Privacy Policy
https://tulyp.io/ website (the “Website“) or has agreed to use the services provided by SmarTrade SAS (“SmarTrade“, “we“, “our “) through the Website as part of a transaction with an account owner.
When you are using the Website and services offered through it (the “Services“), we may collect and process your personal data.The purpose of this Privacy Policy (the “Privacy Policy“) is to inform the users of the Services and Website (“User(s)“, “you“, “your“) about how we collect and process your personal data, in compliance with the applicable French and European legislation, including French Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, Regulation (EU) No. 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“) and Directive 2002/58/EC of 12 July 2002 as amended by Directive 2009/136/EC (“ePrivacy Directive“), and any national transposition text or any subsequent text that may follow them (together, “Applicable Regulations“).It is very important to us to respect your privacy and protect your personal data.It is important that you read this Privacy Policy so that you know how and why we process and use your personal data.We regularly update the Privacy Policy in order to comply with any legislative, regulatory, jurisprudential, editorial or technical changes. The date of the latest update is 04/04/2023.
1. DefinitionsThe terms “personal data”, “process/processing”, “data controller”, “processor”, “data subject”, “recipient(s)” and “consent” have the same meaning as given in Article 4 of GDPR.
2. ScopeThis Privacy Policy applies to our processing of your personal data where we act as a data controller with respect to the Services and the Website. This Privacy Policy does not apply to our processing of your personal data on behalf of third party services providers (providing services to You through the Website (“Third Parties“), where we act as a data processor. For the latter, please refer to privacy policies of Third Parties who act as data controllers for processing of certain of your personal data.The Website include links to Third Parties’ websites, plug-ins and applications. Clicking on these links may allow Third Parties to collect your personal data. We do not control these Third Party websites and are not responsible for their processing of your personal data.
3. Data ControllerThe data controller for processing your personal data collected on our website and/or when you are using our Services is SmarTrade SAS– a company incorporated under the laws of France, having its registered office at 1 rue de Stockholm 75008 Paris, France and registered under number 910 471 838 RCS Paris, and the contact details of which can be found in Article Contact information.
4. What personal data is collected?We may collect, use, store and transfer various types of personal data from following categories (the list of examples of data for each category may not be exhaustive) regarding users of the Website:
- Identification data: name(s), surname, title (Sir/Madam), date of birth;
- Contact data: telephone number, email address, postal address;
- Professional information: role/job title, department of employment;
- Authentication data: user identifiers, hashed password, hashed password salt;
- Commercial relationship data: KYC completed or in progress, Services provided or in progress, ownership of a wallet, Rapyd reference;
- Invoice and payment information: postal address, payments due and received, banking account information including: account holder name, bank information status (validated/rejected/pending validation), IBAN number, primary account or not
- Communications data: messages sent to us via contact forms or emails, any correspondence from you that may be sent to us, other users of the Services (as part of a transaction), or any exchanges with us, sender user ID, reception user ID;
- Content data: your personal data such as full name or contact data (i) contained on the documents uploaded on the Website, (ii) that may transit through our Services or (iii) may be hosted by us for the purpose of providing them and providing support for such services;We do not intentionally collect any special categories of data (such as health, sexual orientation, religious beliefs, etc.). If the Content data contains any special categories of data, we do not have any knowledge of it.We also collect non-personal data
5. Why do we collect your personal data?The table below describes why we use your personal data for which we are data controller, and what is the legal basis for such use.
When you are using the Website and services offered through it (the “Services“), we may collect and process your personal data.The purpose of this Privacy Policy (the “Privacy Policy“) is to inform the users of the Services and Website (“User(s)“, “you“, “your“) about how we collect and process your personal data, in compliance with the applicable French and European legislation, including French Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, Regulation (EU) No. 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“) and Directive 2002/58/EC of 12 July 2002 as amended by Directive 2009/136/EC (“ePrivacy Directive“), and any national transposition text or any subsequent text that may follow them (together, “Applicable Regulations“).It is very important to us to respect your privacy and protect your personal data.It is important that you read this Privacy Policy so that you know how and why we process and use your personal data.We regularly update the Privacy Policy in order to comply with any legislative, regulatory, jurisprudential, editorial or technical changes. The date of the latest update is 04/04/2023.
1. DefinitionsThe terms “personal data”, “process/processing”, “data controller”, “processor”, “data subject”, “recipient(s)” and “consent” have the same meaning as given in Article 4 of GDPR.
2. ScopeThis Privacy Policy applies to our processing of your personal data where we act as a data controller with respect to the Services and the Website. This Privacy Policy does not apply to our processing of your personal data on behalf of third party services providers (providing services to You through the Website (“Third Parties“), where we act as a data processor. For the latter, please refer to privacy policies of Third Parties who act as data controllers for processing of certain of your personal data.The Website include links to Third Parties’ websites, plug-ins and applications. Clicking on these links may allow Third Parties to collect your personal data. We do not control these Third Party websites and are not responsible for their processing of your personal data.
