Version updated on March 10, 2023
We attach great importance to the protection of your personal data. As such, when collecting and processing it we are guided by these four principles:
- Transparency: we explain what we collect and why we collect it, so that you can make the most well-informed decision possible;
- Security: all the data that you have entrusted to us benefits from strong security;
- Legal guarantees: we respect data protection laws;
- Visitor and User benefit: when we collect data, it is in order to improve the service and experience we offer, on our Websites, Apps and with our products.
These principles are the foundations on which we wish to grow: in an increasingly connected world, we choose to give our Users the widest possible control of their data and to protect the data that is entrusted to us. Our aim is to offer you the best products and the best services.
This Privacy Policy is therefore intended to provide you with a more detailed overview of our approach to your personal data, to explain those cases in which we still need to collect information about you, the reasons we therefore collect this data, and how we use it. It also outlines the security measures we use to protect its confidentiality, and remind you of your rights and how to exercise them.
CONTENTS
1. GENERAL INFORMATION.
2. PROCESSING DATA COLLECTED BY PARROT.
3. DATA RETENTION AND DELETION.
4. SHARING PERSONAL DATA WITH THIRD PARTIES.
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION.
6. CONTROLLING PERSONAL INFORMATION SHARED WITH PARROT.
7. LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS.
8. PROCEDURES FOR SECURITY AND PROTECTION OF PERSONAL DATA.
9. MANAGEMENT OF PERSONAL DATA OF MINORS.
10. INFORMATION ON BANKING DATA.
11. COOKIE INFORMATION.
12. AMENDMENT OF OUR POLICY.
13. CONTACT US.
APPENDIX 1 - PROCESSES UNDERTAKEN BY PARROT BY PURPOSES.
APPENDIX 2 - THIRD PARTY ACTING ON THE WEBSITE.
1. GENERAL INFORMATION
Parrot Drones SAS, a simplified joint-stock company with capital of €60,627,825.00, whose head office is located at 174, quai de Jemmapes in Paris (75010), France, registered at the Paris Trade and Companies Registry under number 808 408 074 (hereinafter "Parrot" or "we") is responsible for processing your personal data.
This Privacy Policy (hereinafter the "Policy") intends to inform you of our practices regarding the collection, use, transfer and sharing of information that you provide or that we collect (including from third parties) through our website www.parrot.com (the "Website") or our mobile applications (the "Apps").
This Policy tells you as well how to exercise your rights.
The Regulations on Personal Data (hereinafter the "Regulations") encompass the regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (regulation known as "GDPR") and any law or regulation that might apply these.
Personal data (hereinafter "Personal data") refers to any information relating to an identified or identifiable natural person who may be identified personally, directly or indirectly, in particular by means of an identifier, such as a surname, first name, an identification number, location data or an online username. The data we collect may therefore include your strictly personal data, insofar as it allows you to be identified as a particular person. Conversely, some data does not allow us to identify you directly, such as your profession or your browsing data (the type of browser, terminal and operating system, the path followed on the website, etc.) but is nevertheless considered as Personal Data because it is attached and/or attributable to the former.
This Policy is addressed to the visitors of the Website (hereinafter “Visitors”), and to the users of the Parrot Cloud account, of the Apps and of the Parrot products (hereinafter the “Users").
The Parrot Cloud is the account used by the User to self-identify with Parrot services whether it be to connect on the Website, to manage an order or to share its flight data. The word “MyParrot” may be used as well in certain Apps or User documentation to designate the Parrot Cloud.
This Policy is an integral part of the terms and conditions of sale on the Website and the conditions of use of the Apps. By accepting the general conditions of sale of the Website and the conditions of use of the Apps you expressly accept the provisions of this Policy.
Please read this document carefully in order to be aware of and understand the practices regarding the processing of your Personal Data that we implement and the rights that you are entitled to.
2. PROCESSING DATA COLLECTED BY PARROT
a. Personal Data collected from Users
You do not have to give us the Personal Data that we ask for. However, if you choose not to share it, access to certain services implemented by our Website and/or our Apps may be limited.
When turning on your drone for the first time and connecting to it with your Terminal (as defined below), we automatically collect the following data: the serial number of your drone, the origin address of the network connection, and the type of Terminal you use to access or connect to the Apps.
