1. Definition and Nature of Personal Data

Terms and expressions used with capital initials have the meanings given to them in the General Terms of Use of the services provided by MOFFI. When you use the MOFFI Platform and/or Application, we may ask you to provide personal data so that you can access our services. "Personal data" refers to all data that can identify an individual, including your first and last name, email address, phone numbers, transaction data on the Platform and/or Application, booking details, bank card numbers, and any other information you choose to share with us.

Data from Google Workspace
If you use MOFFI with Google Workspace, only essential information for authentication and integration is collected: name, first name, email address, time zone, and language preference. This data is used exclusively to ensure the service functions properly, and it is neither retained longer than necessary nor shared with or transferred to third parties. MOFFI adheres to Google Workspace's privacy and security standards to protect your personal data.

2. Purpose of this Charter

This charter is intended to inform you of the methods used to collect your personal data while strictly respecting your rights. We comply with the French Data Protection Act (Law No. 78-17 of January 6, 1978) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

3. Identity of the Data Controller

The data controller is MOFFI, a simplified joint-stock company (SAS) registered under number 821 179 843, headquartered at 225 rue des Templiers, 59000 Lille (hereinafter: "We").

4. Data Protection Officer

We have appointed a Data Protection Officer who can be contacted at: dpo@moffi.io – Data Protection Officer – 225 rue des Templiers, 59000 Lille.

5. Collection of Personal Data

Legal bases for collecting personal data:

1. Legitimate interest: When you voluntarily provide data while using our Platform and/or Application.
2. Contract execution: When necessary to provide our services via the Platform and/or Application.

Purposes for data collection:

• Managing access and usage of certain services on our Platform and/or Application
• Sending newsletters about new features (only to administrators and managers)
• Managing space reviews for favorite spaces
• Handling payment defaults and disputes related to paid services
• Customizing responses to information requests
• Complying with legal and regulatory obligations
• Helping improve the product and services (optional)

Mandatory and optional data are clearly identified at the time of collection. Mandatory data is required to operate the services.

6. Recipients of Collected Data

Access is granted to:

• Our personnel
• Auditors
• Subcontractors, public agencies (to meet legal obligations), judicial officers, and debt recovery organizations

7. Transfer of Personal Data

Your personal data will not be sold or transferred.

8. Retention Period

• Clients and prospects: Retained only for as long as needed for business relationships. Marketing data: 3 years.
• Bank card data: Managed by a payment provider; stored for as long as your account is active. CVV not stored.
• Opt-out lists: Retained for at least 3 years from the opt-out date.
• Cookies: See section 11 for details.

9. Security

We implement technical and organizational measures to ensure data integrity and confidentiality. Hosting is handled by OVH with documented security processes. Data protection includes encryption, access control, intrusion detection, and regular audits.

10. Hosting

Your data is hosted on OVH servers located in France, within the EU. No data is transferred outside the EU.

11. Cookies

Technical cookies are used for functionalities such as form auto-fill and session management. Cookie types include user preferences, analytics (e.g., Firebase, Google Analytics), marketing (e.g., Google Ads, LinkedIn), and support (e.g., Slaask). Most cookies are stored until session expiration or up to 6 months depending on their type. Axeptio is used for cookie consent management.

12. Access to Your Data

You have the right to access, correct, or delete your personal data via your account or by contacting: dpo@moffi.io or 225 rue des Templiers, 59000 Lille.

13. Post-Mortem Data Rights

You may define instructions on how your data should be handled after your death. These can be general or specific and must be sent to ready@moffi.io or 225 rue des Templiers, 59000 Lille.

14. Data Portability

You may request a copy of your personal data in a structured, machine-readable format at any time, particularly when closing your account.

15. Filing a Complaint

You may file a complaint with a supervisory authority (e.g., CNIL in France) if you believe your rights have been violated. This does not affect your right to legal proceedings.

16. Restriction of Processing

You may request the restriction of your data processing in certain cases, such as during accuracy checks, unlawful processing, or pending objection decisions.

17. Amendments

We may amend this policy at any time. Continued use of our Platform and/or Application implies acceptance. Otherwise, discontinue use.

18. Effective Date

This charter took effect on October 10, 2023.