Last update: 9 October 2024
This privacy policy has been drafted by the simplified joint-stock company (société par action simplifiée) Unlockt.me, registered under the laws of France to the trade companies register of Paris under the number 922 040 647, with its head office located 14 rue Charles V, Paris (75004), France (“Unlockt”).
Unlockt is a technological service that enables its users to upload files and make them accessible to third parties via a URL hyperlink, in return for payment.
The purpose of this privacy policy is to describe the processing of personal data that Unlockt conducts, in order to fulfil its obligation of information as a data controller. This privacy policy is published and accessible at any time on the following website: [link].
This privacy policy is established in consideration of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as Law No. 78-17 of 6 January 1978 (Loi relative à l’informatique, aux fichiers et aux libertés) in its latest version (the “Personal Data Regulation”).
1. Definitions
The following definitions apply to this Privacy Policy :
Application: Refers to the mobile application "Unlockt" available on the App Store and Google Play.
Data subject: Refers to an Uploader, a Downloader, or any other individual whose personal data is processed by Unlockt.
Downloader : Refers to any natural person over the age of majority who downloads a File.
Download Page: Refers to the webpage accessible with a dedicated URL address from which a File can be accessed against payment.
File: Refers to any file shared via the Solution.
Solution: Refers to the Application and the Download Pages.
Uploader: Refers to any natural person over the age of majority who uploads a File on the Application.
2. personal data collected and processed
Unlockt processes the following personal data for the purposes mentioned below.
For Uploaders
- General information (first and last name, date of birth, email address, postal address, phone number);
- Connection data on the Application (login credentials, password, session start and end time, IP address, location, session history);
- Content of the Files uploaded on the Application (photographs, videos, and voice notes);
- Transactional data (number of Files shared, amounts received, transaction dates, withdrawals);
- Data related to the Uploader's device (operating system, language);
- Browsing data on the Application;
- Identification documents;
- Facial photograph (selfie);
- Warnings and sanctions in case of sharing inappropriate or illicit content.
For Downloaders
- Data related to the Downloader's device (operating system, language).
The provision of certain data is required to access the Solution. For example, the refusal to provide the required data in the context of the identity verification process (identification document and, if applicable, photograph), will prevent the creation of an account on the Application.
Banking information used for the payments made through the Solution, as well as the data processed during the identity verification process, are collected, processed, and stored by our service providers and Unlockt has no access to such data.
3. Data processing, purposes and legal basis
| N° |
Data processing |
Purposes |
Legal basis |
| 1 |
Account creation and management |
Create and manage accounts to enable Uploaders to use the Application. |
Performance of the contract |
| 2 |
Connection and identification of Uploaders |
Identify Uploaders when they use their account and allow them to retrieve information related to their account. |
Performance of the contract |
| 3 |
Processing assistance requests and access to the Solution |
Respond to user assistance requests and enable them to benefit from the services as contractually agreed. |
Performance of the contract |
| 4 |
Identity verification of the Uploader |
Verify the identity of individuals who wish to create an account on the Application. |
Legitimate interest |
| 5 |
File sharing |
Enable Uploaders to upload their File(s) to the Application and share those Files with third parties.
Enable Downloaders to access the File once payment has been made.
|
Performance of the contract |
| 6 |
Payment |
Process payment when a Downloader purchases a File. |
Performance of the contract |
| 7 |
Filtering illicit contents |
Prevent the transmission of illicit contents through the Application. |
Legitimate interest |
| 8 |
Cookies |
Ensure the proper functioning of the Application and continuously improve the Solution. |
Legitimate interest and consent |
| 9 |
Fraud |
Prevent fraud and any scams targeting Unlockt, including but not limited to the use of stolen credit cards. |
Legitimate interest of Unlockt to prevent fraud |
4. Recipients of processed personal data
The personal data collected and processed are necessary for the pursuit of all the aforementioned purposes and are exclusively intended for the internal management services of Unlockt, as well as, if necessary, for its processors.
However, any illegal content of which Unlockt becomes aware may be reported and sent to the relevant authorities, including the Federal Bureau of Investigation (FBI), the International Criminal Police Organization (Interpol), and/or the French platform 'PHAROS'.
The categories of sub-processors to whom personal data may be transmitted are the following:
- Daily operations: data processors that provide digital solutions useful for Unlockt’s daily operations, such as data hosting solutions, age verification, filtering of illicit contents, detection of errors or bugs in the Solution, monitoring of the use of the Solution, and updates to ensure the proper functioning of the Solution.
- Financial services: data processors that provide specialized financial services solutions, such as Masspay.
- Marketing and communication operations: data processors that provide online communication solutions and social media services, enabling data analysis for marketing purposes.
- Maintenance operations: data processors who have access to Unlockt’s technology to perform maintenance operations or address technical issues in the Solution in case of emergency.
- Management and advisory operations: data processors who assist Unlockt with management and compliance (whether accounting, legal, financial, or audit-related).
It is specified that neither Unlockt nor its data processors sell, in any way, personal data of Data Subjects.
5. Retention of personal data
The data of Data Subjects is not retained beyond the period strictly necessary for the purposes outlined in Article 3 of the privacy policy. In particular:
- Data related to the creation and management of accounts is retained until the deletion of the Uploader's account or for a period of two (2) years from the last action on the Application.
- Files shared via the Application are retained for a period of three (3) months from their upload to the Application (unless a longer duration is decided by the Uploader or if the content is illicit).
- The email addresses of Downloaders are retained for the time necessary for Unlockt to send the File via email.
- Connection logs to the Solution are retained for a period of six (6) months.
- Data processed in connection with assistance requests are retained for the time required to address the request.
