Version updated on November 28, 2022
We attach great importance to the protection of your personal data. As such, when collecting and processing it we are guided by these four principles:
- Transparency: we explain what we collect and why we collect it, so that you can make the most well-informed decision possible;
- Security: all the data that you have entrusted to us benefits from strong security;
- Legal guarantees: we respect data protection laws;
- User benefit: when we collect data, it is in order to improve the service and experience we offer, on our websites, apps and with our products.
These principles are the foundations on which we wish to grow: in an increasingly connected world, we choose to give our users the widest possible control of their data and to protect the data that is entrusted to us. Our aim is to offer you the best products and the best services.
1. GENERAL INFORMATION.
2. PROCESSING DATA COLLECTED BY PARROT.
3. DATA RETENTION AND DELETION.
4. SHARING PERSONAL DATA WITH THIRD PARTIES.
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION.
6. CONTROLLING PERSONAL INFORMATION SHARED WITH PARROT.
7. LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS.
8. PROCEDURES FOR SECURITY AND PROTECTION OF PERSONAL DATA.
9. MANAGEMENT OF PERSONAL DATA OF MINORS.
10. INFORMATION ON BANKING DATA.
11. COOKIE INFORMATION.
12. AMENDMENT OF OUR POLICY.
13. CONTACT US.
APPENDIX 1 - AIMS OF PROCESSES UNDERTAKEN BY PARROT.
APPENDIX 2 - THIRD PARTY ACTING ON THE WEBSITE.
1. GENERAL INFORMATION
Parrot Drones SAS, a simplified joint-stock company with capital of €60,627,825.00, whose head office is located at 174, quai de Jemmapes in Paris (75010), France, registered at the Paris Trade and Companies Registry under number 808 408 074 (hereinafter "Parrot" or "we") is responsible for processing your personal data.
The Regulations on Personal Data (hereinafter the "Regulations") encompass the regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (regulation known as "GDPR") and any law or regulation that might apply these.
Personal data (hereinafter "Personal data") refers to any information relating to an identified or identifiable natural person who may be identified personally, directly or indirectly, in particular by means of an identifier, such as a surname, first name, an identification number, location data or an online username. The data we collect may therefore include your strictly personal data, insofar as it allows you to be identified as a particular person. Conversely, some data does not allow us to identify you directly, such as your profession or your browsing data (the type of browser, terminal and operating system, the path followed on the website, etc.) but is nevertheless considered as Personal Data because it is attached and/or attributable to the former.
This Policy is an integral part of the terms and conditions of sale on the Website and the conditions of use of the Apps. By accepting the general conditions of sale of the Website and the conditions of use of the Apps you expressly accept the provisions of this Policy.
Please read this document carefully in order to be aware of and understand the practices regarding the processing of your Personal Data that we implement and the rights that you are entitled to.
2. PROCESSING DATA COLLECTED BY PARROT
When you use our Website and/or our Apps, your consent will be required prior to any collection of your Personal Data. Parrot and its affiliates may exchange such Personal Data and use it in accordance with this Policy. You do not have to give us all of the Personal Data that we ask for. However, if you choose not to share it, access to certain services implemented by our Website and/or our Apps may be limited.
Any information that you may have provided to Parrot during your visits to our Website or when using our Apps is strictly confidential. Among other things, this information is necessary for processing orders on the Website or implementing the services offered by the Apps.
For more information, please consult the table that appears in Appendix 1, summarising how Parrot processes Personal Data through its Website and Apps.
2.1. Legal basis for the processing of Personal Data
In accordance with the Regulations, most of the processing referred to in this Policy has received your prior consent.
Processing that has not received your consent are rendered necessary for carrying out our contractual obligations in relation to the services offered on the Website and/or our Apps, are dictated by a legal obligation incumbent upon us or based on a legitimate interest.
As part of this legitimate interest, Parrot may occasionally contact its professional customers to present its current and future products.
2.2. Types of Personal Data collected by Parrot
Personal Data that you share with us
When you use the Website and/or the Apps, you may be required to voluntarily share your Personal Data with us. Most particularly, this Personal Data is transmitted to Parrot when:
- You create a Parrot.Cloud user account via the Website and/or the Apps;
- You use the Website and/or the Apps;
- You take part in competitions, surveys;
- You contact our customer services department.
These Personal Data includes the following elements: your surname, first name(s), password, email address, date of birth, telephone number, technical flight data (including geolocation and serial number of the drone). The optional nature of the data is communicated to you when it is collected.
When using FreeFlight 7 application, you may share with Parrot pictures taken automatically by the Drone sensors. On the pictures collected, faces and texts are blurred automatically before being sent to Parrot.
