Le Wagon – Privacy Policy  

This Privacy Policy is edited by LA LOCO, a French Société par Actions Simplifiée, registered at the RCS of PARIS under the number 810 930 123, whose head office is located at 24, rue Louis Blanc 75010 PARIS, represented by Boris Paillard for the purpose hereof (contact email address: [email protected]) (hereafter, the “Data Controller”). 

The Data Controller offers a platform that enables Users to connect with each other, build communities, and engage in networking, (hereafter, the “Platform” to its users which have subscribed on the Platform and as such have a user account  (hereafter, the “Users”). The Platform is available at the following url address [·] 

The Data Controller uses a solution called “Hivebrite”, which enables the import and export  of user lists and data, the management of content and events, the organization of emailing  campaigns and opportunity research and sharing as well as the management of funds and  contributions of any kind. 

In this regard, the Data Controller collects and processes User’s personal data in  accordance with the Privacy and Cookie policy. 

The Data Controller is particularly aware and sensitive with regards to the respect of its  Users privacy and personal data protection. The Data Controller commits to ensure the  compliance of the processing it carries out as data controller in accordance with the Data  Protection Law. 

The Data Controller has put in place an appropriate privacy and cookie policy to be fully  transparent on how the personal data of Users are processed within the use of the Platform  and services provided. 

This privacy policy is intended for the Users of the Platform of the Data Controller. 

Data Controller has appointed a Data Protection Officer (hereinafter “DP you may contact at the following address: [email protected]

Date of last update: 15/05/2025. 

1. COLLECTED PERSONAL DATA

1.1 When subscribing on the Platform  

When subscribing to the Platform, the User is informed that its following personal data is  collected for the purpose of creating a user account: 

Mandatory data: 

  • First name ;  

  • Last name ; 

  • Email address;

  • Location;

  • IP address;

  • The user agent;

  • type of device, the browser used, operating system;

  • Date and time of the query;

  • The content accessed;

  • The content of the query performed;

  • The platform accessed;

  • Images;

  • The ID of the visitor (if the visitor is logged in).

 

Optional data: 

  • The referrer URL (if the user didn't configure its browser not to send it;)

  • Information regarding university education, professional experience and Resume;

  • Gender;

  • Pronouns;

  • Phone number;

  • Course and batch number;

  • Social media links;

  • Areas of interest;

  • Competencies;

  • Languages. 

The User is informed that it is not possible to access the Platform without providing the  mandatory data strictly necessary to create an account and authenticate the User. 

1.2 During the use of the Platform  

The User may validly publish, at its own initiative, any content on the Platform which shall  be kept by the Company:

  • Posts; 

  • Profile updates;

  • Direct message to other users; 

  • Images; 

  • Events; 

The right to upload news and content is strictly reserved to administrators.

 

The User is aware that when using the Platform, the User may decide to provide « sensitive  data » within the meaning of Data Protection Law, for example, data revealing racial or  ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual  orientation, etc. By providing such sensitive data, the User agrees to their processing by the  Platform in the conditions set forth in this Privacy Policy.  

  

2. THE PURPOSE OF THE DATA PROCESSING  

The Data Controller and its subcontractors process personal data that are freely transferred  by the User when accessing the services proposed by the Platform for the following  purpose:

Purpose 

Legal basis

Creation and management of a user account;

Contract

Providing the User with all functionalities of the Platform, meaning: 

● Sending invitations for events organized by Data Controller or other Users, if the User has accepted to receive such invitations;  

● Invite the User to events organized by the Platform 

● Indicate the Users geolocalisation to the other Users in order for them to gather 

  • Provide Users contacts to other Users for them to reach out to each other 

  • allows Users to send and receive private messages.

  • allows Users to upload and access files stored in the Community Website.

  • allows Admins to create and manage events on the Community Website.

  • Award badges to recognize achievements or participation.

  • allows Users to report content or behavior they believe violates the community guidelines. 