- Files whose content may be illicit are retained for the time necessary to analyze the situation and make a decision regarding account suspension.
- Identification documents provided in a request to exercise rights are retained for the duration necessary to verify the Data Subject’s identity.
- Cookies are retained for a period ranging from zero (0) to one hundred seventy-nine (179) days, depending on their nature.
Unlockt undertakes to anonymize, archive or delete personal data of Data Subjects as soon as the purpose and retention period expire, subject to the time necessary to comply with its legal obligations, particularly in consideration of civil and commercial statute of limitations.
6. Personal data transfers
Personal data processed by Unlockt is hosted by Amazon Web Service, whose servers are located in Ireland.
Some of the personal data processed by Unlockt is transferred outside the European Union, including to the United States. In such a case, Unlockt ensures that data processors have implemented appropriate legal, technical and organizational measures to govern any transfer of personal data, in particular by using the standard contractual clauses established by the European Commission.
7. Cookies and other trackers
Unlockt uses cookies and trackers, which are small computer files stored on your devices, to collect data about your browsing habits, record your visits to specific pages, and provide additional services such as enhancing your browsing comfort.
In accordance with article 82 of the French Law No. 78-17 of 6 January 1978, Loi relative à l’informatique, aux fichiers et aux libertés, any subscriber or user of an electronic communications service must be informed in a clear and complete manner, unless he or she has been informed beforehand, by the data controller or its representative of (i) the purpose of any action aimed at accessing, by electronic transmission, information already stored in his or her electronic communications terminal equipment or at entering information in this equipment and (ii) the means available to him or her to object to it. Such access or writing may only take place on the condition that the subscriber or user, after receiving such information, has expressed his consent. Data subjects may withdraw their consent to the use of these cookies via the cookie management module or by directly contacting Unlockt at dpo@unlockt.me.
It is also provided that these rules are not applicable if the access to information stored in the user's terminal equipment or the registration of information in the user's terminal equipment (i) either has the exclusive purpose of enabling or facilitating communication by electronic means, or (ii) is strictly necessary for the provision of an online communication service at the express request of the user.
Within the framework of this exception, Unlockt uses the following cookies:
- Fraud prevention cookies, particularly for banking fraud. These cookies are retained for a period of 4 days from their deposit.
- Cookies necessary for processing the payment of a File. These cookies are retained for the duration of a user session.
- Cookies necessary for displaying the Downloader's interface on the Download Pages. These cookies are retained for a period ranging from 6 to 179 days from their deposit.
- Cookies for detecting errors and malfunctions in the Solution. These cookies are retained for a period ranging from 5 to 178 days from their deposit.
- Cookies that store the user's expressed choice regarding cookie deposits. These cookies are retained for a period of six (6) months from the last acceptance, refusal, or customization by the user.
8. data subject's rights
8.1 description of data subject's rights
In accordance with the Personal Data Regulation, Data Subjects benefit from various rights over their personal data, such as:
- Right of access: any Data Subject can find out what personal data Unlockt has about him or her and obtain a copy of this data.
- Right to rectification and to erasure: Data Subjects can ask for the correction of inaccurate or outdated personal data about them, as well as their deletion.
- Right to object and to restriction of processing: Data Subjects can object to how Unlockt processes their personal data or request that the processing concerning them be restricted, to the extent possible and subject to compelling legitimate grounds that Unlockt may have for continuing processing, such as legal obligations to combat money laundering and the financing of terrorism.
- Right to withdraw consent: any Data Subject who has consented to a processing has the right to withdraw his or her consent, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to data portability: Data Subjects can request Unlockt to send their personal data in a structured, commonly used and machine-readable format for transmission to another data controller, provided that this is possible.
- Right to set directives regarding the fate of personal data after death: any individual may provide Unlockt with directives concerning the handling of their data in the event of death, including whether or not to disclose their data to third parties.
- Right to lodge a complaint with a supervisory authority: any Data Subject may contact the CNIL or any competent data protection authority, if he or she believes that Unlockt has not complied with certain rules set out in the Personal Data Regulation (information on how to lodge a complaint with the CNIL is provided on its site).
8.2 Exercise of rights
For any question relating to the processing of their personal data or to exercise their rights under the Personal Data Regulation, data subjects may contact Unlockt at the following addresses:
- Via letter at: Unlockt, Personal Data, 14 rue Charles V, Paris (75004), France
Note that the exercise of the rights provided by the Personal Data Regulations is not without limit – Unlockt is entitled to refuse to act on manifestly unfounded or excessive requests - and each of them meets conditions that are imposed by the Personal Data Regulation. As such, the following elements are specified:
- Identity: any data subject must prove his or her identity and indicate the address at which he or she wishes to be contacted.
- Response time: the requests are processed by Unlockt within a reasonable time taking into account the complexity, the number of requests formulated and the Personal Data Regulation.
- Free of charge: the exercise of rights is in principle free of charge. In cases where a request would imply important costs, the data subject could be required to pay a fee.
These requirements must be respected, otherwise requests may not be processed.
9. security measures
Unlockt takes all necessary physical, logical, and organizational security measures to ensure a high level of protection for personal data, particularly to prevent it from being altered, damaged, or disclosed to unauthorized persons. In the event of changes to the means used to ensure the security of personal data, Unlockt commits to not reducing the level of security.
10. changes to the privacy policy
Unlockt may change this privacy policy from time to time as the manner in which personal data is handled may change due to development of the Solution, or applicable rules.
In such a situation, the Data Subjects will be notified of updates, either by sending an email or through a notice on the Solution, at least 15 days prior to a material change to the privacy policy.