3. Data ControllerThe data controller for processing your personal data collected on our website and/or when you are using our Services is SmarTrade SAS– a company incorporated under the laws of France, having its registered office at 1 rue de Stockholm 75008 Paris, France and registered under number 910 471 838 RCS Paris, and the contact details of which can be found in Article Contact information.
4. What personal data is collected?We may collect, use, store and transfer various types of personal data from following categories (the list of examples of data for each category may not be exhaustive) regarding users of the Website:
- Identification data: name(s), surname, title (Sir/Madam), date of birth;
- Contact data: telephone number, email address, postal address;
- Professional information: role/job title, department of employment;
- Authentication data: user identifiers, hashed password, hashed password salt;
- Commercial relationship data: KYC completed or in progress, Services provided or in progress, ownership of a wallet, Rapyd reference;
- Invoice and payment information: postal address, payments due and received, banking account information including: account holder name, bank information status (validated/rejected/pending validation), IBAN number, primary account or not
- Communications data: messages sent to us via contact forms or emails, any correspondence from you that may be sent to us, other users of the Services (as part of a transaction), or any exchanges with us, sender user ID, reception user ID;
- Content data: your personal data such as full name or contact data (i) contained on the documents uploaded on the Website, (ii) that may transit through our Services or (iii) may be hosted by us for the purpose of providing them and providing support for such services;We do not intentionally collect any special categories of data (such as health, sexual orientation, religious beliefs, etc.). If the Content data contains any special categories of data, we do not have any knowledge of it.We also collect non-personal data
5. Why do we collect your personal data?The table below describes why we use your personal data for which we are data controller, and what is the legal basis for such use.

6. Who are the recipients of your personal data?
6.1 Data transferred to the authorities and/or public bodiesIn accordance with the regulations in force, personal data may be forwarded upon request to the competent authorities, courts, officers of the law, ministerial officers, debt collection or public bodies, exclusively for SmarTrade to satisfy its legal obligations.
6.2 Use of data by SmarTrade and its partners/subcontractorsYour personal data may be used by SmarTrade, its subcontractors, affiliates and/or, if applicable, by its business partners, for the purposes described in Article 5 above.SmarTrade’s staff, auditors and SmarTrade’s subcontractors may have access to your personal data as part of providing the Website and/or the Services;Third Parties such as Rapyd and Defacto that may receive your personal data as independent data controllers. In this case, any such processing would be subject to privacy policies of such providers. For example, to complete your KYC, we may share Identification ata, Contact dara, Professional information, with other regulated electronic communications service providers;
6.3 Transfer outside of the European UnionYour personal data are not processed by us, acting as data controller, outside the European Union.
7. Security of your personal dataSmarTrade undertakes to take all the necessary precautions and organizational and technical measures in order to preserve the security, integrity and confidentiality of your personal data, and, in particular, to protect such data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to it.We require that third parties with whom we contract to respect the security of your personal data and to process it in accordance with Applicable Regulations.
8. Retention periods of your personal dataSmarTrade undertakes not to keep your personal data beyond the period strictly necessary for the purposes for which it was collected, and in accordance with the Applicable Regulations, as well as any laws and regulations, including taxing and accounting.SmarTrade undertakes to anonymize or delete your personal data as soon as the purpose and/or the duration of their established retention expire.After having served its main purpose, personal data may be archived for auxiliary purposes, such as of researching, investigating and prosecuting criminal offenses, ligation, or accounting and tax purposes. Archiving implies that this personal data will be subject to limited access restrictions.In order to determine retention periods of your personal data, we take into account:Volume, origin and category of personal data;Potential risks arising from fraudulent use or unauthorized disclosure of personal data; andPurposes for which the personal data has been processed.As an example, please find below some established retention periods:Bank account information: deleted when linked company data is deleted or every client account of the linked company has been deleted;Identification data and Contact data: as long as the account is valid or until the user to whom they belong requests deletion;Partner’s information i.e its Contact data and Identification data: until the transaction to which the partner is a party is completed or until the partner requests deletion.
9. What are your rights regarding your personal data?In accordance with the Applicable Regulations, you have the right to:access to your personal data,rectification of your personal data;erasure of your personal data (subject to any SmarTrade’s needs that should be justified, to retain personal data, for example with respect to its legal obligations);restriction of processing of your personal data (subject to limitations provided in Applicable Regulations);object to processing of your personal data (subject to limitations provided in Applicable Regulations);withdraw your consent, if the processing of your personal data was based on your consent;portability of some of your personal data (subject to limitations provided in Applicable Regulations);provide SmarTrade with instructions regarding the use of your personal data after your death;lodge a complaint with the CNIL or the supervisory authority of the Member State of the European Union in which you normally reside.To exercise the rights mentioned in this Article, you may contact SmarTrade at data@tulyp.io.
10. Contact informationFor any questions concerning the processing of your personal data, you can address your request directly to SmarTrade by contacting it at data@tulyp.io.SmarTrade will endeavour to find a satisfactory solution to ensure compliance with the Applicable Regulations.This Privacy Policy applies to any person who creates an account on the