Personal Data that Parrot automatically collects
By browsing our Website, we automatically collect cookie data that allow or facilitate the electronic communication or are strictly necessary for the provision of an online communication service.
When turning on your Drone for the first time and connecting to it with your Terminal (as defined below), we automatically collect the following data: the serial number of your drone, the origin address of the network connection, and the type of Terminal you use to access or connect to the Apps.
Personal Data that Parrot obtains from third parties
If you download an app through an app download platform and make in-app purchases, if you connect to our Website and/or our Apps via social media, we will have access to certain Personal Data in accordance with the general conditions of use of the platforms and the social network concerned (for more details on social media, please refer to article 7 "LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS").
2.3. Authorisation to access the features of the Terminal
Our Apps enable the products sold by Parrot to be used on a computer, tablet, smartphone, phone, etc. (hereinafter the "Terminal"). A request to access the geolocation services or storage of the Terminal may be required for the proper functioning of our Apps. We invite you to read the instructions on your Terminal to learn how to modify the authorisation settings granted to an app and to control the sharing of personal details or access to the storage of the Terminal. Under no circumstances will Parrot collect Personal Data relating to these authorisations.
3. DATA RETENTION AND DELETION
We keep your Personal Data as long as necessary, particularly to fulfil our contractual obligations, comply with our legal obligations or resolve disputes. We retain some of your Personal Data for as long as you have a Parrot.Cloud account.
Upon your request, we will delete or anonymize your Personal Data so that you can no longer be identified, unless the law authorises or compels us to retain certain Personal Data, particularly in the following situations:
- If there is an unresolved issue with your account, such as an outstanding debt or an unresolved claim or litigation, we will retain the necessary Personal Data until the issue is resolved;
- If we are required to retain Personal Data as a result of legal, tax, auditing and accounting obligations, we will retain the necessary Personal Data for the period required by the applicable law; and/or
- If this data is required for our legitimate interests, such as fraud prevention or the security of our users.
In addition, Parrot may on its own initiative anonymize some of your Personal Data.
In all other circumstances, we will retain your Personal Data for a period that we deem reasonable.
For more information, please consult the table that appears in Appendix 1, summarising how long Parrot retains your Personal Data for processing it via its Website and Apps.
4. SHARING PERSONAL DATA WITH THIRD PARTIES
We will not transmit your Personal Data to third parties who may use it for commercial purposes without your express consent.
We may share Personal Data with other entities of the Parrot Group within the scope of this Policy. Entities of our group refers to any company owned or controlled directly or indirectly by Parrot.
In accordance with applicable law and with your consent when required, we may aggregate the Personal Data that we receive or send to our business partners, including any or all of your Data collected via cookies.
We rely on trusted third parties to carry out various operations on our behalf. We can provide them with the information they need to carry out a given service and request that they do not use your Personal Data for any other purposes. We may be required to transfer certain Personal Data to them if it is required for (i) the operation, management, maintenance of our Website and/or our Apps; (ii) ensuring that the tasks necessary for the fulfilment of your order on the Website (technical services, payment services, verification of identity) are completed or ensuring the fulfilment of the services offered by the Apps; (iii) implementing certain elements of the after-sales service; (iv) combating fraud; (v) responding to requests from the authorities.
Your Personal Data may therefore be transferred to a third party when we have a legal obligation to do so or if we believe in good faith that this is necessary to (a) comply with any legal request; (b) comply with any requests from the authorities; (c) in an emergency involving public health or the physical integrity of a person; (d) in the course of enquiries and investigations; or (e) to secure the rights, property and safety of Parrot and more generally any third party.
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
We store your Personal Data in servers located in the European Union. However, it is possible that the Personal Data we collect when you use our Website and/or our Apps are transferred to other countries, some of which may have less protective personal data protection legislation than the one in force in the country where you reside. We undertake to take all the measures required to ensure that contractual commitments with these third parties are in accordance with the Regulations. These measures may include checking the standards applied by these third parties for the protection of personal data and security and/or the signing of appropriate contracts (based on the model adopted by the European Commission).
We can use the services of subcontractors located outside the European Union, particularly for managing your order on the Website, responding to your requests for after-sales services, providing online payment tools or providing us with commercial and advertising services. This is also the case for Parrot affiliates located outside the European Union to whom we may transfer some of your Personal Data for the purposes of providing our services in those countries.
For more details on the transfer of your Personal Data outside the European Union, please contact us at the following address: firstname.lastname@example.org.
6. CONTROLLING PERSONAL INFORMATION SHARED WITH PARROT
6.1 Rights relating to your Personal Data
In accordance with the Regulations in force, you have a set of rights relating to the Personal Data relevant to you, including:
- A right of access: you can obtain a copy of all your data processed by Parrot, as well as information about the nature of the processing of your data.