Contract

Management of data subjects rights according to the Personal Data Legislation.  Storage of User personal data;

Legal Obligation

Management of delinquencies and claims

Legal obligation

Management of prospection operations:  

● Sending email prospect campaigns in the Name of Customer and/or its commercial partners 

● Sending newsletters in the Name of Customer and/or its commercial partners 

Consent 

Making statistics in order: 

● to improve the quality of the services proposed by the Platform;  

● improve the usage functionalities of the Platform;

Legitimate interest

Making statistics regarding the effective use of the Platform;

Legitimate interest

Making statistics regarding the different levels of activity on the Platform.

Legitimate interest




Please note that Kit United, and its subsidiaries – in charge of providing the platform and  managing its technical aspects - also collect your personal data as data controller, in order  to generate statistics on the use of the platform. This processing is based on the data  controller’s legitimate interests to improve the platform. The personal data are retained for  the duration of the contractual relationship between Kit United and the Data Controller, plus  90 days. 

3. DATA RETENTION PERIOD  

The Data Controller informs the User that the personal data related to the User Account is  retained only during the length of the User’s subscription on the Platform. 

[Inactive User Accounts may be deleted after two years of inactivity. - if applicable]  

Following the termination of said subscription, the data collected upon the subscription as  well as the content published by the User on the Platform shall be deleted after a period of  [·][to be determined by the Customer]. 

4. DATA TRANSFERS  

The Users’ data are stored in the European Economic Area (EEA) by the Data Controller, and its trusted service providers. However, depending on the processing, the  Users’ data may also be transferred in a country outside the EEA, to our trusted service  providers [and/or subsidiaries]. 

When transferring data outside the EEA, the Data Controller ensures that the data are  transferred in a secured manner and with respect to the Data Protection Law. When the  country where the data are transferred does not have a protection comparable to that of the  EU, the Data Controller uses “appropriate or suitable safeguards”.  

When the service providers to whom personal data are transferred, are located in the United  States, these transfers are governed by the standard data protection clauses adopted by  the Commission. 

Users can access such safeguards here [·]/contact the DPO at the following address [·]. 

Personal data transfers may take place outside the EU/EEA in order to ensure the  functioning of the solution. Indeed, Hivebrite uses third party services providers located  outside the EU for the following purposes: 

  • hosting of personal data,  including image, profile pictures, backups, etc 

- production and storage of error logs enabling Hivebrite’s developers to correct the code; 

- sending of emails; 

- customer supports; 

-direct messaging module; - analysis of the User’s journey of the platform. 

The country outside the EU/EEA where your personal data may be transferred are: 

- United Kingdom; 

- Switzerland; 

- The United States of America; 

- Australia. 

These transfers are based on one of the following guarantees: 

- an adequacy decision, regarding personal data transfers to the United Kingdom and  Switzerland; 

- the Standard Contractual Clauses of the EU Commission (available here); - your consent. 

5. COMMITMENT OF THE DATA CONTROLLER  

The Data Controller commits to process User’s personal data in compliance the Data  Protection Law and undertake to, notably, respect the following principles: 

- Process User’s personal data lawfully, fairly, and in a transparent manner; - Only collect and process the Users’ data for the strict purpose as described under  article 2 of the present privacy policy; 

- Ensure that the personal data processed are adequate, relevant and limited to what  is necessary in relation to the purposes for which they are processed; 

- Do the best efforts to ensure that the personal data processed are accurate and, i necessary, kept up to date and take all reasonable steps to ensure that personal  data that are inaccurate, having regard to the purposes for which they are  processed, are erased or rectified without dela 

- Keep personal User’s data for no longer than is necessary for the purposes for which  they are processed; 

- Put in place all necessary technical and organizational appropriate measures in order  to ensure the security, confidentiality, integrity, availability and the resilience of th process systems and services; 

- Limit the access to the Users’ data to the persons duly authorized to this effec - Guarantee to the Users their rights under the Data Protection Law in relation to the  processing of their data and make the best efforts to satisfy any request, where thi is possible. 




