Privacy Policy

1. Who are we?

Artepole

Data Controller

M. Mitaine Yves
Email : mitaineyves@artepdev.com

Tilteur is a B2B SaaS platform for creating interactive games and quizzes.

---

2. Our commitment

We are committed to protecting the privacy of our users. This privacy policy explains what data we collect, why, how we use it, and what your rights are.

Core principle: we never sell, rent, transfer or share your personal data with third parties for commercial or advertising purposes.

---

3. What data do we collect?

3.1 Data you provide directly

When you create your account and use the Service:

• Identity: first name, last name, company name (for professionals);
• Contact: email address;
• Professional: business registration number (where applicable);
• Content: games, quizzes, settings and all content created on the Platform.

3.2 Automatically collected data

During your use of and navigation on the Service:

• Technical data: browser type, operating system, language;
• Session data: session identifiers, technical cookies (see our Cookie Policy).

If you use Tilteur via a Shopify, PrestaShop, WordPress or other connector, we receive and store data about your end customers (identifier, email address, game and quiz answers, technical session identifier) as a data processor within the meaning of the GDPR. You remain the data controller. The terms of our data processing are set out in our GTC.

3.3 Payment data

Transactions are processed by our secure payment provider. We never store your credit card numbers. We only receive:

• Payment confirmation;
• Transaction identifier;
• The last 4 digits of the card (for your invoice).

---

4. Why do we collect this data? (Purposes)

We do not carry out any profiling and do not make any fully automated decisions about you.

---

5. Who has access to your data?

5.1 Internal access

Your data is strictly accessible to:

• The sole data controller (M. Mitaine Yves);
• Any technical subcontractors listed below.

5.2 Subcontractors

We use the following subcontractors, all bound by GDPR-compliant contracts:

No data transfer outside the European Union is carried out, unless the subcontractor concerned provides sufficient GDPR guarantees (certification, standard contractual clauses).

5.3 No sharing with third parties

We never share, sell, rent or transfer your personal data:

• To advertisers or advertising networks;
• To commercial partners;
• To data brokers;
• To social networks for targeting purposes.

Your data is only disclosed to third parties in the following cases:

• Legal obligation: response to a lawful judicial or administrative request;
• Protection of our rights: defence against legal action;
• Your explicit consent: if you expressly ask us to share your data.

---

6. How long do we keep your data?

Upon expiry of these periods, your data is securely deleted (erasure, anonymisation or pseudonymisation).

---

7. How do we protect your data?

We implement the following technical and organisational measures:

• Encryption: all data in transit is encrypted via HTTPS/TLS;
• Hashing: passwords are hashed (never stored in plain text);
• Restricted access: your data is accessible only to authorised personnel;
• Secure backups: regular backups with encryption;
• Security updates: regular Platform maintenance;
• Anonymisation: usage statistics are anonymised.
• Availability: the Service is maintained at 99% uptime on a monthly basis (excluding scheduled maintenance) to ensure continuous access to your data.

---

8. Your rights (GDPR)

In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights:

8.1 Right of access (Article 15)

You may obtain confirmation that data concerning you is being processed, and access that data along with information about its processing.

8.2 Right to rectification (Article 16)

You may have inaccurate data corrected or incomplete data completed.

8.3 Right to erasure — right to be forgotten (Article 17)

You may request the deletion of your data in the following cases:

• The data is no longer necessary for the purposes for which it was collected;
• You withdraw your consent (where processing is based on consent);
• You object to the processing and there is no overriding legitimate reason;
• The data has been unlawfully processed.

Limitation: this right does not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

8.4 Right to restriction of processing (Article 18)

You may request the suspension of processing of your data in certain cases (accuracy contested, unlawful processing, etc.).

8.5 Right to data portability (Article 20)

You may receive your data in a structured, commonly used and machine-readable format, and transmit it to another controller. This right applies to data you have provided and which is processed by automated means on the basis of contract or consent.

8.6 Right to object (Article 21)

You may object to the processing of your data based on the legitimate interest of the controller, on grounds relating to your particular situation. We will then cease processing unless there are compelling legitimate grounds that override your interests, rights and freedoms.

8.7 Right not to be subject to automated decision-making (Article 22)

We do not carry out profiling and do not make any fully automated decisions with legal effects concerning you.

8.8 How to exercise your rights?

You may exercise your rights:

• By email: mitaineyves@artepdev.com;
• By post: M. Mitaine Yves, ------µ-----, France.

Response time: we undertake to respond within a maximum of one (1) month. This period may be extended by two (2) additional months for complex requests, with prior notice.

Proof of identity: for security reasons, we may ask you for a copy of a valid identity document. This copy will be kept only for the time needed to verify your identity, then destroyed.

Free of charge: exercising your rights is free. However, for manifestly unfounded or excessive requests (in particular due to their repetitive nature), we reserve the right to charge a reasonable fee or refuse to act.

---

9. Complaint to the CNIL

If you believe, after contacting us, that your rights are not being respected, you have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French supervisory authority:

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
• Phone: +33 1 53 73 22 22

---

10. Changes to this policy

We may update this privacy policy to account for:

• Legislative or regulatory developments;
• Changes to our practices;
• New processing purposes.

Any substantial change will be communicated to you by email or via a notice on the Platform, with 30 days prior notice. The date of the last update is shown at the top of this page.

---

11. Contact

For any questions about this privacy policy or the protection of your data:

Data Controller
M. Mitaine Yves
Email : mitaineyves@artepdev.com

---

12. Governing Law and Language

12.1 Applicable Law

This Privacy Policy is governed by French law, in particular Law No. 78-17 of January 6, 1978 as amended (Data Protection Act) and Regulation (EU) 2016/679 of April 27, 2016 (GDPR).

12.2 Language and Prevailing Version

This Privacy Policy is originally drawn up in French. It has been translated into English for the convenience of international Users. In the event of any discrepancy, contradiction, or ambiguity between the French version and this translated version, the French version shall prevail and shall be used as the sole reference for the interpretation of any dispute submitted to French jurisdiction or any data protection authority.

The User acknowledges having had the opportunity to review the French version and accepts that the French text shall govern the processing of their personal data by the Editor.