When using FreeFlight 7 application, you may share with Parrot pictures taken automatically by the drone sensors. On the pictures collected, faces and texts are blurred automatically before being sent to Parrot.
As part of the legitimate interest pursued by Parrot, Parrot may occasionally contact its professional Users to present its current and future products.
Personal Data that you may have provided to Parrot is strictly confidential.
Parrot and its affiliates may exchange such Personal Data and use it in accordance with this Policy.
To have a comprehensive vision of the processes of Personal Data collected by Parrot from Users, please consult the table that appears in Appendix 1.
b. Personal Data collected from Visitors
Please refer to article 11 “Cookie Information”.
c. Personal Data that Parrot obtains from third parties
If you download an app through an app download platform and make in-app purchases, if you connect to our Website and/or our Apps via social media, we will have access to certain Personal Data in accordance with the general conditions of use of the platforms and the social network concerned (for more details on social media, please refer to article 7 " LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS ").
d. Authorisation to access the features of the Terminal
Our Apps enable the products sold by Parrot to be used on a computer, tablet, smartphone, phone, etc. (hereinafter the "Terminal"). A request to access the geolocation services or storage of the Terminal may be required for the proper functioning of our Apps. We invite you to read the instructions on your Terminal to learn how to modify the authorisation settings granted to an app and to control the sharing of personal details or access to the storage of the Terminal. No photo or video taken by the User is sent to Parrot.
3. DATA RETENTION AND DELETION
To have a comprehensive vision of the processes of Personal Data collected by Parrot from Users, and especially on the period of retention, please consult the table that appears in Appendix 1
Upon your request, we will delete or anonymize your Personal Data so that you can no longer be identified, unless the law authorises or compels us to retain certain Personal Data, particularly in the following situations:
- If there is an unresolved issue with your account, such as an outstanding debt or an unresolved claim or litigation, we will retain the necessary Personal Data until the issue is resolved;
- If we are required to retain Personal Data as a result of legal, tax, auditing and accounting obligations, we will retain the necessary Personal Data for the period required by the applicable law; and/or
- If this data is required for our legitimate interests, such as fraud prevention or the security of our Users.
The request for deletion is made in the configuration of the App or from the Parrot Cloud access of the User on the Website.
In addition, Parrot may on its own initiative anonymize some of your Personal Data.
4. SHARING PERSONAL DATA WITH THIRD PARTIES
We will not transmit your Personal Data to third parties who may use it for commercial purposes without your express consent.
We may share Personal Data with other entities of the Parrot Group within the scope of this Policy. Entities of our group refers to any company owned or controlled directly or indirectly by Parrot.
In accordance with applicable law and with your consent when required, we may aggregate the Personal Data that we receive or send to our business partners, including any or all of your Data collected via cookies.
We rely on trusted third parties to carry out various operations on our behalf. We can provide them with the information they need to carry out a given service and request that they do not use your Personal Data for any other purposes. We may be required to transfer certain Personal Data to them if it is required for (i) the operation, management, maintenance of our Website and/or our Apps; (ii) ensuring that the tasks necessary for the fulfilment of your order on the Website (technical services, payment services, verification of identity) are completed or ensuring the fulfilment of the services offered by the Apps; (iii) implementing certain elements of the after-sales service; (iv) combating fraud; (v) responding to requests from the authorities.
Your Personal Data may therefore be transferred to a third party when we have a legal obligation to do so or if we believe in good faith that this is necessary to (a) comply with any legal request; (b) comply with any requests from the authorities; (c) in the course of enquiries and investigations; or (d) to secure the rights, property and safety of Parrot and more generally any third party.
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
We store your Personal Data in servers located in the European Union. However, it is possible that the Personal Data we collect when you use our Website and/or our Apps are transferred to other countries, some of which may have less protective personal data protection legislation than the one in force in the country where you reside. We undertake to take all the measures required to ensure that contractual commitments with these third parties are in accordance with the Regulations. These measures may include checking the standards applied by these third parties for the protection of personal data and security and/or the signing of appropriate contracts (based on the model adopted by the European Commission).
We can use the services of subcontractors located outside the European Union, particularly for managing your order on the Website, responding to your requests for after-sales services, providing online payment tools or providing us with commercial and advertising services. This is also the case for Parrot affiliates located outside the European Union to whom we may transfer some of your Personal Data for the purposes of providing our services in those countries.
