Privacy policy

1. Preamble

This privacy policy aims to inform users about how their personal data is collected, used, and protected on our website. We are committed to complying with applicable regulations, particularly the General Data Protection Regulation (GDPR). The data controller is Eden Initiative, represented by the Data Protection Officer (DPO), whom users can contact for any questions regarding their data.

1.1 Identity of the Data Controller and Data Protection Officer

The Data Controller of the personal data collected through the Site and App mentioned is: Eden Initiative, a simplified joint-stock company (SAS) with a capital of €4,200, headquartered at 185 Boulevard Vauban, Lille 59000, SIREN number (812904928), represented by Mr. Antoine Trannoy, Data Protection Officer (DPO). Email: antoinel@LivinFrance.com.

1.2 Competent Supervisory Authorities

The competent supervisory authority is, as appropriate:

France : National Commission on Informatics and Liberty (CNIL); 3 place de Fontenoy, 75007 PARIS, phone: +33153732222.

1.3 Contact Us

For any information regarding your personal data, you can contact the Data Controller or the DPO at the previously mentioned postal address or by email at:

Hello@LivinFrance.com, for the Data Controller.
Antoine@LivinFrance.com, for the Data Protection Officer (DPO).

2. Data Collected

2.1 When do we collect your personal data?

Personal data (also called personally identifiable information) refers to any information related to an individual that allows them to be identified directly or indirectly, such as their name, email address, or phone number. As part of our activity, we collect your personal data when:

You browse our website or application and use our services (searching and consulting training programs, submitting applications, etc.).
You complete your profile or update the information in your user space.
You interact with the built-in communication tools to chat with other users (schools or agents).
You contact us directly via our customer service by phone, email, online chat, or postal mail.

We may also receive information from partners when you interact with their services through our site (for example, when registering for a program via a partner school).

2.2 Data you provide to us directly

The personal data we collect directly is that which you provide when using the services offered on our website. This includes:

Identification data : name, first name, nationality, email address, phone number.
Application data : information on the programs you apply for, supporting documents, and cover letters.
Payment data (if applicable) : information related to the payment of application fees or other services.
Identity documents : in case of a request to modify or validate your profile for security reasons.
Additional documents : any required document for your academic or administrative application (such as academic certificates, passport, student visa).

Please note that our duly authorized teams may collect additional personal data when strictly necessary for processing your requests.

2.3 Data you provide indirectly

When you subscribe to services or programs offered by our partners through our site (schools, recruitment agents, other providers), these partners may transmit information related to your registration or application. This data is used to facilitate the management of your applications and offer you a better user experience.

2.4 Data we collect automatically

In addition to the data you provide directly, we automatically collect information about your interaction with our website and application:

Connection and browsing data: IP address, browser type, visited pages, duration of the visit, and actions performed on the site. This information is collected using cookies (see the cookies section for more details).
Data from interaction with customer service: content of exchanges (emails, online chat, phone calls) to ensure effective follow-up and improve our service.

2.5 Phone Recordings

To improve service quality and optimize the training of our teams, your calls with our assistance center may be recorded. These recordings are kept for a maximum of six months. You can object to this processing by contacting our Data Protection Officer (DPO).

3. Purpose of Data Processing

How do we use the data we collect?

We only process your personal data when we have a relevant legal basis. Depending on their purpose, processing may meet the following criteria:

Contractual or pre-contractual necessity: to provide our services or prepare a contract.
Legitimate interests pursued by Eden Initiative: improving our offerings, optimizing our services, and training our staff.
Legal obligations: to comply with applicable regulations.
Consent: when you explicitly give your consent, which you can withdraw at any time.

