Privacy Policy
This Bamptee Privacy Notice (the “Privacy Notice”) supplements and forms part of the Bamptee Terms of Use (the “TOS”). Capitalised terms not specifically defined in this Privacy Notice have the same meaning as ascribed to them in the TOS.
In this Privacy Notice, “Personal Data” means any information which, either alone or in combination with other data, enables one to identify a natural person, whether directly or indirectly; and any operation on Personal Data (collection, recording, transmission, modification, dissemination, access, etc.) constitutes “Processing”, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (GDPR).
This Privacy Notice sets out how and why we Process data relating to natural persons using our Services (“User(s)”) when we act as data controller. If a User does not wish for his or her Personal Data to be used in the ways described herein, then User should not use the Site or any of our Services.
1. What Personal Data We Collect and Why?
1.1 Our policy is to limit Processing to what is strictly necessary to achieve the purposes described below
| Purpose | Scope | Legal Basis | |
|---|---|---|---|
| From User | From User's Device(s) or Others | ||
| Allow User to establish and log into User's Account on the Platform | “Authentication Data”, including one or any combination of the following data: User's first name, surname, username, e-mail address and passwords. | Metadata Processed when using User's Account (including geographical location). | User is using our Services (performance of a contract) |
| Allow User to use User's Account on the Platform | “Account History”, including data and information in relation to tasks, orders or actions recorded in User's Account in relation to our Services, and accessible through User's dashboard. For example, when User is a delivery driver, this may include the licence plate of the vehicle driven, its geographic location, the distance driven during delivery times together with the length of time, the shipping or delivery status, the delivery address and/or other delivery related information. When User is the recipient of a delivery, this may include User's order information, delivery detail and/or logistic details and invoices. | Metadata Processed when using User's Account (including geographical location). | User is using our Services (performance of a contract) |
| Deliver our Services | Billing information and other accounting data, including User's banking details. | User is using our Services (performance of a contract) | |
| Administer the Site, detecting usage patterns and enhance the Site performance | Information about User's visit, including the Internet protocol (IP) address used to connect User's computer or other device to the Internet, browser type and version, time zone settings, the dates User visited the Site, jurisdiction, browser plug-in types and versions, operating system and platform, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page | We pursue a lawful, clear and present commercial interest (legitimate interest) | |
| Provide User with news, conduct surveys and/or get feedback | Email address | User agreed to it (consent) | |
| Commercial prospecting | Email address, phone number ? Que collectez-vous ? | User agreed to it (consent) | |
1.2 We will never Process particularly sensitive Personal Data, such as information in relation to a natural person’s health, sexual orientation, racial or ethnic origin, political opinions, religious beliefs, trade union membership or genetic and biometric data used for the purpose of uniquely identifying an individual.
1.3 When we say that we Process User's Personal Data to comply with a legal obligation, this means that we are subject to a legal duty under applicable EU or national laws or regulations which requires us to Process User's Personal Data.
1.4 When we say that we Process User's Personal Data to pursue a legitimate interest, this takes into account data subjects’ rights to data protection, which cannot be overridden. Without limitation, we may for example Process data to optimise clients management, enhance the quality of our Services, protect our interests and enforce agreements. To obtain further information about how we assess our legitimate interests against any potential impact on data subjects in respect of specific activities by contacting us.
1.5 When we request information from User in order to meet any of our legal requirements or to perform our contractual obligations, failure to provide us with such information will mean that User will not have access to part or all of our Services.
1.6 We do not use consent as a legal basis for Processing User's Personal Data other than in relation to our use of cookies (please consult our Cookies Policy), to conduct surveys and get feedback from Users, we send marketing communications to User via email, or for commercial prospecting.
2. Security and Confidentiality
2.1 We are committed to protecting User's privacy. We take all reasonable endeavours to protect and safeguard the confidentiality, integrity, availability, and resilience of User's Personal Data
2.2 We have implemented measures to prevent User's Personal Data from being accessed by unauthorised third parties, falsified or damaged.
2.3 Furthermore, within Bamptee, our personnel Process Personal Data on a need-to-know basis or whenever it is reasonably necessary, in order to perform their duties and subject to a duty of confidentiality.
2.4 We have put in place procedures to deal with any actual or suspected data breach and will notify User and any applicable regulator of a breach where we are legally required to do so. While we take all reasonable endeavours to protect and safeguard Personal Data, the transmission of information via the Internet is not completely secure. We do our utmost to protect User's Personal Data but we cannot guarantee the security of User's data transmitted to us over email or through the Platform; any transmission is at User's own risk.
2.5 For User's safety, it is important that the Personal Data we hold about User is accurate and current at all times during the course of our business relationship. Please make sure to keep us informed whenever User's Personal Data needs to be updated by lodging a request on the Platform. We will endeavour to effect all necessary modifications within a reasonable timeframe.
