Skip to main content

Privacy policy

Updated

When you use the www.leetchi.com website (hereinafter the "website") or our services, we collect your personal data.

The aim of this policy is to inform you about how we process your data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

1. Who is the data controller?

The data controller is Leetchi.com (France), simplified joint stock company),having its registered office at 4 rue de la Tour des Dames, 75009 Paris, France, registered with the Registre du Commerce et des Sociétés (RCS) of Paris under the number 907 495 20 (hereinafter "We"). 

2. Which data do we collect? 

Personal data are data that enable an individual to be identified directly or by cross-checking with other data. 

The following data are collected:

  • When you create a Leetchi profile: first name, surname, date of birth, phone number, avatar, email address, nationality and country of residence of the money pot organiser.

We are required to collect these data so that you can access services on the Leetchi website. If they are not provided, you will not be able to register and use Leetchi's services.

  • When the organiser sets up a money pot: first name, surname, project title, project category, description, image, purpose, target amount, first name and surname of the money pot beneficiary, and any identity document required to identify the money pot organiser, whether they are a natural person or a company.
  • When a money pot is transferred by the organiser to the beneficiary: first name, surname and address of the beneficiary, bank details of the beneficiary, and supporting documents providing evidence of the legitimacy of a money pot (estimates, invoices, etc.)

Leetchi requires these personal data to verify the identity of the money pot organiser, the intended use of the funds and the receipt of funds.

  • When a participant contributes to a money pot: first name, surname, nationality, country of residence, phone number, date of birth, payment information, type of bank card used (debit card, Visa, MasterCard, Maestro) and any identity document required to identify the participant, depending on whether they are a natural person or a company.

Leetchi wishes to inform its users and visitors that it does not process data regarding the payment methods used to carry out transactions on the website except for the first four numbers on the bank card, its expiry date, the card type and the country of origin.

Leetchi requires these personal data to verify the identity of the participant(s).

If we do not receive this information, users will not be able to post their project and/or contribute to current projects on the website due to contractual and/or legal reasons (in particular to combat fraud, money laundering and the financing of terrorism).

Other data may be required to be collected. All data that are required to be collected, the contractual or regulatory nature of this requirement to provide data, and the consequences of not providing these data will be notified to you directly where necessary.

  • If you contact Leetchi's customer service department: first name, surname, date of birth, phone number, email address, link to the money pot, reason for the request.

These data are required to be collected in order to process the request for assistance. If the data are not provided, Leetchi will not be able to process your request.

  • When you browse Leetchi's website: see the article on "Cookies".

 

2.1. Personal data collected by Mangopay (the payment service provider).

The collection of payments made directly via the website is managed by Mangopay, which is an electronic payment company approved by the CSSF (Luxembourg's financial sector regulator). Mangopay processes the personal data for which it is the data controller. These data are listed in Mangopay's privacy policy, which can be found at https://www.mangopay.com/fr/privacy/.

Mangopay has appointed Leetchi as the payment agent. Therefore, the personal data required to provide payment services and contribute to money pots are sent to Mangopay. This applies to data collected for the following purposes:

· Subscribing to services and opening your Mangopay payment account;
· Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT);
· Managing payment orders;
· Managing customer relations, such as processing your queries, requests to exercise your rights and any complaints you may have about the payment services;
· Making card payments. 

As part of their statutory and regulatory requirements to combat fraud, money laundering and the financing of terrorism, Leetchi and Mangopay process personal data, including combinations of data, in order to determine the level of fraud risk associated with a contribution or fundraiser. These processing activities may be used to justify Leetchi's or Mangopay's decision to reject or block a contribution or the spending of funds raised on the website.

3. What are the lawful bases for and purposes of keeping your personal data, and how long do we retain your personal data?

Purposes Lawful bases Data retention period
  • Enabling you to access Leetchi's service;
  • Managing the organiser's or participant's account;
  • Responding to your requests for information;
  • Managing incidents - customer service.
 Performing the contractual arrangements established at your request as part of the intermediary services offered by Leetchi Your data are kept for three years from the date of your most recent activity
  • Managing customer relations (business communications).

Our legitimate interest in developing and promoting our activity

Consent via the Opt-In service

 Your data are kept for three years after your most recent exchange or immediately after the customer withdraws their consent.
  • Anti-money laundering and combatting the financing of terrorism;
  • Protection against and prevention of fraud.

Article L.561-12 of the French Monetary and Financial Code

 

Performing the contract for the intermediary service

 Your data are kept for five years from the date on which your account is closed or your relationship with Leetchi ends.
  • Contributing to money pots.

Consent of the participant

 

Legitimate interest of Leetchi

 We do not keep data regarding the payment methods used for contributions except for the first and last numbers of the bank card, its expiry date, the card type and the country of origin.
  • Processing requests to exercise rights.
 Our legitimate interest in responding to your requests and ensuring we follow them up.

