PRIVACY POLICY OF THE WYYLDE WEBSITE

You must be at least 18 years of age to access this website.

Last update: March 2023

We take great care to protect your personal data and comply with all privacy-related regulations, in particular EU Regulation 2016/679 of April 26, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and French law 78-17 of January 6, 1978, known as the “Data Protection Act,” as amended in 2018 (hereinafter «Applicable Legislation»).

We kindly ask that you carefully read the present privacy policy (hereinafter the «Politique »), which contains important information about how we collect, use, and transfer certain personal data both to meet your needs and to improve the quality of our services. The Policy applies to all types of personal data, regardless of its form (e.g., electronic, paper), and to all types of processing, whether manual or automated. The scope of the Policy covers the personal data we receive from our partners, subcontractors, consultants, customers, users, prospects, and suppliers, and more generally, from any third party we work with during the course of our business.

About us

The website https://app.wyylde.com/en-us/ (hereinafter the «Website») is provided by KOALA Interactive, a simplified joint stock company with a single shareholder, registered with the BOBIGNY Trade and Companies Register under the number 922 077 540, and headquartered at 121 rue Edouard Vaillant, 92300 Levallois-Perret, France (hereinafter «we», «our» or «us»).

Our data protection officer can be reached at the following email address: dpo@wyylde.com

Definitions

For informational purposes, we have defined the following terms which are used throughout the Policy

Informed consent: Any specific, informed, voluntary statement provided by the data subject authorizing the processing of their personal data.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive data or special categories of data: Personal data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, or a union membership, as well as genetic data, biometric data intended to identify a natural person, data relating to health, or data relating to the sex life or sexual orientation of a natural person.

Processing purpose: The main purpose for which we collect and process personal data.

Data subject: An identified or identifiable natural person.

Data controller: The person who determines the means by which data is processed, as well as the processing purposes.

Processing: Any operation (or set of operations) performed on personal data, both by automated and non-automated means, including any and all types of collection, recording, organization, storage, access, adaptation, modification, retrieval, use, examination, disclosure, dissemination, provision, arrangement, combination, freezing, deletion, erasure, or destruction.

Third party: A third party or business partner (such as one of our suppliers, subcontractors, or service providers), who, in connection with your actual or potential use of our services, sends personal data to us on your behalf or receives or accesses personal data on our behalf.

“You” or “user”: The natural person whose personal data is collected for processing in accordance with the Policy, and who is considered a data subject by the Applicable Legislation.

1. How do we collect your personal data?

We collect your personal data when you:

-create a user account on the Website;
-subscribe to a service on the Website;
-make use of the functionalities of the Website;
-subscribe to our newsletter.

2. Which personal data do we collect?

We collect the following personal data on the Website:

When you create a user account: email address, user name, password, language spoken, postal address, gender, sexual orientation, date of birth (if you sign up as a couple, we will also ask for your partner's date of birth), IP address.
When you subscribe to a service on the Website: email address, user name, payment details (IBAN, payment method, payment reference, amount, date, time of payment).
When you complete your profile on the Website: profile photo, city of residence, date of birth and age, gender, sexual orientation, height, body type, race, hair color, eye color, availability, any data indicated in your description.
When we authenticate your account: photo, user name, email address, ID.
When you make use of the functionalities of the Website: participation in events, organization of events, photos, videos, participation in trips (date, place, and details of the trip), data obtained from the statuses published in your profile, from published comments, from written messages, or from created pages or groups, any comments left while reporting inappropriate behavior, IP address, timestamp, technical data relating to your browser and equipment, and cookies and other trackers.
When you subscribe to our newsletter: email address.

Please note:

When collecting personal data, we respect the principles of accuracy and minimization: we therefore ensure all the personal data we collect is adequate, relevant, and limited to what is necessary for its potential use and its processing purposes. In other words, we only collect and process the data that is relevant and required for its intended purposes.