Catégorie de données traitées	Finalités du traitement	Fondements juridiques	Durée de conservation
Données d’identification, données nécessaires à la qualification de vos besoins et à la souscription aux différentes offres	Vous permettre d’accéder à nos services et vous présenter des offres (celles de nos partenaires) personnalisées selon vos besoins et votre profil; Vous fournir l’accès aux différentes fonctionnalités de l’App; Vous contacter, lorsque cela est nécessaire à propos de nos services, pour récupérer des informations nécessaires à la conclusion	Exécution d’un contrat / mesure précontractuelle Notre intérêt légitime	3 ans à compter de votre dernière activité (souscription, connexion à l’App, appel entrant, clic dans un email) ou de la fermeture de votre compte utilisateur (+5 ans en base d’archivage)
Données nécessaires à la souscription des contrats auprès de nos partenaires	Nous permettre de vous dire si vous êtes éligible à tel ou tel contrat auprès de tel ou tel fournisseur et de vous indiquer le prix exact; Nous permettre de souscrire pour votre compte aux contrats de nos partenaires; Nous permettre de procéder au paiement pour votre compte du contrat auquel vous souhaitez souscrire par notre intermédiaire;	Exécution d’un contrat	3 ans à compter de votre dernière activité (+5 ans en base d’archivage)
Données de connexion et de navigation sur le Site et/ou l’App	Mesurer l’audience de fréquentation de notre Site et App; Mesurer l’intérêt et améliorer l’efficacité et la qualité des services que nous vous proposons; Personnaliser l’ergonomie, l’expérience utilisateur selon votre profil, en vous proposant par exemple les offres les plus pertinentes pour vous; Permettre à notre Service client de vous aider le plus efficacement possible si vous avez des questions ou réclamations; Réaliser des statistiques d’analyse, de sélection et de segmentation des utilisateurs pour améliorer nos services et servir notre stratégie marketing;	Votre consentement	13 mois à compter du dépôt des cookies
Données de contact (adresse email, téléphone)	Pour communiquer avec vous en général, plus particulièrement pour : Vous tenir informé de l’évolution de vos contrats (en vous adressant par exemple une confirmation par email de la validation d’un contrat auquel vous avez souscrit en ligne ou par téléphone) Recueillir votre avis / votre satisfaction sur nos services et/ou les contrats souscrits; Vous informer en cas d’évolution de notre politique de confidentialité; Répondre à vos questions lorsque vous nous interrogez par email ou via notre chat par exemple; Vous aider à finaliser la souscription d’un contrat initié sur notre App ou via notre Call center, mais non validé; Vous proposer des offres analogues à celles auxquelles vous avez déjà souscrites chez nous et susceptibles de vous intéresser	Notre intérêt légitime Exécution d’un contrat / mesure précontractuelle	3 ans à compter de votre dernière activité (+5 ans en base d’archivage) Vous pouvez vous désabonner de nos emails à tout moment en cliquant sur le lien de désinscription figurant en bas de chaque email
Données obtenues auprès de nos partenaires nécessaires à la conclusion d’un contrat	Nous permettre de suivre et vous informer sur la bonne prise en compte et validation de votre contrat par notre partenaire auprès de qui vous avez souscrit un contrat par notre intermédiaire Nous permettre de vous contacter si des informations sont manquantes pour procéder à la contractualisation effective côté fournisseur (relevé de compteur, n° de PDL, etc.)	Exécution d’un contrat Notre intérêt légitime	3 ans à compter de votre dernière activité (+5 ans en base d’archivage)
Conversations téléphoniques via notre Call center	Nous permettre d’enregistrer nos échanges téléphoniques afin d’améliorer la qualité de l’expérience utilisateur délivrée par notre Call center, optimiser la formation de nos téléopérateurs en ce sens et les évaluer	Notre intérêt légitime	6 mois à compter de la collecte
Justificatif d’identité	Nous permettre de vérifier votre identité en cas de demande de votre part d’accès, de rectification, de suppression, de limitation ou de portabilité de vos données	Votre consentement	12 mois (article 9 du code de procédure pénale, CNIL, délibération n°2016-264 du 21 juillet 2016 dite NS4
Autres documents personnels (parcours VISA et CAF)	Nous permettre de vous dire si vous êtes éligible à tel ou tel procédures, auprès de tel ou tel administrations; Nous permettre de constituer votre dossier complet pour telle ou telle procédures. Aucune exploitation commerciale ne sera réalisée sur ces documents.	Votre consentement	12 mois (article 9 du code de procédure pénale, CNIL, délibération n°2016-264 du 21 juillet 2016 dite NS4

4. Data Recipients

Who are the recipients of the data we collect? Why do we share this information?

We are committed to treating your personal data privately and confidentially. The data collected or processed when using our services is primarily intended for Nappo entities, particularly authorized and qualified individuals within the organization whose duties require access to this information for the stated processing purposes.

Partner Schools: When you apply for a program through our platform, your data is transmitted to the relevant schools to facilitate the processing of your application and the management of the admission process. These data are used by the schools to evaluate your profile, organize interviews, and make admission decisions.
Third-party Partners: If you subscribe to additional services (such as housing, insurance, or administrative support) via our website, we share your information with the providers of these services to activate and manage the contracts you have subscribed to.
Other Legal Obligations: Your personal data will only be disclosed in compliance with legal or regulatory obligations, or at the request of a competent regulatory or judicial authority. This could include situations where disclosure is necessary to protect your rights, defend our interests, or comply with legal procedures.

We only share your data with partners as part of services you have explicitly requested or for which you have given consent. All data transmitted is protected and used solely for the purposes for which it was collected.

5. Data Retention Period

How long do we retain your personal data?

