Date of last update: 11/05/2021
CarryMe SAS attaches great importance to the protection of your personal data (or "personal data").
This Privacy Notice provides you with clear and detailed information about how your personal data is protected by CarryMe ("we").
As a data controller, we are responsible for collecting and processing your personal data in the course of our business. This Privacy Notice aims to inform you about the personal data we collect about you, why we use and share it, how long we keep it, what your rights are and how you can exercise them.
1. WHAT PERSONAL DATA DO WE USE ABOUT YOU?
We collect and use your personal data, i.e. any information that identifies you or allows you to be identified, only to the extent necessary to carry out our activities and to provide you with personalised and quality services.
Depending in part on the service we provide, we collect different types of personal data about you, including :
- Identifying information (e.g. gender, full name, gender, photo, e-mail) ;
- Private or business contact information (e.g. postal and e-mail addresses, telephone number);
- Data collected in the course of our interaction with you on our website, application, login and tracking data such as cookies, connection to online services, IP address), calls, instant messaging discussions, emails, interviews, telephone conversations.
We may collect the following special categories of personal data (or "sensitive data") only with your prior explicit consent:
- Health-related data: for example, in case of a request for transport of medication, its qualification (name of the medication) will be stored in CarryMe. But the medical prescription will be sent to the traveller, together with the medication, without storage in CarryMe; this data is only processed if strictly necessary;
We will never ask you to provide us with other sensitive data such as data relating to your racial or ethnic origin, political opinions, trade union membership, genetic data or data relating to your sexual life or orientation, unless we are required to do so by law.
2. TO WHOM IS THIS NOTICE ADDRESSED AND FROM WHOM DO WE COLLECT PERSONAL DATA?
We collect data directly from you (when you contact us, visit our website, use our services, participate in a survey or event we organise), but also data about other people indirectly. Indeed, we collect information about people even if they do not have a direct relationship with us because they have a relationship with you, for example:
- members of your family;
- non-family members;
When you provide us with personal data from third parties such as those listed above, please be sure to inform the person to whom the data relates that we are processing their personal data and direct them to this Privacy Notice. We will also provide them with this information where possible (for example, if we do not have their contact details, we will not be able to contact them).
3. WHY AND ON WHAT LEGAL BASIS DO WE USE YOUR PERSONAL DATA?
In this section we explain how and why we use your personal data and draw your attention to certain processing activities that we consider may have a greater impact on you and which in some cases require your consent.
a. To comply with our various legal or regulatory obligations
We use your personal data to comply with applicable regulations in order to :
- monitor operations and identify abnormal/unusual ones;
- managing, preventing and detecting fraud ;
- Monitor and report on risks (financial, credit, legal, compliance, reputational, default, etc.) that we and/or your company may face;
- record, if necessary, telephone conversations, instant messaging, e-mails, etc.
b. To perform any contract to which you are a party or to carry out pre-contractual measures taken at your request
We use your personal data to enter into and perform our contracts and to manage our relationship with you, in particular to
- Define your insurance risk score and determine an associated rating;
- assess whether we can offer you a service and under what conditions;
- assist you, in particular by answering your requests;
- provide you with services;
c. To serve our legitimate interests
We use your personal data for the following purposes:
- Risk management:
- managing, preventing and detecting fraud ;
- assert rights in court and defend ourselves in litigation;
- Personalize our offer and that of other entities of your Company to you for :
- improve the quality of our services;
- Security and performance management objectives for IT systems, including :
- managing information technology, including infrastructure (e.g. shared platforms), business continuity and security (e.g. user authentication);
- More generally:
- inform you about our services;
- Conducting customer satisfaction and opinion surveys;
- improving process efficiency (training our staff by recording telephone conversations in our call centres and improving our call scenarios);
- improve the automation of our processes, e.g. by testing our applications, processing complaints automatically, etc.
In all cases, our legitimate interest remains proportionate and we ensure, through a balancing test, that your interests or fundamental rights are safeguarded. If you would like more information about the balancing test, please contact us using the contact details in section 9 "How to contact us" below.
d. To respect your choice where we have asked for your consent to a specific processing operation
For certain personal data processing activities, we will provide you with specific information and invite you to consent to such processing. Please note that you can withdraw this consent at any time.
- - If we carry out further processing for purposes other than those set out in Section 3, we will inform you and, if necessary, obtain your consent;
- - If we process special categories of personal data (or "sensitive data") such as health-related data.
4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
a. Sharing of data
No personal data will be passed on to third parties through CarryMe.
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
In the case of international transfers from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place on the basis of a decision by the European Commission, where the Commission has recognised that the country to which your data will be transferred provides an adequate level of protection.
If we transfer your data to a country whose level of data protection has not been recognised as adequate by the European Commission, we will either rely on an exemption applicable to the specific situation (e.g. if the transfer is necessary to perform a contract with you, such as the execution of an international payment) or we will take one of the following measures to ensure the protection of your personal data:
- standard contractual clauses approved by the European Commission;
- binding company rules.
To obtain a copy of these data protection measures or to receive details of where they are available, you can send us a written request as set out in Section 9 below.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We retain your personal data for as long as is necessary to comply with applicable laws and regulations, for as long as is required for the purposes for which it was collected, or for as long as is necessary for our operational requirements, such as to enforce legal rights or to respond to requests from regulatory bodies.
Whatever your status:
Telephone recordings for the purpose of improving the quality of services and training our staff are kept for 6 months. Analysis documents resulting from these recordings are kept for 1 year.
Information relating to your identity and issued in connection with a request to exercise rights as set out in Section 7 is kept for a period of one to three years depending on the type of right, from the date of exercise of the right in question.
7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with the legislation applicable to your situation, you may exercise, where applicable, the following rights:
- Right of access: you may obtain information concerning the processing of your personal data and a copy thereof;
- Right of rectification: if you consider that your personal data is inaccurate or incomplete, you may request that it be amended accordingly;
- Right to erasure: you may request the deletion of your personal data, to the extent permitted by law;
- Right to restrict processing: you may request the restriction of the processing of your personal data;
- Right to object: you may object to the processing of your personal data on grounds relating to your particular situation. You have the absolute right to object at any time to your data being used for commercial prospecting purposes, or for profiling purposes if such profiling is linked to commercial prospecting.
- Right to withdraw consent: if you have consented to the processing of your personal data, you may withdraw that consent at any time.
- The right to portability of your data: where permitted by law, you may request the return of the personal data you have provided to us, or, where technically possible, the transfer of such data to a third party.
- The right to set out instructions on the retention, erasure or disclosure of your personal data, applicable after your death.
If you wish to exercise any of the above rights, please send a request by email to
Please include a scan/copy of your proof of identity, where necessary, so that we can identify you.
In accordance with the applicable legislation, in addition to the rights mentioned above, you may lodge a complaint with a competent supervisory authority.
8. HOW TO BE INFORMED OF CHANGES TO THIS PRIVACY NOTICE
In a world of constantly changing technologies, we may need to update this Notice regularly.
We invite you to review the latest version of this document online, and we will inform you of any significant changes via our website or through our usual communication channels.
9. HOW TO CONTACT US?
If you have any questions about our use of your personal data under this Privacy Notice, you can contact our Data Protection Officer who will deal with your request:
If you would like to know more about cookies and security, please see our policy.