Privacy Policy

PRIVACY POLICY

Preamble

By accessing and/or using the www.phebe-consulting.com website, you acknowledge that you have read, understand and agree to be subject to all the terms and conditions set out in this document. If you do not agree with this policy, you should not use the site and its related services and you should not provide us with your personal data.

Identification of the data controller

The person in charge of the personal data file is : Mr. Marc FRANCON

Legal basis

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or "GDPR").

French law no. 78-17 of January 6, 1978 on data processing, data files and individual liberties.

Personal data collected and use of the site

Data used

Lorsque vous utilisez nos formulaires, vos données à caractère personnel sont collectées. Ces données nous permettent simplement de vous identifier et faciliter la prise de contact. Dès lors, l’utilisateur fournit ses informations en toute connaissance de cause.

Data transmission

The person in charge of the site, undertakes not to transfer or sell your personal information to third parties, nor to use it for unintended purposes.

Your rights

In accordance with the General Data Protection Regulation, you have the right to access, modify and delete your personal data. To exercise your rights or for any request, send an email directly to: contact@phebe-consulting.com

Cookies

What are cookies? A cookie is a small file containing text that a website saves on your computer or mobile device when you visit that site. Cookies are widely used to make a website work, or to make it work more efficiently, as well as to provide information to the site owners.

Statistics and audience measurement

The website uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter "Google") which helps us to analyze the use of the website. For this purpose, Google Analytics uses cookies, which are text files placed on your computer. The information generated by the cookie about your use of the website - such as Internet access data (including your IP address) and your anonymous visitor behavior - is transmitted to and stored by Google for a limited period of time, including on servers in the United States. In accordance with the certification of the data protection shield, Google declares that it complies with the framework defined by the EU-US data protection shield. Google may transfer the information collected by Google Analytics to third parties where required by law or where such third parties process the information on Google's behalf. The Google Analytics Terms of Use state that Google will not associate the data subject's IP address with any other data held by Google. You may refuse the use of cookies from Google Analytics by downloading and installing the Google Analytics Opt-out browser add-on.

Social networks

The site relies on certain services offered by third-party sites to enhance its interactivity. These include Share buttons (LinkedIn, Twitter, Facebook, Reddit, Instagram).

About PHEBE Platform services

First of all, we want to be transparent by informing you of the need to collect certain information about you. However, rest assured that we only collect essential data, in line with the principle of data minimization. The personal information we collect and process for specific purposes includes registration data and the KYC process. Please note that there are different types of registration, depending on your role as an issuer or shareholder/investor.

- Transmitter registration :

When an issuer creates an account to start using PHEBE services, he/she provides us with an e-mail address that will be used as a login and a password to access his/her account.
Les données et documents KYC : Sexe, prénom, nom, date de naissance, nationalité, numéro de téléphone, adresse, photo de profil, preuve d'adresse, statut de la société, enregistrement de la société, coordonnées bancaires.

- Shareholder registration :

When a shareholder creates an account to start using PHEBE services, he or she provides us with an e-mail address to use as a login and a password to access his or her account;
KYC data and documents: gender, first name, surname, date of birth, nationality, telephone number, address, profile photo, proof of address, company status, company registration, bank details;
Portfolio configuration data: the address of your ETHEREUM portfolio is required. By creating your own decentralized wallet, you avoid having your assets controlled by a third party, which means you have 100% control of your assets because they are stored on the blockchain and not on a third-party server.

Documents required for STO/DSO :

- due diligence (this is an in-depth investigation of a company's activities, the associated risks, and its financial situation and prospects. It is essentially an exercise in gathering all relevant information (financial, commercial and legal). This document may contain personal data;
- term sheet (document describing the conditions under which an investor (angel or venture capitalist) will make a financial investment in your company) ;
- memorandum (legal document setting out the objectives, risks and conditions of an investment) ;
- appraisal report (type of written report detailing the inspection and market value of the asset studied).

‍Why does PHEBE collect and process your personal data?

PHEBE uses your personal data for :

- register as a new user of our services and administer your account: identify and manage your account, provide the services and secure your account ;
- manage the platform and services ;
- manage our relationship with you.

What about compliance with regulations ?