When using the Website, you may be asked to provide sensitive data such as your sexual orientation, your race, and your ethnic origins. Your informed consent serves as the legal basis for the collection of sensitive data. You may, at any time, revoke your informed consent to the collection of this data. However, if you do not specify your sexual orientation, then you will not be able to access the Website.

3. What are the various processing purposes?

Processing	Purposes
Provision of the free or paid functionalities of the Website	Management of accounts Management of subscriptions Authentication of accounts Access to the functionalities of the Website Audience development and production of statistics Targeted advertising Administration, support, and maintenance of the Website
Compliance with legal obligations	Assurance that users are of the legal age Detection of fraudulent activity in user accounts Requirements for criminal proceedings, for the prevention of attacks against public security, and for the safeguarding of national security The safeguarding of national security in the event of an actual or foreseeable threat Pursuit, assessment, and prosecution of criminal offenses
Management of the newsletter	Preparation of content Management of subscriptions Management of emails
Management of requests to exercise rights	Reception of requests via the tab on the Website or the electronic messaging service Processing and follow-up of requests Creation of a history of requests and the responses sent to users

4. What is the legal basis for the processing of personal data?

A precisely defined legal ground serves as the basis for the processing of any personal data we collect.

For processing performed on the Website, this legal ground is:

-your previously granted informed consent to the collection and processing of your sensitive personal data;

-our legitimate interests (e.g., to ensure the proper functioning of the Website);

-the need to fulfill contractual obligations (e.g., manage subscriptions or provide the functionalities of the Website);

-the need to comply with a legal obligation (e.g., detect, prevent, and combat fraudulent activities or verify users are of the legal age).

When we collect sensitive data (i.e., sexual orientation and race), we request your express informed consent by way of a check box created especially for this category of personal data.

5. Which security and confidentiality measures do we take to protect your personal data?

Technical and organizational measures	We take all the necessary technical and organizational measures to ensure the security, integrity, and absolute confidentiality of all the personal data we collect, use, store, and share. Our technical and organizational measures comply with all applicable standards to safeguard personal data against any accidental or unlawful loss or destruction, any unauthorized alteration, disclosure, or access, and any form of unlawful or unauthorized processing. These measures are implemented from the earliest stages in the planning of a processing operation to ensure privacy and data protection from the outset (“Privacy by design”). By default, we ensure personal data is processed in such a way to protect the privacy of users (e.g., by limiting access to only those persons who need to access the data), thereby assuring the data cannot be accessed by an indeterminate or excessively large number of people ("Privacy by default”).
Selection of partners and service providers	We select partners and service providers who can provide sufficient guarantees as to their ability to implement technical and organizational measures that are just as reliable as our own.
Documentation	We draft and maintain all the necessary documentation to demonstrate our compliance with all our obligations as per the Applicable Legislation.
Personal data breaches	When required by the Applicable Legislation, we shall notify the user and any other affected persons, as well as the competent supervisory authority, of any personal data breach once we have become aware – but no later than the end of the legal notification period – of such a breach. We agree to implement technical and organizational security measures to limit the impact of any personal data breach, and to ensure that such a breach does not occur again in the future.
Impact analysis	Before collecting, using, storing, or disclosing personal data in the context of a new project or the implementation of a new system, we carefully define the processing purposes and assess the privacy risks. In order to protect your privacy, and in light of the sensitive data we collect, we have conducted a privacy impact analysis of the processing operations on the Website to ensure all such operations comply fully with the Applicable Legislation.

