| PRIVACY POLICY METAFLIGHT – OCTOBER 2022 |
METAFLIGHT, a simplified joint stock company, with a capital of 10 000 Euros, registered with the Paris Trade and Company Register, under number 913 734 208, having its registered place of business at 229 Rue Saint Honoré, 75001 Paris – France (« METAFLIGHT »), pays particular attention to the protection of personal data and undertakes, within the framework of this privacy policy (hereinafter the “Privacy Policy“), to protect them in accordance with the applicable regulations and in particular the Regulation ( EU) No. 2016/679 of April 27, 2016 known as the “General Data Protection Regulation” or “GDPR” and Law No. 78-17 of January 6, 1978 as amended, known as the “Data Protection Act” as amended (the “Law Applicable to Data Protection”).
METAFLIGHT publishes an online platform offering various immersive experiences related to the world of aviation, and in particular, initiation to piloting via a serious game (the “Platform“). The purpose of the Platform involves an exchange of data, including personal data (the “Personal Data“) (i) between users of the Platform (the “Data Subjects“), and (ii) between Data Subjects and METAFLIGHT. The Data Subjects, within the meaning of the present, are either users benefiting from a free test (the “Free Users“) or users who have contracted a subscription with METAFLIGHT in accordance with the general conditions of sale (the “Premium Users“).
The processing of Personal Data thus implemented through the Platform is operated by METAFLIGHT, in its capacity as data controller, within the meaning of the Law Applicable to Data Protection. As a result, METAFLIGHT undertakes to always comply with legal and regulatory requirements, and to only process Personal Data under the conditions set out below.
METAFLIGHT processes the following Personal Data of Data Subjects:
| Concerned person | Purpose | Legal basis | Categories of data processed |
| Data Subject | Management of the opening and use of the account | Execution of the general terms of use | Full name E-mail address Date of birth Address Phone number Username Photography (together the ‘Identifying Data”) Connection logs IP address |
| Premium Users | Purchasing a subscription and/or products; invoicing | Execution of the general terms of sale | Connection logs Identifying Data |
| Premium Users | Conversion of miles into FlightCoins; FlightCoin management | Execution of the general terms of use and consent | Connection logs Identifying Data |
| Premium Users | Use and management of the messaging service between Data Subjects | Execution of the general terms of use | Username Any Personal Data that may be communicated during exchanges |
| Data Subjects | Newsletter | Consent | E-mail address |
| Data Subjects | Operational management of the Platform by METAFLIGHT (support and after-sales service in particular) | Execution of the general terms of use | All Personal Data processed through the account of the Data Subject |
| Data Subjects | Communication of METAFLIGHT with the Data Subject by any means made available on the Platform (contact email, contact telephone, etc.) | Execution of the general terms of use and consent | E-mail address Full name Any information that will be communicated by the Data Subject when making contact |
| Data Subjects | Improved performance and functionality of the Platform | Legitimate interest of METAFLIGHT | Statistical usage data (cookies) Full name IP address Connection logs |
| Data Subjects | Litigation management | Legitimate interest of METAFLIGHT | Any Personal Data |
| Data Subjects | Prevention and detection of fraud, malware, and management of security incidents | Legitimate interest of METAFLIGHT and legal obligation | Connection logs IP address |
The mandatory or optional nature of the entry of Personal Data is specified during collection, by an asterisk affixed next to the data to be entered in a mandatory manner. The mandatory communication of certain Personal Data is necessary for METAFLIGHT to implement the purposes specified above. The optional data allow METAFLIGHT to better know the Data Subject in order to provide him/her with services more suited to his/her needs.
In accordance with the general conditions of use, the Personal Data of the Data Subject is collected through his/her account and during his/her use of the Platform is kept as long as the Data Subject uses the Platform. The Personal Data of the Data Subject is kept:
The Premium User’s bank details are kept for the legal retention period.
