• Home
  • Privacy policy

Privacy policy.

The purpose of this Privacy Policy is to inform the User about the processing of their personal data by the company CRISTOFF FRANCE, a simplified joint stock company with capital of 2000 euros, whose head office is located at 9 rue des colons – 75002 Paris , registered in the Paris Trade and Companies Register under number 953 938 750, and in the context of the use of the Application, as well as on the rights of the User in this context.


CRISTOFF, is concerned about the protection of Users' personal data and undertakes to protect them in accordance with the applicable regulations and in particular Regulation (EU) n°2016/679 of April 27, 2016 known as "General Data Protection Regulation » or “GDPR” and law no. 78-17 of January 6, 1978 as amended, known as the “Informatique et Libertés Law” (together the “Regulations applicable to data protection”).

The User's rights over their personal data can be exercised at any time with CRISTOFF by email to the following address: [email protected]. He will be asked for proof of identity.

Policy Summary

A. Personal data collected.

1. Registration and authentication
Data collected by the Firebase Authentication service. The purpose of the collection is to identify users of the platform, filter access and thus
  • Email address
  • Password
Usage statistics
Data collected by the Google Analytics service. The goal is to establish platform usage statistics.
  • Number of users
  • Number and duration of sessions
  • Operating systems
  • Geographical area

Personalization of the experience
With the aim of offering users an individualized service experience adapted to their expectations.
  • Sector
  • Main campus
  • Diploma year
  • International mobility
  • Disability
  • First and last name
  • Birthday
  • Gender
  • Profile picture
Content Sharing
To communicate with other users of the platform.
  • Pictures
  • Videos
  • Text

Mental health tracking
The objective is to help the user better manage their mental health.
  • Daily emotion (wheel of emotions)

B. Deletion of collected data and right to be forgotten.

Each user can at any time consult and delete all or part of the data collected about them and exercise their right to be forgotten. To do this, simply follow the following steps:

1. View the collected data and delete it in part.

a. My private data

To get there:

  • I log in to the app using my login details.
  • I go to the “profile” tab.
  • I click on “edit my personal profile”

I can then view all the data collected about me and modify or delete it. (Please note that certain data necessary for the operation of the service cannot be deleted, for total deletion with closure of my account see point 2 of this section).

b. My student data

To get there:

  • I log in to the app using my login details.
  • I go to the “profile” tab.
  • I click on “edit my student profile”

I can then view all the data collected about me and modify or delete it. (Please note that certain data necessary for the operation of the service cannot be deleted, for total deletion with closure of my account see point 2 of this section).

c. My data shared on the platform.

To get there:

  • I log in to the app using my login details.
  • I go to the “home” tab.
  • Then I click on the search button.
  • I then enter my username in the search bar, then I click on the result corresponding to my account.

I can then consult all the data that I have shared on the platform with other members. Then delete them one by one. (To delete all my shared data at once, see point 2 of this section).

2. Deletion of my entire data and closure of my account.

To delete all my data and close my account.

  • I log in to the app using my login details.
  • I go to the “profile” tab.
  • I click on “delete my account”
  • I enter my identifiers a second time to confirm my request.

All my data is then deleted, and my account closed.

The whole policy

1. Types of Data collected

The types of Personal Data that this Application collects directly or through third parties include: first name; surname; email address ; profile picture ; gender ; date of birth ; daily mood; publications (image, video, title, date and location); geographical area ; number of users; number of sessions; Operating systems. Full details of each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanatory texts published before the Data collection. Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when you use this Application. Unless otherwise indicated, all Data requested by this Application is mandatory and its absence may make it impossible for this Application to provide the Services. If this Application specifies that certain Data is not obligatory, Users are free not to communicate it without having consequences on the availability or operation of the Service. Users who have doubts about the mandatory Personal Data are invited to contact the Owner. Any use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application aims to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie policy, if available. Users are responsible for any third-party Personal Data obtained, published or communicated through this Application and confirm that they obtain the consent of the third party to provide the Data to the Owner.


2. Method and location of Data processing

2.1. Treatment methods

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Data. Data processing is carried out using computers or IT tools, following procedures and organizational methods closely linked to the purposes indicated. In addition to the Owner, the Data may be accessible, in certain cases, to certain categories of people responsible for the operation of this Application (administration, sales, marketing, legal department, system administration) or to external parties (such as suppliers third party technical services, messaging services, hosting providers, IT companies, communications agencies) designated, where applicable, as Subcontractors by the Owner. The updated list of these parts may be requested from the Owner at any time.


2.2. Legal basis for processing

The Owner may process Personal Data relating to Users if one of the following conditions applies:


  • Users have given their consent for one or more specific purposes; Please note: According to certain legislations, the Owner may be authorized to process Personal Data until the User objects (“opt-out”), without having to depend on consent or one of the bases following legal procedures. This condition does not, however, apply when the processing of Personal Data is subject to European data protection law.
  • The provision of Data is necessary for the execution of an agreement with the User or for any pre-contractual obligation thereof;
  • The processing is necessary to comply with a legal obligation to which the Owner is subject;
  • The processing is linked to a task carried out in the public interest or in the exercise of public authority vested in the Owner;;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will happily help you clarify the specific legal basis that applies to the processing, and whether the provision of Personal Data is a legal or contractual requirement, or a requirement necessary to enter into a contract.