6. How long do we keep your personal data?

We keep personal data only for as long as is necessary to fulfill the purposes for which it was collected and processed. After this time, the data is archived for the respective retention period defined in our data retention policy. The purposes of this archiving and the corresponding retention periods are specified below:

Applicable data	Retention periods
Data entered when creating a user account	Duration of the use of the Website For the date of birth, city of residence or postal address, and email address: duration of the use of the Website and five (5) years after the account is closed For the user name and password: duration of the use of the Website and one (1) year after the account is closed
Data entered when subscribing to a service	Duration of the subscription and five (5) years after the termination of the subscription For the payment method, payment reference, and amount: duration of the subscription and one (1) year after the termination of the subscription
Data entered in a user profile	Duration of the use of the Website
Data allowing for the authentication of a user account	Data is deleted immediately after the account is authenticated
Data entered when using the functionalities of the Website	Duration of the use of the Website For illegal content published on the Website: Six (6) months from the removal of said content from the Website For login information and protocols used to log in to the Website: one (1) year after the login
Newsletter subscription data and data for receiving notifications from the Website	Until the user unsubscribes

Third parties who process personal data on our behalf only retain said data for as long as is necessary for the purposes for which it was collected and processed, and for other legitimate purposes, which may include:

-Assisting with one of the processing purposes outlined above;

-The need to comply with a legal or regulatory obligation and applicable statutes of limitations;

-Defending against a legal or contractual claim (in which case the personal data may be retained until the end of the relevant statute of limitations, or in accordance with applicable litigation hold policies).

We take all reasonable steps to ensure that personal data is sufficiently accurate and up to date at each stage of its processing.

We encourage data subjects to help us keep their personal data up to date by exercising their rights, in particular their right of access and their right to rectification.

Inactive user accounts are deleted two years after the last login to the respective account.

7. What are your rights as a data subject?

We welcome all inquiries regarding your personal data, and as per the Applicable Legislation, offer you the possibility to access, rectify, delete, and restrict the processing of your personal data. You can also object to the processing of your personal data and exercise your right to data portability.

To exercise any of your rights, please contact us via the contact details listed above. You can also access your personal data via the special tab on the Website. If you feel that we have failed to respect your rights, you may file a complaint with the competent data protection authority, which in France is the CNIL (National Commission on Informatics and Liberty, https://www.cnil.fr/fr/plaintes).

Right of access	The right of access includes access to all the personal data relating to a data subject (as per the Applicable Legislation), to the processing purposes, to the categories of personal data processed, to the categories of recipients, and to data retention periods, and if necessary, the right to rectify, delete, or restrict the processing of personal data, etc.
Right to data portability	You may request a copy of all your personal data in a structured, commonly used format to allow you to exercise your right to data portability, insofar as this is permitted under applicable law.
Right to rectification	You may request that we correct, modify, or delete any personal data that is incomplete, inaccurate, or obsolete.
Right to erasure	You may request that your personal data be erased (i) if said personal data is no longer necessary for the purposes for which it was collected, (ii) you have revoked your consent to processing that was based exclusively on your previously granted consent, (iii) you have objected to the processing, (iv) the processing of the personal data is unlawful, or (v) the personal data must be erased to comply with one of our legal obligations.
Right to restriction of processing	You may request that the processing of your personal data be restricted (i) for the time we need to verify your claim that your personal data is inaccurate, (ii) if the processing is unlawful and you wish to restrict the use of your personal data instead of having it deleted, or (iii) if you would like for us to retain your personal data in the event that you need it to defend a legal claim.
Right to revoke consent	Whenever the processing of personal data is based on a previously granted consent, this consent may be revoked at any time. If you decide to revoke a consent, this will not affect the lawfulness of processing based on your consent prior to the revoked consent.
Right to object	You may also, at any time, object to the processing of your personal data if said data is used for marketing purposes to send you targeted ads. You can also object to having your personal data shared with third parties, or object to the processing of your personal data if said processing is based on our legitimate interests, unless we can demonstrate legitimate grounds for the processing that outweigh your rights and freedoms, or if said processing is necessary for the establishment, exercise, or defense of legal claims.
Right to decide fate of data	You have the right to define guidelines (general or specific) concerning the use of your personal data after you die.
Profiling	We do not make decisions based solely on profiling or automated processing that can have a legal effect or a significant impact on a data subject, except where such processing is required or permitted by applicable law, if the data subject has provided their consent, or the profiling is required to successfully execute a contract, and only when appropriate safeguards are put into place to protect the rights of the data subject.

