Introduction

At Hero, we believe that managing your personal data is an important right for each of our users. This document informs you about all data collections and processing carried out by our company on your data, using clear and simple language. For questions or complaints, contact our support at support@hero.fr or our Data Protection Officer at dpo@hero.fr. To make reading easier, we've divided this document into sections, each covering a specific topic and describing as clearly as possible how we handle your data.

Who is responsible for processing your personal data?

Our company, Coruscant SASU, registered with the Paris Trade and Companies Register (RCS Paris B) under number 899 485 544, is the controller of your personal data, in accordance with the GDPR (General Data Protection Regulation).

What types of personal data are collected and processed?

For ease of reading, each type of data is associated with the exact names of the data concerned. The legal basis always relies on the GDPR. Each of the data listed below is systematically collected.

Contact and identification details of the legal entity

DATA COLLECTED
Trade name, legal name, national identification number (SIRET / SIREN), delivery address, billing address

LEGAL BASIS
Explicit user consent

PURPOSE OF PROCESSING
Allow the user to use the payment solution provided by Hero

RECIPIENT OF THE DATA COLLECTED, EXTERNAL TO HERO
Third-party anti-fraud and financial risk management services, which may return a customer creditworthiness score

Contact and identification details of the natural person

DATA COLLECTED
Last name, first name, email, phone number

LEGAL BASIS
Explicit user consent

PURPOSE OF PROCESSING
Allow the user to use the payment solution provided by Hero

Technical data relating to your computer or Internet connection

DATA COLLECTED
IP address, technical characteristics of the device used (OS, browser language, keyboard language, etc), cookie

LEGAL BASIS
Hero's legitimate interest

PURPOSE OF PROCESSING
Ensure the security of payments managed by Hero and fight fraud

RECIPIENT OF THE DATA COLLECTED, EXTERNAL TO HERO
- Third-party anti-fraud services, which may analyze the data and return a bank fraud risk score

Information about your creditworthiness

DATA COLLECTED
Credit scores from third-party rating agencies, bank statements, etc

LEGAL BASIS
Hero's legitimate interest

PURPOSE OF PROCESSING
Ensure the security of payments managed by Hero and fight fraud

Payment data

DATA COLLECTED
Card number, expiration date and security code (CVV)

LEGAL BASIS
Explicit user consent

PURPOSE OF PROCESSING
Allow the user to use the payment solution provided by Hero

RECIPIENT OF THE DATA COLLECTED, EXTERNAL TO HERO
Payment service providers used to debit the card

Hero usage history

DATA COLLECTED
Email, telephone or postal exchanges with our teams

LEGAL BASIS
Hero's legitimate interest

PURPOSE OF PROCESSING
Ensure the security of payments managed by Hero and fight fraud – Provide a support service best suited to the user's requests

What are your rights regarding your personal data?

Hosting provider: Amazon Web Services EMEA SARL (38 AV JOHN F KENNEDY L 1855 99137 LUXEMBOURG).

Under applicable regulations, you have the right to access, modify, delete or transfer all data collected and processed by Hero. You may also choose to limit our processing of your data, object to our processing or request a human review following an automated processing of your data. Finally, you may withdraw your consent, decide on the processing of your data after your death, or lodge a complaint with the competent authority (CNIL). To exercise one or more of these rights, please contact our Data Protection Officer at dpo@hero.fr

Can you withdraw your consent regarding your personal data? How?

In accordance with regulations, you may request any modification or deletion of all or part of the personal data already collected by Hero. In such a request, you must send any document allowing us to confirm your identity (in particular an identity document such as a passport or national identity card). In such a situation, your request will be free of charge and Hero undertakes to respond within a reasonable time. To make such a request, please contact our Data Protection Officer at dpo@hero.fr or support@hero.fr mentioning all necessary data. You may also contact the CNIL, whose contact details are displayed on their website.

What automated profiling and decision-making mechanisms do we use?

As part of its payment activity, Hero may use one or more profiling and automated decision-making mechanisms. These decisions, not involving any sensitive data within the meaning of the GDPR, may impact the user by preventing a transaction from being completed. This may occur if the algorithm assesses the risk of fraud, money laundering or default as statistically too high. The algorithm will always use all data at its disposal, obtained directly or indirectly from the user or from other external providers (notably from credit rating agencies), in order to make the decision that safeguards the interests of the user and Hero. The user may, in any situation and regardless of the automatic decision, request a review by a Hero employee and provide their point of view as well as additional elements. Hero undertakes to take into account all elements that may lead to a revision of its automatic decision before making its final decision.

Where do we process your personal data?

All your personal data are processed within the European Union.

How long do we store your personal data?

From the date of the user's last payment, Hero keeps all collected data for a period of 5 years. This duration corresponds to the legal period imposed by anti-money laundering and counter-terrorist financing regulations to which Hero complies (according to article L561-12 of the French Monetary and Financial Code).

How do we use cookies?

To ensure the security of its payments, Hero may use cookie technology as part of its legitimate interest. This cookie makes it possible, in particular, to identify a device that has connected to pages on the hero.fr website. Hero does not use any other cookie.

Updates to this privacy statement

This privacy statement was updated on 30/08/2021.

Our contact details

Coruscant SASU, 231 rue Saint Honoré, 75001, Paris. support@hero.fr or dpo@hero.fr for all email contacts.