- Netatoo : designates Netatoo S.A.S. SIRET 48782045800015; also called "us", "our", "our" in this document.
- Application : designates the online booking platform BalleJaune and OpenResa, published by Netatoo, accessible from the domain names ballejaune.com and openresa.com.
- Club(s) : designates an entity represented by one or more directors (association, municipality, company, etc.).
- Utilisateur(s) : designates the persons who have an account in the club's database.
- Administrateur(s) : designates the persons responsible for the club, having total or partial access to the -Administration- section of the application (president, manager, secretary, monitor, etc...).
Netatoo SAS (SIRET 48782045800015) provides an online booking platform (ballejaune.com and openresa.com), also referred to as "we", "us" and "our" in this document.
We attach great importance to the trust you place in us when choosing our online booking solution. Therefore, we diligently protect the privacy and confidentiality of your personal data.
3. Processing of personal data
Netatoo processes your club and personal data for the following purposes :
- Setting up your administrator account and your club account.
- Manage your administrator account and your club account.
- Contact you about relevant questions associated with your personal or club user account.
- To control unauthorized use or abuse of our services, or to detect, investigate or prevent activities that may violate our policies or be fraudulent/illegal.
- To process your enquiries and provide technical support by e-mail or phone.
- To process subscription payments for our services by the club.
- To communicate directly with you, including sending you newsletters, promotions and special offers.
- Analyze trends, administer or optimize our offers, monitor usage or traffic patterns.
4. Personal data collected
Netatoo collects the following personal data about the club administrators :
- First and last name (mandatory),
- E-mail address (optional),
- Phone number(s) (optional, depending on context),
- Organization name (optional),
- Technical information about the device and web browser used (collected only to provide effective customer support, to prevent malicious attacks on our services and to provide anonymous statistics to club and Netatoo managers).
We also collect, at the club level, the following data:
- Club contact details (e-mail address and full postal address),
- Club geolocation (latitude/longitude),
- Phone number(s),
- URL address of the website,
- Time zone and language information,
- Payment API information (if applicable),
- Information on bookable spaces (schedules),
- Information about the club's opening hours.
This information is necessary to set up your club account, manage your account subscription and contact you about relevant issues associated with your account.
We undertake that no data will be exchanged or sold on any medium to third parties.
5. Site administrator & user
6. Data Processors
From time to time, we may use third party service providers as data processors for the purposes specified above. The processing by these third parties takes place according to our instructions. These parties are bound by data processing agreements and confidentiality agreements.
You can view the complete list of third party entities that we engage to provide services on our behalf by going to the "Our Subcontractors and Third Party Providers" page.
In accordance with data protection laws, strict security procedures are observed within Netatoo to prevent the misuse of personal data and unauthorized access.
In order to protect and safeguard the personal and club data provided to us, we have put in place and use appropriate professional systems and procedures. In addition, we have security procedures in place and use technical and physical restrictions to access and use the club's users information. Only authorized employees can access personal information in the course of their duties with respect to our services.
For more details on how to secure and protect your data, go to the data security section.
8. Data protection breaches
If we learn that data protection has been breached, we will notify the data subjects and the competent supervisory authorities no later than 72 hours after becoming aware of the breach.
9. Payment Gateway API Data Protection
Netatoo protects the private keys of the online payment gateway on several levels. Safety measures include, but are not limited to:
- SSL encryption is used to transfer API information to Netatoo application servers.
- API information is encrypted with the AES-256 algorithm before being stored on our servers.
10. Credit Card Information
The raw credit card information does not come into contact with the servers on which our application is hosted. All credit card information is managed by online payment gateways such as PayPal or Paybox, via a secure connection with the TLS protocol. Netatoo and clubs are not able to access unmasked credit card data.
11. Control of club details and data
You can view and change the data you store with us in the "Administration > Settings" section for club data and in the "My Account > Account Details" section for user data.
The club or the administrator proving his identity has the possibility of soliciting from Netatoo, at the e-mail address firstname.lastname@example.org :
- the verification of personal data concerning him or his club, collected by Netatoo or by the club,
- the communication of a copy of such data issued free of charge, in so far as such a request is not abusive, in particular by its repetitive and disproportionate nature.
In accordance with our terms for clubs, the club may terminate its account at any time and request the permanent deletion of all relevant data (settings, users, reservations, etc.). The cancellation request must be made by contacting us by e-mail or post.
12. Competent authorities
We may share and disclose details and information about you to a government or investigative authority if the law (or any regulation having the force of law), a legal proceeding, a criminal investigation, a court order or a summons to appear requires it. We may also disclose your personal information if it is strictly necessary for the prevention and detection of criminal acts.
13. Changes to this statement
Our application is constantly evolving and as such we may change the way we collect, transmit and process personal data and any other information we deem necessary. This statement may be amended from time to time to reflect the latest changes.
If you have any questions or require further information, please contact us by one of the following means:
Postal address :
54016 NANCY CEDEX