Beyond the aforementioned durations, the Personal Data is archived by METAFLIGHT, in a secure environment, for the legal period of limitation for the purposes of proof for the establishment, exercise or defense of a legal right.
Unless there is a legal or judicial obligation requiring it to do so, METAFLIGHT will never disclose, assign, rent or transmit the Personal Data it processes to third parties.
Without prejudice to the foregoing, the Data Subject is informed that METAFLIGHT uses third-party service providers to provide part of the operational management of the Platform. For the purposes of performing their tasks, these third parties may be recipients of the Personal Data:
METAFLIGHT undertakes to make its best efforts to:
METAFLIGHT undertakes not to transfer Personal Data to countries outside the European Union that have not been recognized by the European Commission as ensuring an adequate level of protection (i) without having previously obtained the express written authorization of the client and (ii) without the implementation of legal instruments recognized as appropriate by the Law Applicable to Data Protection to frame the transfer(s) concerned.
Some METAFLIGHT partners and/or service providers mentioned in Article 3 above are part of groups of companies whose holding entity is located outside the European Economic Area. As a result, the Personal Data of Data Subjects may be transferred to third countries. The Data Subject is informed that these companies may be subject to legal, governmental, or judicial obligations to disclose data, including Personal Data, regardless of where such data is hosted.
METAFLIGHT always ensures that these transfers are made under appropriate conditions of security and confidentiality to guarantee a level of protection of the Personal Data of Data Subjects equivalent to the level required within the European Union, in accordance with the Law Applicable to Data Protection, where applicable by concluding with them the standard contractual clauses adopted by the European Commission.
Data Subjects always have the following rights over their Personal Data:
The rights of Data Subjects to their Personal Data may be exercised at any time with METAFLIGHT by email at the following address: https://metaflight.aero/contact-us/.
The Platform may contain hypertext links to third-party websites. METAFLIGHT has no control over the content of third-party websites referenced by hypertext links. These websites are published by third-party companies independent of METAFLIGHT. METAFLIGHT cannot therefore assume any responsibility for the content, advertising, services or any other information or data available on or from these sites. Consequently, the Data Subject acknowledges being solely responsible for the access and use of these sites. METAFLIGHT cannot be held responsible for any proven or alleged damage or loss resulting from or in connection with the use or the fact of having trusted the content, goods, or services available on these sites.
METAFLIGHT uses cookies for the proper functioning of the Platform and to monitor and analyze traffic on it. A “cookie” is a small data file sent to the Data Subject’s browser by a web server and stored on the hard drive of his/her computer or other computer medium. They do not in any way risk damaging the said support.
The information collected through cookies is solely and strictly intended for METAFLIGHT, in compliance with the Law Applicable to Data Protection. Cookies from third-party publishers (Google, Facebook, Twitter) allow these publishers to access the information collected through their cookies, according to the methods specified in the table below.
Personal Data processed through cookies is kept by METAFLIGHT for the lifetime of the corresponding cookies and, in any event, for a maximum of thirteen (13) months, beyond which the consent of the Data Subject is requested again.
METAFLIGHT uses the following cookies:
| Strictly Necessary Cookies Some cookies used by METAFLIGHT are strictly necessary to make the Platform work properly. They are generally only established in response to actions carried out by the Data Subject on the Platform and which require a request for services or the completion of forms. The Data Subject can define the parameters of his/her web browser to block the use of these cookies, but certain functionalities of the Platform will no longer be accessible. These cookies do not store information that personally identifies the Data Subject. | |
| Cookie’s name | Duration of the conservation |
| Performance cookies These cookies allow the Platform to provide functionality and personalization of the user experience, based on their previous visits and selections. | |
| Advertising targeting cookie These cookies may be set by METAFLIGHT’s advertising partners through the Platform and may be used to build a profile of the interests of the Data Subject to present him/her with relevant advertisements on other websites. | |
The Data Subject is free to consent to the use of all or part of the cookies (other than cookies which are strictly necessary for the operation of the Platform) used by METAFLIGHT on the Platform. The Data Subject can make his/her choice during his/her first connection by clicking on the categories of cookies that he accepts. The Data Subject is also free to withdraw their consent to the use of cookies at any time, by clicking on the following link: [insert link “Change your consent”].