An identity document may be requested - we will only keep it for as long as it takes to verify your identity. Once verification has been completed, the document will be deleted.

 

If you exercise your right to object to receiving communications from us: we keep this information for three years from the date on which you notify us of your objection.

 4. Who receives your data? 

The following parties will have access to your personal data:

  • Authorised personnel of Leetchi;
  • Sub-contractors of Leetchi (hosts, email marketing tools, website security tools, audience measurement tools, website browsing tracker tools, customer and support service tools). Leetchi's sub-contractors must comply with confidentiality and security obligations, and other obligations specified under the GDPR;
  • Mangopay, the payment service provider, in order to manage financial transactions carried out via our service. Information is collected and processed by Mangopay in accordance with the provisions of Article 2.1 of this Policy;
  • Any authorised administrative or legal authority, or more generally any authorised third party, so that Leetchi is able to comply with its statutory or regulatory obligations.
  • The money pot organiser, only in the following case: for contributions to a money pot, the organiser will receive an email stating that their money pot has received a contribution. The email will contain the following information as a minimum: the first name, surname or pseudonym of the participant, the amount of the contribution and the date.

5. May your data be transferred outside of the European Union? 

For the entire duration of the processing, your data are kept and stored on Microsoft Azure servers in the Paris region.

Leetchi wishes to inform its users that their personal data may be transferred for the purposes specified in Article 3 of this policy to companies located in countries outside of the European Union.

Data transfers to countries outside of the European Union are made in compliance with specific regulations that ensure that personal data are protected and secure. If the personal data of users are transferred to a country outside of the European Union, Leetchi undertakes to put in place all available appropriate guarantees, in accordance with Regulations in force, to ensure that transfers are monitored and secure.

For payment transactions carried out via the payment service provider, personal data may be transferred to countries outside of the European Union in order to settle the transaction, to combat money laundering or the financing of terrorism (Regulation (EU) 2015/847) and, more generally, to ensure the security of payment flows.

 6. What are your rights regarding your data?

You have the following rights regarding your personal data:

Right to be informed: this is the reason why we have created this policy. This right is outlined in Articles 13 and 14 of the GDPR. 

Right of access: you have to the right to access all of your personal data at any time, pursuant to Article 15 of the GDPR.

Right to rectification: you have the right to rectify any of your personal data that are inaccurate, incomplete or obsolete at any time, pursuant to Article 16 of the GDPR.

Right to restriction of processing: you have the right to restrict the processing of your personal data in the instances outlined in Article 18 of the GDPR.

Right to erasure: you have the right to request your personal data to be erased and to forbid them from being collected in the future for the reasons listed in Article 17 of the GDPR.

Right to lodge a complaint with a supervisory authority (the CNIL (National Commission on Informatics and Liberty) in France), if you believe that the processing of your personal data is in breach of applicable regulations. (Article 77 of the GDPR).

Right to issue instructions relating to the retention, erasure and communication of your personal data after your death 

Right to withdraw consent at any time: for purposes based on consent, Article 7 of the GDPR specifies that you can withdraw your consent at any time. Withdrawing your consent will not prejudice the lawfulness of processing carried out prior to the withdrawal.

Right to data portability: in accordance with certain provisions of Article 20 of the GDPR, you have the right to receive the personal data you provided to us in a machine-readable format, and to request them to be transferred to a recipient of your choice.

Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please be aware, however, that we may continue to process your data despite your objection, on legal grounds or in defence of legal claims.

You may exercise your rights in writing to the address below. We may ask you to send us additional information or documents to verify your identify. 

7. Point of contact for personal data 

Email: rgpd@leetchi.com

Address: Leetchi - DPO 
4 rue de la Tour des Dames
75009 Paris

8. Security

Leetchi takes all necessary physical, technical and organisational measures to protect the confidentiality, integrity and availability of your personal data, in particular against theft, accidental destruction, modification and unauthorised access.

Leetchi also endeavours to take the utmost care to maintain a high standard of security and confidentiality for your personal data by educating our business associates and partners and providing our employees with training on data protection, establishing long-term checks, and using tools and implementing practices aimed at obfuscating, anonymising, encoding and encrypting data in order to ensure that your personal data are protected against internal and external data breach risks.

If your personal data are breached and this puts your rights and freedoms at risk, we will notify the CNIL in accordance with the time frames specified by law. If the breach poses a high risk to your rights and freedoms, we will inform you as soon as possible of the nature of the breach and the measures put in place to address it. 

8. Amendments

We may amend this policy at any time in order to comply with all regulatory, case law, publishing or technical changes. These amendments will apply from the date on which the amended version takes effect. Therefore, please read the latest version of this policy regularly. We will, however, notify you of any significant amendments to this policy.

Effective date: 10 May 2023.

📧 Any comments or questions? Contact us here.

Related articles