Privacy Policy
Users’ Privacy Policy
February 2021 version
Table of content
- Information and transparency of Data Processing
- Some definitions
- Who is the Data Controller?
- What are the purposes and associated legal bases of the Data processing?
- Where does the Data come from?
- What are the transfers and recipients of the Data?
- How long is the Data retained?
- What are the rights of Users, Members, and Subscribers?
1. Information and transparency of Data Processing
The purpose of this document ("Privacy Policy") is to inform Users, Members, and Subscribers of the Benshi Website and Application about the Data Processing procedures performed by the company Saint Maur Entreprise SME (the "Company") as part of the Benshi Service, which consists of an editorialized offer of films for a young audience with recommendations by age, and allows account creation, profile creation, film rating, streaming, and video downloads for SVOD subscribers.
The Company is committed to data protection regulations under Regulation (EU) 2016/679 and the French Data Protection Act of 6 January 1978 (the "Data Privacy Regulation").
This Privacy Policy and the Cookies Policy are accessible via links at the footer of each page of the Website and Application.
The Privacy Policy may be modified at any time to account for evolutions in Data Processing or Data Privacy Regulations. Users, Members, and Subscribers should regularly visit the Website or Application to consult the latest version in force.
2. Some definitions
Terms with a capital letter have the definition given in this document, the Data Privacy Policy, and/or the GTU:
- Personal Data or Data: Any information related to an identified or identifiable natural person, such as a name, ID, location data, etc.
- Data Processing: Any operation performed on personal data, whether by automated means or not.
- Cookies or Tracers: Tracers that may be deposited or read, e.g., when consulting a website, mobile app, or software, including cookies and HTTP variables, Flash cookies, access to terminal information, etc.
3. Who is the Data Controller?
Saint Maur Entreprise, registered under number 811 752 112, publishes and hosts the Benshi Website and Application. As such, the Company is responsible for Data Processing performed.
The individuals concerned by the Data Processing are Users, Members, and Subscribers.
4. What are the purposes and associated legal bases of the Data processing?
The Company processes Data for the following purposes and legal bases:
| Data Subjects | Categories of Data | Purpose | Legal Basis |
|---|---|---|---|
| Users | Identification data (email, IP address) | Sending newsletters, personalization of the Service, statistical reports | Execution of pre-contractual measures, Legitimate interest, Consent |
| Members | Identity and contact info (name, email), technical data (logs) | Account management, community management, improvement of the Service | Contract execution, Consent, Legitimate interest |
Certain Data is mandatory and marked with an asterisk (*). Without this Data, registration and/or subscription cannot be finalized.
5. Where does the Data come from?
The Company collects Data from the following sources:
| Data Subject | Origin of the Data |
|---|---|
| Users | Cookies, newsletter subscription |
| Members | Cookies, account creation, subscription |
Members agree not to provide any Data of minors. They must use pseudonyms for minors and update their Data promptly.
The Cookie Policy describes Data Processing terms for cookies.
6. What are the transfers and recipients of the Data?
The Company ensures that only authorized recipients have access to the Data, with strict confidentiality and security protocols:
| Internal Recipients | External Recipients |
|---|---|
| Authorized personnel | Subprocessors (e.g., IT, billing) |
The Company may disclose Data under legal obligations, court orders, or for protection of rights.
The Company does not sell Data to third parties, and all Data is hosted within the European Union.
7. How long is the Data retained?
Data retention periods are based on legal and contractual constraints:
| Processing | Retention Duration |
|---|---|
| Member Data | Duration of contract + 3 years |
| User Data | 3 years from collection |
| Technical Data | 1 year from collection |
| Cookies | 6 months |
After these periods, Data is either deleted or anonymized.
8. What are the rights of Users and Members?
a. Right of access and copy
Users and Members have the right to confirm if their Data is ## Rights of Users and Members Regarding Data
Right of Access
Users and Members have the right to access their Data, i.e. the right to obtain all information relating to the Processing of Users' and Members' Data.
Users and Members may request a copy of the Data, and in the event of a repeat request, the Company may charge the administrative costs incurred by the Users and Members to provide the new copy.
If requests are made electronically, the Data will be provided in a commonly used electronic format unless otherwise requested.
The Company will not comply with requests for access and copying where:
- (i) such requests involve confidential Data,
- (ii) applicable law does not permit disclosure of such Data, or
- (iii) such requests are unreasonable, i.e., made solely for the purpose of causing harm to the Company.
Right of Rectification
Users and Members have the right to request the rectification of Data concerning them that are obsolete or erroneous in relation to the purposes of the Processing.
Right to Erasure
Users and Members have a right to the deletion of their Data in the following limited cases:
- Data are no longer necessary for the purposes for which they were collected or otherwise processed;
- Users and Members withdraw the consent on which the processing of the Data is based and there is no other legal basis for the processing;
- Users and Members object to processing necessary for the Company's legitimate interests and there is no compelling legitimate reason for the processing;
- Users and Members object to the processing of Data for commercial prospecting purposes;
- Data has been processed illegally, which has been established by the CNIL in the context of a control of the latter and a final decision of conviction;
- Data must be deleted to comply with a legal obligation to which the Company is subject.
Right to the Restriction of Processing
Users or Members may request the restriction of processing if:
- Accuracy of the Data is disputed, during the time of verification, the Company will restrict the processing;
- Processing is unlawful, which has been established by the CNIL in the context of a control and a final conviction decision, the Users or Members requesting the restriction of the Processing on the Data instead of their deletion;
- Company no longer needs the Data for processing purposes but the Data is necessary for the Users and Members to contest, exercise or defend legal rights;
If the request for restriction meets the above conditions, the Data, with the exception of its retention, may only be processed:
- (i) with the consent of the Data subject;
- (ii) for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important reasons of public interest.
If the Company were to waive the restriction on processing, prior information would be sent to the Users or Members.
Right to Portability
Users or Members have the right to Data portability in cases where Users or Members have themselves communicated such Data in the course of online services offered by the Company and for purposes based solely on the consent of the Data Subject and the performance of a contract.
In this case, the Data will be communicated in a structured, commonly used and machine-readable format either to the Users or Members or directly to another Controller when technically possible.
Automated Individual Decision Making
The Company does not implement automated individual decision making.
Post-Mortem Rights
Users and Members have the right to express directives concerning the retention, deletion and communication of their post-mortem Data.
Exercise of Rights, and Right to Lodge a Complaint
The User or Member must formulate these requests to exercise their rights themselves and prove their identity on this occasion. The Company reserves the right to request the communication of any element allowing the identification of the User or Member, such as a copy of an identity card.
To exercise their rights, Users or Members or their beneficiaries must contact the Company at infos@benshi.fr or by post to the attention of BENSHI - SME, Customer Service at the following address: 4 bis, rue Vital 75016 Paris.
The Company shall do its utmost to respond to requests within a reasonable period of time and, at the latest, within one month of receiving the request.
However, in the event that the processing of requests proves to be complex or that the Company is faced with a large number of requests to exercise rights simultaneously, the processing time may be extended by two months.
After contacting the Company, if the User or Member believes that his or her "Data Protection" rights have not been respected, he or she may submit a complaint to the CNIL.