The Data Subject can also configure their browser to accept cookies or disable them.
Cookie instructions on the most used browsers are available at the following links:
The Platform uses the following social network plug-ins:
When the Data Subject interacts through these plug-ins, their browser establishes a direct connection with the servers of the corresponding social network. The content of the plug-in is immediately transmitted by the Data Subject’s browser to the social network and saved on its servers. By integrating this plug-in, the social network is informed that the Data Subject has consulted the Platform. It can thus associate the navigation of the Data Subject on the Platform with his/her user account of this social network, if necessary. If the Data Subject does not want the social network to collect data concerning him/her through the Platform and link it to his/her user account on the social network, the Data Subject must log out of the corresponding social network before visiting the Platform. If the Data Subject is not a member of the social network, it is nevertheless possible that it collects and registers his/her IP address.
In any case, METAFLIGHT has no control over the exact content of the data thus collected. The use of the plug-ins is exclusively operated respectively by the social networks and governed by their general conditions of use, available at the following addresses:
Facebook® is a registered trademark and the exclusive property of Meta Platforms Inc. Twitter® is a registered trademark and the exclusive property of Twitter Inc. LinkedIn® is a registered trademark and the exclusive property of Microsoft Inc.
Nous rappelons que nous n’avons pas réalisé d’audit de la Plateforme, de sorte que nous n’avons qu’une vision théorique des traitements qui pourraient être opérés au travers de celle-ci. La politique a donc été rédigée en partant du principe que ces traitements étaient mis en œuvre, et que les mesures de sécurité adéquates, retranscrites dans la politique, étaient effectivement mises en place. Nous vous invitons à vérifier les éléments proposés et valider ceux-ci au regard de votre pratique effective.
Notamment, les catégories de données traitées peuvent être modifiées ou détaillées.
Un tel service de messagerie entre utilisateur existe-t-il ? Si oui, s’applique-t-il bien uniquement entre les personnes ayant souscrit un abonnement ?
Si vous collectez des données non strictement nécessaires à l’utilisation de la plateforme, il convient alors de faire apparaître, de manière claire, quelles données sont obligatoires et lesquelles sont facultatives.
Il en est de même lorsque tous les champs sont obligatoires.
Nous avons mentionné que cela se ferait par un astérisque, mais il peut s’agir de tout autre moyen (champs surlignés, grisés, etc.).
A valider au regard de notre commentaire dans le tableau concernant la newsletter.
A vérifier et à compléter si nécessaire (prestataire pour l’envoi des newsletters, messagerie interne, etc.).
Cet article a vocation à détailler quelles sont les mesures de sécurité que METAFLIGHT met en œuvre.
Nous avons prévu des éléments « standards », néanmoins il convient de détailler / modifier cette clause si nécessaire, et notamment ajouter toutes les mesures techniques et organisationnelles appropriées pour garantir un niveau de sécurité adapté au risque (ex : pseudonymisation et chiffrement des données, etc.).
Les textes imposent une durée de conservation des cookies de max 13 mois. Au-delà, le consentement de la personne doit de nouveau être sollicité (bandeau cookie qui doit réapparaitre).
A noter que certains cookies ont des durées de vie illimitées, pour cela il importe de mettre des règles d’automatisation des consentements tous les 13 mois.
Avez-vous recours à un gestionnaire automatique de cookies (ex : CookieBot) ? Si tel n’est pas le cas, il convient de compléter le tableau ci-dessous. Si en revanche, vous avez recours à un tel gestionnaire, nous pourrons modifier cet article en supprimant le tableau et en ajoutant quelques mentions relatives aux cookies.