For more details on the transfer of your Personal Data outside the European Union, please contact us at the following address: privacy@parrot.com.
6. CONTROLLING PERSONAL INFORMATION SHARED WITH PARROT
6.1 Rights relating to your Personal Data
In accordance with the Regulations in force, you have a set of rights relating to the Personal Data relevant to you, including:
- A right of access: you can obtain a copy of all your data processed by Parrot, as well as information about the nature of the processing of your data.
- A right to rectification: you can obtain the rectification and/or completeness of your inaccurate and/or incomplete data.
- A right to erasure: you can obtain the erasure of your data when (i) this data is no longer necessary for the purposes for which it was collected, (ii) you exercise your right to oppose the processing concerned, or (iii) the processing concerned is illicit. However, this right does not apply when it is necessary for Parrot to store your data to comply with a legal obligation or to exercise rights in court;
- A right to restriction of processing: you can obtain a restriction of processing of your data when you dispute the accuracy of the data for a period of time that allows Parrot to carry out the appropriate verifications. It is the same when Parrot no longer needs the data but it is still required by you to defend a right in court, or when you exercise your right of opposition, for the time required by Parrot to examine your request. When such a limit is put in place, the data can only be processed, except for its retention, with your consent or for the defence of a right in court.
- A right to portability: you can obtain the data that you have provided to Parrot and which is used by Parrot as part of the processing necessary to fulfill your contract, in a structured, commonly used and machine-readable format, and its transmission by Parrot to another provider where this is technically possible.
- A right to object: you can request that Parrot, for reasons relating to your particular situation, stops processing your data in order to pursue its legitimate interests. Parrot will then cease such processing unless it justifies its legitimate and compelling interests over your rights and freedoms.
- A right to withdraw consent at any time when it is the legal basis of the process.
- A right to define general and specific guidelines defining the manner in which you intend to exercise the above rights after your death.
6.2 Procedure for exercising your rights
To exercise your rights over your Personal Data, you can email your request (i) to the address privacy@parrot.com or (ii) send it by mail to Parrot Drones SAS, Data Protection Officer, 174 quai de Jemmapes, 75010 Paris (France); giving your surname, first name, email address and if possible your customer reference. In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.
Please note that we may retain certain information about you when required by law or if there is a legitimate interest such as fraud or Parrot providing feedback to the authorities in charge of civil aviation. For example, this is the case if we consider that you have committed a fraud or violated the Terms of Use of the Website and/or Apps and we want to prevent you bypassing the rules applicable to our community.
6.3 Lodging a complaint with the supervisory authority
You also have the right to lodge a complaint with the French supervisory authority or that of the country in which your habitual residence is located if you consider that the processing carried out by Parrot violates the provisions of the European Regulation on the protection of personal data. As an example, in France, the supervisory authority in charge of compliance with personal data obligations is the Commission Nationale de l'Informatique et des Libertés (CNIL).
7. LOGIN WITH GOOGLE/APPLE AND SOCIAL MEDIA PLUG-INS
7.1. Login to Parrot.Cloud via Google/Apple unique authentication mechanism
You have the option of connecting to a Parrot.Cloud account through Google/Apple unique authentication mechanism, which makes it easier to register or connect. A first connection via Google/Apple unique authentication mechanism means that you will always be able to connect to your Parrot.Cloud account this way. You can unlink these accounts at any time if you wish.
We draw your attention to the fact that if you decide to let us access some of your information, including your Personal Data, through connection services provided by third parties, their privacy policies can also legally bind you. We have no control over the collection or processing of your Personal Data carried out by third parties on their own platform.
When you choose to connect to your Parrot.Cloud account via Google/Apple unique authentication mechanism, Google/Apple may ask you to share information with Parrot. If you choose to share information, Google/Apple will usually ask you to specify what information you want to share.
7.2. Social media plug-ins
Social media plug-ins may be present on the Apps. By clicking on one of these buttons (for example Facebook's "Share" button), information is exchanged with the social media site concerned. If you are connected to the social media site at the same time, information may be relayed to your account by the social media site. This social media site can also display it on your profile and share it with other members of your network.
8. PROCEDURES FOR SECURITY AND PROTECTION OF PERSONAL DATA
In order to ensure the protection and confidentiality of the Personal Data communicated to us, we use the technical, physical and procedural control measures that are implemented during the collection, processing and transfer of your Personal Data. As such, we have put in place various measures, including pseudonymisation, encryption, access and retention policies.