- A right to rectification: you can obtain the rectification and/or completeness of your inaccurate and/or incomplete data.
- A right to erasure: you can obtain the erasure of your data when (i) this data is no longer necessary for the purposes for which it was collected, (ii) you exercise your right to oppose the processing concerned, or (iii) the processing concerned is illicit. However, this right does not apply when it is necessary for Parrot to store your data to comply with a legal obligation or to exercise rights in court;
- A right to restriction of processing: you can obtain a restriction of processing of your data when you dispute the accuracy of the data for a period of time that allows Parrot to carry out the appropriate verifications. It is the same when Parrot no longer needs the data but it is still required by you to defend a right in court, or when you exercise your right of opposition, for the time required by Parrot to examine your request. When such a limit is put in place, the data can only be processed, except for its retention, with your consent or for the defence of a right in court.
- A right to portability: you can obtain the data that you have provided to Parrot and which is used by Parrot as part of the processing necessary to fulfill your contract, in a structured, commonly used and machine-readable format, and its transmission by Parrot to another provider where this is technically possible.
- A right to object: you can request that Parrot, for reasons relating to your particular situation, stops processing your data in order to pursue its legitimate interests. Parrot will then cease such processing unless it justifies its legitimate and compelling interests over your rights and freedoms.
- A right to define general and specific guidelines defining the manner in which you intend to exercise the above rights after your death.
6.2 Procedure for exercising your rights
To exercise your rights over your Personal Data, you can email your request (i) to the address email@example.com or (ii) send it by mail to Parrot Drones SAS, Data Protection Officer, 174 quai de Jemmapes, 75010 Paris (France); giving your surname, first name, email address and if possible your customer reference. In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.
6.3 Lodging a complaint with the supervisory authority
You also have the right to lodge a complaint with the French supervisory authority or that of the country in which your habitual residence is located if you consider that the processing carried out by Parrot violates the provisions of the European Regulation on the protection of personal data. As an example, in France, the supervisory authority in charge of compliance with personal data obligations is the Commission Nationale de l'Informatique et des Libertés (CNIL).
7. LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS
7.1. Login to Parrot.Cloud via Google/Apple unique authentication mechanism
You have the option of connecting to a Parrot.Cloud account through Google/Apple unique authentication mechanism, which makes it easier to register or connect. A first connection via Google/Apple unique authentication mechanism means that you will always be able to connect to your Parrot.Cloud account this way. You can unlink these accounts at any time if you wish.
We draw your attention to the fact that if you decide to let us access some of your information, including your Personal Data, through connection services provided by third parties, their privacy policies can also legally bind you. We have no control over the collection or processing of your Personal Data carried out by third parties on their own platform.
When you choose to connect to your Parrot.Cloud account via Google/Apple unique authentication mechanism, Google/Apple may ask you to share information with Parrot. If you choose to share information, Google/Apple will usually ask you to specify what information you want to share.
7.2. Social media plug-ins
Social media plug-ins may be present on the Apps. By clicking on one of these buttons (for example Facebook's "Share" button), information is exchanged with the social media site concerned. If you are connected to the social media site at the same time, information may be relayed to your account by the social media site. This social media site can also display it on your profile and share it with other members of your network.
8. PROCEDURES FOR SECURITY AND PROTECTION OF PERSONAL DATA
In order to ensure the protection and confidentiality of the Personal Data communicated to us, we use the technical, physical and procedural control measures that are implemented during the collection, processing and transfer of your Personal Data. As such, we have put in place various measures, including pseudonymisation, encryption, access and retention policies.
We also apply security procedures limiting the use and access to your Personal Data on our servers. Only authorised personnel are permitted, in the course of their work, to access your Personal Data.
9. MANAGEMENT OF PERSONAL DATA OF MINORS
In accordance with Regulation on Personal Data, the collection of Personal Data of a child under sixteen (16) is permitted only with the valid consent of the person who has parental authority. If you are under the age of sixteen (16) and do not have the consent of your parent or legal guardian, please do not provide any Personal Data. If we learn that we have collected the Personal Data of a child under the age of sixteen (16) without the valid consent of the parent or legal guardian, we will remove them unless otherwise agreed by the parent or legal guardian.
10. INFORMATION ON BANKING DATA
For the purposes of paying for orders, bank details are collected and kept by our service providers in terms of payment. These comply with the PCI-DSS requirements, an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus secure the protection of card and transaction data.
11. COOKIE INFORMATION
Technical cookies that make the Website working: they are indispensable and allow you to use the basic functionalities of the Website. These cookies allow especially to: navigate on the Website in a secure way, add products in your purchasing basket. These cookies are always activated on the Website. Personal data collected are IP address. The data controller is: Parrot Drones.