8. With whom might we share your personal data?

Internal use: Our employees	Your personal data may be processed by our employees, but only within the limits of their respective responsibilities and for the purposes outlined in the Policy. In the case of internal use, our employees agree to fully respect the confidentiality of your personal data.
Disclosure to third parties	Personal data may be disclosed to third parties, but only to the extent that a legal justification exists for such sharing (e.g., the data subject has provided their consent, or the disclosure is necessary to execute a contract or pursue a legitimate goal that does not infringe upon the data subject's fundamental rights, including the right to privacy). For any disclosure, access to personal data is strictly granted on a “need-to-know” basis. When disclosure is necessary to comply with a legal obligation (e.g., for a government agency or a police force/security service), or as part of a legal proceeding, the personal data may be provided as long as the disclosure is limited to that which is required by law, and, if the law allows it, the data subject has been informed of the situation.
Our subcontractors	For hosting (AWS), we rely on trusted service providers based in the European Union. These hosting subcontractors are industry leaders when it comes to scalability, data availability, security, and performance, and offer well-documented business continuity plans. For the purposes outlined in the Policy, we also make use of the services of specialized companies such as Twilio, Hotjar, and Google.
Legal authorities	We may be required to transfer personal data to the competent judicial authorities in the context of legal requisitions.

9. Is your personal data transferred outside the European Union?

In order to process personal data in accordance with the purposes described in the Policy, we may be required to use service providers located outside the European Union.

If personal data is transferred to a third country whose legislation is believed to provide an insufficient level of protection for personal data, we ensure that adequate measures are put into place in accordance with the Applicable Legislation, and in particular, when necessary, that standard contractual clauses or equivalent ad hoc clauses are included in the contract entered into with the subsequent subcontractor.

10. Links to third-party websites

The Website may contain hyperlinks to third-party websites (in particular, event planner websites). Please note that if you click on these links and visit the respective websites, the latter (as well as all the services included therein) will be governed by their own privacy policies and terms of use. We shall not be held responsible if these privacy policies and terms of use do not comply with the Applicable Legislation.

Please note:

We recommend carefully reading the respective privacy policies and terms of use before providing your personal data and using these websites.

11. How do we process complaints?

We are committed to resolving all your legitimate privacy concerns. We carefully asses all claims of potential or actual breaches of the Policy or the Applicable Legislation, and take all reasonable steps to limit the impact of such breaches.

Please note:

If a complaint is not resolved to your satisfaction, we shall cooperate with the respective data protection supervisory authorities and follow their suggestions to resolve it. If we or the data protection supervisory authorities determine that our company, or one or more of our employees, has not complied with the Policy, we shall take the appropriate steps to reverse the effects of such non-compliance and promote full compliance in the future.

12. Changes to the Policy

We reserve the right to modify, amend, or update the Policy to take into account any legal, regulatory, jurisprudential, and/or technical developments. If significant modifications are made to the terms of the Policy (i.e., relating to the legal bases, processing purposes, or exercise of rights), we shall inform you in writing at least thirty (30) days before the modifications take effect. After this time, all Website usage will be dictated by the new terms in the Policy. All data subjects whose personal data is subject to the Policy acknowledge that only the online version of the Policy is binding.

BY ACCESSING THE WEBSITE, SUBSCRIBING TO THE NEWSLETTER, AND USING THE FUNCTIONALITIES OFFERED ON THE WEBSITE, YOU EXPLICITLY ACCEPT THE TERMS AND CONDITIONS OUTLINED IN THE POLICY.

13. Cookies on the Website

We use cookies to help us evaluate and improve the functionality of the Website. We may also use cookies for advertising or analytical purposes, as per your preferences and consent (which can be defined with our cookie settings tool).

Please note:

More information on how we use cookies can be found in our cookie policy, which you can view here.

Download PDF