6. EXERCISE OF THE USERS’ RIGHTS  

The User is duly informed that it disposes at any time, depending on the legal basis of the  processing, a right to access, to rectification, to erasure, to restriction of processing, to dat portability, and to object.

When processing is based on User’s consent, the right to withdraw consent at any time,  without affecting the lawfulness of the processing based on consent before its withdrawal

The User can exercise its rights by sending an email at the following address [email protected] provided that the User justifies his/her identity.

In addition, in the event the User considers that its rights have not been respected, the User  of which the personal data is collected can lodge a complaint before the competent  supervisory authority. For any additional information, you can review your rights on the  websites of the competent authorities.  

The competent supervisory authorities are listed on the following website: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.  

7. COOKIES  

The Data Controller informs the User that Hivebrite, as well as its subcontractors, uses a  tracking technology on its terminal such as cookies whenever the User navigates on the  Platform subject to the conditions described in the Data Controller Cookie Policy [insert  link].  

In particular, Hivebrite may use a cookie called “Amplitude”, to enable analytics of the  User’s journey on the platform. This cookie involves a transfer of personal data to the United  States of America. Hivebrite has signed Standard contractual clauses in order to comply  with the requirements of the GDPR on personal data transfer, and will not use this cookie  without gathering your consent firs 

For more information about the processing carried out by Hivebrite as data controller, the  User is invited to consult Hivebrite’s privacy policy. 

8. RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA 

Only authorized persons working for the Data Controller including employees,  volunteers, trainees etc.) working for the Data Controller and, in some cases, its  subsidiaries, can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the  confidentiality and security of User’s personal data.

The Data Controller also uses trusted service providers to carry out a set of operations on  his behalf for hosting. The Data Controller can also use service  providers in the tech industry, editors of specific tools integrated in the Platform for technical purposes. 

  

The Data Controller only provides service providers with the information they need to  perform the service and ask them not to use your personal data for any other purpose. The  Data Controller does his best to ensure that all these trusted service providers only process  the personal data on our documented instructions and provide sufficient guarantees,  

particularly in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the  applicable legislation, including for the security of processing. 

The Data Controller may be required to disclose or share your personal data to comply with  a legal obligation, or to enforce or apply our terms of use/sale or any other conditions you  have accepted; or to protect the rights, safety or property of the customer, its  customers or employees. 

List of the main service providers:

Service Provider 

Service 

You can consult the 

privacy policy by clicking on the following link:

KIT UNITED 

5 RUE DES ITALIENS 

75009 Paris 

France

H I V E B R I T E  solution

https://hivebrite.io/privacy policy

 

Child Safety Standards Policy

Child Safety Standards 

 

Any explicit content or child sexual abuse and exploitation (CSAE) is strongly prohibited on our application. 

Compliance with Child Safety laws & reporting 

 

Our app complies with applicable child safety laws and regulations. 

Our app ensures all content shared within the app is appropriate for a mixed audience, including children. User-generated content is moderated to prevent inappropriate material from being accessible.

Any CSAM (Child Safety Abuse Material) content will be automatically removed when flagged or reported through our moderation features or if we are directly contacted for this purpose. 

We will systematically take action to report confirmed CSAM content to the National Center for Missing and Exploited Children.
CSAM consists of any visual depiction, including but not limited to photos, videos and computer-generated imagery, involving the use of a minor engaging in sexually explicit conduct.

Child safety point of contact   

You can reach out to [email protected] if CSAM content is detected. 

Privacy and Data Protection

Our app is committed to protecting user data, especially for children under 13, in compliance with applicable regulations.

The privacy policy is displayed clearly and is accessible from the app settings and our website

All data is encrypted during transmission and stored securely.

Ads and Monetization

Our app does not include ads or monetized content. 

Transparency and Disclosures

Data safety: Detailed information is provided as per Google Play’s Data safety form.

Content ratings: IARC 3+, L, E, 3, 3, USK 0

 

Validation and updates 

Regular internal testing is conducted to ensure compliance with Google Play’s child safety standards, including functionality reviews and content audits.

Policies are reviewed quarterly or as required to align with updated child safety standards.