Web analytics cookies: they allow us to collect information on the way people browse our Website, like the number of peoples browsing the Website or the more visited webpages. We use this information to make sure people browsing the Website find appropriate content, measure performance indicators of the Website, identify error messages for solving bugs. These cookies are used by Parrot Drones and by a third-party company (see Appendix 2). If you don’t accept these cookies, we won’t be informed of your visit of our Website. The consent for using these cookies is valid 6 months. Personal data collected are user ID determined in a random way. The data controller is Parrot Drones.
Performance cookies: these cookies allow us to see if people scrolled down the screen and where they clicked on the site. These cookies are used by Parrot Drones and by a third-party company (see Appendix 2). The consent for using these cookies is valid 6 months. Personal data collected are device’s IP address and user ID. The data controller is Parrot Drones.
12. AMENDMENT OF OUR POLICY
It may be the case that we have to make changes to this Policy. We advise you to regularly consult the page dedicated to the collection and processing of Personal Data on the Website to be aware of any changes or updates to our Policy.
13. CONTACT US
If you have any questions relating to this Policy or any requests relating to your Personal Data and/or you wish to exercise your rights, you can contact us (i) via the following address: firstname.lastname@example.org; or (ii) by post to Parrot Drones SAS, Data Protection Officer, 174 quai de Jemmapes, 75010 Paris (France). In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.
APPENDIX 1 - AIMS OF PROCESSES UNDERTAKEN BY PARROT
|AIMS||DATA TYPES||PERIOD OF RETENTION||APPS/SITE|
|Creation of a Parrot.Cloud account||Name, surname, email
Date of birth (only Parrot.com)
|2 years from the last account use||PARROT.COM,
|Online order management (purchases on the Website)||Name, surname, email, billing and delivery address||
2 years from the last customer order.
Except for invoices where data are stored for 10 years from the order.
|Management of the existing/prospective customer database. Marketing Activities||Name, surname, email, billing and delivery address||2 years from the last action of the existing/prospective customer (either most recent order, or confirmation of renewed interest)||PARROT.COM|
|Contact after sales services||
Name, surname, email, address, phone number.
Serial number of the drone
|2 years from the closure of the last case.||PARROT.COM|
|Help after-sales service to analyze flights problems
Online storage of historical flight data
|User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the user, serial number of the drone, blurred images selected by an algorithm.||2 years from the closure of the last case. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud.||FREEFLIGHT 7|
|User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the user, serial number of the drone.||2 years from the closure of the last case.||FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*.|
|Products and services improvement||User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the user, serial number of the drone, blurred images selected by an algorithm.||2 years from the last date of collection of the data. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud.||FREEFLIGHT 7|
|User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the user, serial number of the drone.||2 years from the last date of collection of the data.||FREEFLIGHT 6, FREEFLIGHT THERMAL|
|Online storage of flight plans||User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the user, serial number of the drone, blurred images selected by an algorithm.||2 years from the last date of collection of the data. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud.||FREEFLIGHT 7|
|Following activation statistics||Serial number of the drone, IP address of the network connection, type of terminal.||5 years from activation.||FREEFLIGHT 7, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*.|
|Identify the cyberattacks||Connection logs and account connection to the different services of Parrot Cloud: IP address, account name of Parrot Cloud, login hours.||1 year from the last date of collection of the data.||PARROT.COM, FREEFLIGHT 7, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*.|
|4 G linking server (SIP server): connection diaries containing name and surname of the user, IP address of the drone, IP address of the phone/remote control, serial number of the drone, the reference of its “secure element” (security physical component in the drone) and login hours.||1 year from the last date of collection of the data.||FREEFLIGHT 7|
|Sending of anonymous data: IP address, login hours.||1 year from the last date of collection of the data.||PARROT.COM, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*.|
*LEGACY APPLICATIONS: FREEFLIGHT JUMPING, A.R DRONE FREEFLIGHT 2, FREEFLIGHT MINI.
APPENDIX 2 – THIRD PARTY ACTING ON THE WEBSITE
|AIMS||DATA TYPES||PERIOD OF RETENTION||APPS/SITE|
|Payment online (purchases on the Website)||See third-party website||See third-party website||PayPal|
|Web analytics cookies||User ID chosen randomly by Google Analytics||14 months||Google Analytics|
|Tag management||No Personal Data||Not applicable||Google Tag Manager|
|Performance cookies||Device’s IP address, user ID||365 days||Hotjar|
|Tracking tools of the after sales services open cases||
Name, surname, email, address, phone number.
Serial number of the drone.
|2 years from the closure of the case.||Salesforce|
Parrot Drones S.A.S. - Simplified joint-stock company with capital of 60,627,825 euros - 808 408 074 RCS Paris
174-178 Quai de Jemmapes 75010 Paris (France)