Indeed, as you may have noticed, the KYC process is a necessary step before using our services. This issue deserves further discussion. The growth of the FinTech industry has led to an increased demand for regulation, particularly in the fight against financial crime. Anti-money laundering (AML) and know-your-customer (KYC) are widespread in the financial world. KYC or "Know Your Customer" can be defined as the process of verifying a customer's identity. AML practice is broader than KYC, and refers to measures used by financial institutions and governments to prevent and combat financial crime, in particular money laundering and the financing of terrorism. In this context, PHEBE appears as an infrastructure that reinforces investor confidence and market transparency. It is therefore only natural that all these legal requirements should be applied by our company.

How do we work in practice ?

For the KYC verification process, we use the Lemon Way KYC digital solution. Lemon Way builds agile KYC automation solutions.

KYC Registrar Smart-Contract :

Our platform uses the Extended ERC-20 Standard (ETHEREUM) protocol to simplify reporting requirements and regulatory oversight. A smart KYC registrar contract is implemented for on-chain compliance that is transparent and easily auditable by regulators. This is an ISO 17442: LEI code structure (which is designed to uniquely and unambiguously identify participants in financial transactions).

This smart contract architecture has been designed with the GDPR principles of data minimization and privacy in mind. The personal data contained in the smart contract for the identification and authorization process is the full legal name in capital letters and the date of birth. But it's important to note that, to comply with CNIL requirements, there is no unencrypted personal data on the blockchain. An identification hash and a random 12-digit number are used to make the data unreadable and incomprehensible to any third party.

‍How does PHEBE store and share your personal data?

Personal data collected and processed is hosted in secure databases, using third-party hosting services provided by Amazon Web Services (AWS). The AWS infrastructure implements robust safeguards to help protect customer privacy. All data is stored in highly secure AWS data centers. AWS offers several security capabilities and services to enhance confidentiality and control network access. These include integrated network firewalls in Amazon VPC and web application firewalls in AWS WAF, which allow you to create private networks and control access to your instances and applications; customer-controlled encryption in transit with TLS across all services; automatic encryption of all traffic on AWS global and regional networks between secure AWS facilities. You can find out more about Amazon Web Services' security practices on their website.

International transfers :

AWS is certified under the EU-US Privacy Shield Framework, which requires similar protection for personal data shared between Europe and the United States. For more details, see the European Commission website: EU-US Privacy Shield.
PHEBE does not share personal data collected for commercial purposes.
PHEBE will disclose your personal data when ordered to do so by a court of law, in connection with a government or police investigation or other legal requirement, to comply with legal process, or to assist in the prevention or detection of crime.

‍How does PHEBE protect your information ?

Security is an important part of our business. We take appropriate security measures to prevent your personal data from being lost or accessed in an unauthorized manner, modified or disclosed.
As you may have noticed, when a user (issuer or shareholder) creates a 12-digit password to start using our services, a confirmation code is sent to them using their e-mail address (two-factor authentication).
All data is encrypted via SSL/TLS (Secure Sockets Layer) when transmitted from our servers to your browser to prevent unauthorized parties from viewing or accessing the personal information you provide during a secure session.
For data storage purposes, we use the AWS system as explained above, which is a guarantee of security.
We regularly implement practices to update our physical, technical and organizational security measures.

‍Know your rights and how to exercise them

You should be aware of your privacy and data protection rights.

These rights are as follows :

- access to your personal information ;
- rectification, if you have inaccurate or incomplete personal information ;
- limit or restrict the use of your information ;
- deletion and right to be forgotten : the right to have your information deleted or to restrict our use of your data ;
- portability in certain circumstances, in order to obtain your right to a transferable version of your personal information for transfer to another provider ;
- consent management, in order to exercise your right to withdraw your consent to the processing of your personal data.

To exercise any of these rights, please write to us at contact@phebe-consulting.com and we will consider your request in accordance with data protection regulations. For your protection, we must ask you to provide proof of identity to enable us to respond to the above requests.

‍Combien de temps PHÉBÉ conserve-t-elle vos informations ?

We store your information :

- only for as long as necessary to achieve the objectives defined in this policy ;
- as long as your account is active or as long as necessary to provide you with the services ;
- for the duration of your business relationship with us.

We will also retain and use your information to the extent necessary to comply with applicable law, such as MIFID II, which allows us to retain your KYC data for one year before renewing it.

Changes to the Privacy Policy

This site and its services reserve the right to make changes to this privacy policy by posting a new version on the website. This new version will take effect immediately. Each time you use the website and its services, you agree to be bound by the new privacy policy as amended from time to time. The site manager therefore encourages you to consult this page regularly to keep abreast of any changes.