The personal data we collect is stored in an active database for a duration of 3 years from your last activity on the App (login, submission of an application) or via our call center (incoming call) or from the closure of your user account.

In certain cases, we may need to retain your personal data for a longer period, even after your account is closed, to comply with our legal obligations or those of our partners, and to protect or assert our rights. After the 3-year period, your data may be archived for an additional 5 years in a secure archival database with restricted access. These archived data are retained as proof and will only be used for specific purposes, including compliance with legal and regulatory obligations.

Data transferred to an intermediate archive cannot be reintroduced into the active database. Additionally, these data may be anonymized in our Big Data platform for statistical analysis purposes. The anonymized data helps us produce reports on our performance and trends.

Some personal data are subject to specific retention periods:

3 months for notes manually entered by our call center agents.
6 months for audio recordings of phone conversations via our call center.
1 year for identity documents used in verifications.
13 months from their deposit for cookies used for tracking and analysis purposes.

These retention periods comply with the legal and regulatory standards in place to ensure secure and responsible management of your personal data.

6. Data Security

What security measures are applied to your data?

The security of your personal data is a top priority for us. We are committed to implementing all necessary measures to ensure the protection of the information you entrust to us, so that you can use our services with confidence. We have established a set of physical, technical, and organizational measures to protect your data against unauthorized access, accidental loss, destruction, or damage.

The key security measures we apply include:

Firewalls and Encryption: We use firewalls to prevent unauthorized access to your data. Our server operates over HTTPS, ensuring that the exchanged data is encrypted with a secure algorithm readable only by the intended recipient.
Password Encryption: All passwords are securely stored using the SHA-256 encryption algorithm, preventing their reading or use by unauthorized third parties.
Protection of Routes and Requests: Routes are configured to respond only to authenticated and authorized users, with access rights checked for each request. Requests are also protected via Cross-Site Request Forgery (CSRF) mechanisms.
Secure File Storage: Personal files are stored on Amazon S3 servers, which apply time-restricted access policies and verify permissions before any action is taken.
Database Access Control: Access to production databases is strictly controlled via IP filtering and access management. Server access keys are encrypted and their use is systematically logged.
Secure Payments: We do not store any bank card information. Payment processing is fully handled by Stripe, a certified payment service provider ensuring the security of financial transactions.

Organizational and Internal Measures to Strengthen Security:

Technical Security Officer: A Technical Security Officer has been appointed to regularly audit the effectiveness of security measures and ensure compliance with current standards.Employee Training: All our employees are informed and trained on best practices and obligations related to personal data protection.
Data Breach Notification: In case of a data breach, we commit to notifying the CNIL (French Data Protection Authority) within a maximum of 48 hours.
Data Protection Impact Analysis: We conduct an annual data protection impact analysis to identify potential risks and improve our security practices.

We take all necessary steps to guarantee the security and confidentiality of the data you entrust to us, and we continuously strengthen our measures to address new cybersecurity threats.

7. Your Rights

What are your rights regarding your personal data?

In accordance with Articles 38 to 40 of Law No. 78-17 of January 6, 1978, amended regarding Data Processing, Data Files, and Individual Liberties, and Articles 15 to 22 of Regulation No. 2016/679/EU of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation, GDPR), you have several rights regarding the personal data we hold about you. <br><br>To exercise these rights, please contact the Data Controller or the Data Protection Officer (DPO) by postal mail or email at the provided addresses. For security reasons, this request must be accompanied by proof of identity, which will be destroyed after the request is processed.

7.1 The Right to Be Informed

You have the right to be informed clearly and transparently about how we collect and process your personal data, as well as your rights regarding this data. This privacy policy is intended to fulfill this requirement!

7.2 The Right of Access and Data Communication

You have the right to access the personal data concerning you that we process. Upon request, we will provide you with an electronic copy of this data in a commonly used format. We reserve the right to charge reasonable administrative fees for additional copies and/or refuse abusive requests.

7.3 The Right to Rectification

You have the right to have your personal data corrected or updated if it is inaccurate, incomplete, or outdated. You can use the forms provided by the CNIL to request this.

7.4 The Right to Erasure (Right to Be Forgotten)

You can request the deletion of your personal data in cases provided for by law. We are committed to deleting your personal data as soon as possible, subject to legal retention obligations.

7.5 The Right to Restrict Processing

In some cases, you may request the restriction of processing of your data, particularly if you dispute the accuracy of the data or if the processing is unlawful but you oppose its deletion.

7.6 The Right to Object to Processing

You have the right to object to the processing of your personal data for reasons related to your particular situation, unless we can demonstrate that this processing is justified by compelling legitimate grounds.