2.3. Treatment locality

The Data is processed at the headquarters of the Owner and in all other places where the parties responsible for the processing are located. Depending on the User's location, data transfers may result in the transfer of the User's Data to a country other than their own. To find out more about the place of processing of this transferred Data, Users can consult the section which contains details on the processing of Personal Data. Users also have the right to know the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or created by two or more countries, such as the UN, as well as the security measures taken by the Owner to safeguard their Data. If such a transfer takes place, Users can find out more by consulting the relevant sections of this document or inquire with the Owner using the information provided in the contact section.


2.4. Storage time

Personal Data is processed and kept for as long as required for the purpose for which it was collected. Therefore:


  • Personal Data collected for purposes related to the execution of a contract between the Owner and the User must be retained until the contract is fully executed.
  • Personal Data collected for the purposes of the legitimate interests of the Owner must be retained for as long as necessary to achieve these objectives. Users can find specific information regarding the legitimate interests pursued by the Owner in the relevant sections of this document or by contacting the Owner.

The Owner may be permitted to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. In addition, the Owner may be obliged to retain Personal Data for a longer period whenever this is required for the performance of a legal obligation or by order of an authority.

Once the retention period has expired, the Personal Data will be deleted. Therefore, the right of access, the right of erasure, the right of rectification and the right to data portability cannot be applied after the expiration of the retention period.


2.5. Purposes of processing

The Data relating to the User is collected in order to enable the Owner to provide its Service, to fulfill its obligations, to respond to law enforcement requests, to protect its rights and interests (or those of its Users or third parties). ), to detect any malicious or fraudulent activity, as well as the following: Registration and authentication, Analytics, Contact management and sending messages and Access to third-party service accounts.

To obtain precise information on the Personal Data used for each purpose, the User can consult the “Detailed information on the processing of Personal Data” section.


2.6. User Rights

Users can exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw their consent if they have already given consent to the processing of their Personal Data.
  • Object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Details are added in the corresponding section below.
  • Access their Data. Users have the right to know whether Data is being processed by the Owner, to obtain information about certain aspects of the processing and to obtain a copy of the Data being processed.
  • Check and obtain a rectification. Users have the right to verify the accuracy of their Data and request that it be updated or corrected.
  • Limit the processing of their Data. Users have the right, under certain conditions, to limit the processing of their Data. In this case, the Owner will process their Data only to store it.
  • Have their Personal Data deleted or erased. Users have the right, under certain conditions, to obtain the erasure of their Data from the Owner.
  • Recover their Data and transfer it to another data controller. Users have the right to retrieve their Data in a structured, commonly used and machine-readable format and, if technically possible, to transmit it to another data controller without obstacles of any kind. This provision applies, provided that the Data is processed by automated means and that the processing is based on the consent of the User, on a contract to which the User is a party or on pre-contractual obligations.
  • File a complaint. Users have the right to lodge a complaint with their competent data protection authority.

2.7. Information regarding the right to object to processing

When Personal Data is processed in the public interest, in the exercise of official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a related reason. to their situation which must justify this opposition. Users should, however, know that if their Personal Data is processed for direct marketing purposes, they may object to this processing at any time without any justification. To find out if the Owner processes Personal Data for direct marketing purposes, Users may refer to the corresponding sections of this document.


2.8. How to exercise these rights

Any request to exercise the User's rights can be addressed to the Owner using the contact details provided in this document. These requests can be made free of charge and will be studied by the Owner as soon as possible and always within one month.

3. Additional information on Data processing and collection

3.1. Lawsuit

The User's Personal Data may be used for legal purposes by the Owner in court or in stages that may lead to legal action arising from inappropriate use of this Application or related Services. The User is aware of the fact that the Owner may be required to reveal Personal Data at the request of public authorities.


3.2. Additional information regarding the User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional information and contextual information regarding particular services or the collection and processing of Personal Data.


3.3. System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interactions with this Application (system logs) or use other Personal Data (such as IP address) for this purpose.


3.4. Information not included in this policy

Further information regarding the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact details at the beginning of this document.


3.5. How Do Not Track Requests Are Handled

This Application does not support “Do Not Track” requests. Refer to the privacy policies of third-party services to determine whether or not they agree to Do Not Track requests.


3.6. Changes to this Privacy Policy

The Owner reserves the right to make changes to this privacy policy at any time,

  • By informing its Users on this page.
  • Possibly in the iOS and Android Applications as long as this is technically and legally possible.
  • By sending a notification to Users through the contact details available to the Owner.

It is strongly recommended that you check this page frequently, referring to the date of last modification indicated at the bottom. If the modifications influence the processing activities carried out on the basis of the User's consent, the Owner must obtain new consent from the User when necessary.


Last updated: May 2, 2024