2.6 Please note that despite our efforts, we cannot guarantee the security of data transmitted to us over e-mail or through the Platform. Any transmission is at User's own risk. Always use two-factor authentication (2FA) where available and change passwords regularly.
3. Data Transfers
3.1 User's Personal Data is stored on our servers, located within the European Union.
3.2 As necessary, we will share User's Personal Data (i) with selected third-party service providers such as our analytics and search engine providers that assist us in the improvement and optimization of the Site and/or the Services; our KYC providers and other relevant providers to the extent necessary to supply the Services to User, such as without limitation our banks, attorneys, consultants, contractors or Cloud service providers; (ii) with public authorities and law enforcement agencies worldwide either when ordered to do so or on a voluntary basis if this appears reasonable and necessary to us; and (iii) with relevant third parties when we are under a duty to disclose or share User's Personal Data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and/or other agreements; or to protect the rights, property, or safety of our clients, others or ourselves, including to defend ourselves from legal claims.
3.3 The list of the third-party service providers we may share Personal Data is available in Appendix A hereinafter.
3.4 Personal Data and other data may, occasionally, be exported and Processed outside of the jurisdiction in which User resides. Under those circumstances, the governments, courts, law enforcement, or regulatory agencies of that country or those countries may be able to obtain access to User’s Personal Data through foreign laws. User needs to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which User resides.
4. Data Retention Periods
4.1 We retain Personal Data for as long as necessary to provide our Services or for other legitimate purposes, such as complying with our legal obligations, resolving disputes and enforcing our agreements. When we do so in order to perform our contractual obligations, the data is retained for a period not exceeding 5 years as of the deletion of a User’s Account. When consent is the sole legal basis justifying the Processing of Personal Data, deletion takes place immediately after we acknowledge receipt of User’s written notice communicating his or her withdrawal of consent. Note that Processing operations which took place before User revoked his or her consent will not become illegal on withdrawal.
4.2 Because these needs can vary for different data types, the context of our interactions with User or User’s use of our Services, actual retention periods may vary significantly. Criteria used to determine the retention periods include: (i) whether direct access is given to User to delete the Personal Data at any time (e.g., in the dashboard)—if not, a shortened data retention time will generally be applied; (ii) whether User has provided consent for a longer retention period—if so, we will retain Personal Data in accordance with User's consent; and (iii) whether we are subject to legal, contractual or similar obligation to retain or delete the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, data retained for the purposes of litigation or for accounting or tax purposes.)
4.3 Data retained in our archives is encrypted. Archived data remains accessible only to limited Bamptee staff members, following an ad hoc procedure. Data accessible on our servers is also encrypted. We may retain anonymised aggregated data for longer period of time.
5. Users Rights
5.1 Users have a number of rights in relation to how we Process their Personal Data, which may be exercised by contacting us at @.
5.2 These include the right to: (i) know what Personal Data we collect, use, disclosure, share and sell; (ii) delete User's Personal Data in certain circumstances, for example, where it is no longer necessary for us to Process User's Personal Data to fulfil our Processing purposes; (iii) complete or rectify User's incomplete or incorrect Personal Data; (iv) restrict the Processing of User's Personal Data where, for example, the information is inaccurate or it is no longer necessary for us to Process such information or where User have exercised User's right to object to our Processing; (v) object to the Processing of User's Personal Data which may be exercised in certain circumstances, for example, to opt-out of personalised advertising purposes on third-party sites, or where User's own legitimate interests outweigh ours; (vi) receive a copy of User's Personal Data; (vii) have User's Personal Data ported to a new service provider if User no longer wish to use the Services; and (viii) when we rely on User's consent to Process User's Personal Data (cookies and newsletter/marketing communication), User have the right to withdraw User's consent at any time. For cookies, this is done by setting up the cookie’s preferences. Please visit our Cookies Policy. For newsletters, User can do so by opting-out using the link provided in the newsletters at any time. We will do our best to honour User's request promptly.
5.3 User will not have to pay a fee to access User's Personal Data or to exercise any of User's other rights. We may charge a reasonable fee if User's request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with User's request in these circumstances.
5.4 We may need to request specific information from User to help us confirm User's identity and ensure User's right to access User's Personal Data (or to exercise any of User's other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
5.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if User's request is particularly complex or User have made a number of requests. In this case, we will notify User and keep User updated.
5.6 For any request concerning personal data, please send an email to the following address: [email protected].
5.7 Users may raise a concern or lodge a complaint with the French Data Protection Authority (the “CNIL”) if dissatisfied with how we handle their privacy request.
6. Changes to this Privacy Notice
Any changes we make to our Privacy Notice in the future will be posted on this page.
Appendix A — List of Third-Party Service Providers with whom Personal Data may be shared
| Party Name and Jurisdiction | Purpose | Data Disclosed |
|---|
