Symfony SAS Privacy Policy

Symfony SAS ("Symfony") is a simplified stock company with capital of 875,000 €, registered with the Trade and Corporate Registry of Nanterre under Number 834 643 579, with its main office located at 163 quai du Docteur Dervaux - CS 30083 - 92665 Asnières sur Seine, France, represented by its Chairman Mr. Fabien POTENCIER (“Symfony”).

Symfony is committed to safeguarding the Personal Data of its Users (“Users”). This Privacy Policy describes the types of Personal Data we collect through our services (“Services”) and via our online presence, which include our main website at symfony.com, as well as services and websites that we enable Internet Users to access, such as SymfonyConnect, SymfonyInsight, SymfonyLive, etc. (collectively, our “Sites”).

This policy also describes how we use Personal Data, with whom we share it, your rights and choices, and how you can contact us about our privacy practices. This policy does not apply to third-party websites, products, or services, even if they link to our Services or Sites, and you should consider the privacy practices of those third-parties carefully.

For any question relative to your privacy at Symfony or to exercise your rights, you can contact the Data Protection Officer of Symfony at dpo@symfony.com.

By using our Sites or Services, Users agree to abide and be bound by this Privacy Policy, which may be modified or updated from time to time without notice, except for stipulations requiring Users’ consent. In this event the update shall be displayed on the Site.

Definitions

Capitalized words and phrases not defined herein shall have the same definitions as in the General Data Protection Regulation (2016/679) of the European Parliament and of the Council (the “GDPR”). Capitalized words, terms, or phrases that are not defined herein or in the GDPR shall be considered typographic errors, unless context or custom dictates otherwise.

I. Nature and processing of Personal Data

Symfony obtains Personal Data about Users from various sources to provide our Services and to manage our Sites. Symfony collects and processes all these data in a fair and lawful manner and in respect of their rights.

Symfony is the entity responsible for processing Users Personal Data (Data Controller). It is based in France and it is therefore under the authority of the French Data Protection Authority (CNIL) regarding the way it processes Personal Data.

To access our Services, Users need to open a SymfonyConnect Account and provide Symfony with at least the following Personally Identifiable Data: full name, country, username, email. Users may complete their profile with other Personal Data (such as birthday, address, biography, bank details or phone number, etc.).

Additionally, our Sites use cookies and other technologies to function effectively. These technologies record information about Users' use of our Sites, including:

Symfony collects and processes these data in order to provide access to the Sites and Services. The purposes of these data processings are:

The legal basis for the processing of Personal Data are:

Symfony shall never collect or process Personal Data pertaining to, directly or indirectly, race, health, sexual orientation, political, philosophical, religious views or to special categories of Personal Data within the meaning of the GDPR relating to Users.

III. Cookies

Symfony uses "Cookies" (small files stored in Users browsers), in accordance to our general Privacy Policy, for several purposes:

In accordance with the Directive 2002/58/EC of the European Parliament (ePrivacy), the usage of cookies for authentication and e-commerce carts doesn't require consent from the User. For all the other cookies, Symfony's legal basis is Consent.

Symfony may authorize its partners to place cookies on Users’ terminals to collect Users’ data:

The validity period of cookies is 13 months. A new prior consent shall be requested by Symfony after this period.

IV. Retention of Users’ Personal Data

1. Security

The Personal Data that Users communicate to Symfony are hosted by Amazon Web Services (Ireland). In accordance with the GDPR, Symfony undertakes to take all necessary precautions to preserve the security of the Personal Data processed and in particular to prevent them from being distorted, damaged or communicated to unauthorized persons.

Symfony uses its best efforts to prevent any interference with Users Personal Data such as loss, diversion, intrusion, unauthorized divulgation, alteration, or destruction.

2. Term

Without prejudice to the following paragraph, the Personal Data processed by Symfony shall be deleted three (3) months after the cancellation of Users Account, unless otherwise required by law.

Symfony is under the duty to keep during one (1) year the following personal data as from the creation, change or deletion of Users Content:

3. Cancellation of Account

At any time Users may request that their Account be cancelled (without prejudice of the above article).

V. Communication from Symfony

Symfony may send emails to Users to the address associated with their account for technical or administrative purposes or to inform Users of the evolution of its Service. Symfony shall not send Users commercial offers unrelated to Symfony.

Symfony will never send to Users commercial emails if they refused to receive them.

VI. Transfer of Users Personal Data

Symfony undertakes not to share Users’ Personal Data with or transfer them to third parties unless such sharing or transfer is (i) to provide technical support or specific services (such as Stripe), (ii) necessary to the use of the Services, or (iii) to analyze and report (such as Sentry).

Symfony undertakes not to share Users’ Personal Data with or transfer them to third parties unless they have consented prior to said sharing or transfer. Symfony shall never share Users Personal Data with third parties that do not guarantee an adequate protection.

Symfony may provide Users Personal Data if required by law or compelled by a court of law.

VII. Right to access, modify, and delete Users Personal Data

Pursuant to French and European law, Users have the right to freely access their data, rectify them, request their deletion, oppose to their treatment, and obtain the communication in a structured and readable format (except for legitimate cause). Users also have the right to lodge a claim with a supervisory authority and set guidelines for their digital will.

Users may exercise this right by contacting Symfony's Data Protection Officer:

Symfony
Data Protection Officer
163 quai du Docteur Dervaux
CS 30083
92665 Asnières sur Seine, France

Or by e-mail at dpo@symfony.com.

Users may also modify their Personal Data directly from their Account.