7.7 The Right to Data Portability

You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

7.8 The Right to Withdraw Consent

You can withdraw your consent at any time for data processing based on your consent without affecting the lawfulness of the processing carried out before the withdrawal.

7.9 The Right to Object to Telemarketing

You can object to telemarketing at any time. To do so, you can register on the free Bloctel list for consumers.

7.10 The Right to Determine Instructions Regarding Your Data After Your Death

You have the right to define instructions on the retention, deletion, and communication of your personal data after your death.

7.11 The Right to File a Complaint with the Competent Supervisory Authority

If you believe that your rights are not being respected, you can file a complaint with the national supervisory authority, such as the CNIL.

7.12 Response Time and Notification

We are committed to responding to your requests within a maximum of 1 month and notifying you of the actions taken accordingly.

7.13 Closure of Your User Account

In the event of the closure of your user account, we will generally retain your personal data for a maximum period of 3 years unless you object.

8. Cookies: What Is Our Cookie Usage Policy?

8.1 What is a Cookie?

Cookies are small text files that are automatically placed on your computer, smartphone, or tablet when you visit a website. They are stored by your browser and allow for the collection of information about your browsing behavior to optimize and personalize your user experience.

We use cookies on our website and web application to remember your login information, prevent you from re-entering your details each time you visit, and analyze traffic to continuously improve our services. These cookies are not malicious and do not contain programs or viruses capable of damaging your device.

For more information about cookies in general, you can visit websites such as www.allaboutcookies.org and .

8.2 What Types of Cookies Do We Use?

Essential Cookies: These cookies are essential for the proper functioning of our website and application. They help facilitate your browsing and give you access to all the features offered. Without them, certain functionalities of the site would not be accessible or would not work optimally.
Analytical Cookies: These cookies allow us to analyze how users interact with our website. They help us identify the most popular content and optimize the user experience.
Advertising Cookies: We use these cookies solely to measure the performance of our advertising campaigns on social networks. No advertisements are displayed on our website or application, and your data is not sold to third-party partners.

8.3 How Long Are Cookies Stored?

The cookies placed in your browser have a limited lifespan of 13 months from the time they are first deposited. After this period, they are automatically deleted from your device.

8.4 What to Do If You Want to Oppose Cookies?

8.4.1 Withdraw Your Consent to Cookies Via Your Browser

You can manage your cookie preferences directly from your browser settings. You can accept, refuse, or delete cookies at any time. Please note that disabling cookies may alter some of the functionality of our website or application, making certain options inaccessible or less smooth.

Here are specific instructions for the most common browsers:

For mobile devices:

iOS : Apple Support
Android : Disabling cookies on Android
Blackberry : Blackberry Privacy Policy
Windows Phone : Microsoft Support

8.4.2 For More Information on Cookies

If you want more information on managing cookies and the tools available to control them, you can consult the CNIL website or http://www.youronlinechoices.com/fr/, which offers detailed instructions for managing your preferences based on your browser.

9. International Data Transfers

How are international transfers of your personal data managed?

The personal data we collect may be transferred and processed outside the European Economic Area (EEA), particularly in the context of our partnerships or services provided by international providers. These transfers are made in strict compliance with applicable regulations to ensure an adequate level of protection for your personal data.

To ensure the security of these transfers, we rely on several mechanisms that comply with GDPR requirements, including:

Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission, which impose strict obligations on partners or providers to protect your data.
Transfer Agreements Based on Consent: In some cases, we will ask for your explicit consent before transferring your data outside the EEA.
Adequate Protection Standards: We ensure that the destination countries have data protection standards deemed adequate by the European Commission.

If transfers are made to countries without sufficient guarantees, we commit to taking all necessary measures to ensure the confidentiality and integrity of your data.

10. Changes to the Privacy Policy

How and why can this privacy policy be modified?

We reserve the right to update and modify this privacy policy at any time to reflect changes in our activities, legislative updates, or regulatory requirements. Any significant changes will be communicated to users via a notification on our website or by email to the contact details provided.

Users are encouraged to regularly review this policy to stay informed of any updates. Here's how we ensure transparency for these changes:

Prior Notification: Before any significant modification, we will send you a notification to inform you of the new data processing practices and give you the opportunity to express your consent.
Right to Object: You have the right to refuse the new terms or contact us with any questions about these changes.
Effective Date: The changes will take effect as soon as they are published on our website, unless otherwise stated in the communication.

By continuing to use our services after the privacy policy update, you accept the new terms in effect. We encourage all our users to read these changes carefully to understand how their personal data may be used or protected in the future.

11. Contact

For any questions, requests, or complaints regarding this privacy policy, users can contact our Data Protection Officer (DPO) at the following address: antoine@livin-france.com.