security throughout the data lifecycle.

We always ensure that the personal data processed is not readable in plain text and is systematically encrypted. This means that, without the encryption key, the data is inaccessible, even to foreign judicial or administrative authorities.

We also ensure that robust contractual guarantees are in place by imposing a Data Processing Agreement tailored to our line of business.

4. May your personal data be transferred outside the European Union?

We favour subcontractors located within the European Union (EU), meaning they are automatically subject to the GDPR’s obligations. However in some cases, subcontractors may be located and/or process some data outside the EU.

To protect personal data in the event of international transfers made from the EU and in accordance with Articles 45 et seq. of the GDPR, we ensure that such transfers are based on:
- An adequacy decision by the European Commission recognising the country in question as providing adequate levels of protection for personal data, equivalent to those enforced by EU legislation;
- The conclusion of standard contractual clauses approved by the EU, in accordance with Article 46 of the GDPR;
- The adoption by our co-contractor of binding corporate rules approved by the European Commission.

To obtain a copy of these texts or find out how to access them, you can send a written request to our Data Protection Officer by post (1POINT6 – Délégué à la protection des données, 10, rue de la Paix, 75002 Paris, FRANCE) or by email (dpo@get1POINT6.com).

5. What about your interactions with 1POINT6’s teams on social media?

We are present on several social media platforms in order to communicate with our active Users, prospects or social media users who may be interested in our services and latest news.

When accessing these social media platforms, you are subject to their terms and conditions as well as their privacy policies. 1POINT6 has no control over how your personal data is processed by these platforms, meaning we cannot be held responsible for their actions

When you interact directly with us on these social media platforms, we may process your personal data based on your consent.

6. What are your rights and how can you exercise them?

Under the GDPR, your rights with regard to personal data are set out in Articles 12 to 21.

However, in accordance with our legal obligations and the professional secrecy to which we are bound, exercising these rights may compromise or impair the purpose of the data processing in question. Therefore, in accordance with Article 14(5)(b) and (d) and Article 17(3)(b) and (e) of the GDPR, Article 48 of the DPA, and Articles L. 621-4 and L. 612-24 of the French Monetary and Financial Code, your guarantees may be limited in certain circumstances.

Apart from these cases, you may at any time exercise your right to access your personal information as well as modify, rectify or erase personal data, or object to its processing on legitimate grounds in accordance with the applicable laws on the protection of personal data.

Furthermore, you may request that the processing of your personal data be restricted and, in certain cases, you may ask 1POINT6 to transfer your personal data to you (provided this is technically possible and within the limits of 1POINT6’s professional secrecy obligations) or to another data controller.

If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. This decision does not affect the validity of the processing of your personal data carried out prior to it. However, such withdrawal may result in the termination of your relationship with 1POINT6.

If you wish to exercise these rights, you must send your request along with a copy of your ID, passport or other form of identification:
- by post to our Data Protection Officer (1POINT6 – Délégué à la protection des données, 10, rue de la Paix, 75002 Paris, France);
- by email (dpo@get1POINT6.com).

We will ask for proof of your identity to ensure we protect your personal data and do not send it to a third party. If you contact us to exercise your rights, we will inform you of the action taken within one month of receiving your request.

If necessary, this deadline may be extended by two months, taking into account the complexity and number of requests we receive (Article 12(3) of the GDPR). In this case, we will also inform you within one month of receiving your request. We reserve the right not to respond to requests that are clearly unfounded or excessive. Once you have exercised your right, your request will be kept on file for as long as an appeal is possible.

If you consider that your rights have not been respected, you may also lodge a complaint with the CNIL (Commission nationale de l’informatique et des libertés – National Commission on Informatics and Liberty) at any time.

7. How do we protect your personal data?

We take the security of our information systems and the personal data we process very seriously. We implement all technical and organisational measures necessary to ensure the security of our data processing operations and maintain the confidentiality of the data we collect. This involves, in particular, the implementation of the measures outlined below.

Technical measures

- Systematic encryption of data on hosting serversduring data transit (between the application and the servers) and storage;
- Strong password policy when creating a Beneficiaryaccount and implementation of a CAPTCHA to limit attack attempts;
- Implementation of a SOC team dedicated to incidentmanagement, monitoring of security checks, and continuous audit of theeffectiveness of security measures;
- Implementation of a detection and prevention system.

Organisational measures

- Entry control and physical protection of premises;
- Connection logging and traceability;
- Policy governing staff members’ access to the data;
- Authentication procedures for individuals accessing data through individual and secure systems using confidential usernames and passwords.

8. How can I find out about changes made to this Privacy Policy?

In an ever-changing technological environment, this policy must be regularly updated. Check online for the latest version, and we will inform you of any substantial change via our website.

9. What is our policy on cookies?

A cookie, or tracker, is a small computer file that is stored and read on the user’s device, whatever it may be, when browsing our website.

These files allow us to record certain information about how you use our website and application in order to continuously improve your experience and grant you access to certain secure areas of the website.

We may use the following cookies:
- Functional cookies, which enable user authentication to the service, ensure a secure authentication process, and are therefore strictly necessary for the functioning of the Website;
- Audience measurement cookies, which allow us to compile statistics and analyse traffic on our Website.

The use of cookies may result in the collection of personal data, which is why you can manage cookies via the dedicated banner that appears when you visit our Website.

Indeed, when you first visit our website, a banner will appear allowing you to either select the cookies you wish to accept, accept them all or refuse them all – with the exception of cookies necessary for proper operation of the Website. You can update your choice at any time by clicking on “Cookie settings” in the footer.

10. How to contact us

If you have any question regarding the use of your personal data as per this Privacy Policy, you can contact our Data Protection Officer:
- by post (1POINT6 – Délégué à la protection des données, 10, rue de la Paix, 75002 Paris, France);
- by email (dpo@get1POINT6.com).