Nap&Up aims for you to benefit from its services while ensuring that your privacy and personal data are respected in accordance with the applicable data protection legislation.
Data protection policy
Nap&Up limits the collection of your data to what is strictly necessary for the operation of the business.
Nap&Up also works to respect the general principles regarding the protection of personal data, in particular, by EU Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as GDPR).
According to European legislation, personal data is defined as “any information relating to an identified or identifiable natural person”. (Article 4 GDPR)
This is aimed at any operation or set of operations carried out or not using automated processes and applied to personal data or data sets, such as collection, registration, organization, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction” (Article 4 GDPR)
The company Nap&Up, SAS with capital of €7,905 whose registered office is located at 103 rue Jean Jaurès 92800 Puteaux. Registered with RCS 824 004 485. As a service provider.
Types of data collected
Data relating to your identity (Last name, First name, Date of birth)
Contact data (Email, Password)
Company data in which you work (Company code)
Information about booking a nap slot (Date, Time, Cocoon Name)
Information about your preferences (Audio)
Platform usage information (Login, Login Time, Time of Login).
Nap&Up does not collect or process sensitive data.
Timing of data collection
Your data is collected by Nap&Up
- when an account is created
- when the app is being used to book a nap time slot
- when audios are bookmarked
Lawfulness of data processing
Nap&Up, in accordance with Article 6.1 GDPR, is required to process your personal information for one or more specific purposes to which you have consented.
It may collect your personal information as part of the contract that binds you to it.
It may also be asked to collect your personal data in the event of a necessary legal obligation to which it is subject.
Purpose of the collection and legal basis
|Purposes of personal data collection||Legal basis for data collection|
|The information collected allows the creation of a Nap&Up account in order to access the various services offered by the platform||Article 6.1, a) GDPR: data processing is necessary for the performance of the contract, the provision of services.|
|The information collected makes it possible to reserve a nap time||Article 6.1, a) GDPR: data processing is necessary for the performance of the contract, the provision of services.|
|The information collected ensures that the audio tracks are put in the favorites section||Article 6.1, a) GDPR: data processing is necessary for the performance of the contract, the provision of services.|
|The information collected allows us to improve our services and our platform.||Article 6.1, f) GDPR: processing is necessary due to legitimate interests pursued by the controller.|
Collected personal data is only intended for the Company Nap&Up.
Transfer of data abroad
Nap&Up does not transfer your data to a third country in the European Union.
Your data is hosted in Belgium but is only processed by our services and our subcontractor in France.
Nap&Up ensures the security of your data against disclosure, loss, destruction, alteration and unauthorized access. As well as the anonymization of your personal data. For this purpose, Nap&Up uses the following means:
- Data retention on a non-public database.
- HTTPS model usage on all of its application to secure personal data
- User password encryption
Data retention time
Nap&Up undertakes to keep your data only for a strictly necessary period of time for the purposes stated above.
Thus, Nap&Up will keep your data one year after your account is deleted. Then, the information will be deleted from our servers.
Right of access: any data subject may ask the controller whether their personal data is a processed asset (Article 15 of the GDPR).
Right to rectification: any data subject may ask the controller that the personal data concerning him or her which are inaccurate be rectified as soon as possible (Article 16 of the GDPR).
Right to erasure: any data subject may ask the controller to have his or her personal data deleted as soon as possible. The latter cannot object (Article 17 of the GDPR).
Right to restriction of processing: any person may ask the controller to limit their data in the event that they refer to one of the situations set out in Article 18 of the Regulation.
Right to data portability: any data subject may obtain the personal data concerning them and communicate them to another controller.
Right of opposition: any data subject may, because of their personal situation, object at any time to the processing of personal data concerning them, in two cases provided for in points e and f of Article 6 §1 of the GDPR. Except as provided in Article 21 of the GDPR.
Automated individual decision: any person concerned may decide not to be subject to a decision based on automated processing also including profiling (Article 22 GDPR).
You can find more information on the CNIL’s website, https://www.cnil.fr/en/the-droits-pour-maitriser-vos-donnees-personnelles
If you wish to exercise any of these rights, you can contact Nap&Up at email@example.com
Or by mail: Nap&Up, 103 rue Jean Jaurès 92800 Puteaux
The Company Nap&Up will ensure that you are well informed of any changes.
For any information, reporting of illegal content or activities, you can contact Nap&Up by email at firstname.lastname@example.org, or by mail at Nap&Up, 103 rue Jean Jaurès 92800 Puteaux