We also apply security procedures limiting the use and access to your Personal Data on our servers. Only authorised personnel are permitted, in the course of their work, to access your Personal Data.
9. MANAGEMENT OF PERSONAL DATA OF MINORS
In accordance with Regulation on Personal Data, the collection of Personal Data of a child under sixteen (16) is permitted only with the valid consent of the person who has parental authority. If you are under the age of sixteen (16) and do not have the consent of your parent or legal guardian, please do not provide any Personal Data. If we learn that we have collected the Personal Data of a child under the age of sixteen (16) without the valid consent of the parent or legal guardian, we will remove them unless otherwise agreed by the parent or legal guardian.
10. INFORMATION ON BANKING DATA
For the purposes of paying for orders, bank details are collected and kept by our service providers in terms of payment. These comply with the PCI-DSS requirements, an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus secure the protection of card and transaction data.
11. COOKIE INFORMATION
Technical cookies necessary for the operation of the Website: these are cookies strictly necessary to the operation of the Website under article 82 of the French “Loi Informatique et Libertés” and are therefore exempted from consent. These cookies allow especially to: navigate on the Website in a secure way, add products in your purchasing basket. These cookies are always activated on the Website. Personal data collected are IP address. The data controller is: Parrot Drones.
Web analytics cookies: they allow us to collect information on the way people browse our Website, like the number of peoples browsing the Website or the more visited webpages. We use this information to make sure Visitors find appropriate content, measure performance indicators of the Website, identify error messages for solving bugs. These cookies are used by Parrot Drones and by a third-party company (see Appendix 2). If you don’t accept these cookies, we won’t be informed of your visit of our Website. The consent for using these cookies is valid 6 months. Personal data collected are user ID determined in a random way. The data controller is Parrot Drones.
Third party cookies linked to web contents accessible from the Apps: when opening web contents from an App, the third-party website you access may use cookies. We invite you to read the cookies policy of these third-party websites to take knowledge of the use aims of the information they collect.
12. AMENDMENT OF OUR POLICY
It may be the case that we have to make changes to this Policy. We advise you to regularly consult the page dedicated to the collection and processing of Personal Data on the Website to be aware of any changes or updates to our Policy.
13. CONTACT US
If you have any questions relating to this Policy or any requests relating to your Personal Data and/or you wish to exercise your rights, you can contact us (i) via the following address: privacy@parrot.com; or (ii) by post to Parrot Drones SAS, Data Protection Officer, 174 quai de Jemmapes, 75010 Paris (France). In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.
APPENDIX 1 - PROCESSES UNDERTAKEN BY PARROT BY PURPOSES
| PURPOSES | LEGAL BASIS | DATA TYPES | RECIPIENTS | PERIOD OF RETENTION | APPS/SITE |
|---|---|---|---|---|---|
| Creation of a Parrot.Cloud account | Consent | Name, surname, email Date of birth (only Parrot.com) | Internal services to Parrot and third-party providers | 2 years from the last account use | PARROT.COM, FREEFLIGHT 7, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS* |
| Creation of an account on the developer forum | Consent | Name, surname, email and pseudonym | Members and visitors of the forum | Until the request for deletion | Developer area on PARROT.COM |
| Online order management (purchases on the Website) | Contract | Name, surname, email, billing and delivery address. | Internal services to Parrot and third-party providers | 2 years from the last customer order. Except for invoices where data are stored for 10 years from the order. | PARROT.COM |
| Management of the existing/prospective customer database. Marketing Activities | Legitimate interest | Name, surname, email, billing and delivery address. | Internal service to Parrot | 2 years from the last action of the User (either most recent order, confirmation of renewed interest) | PARROT.COM |
| Contact after sales services | Consent | Name, surname, email, address, phone number. Serial number of the drone. | Internal services to Parrot and third-party providers. | 2 years from the closure of the last case. | PARROT.COM |
| Help after-sales service to analyze flights problems Online storage of historical flight data | Consent | User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the User, serial number of the drone, blurred images selected by an algorithm. | Internal services to Parrot and third-party providers | 2 years from the closure of the last case. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud. | FREEFLIGHT 7 |
| Consent | User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the User, serial number of the drone. | Internal services to Parrot and third-party providers | 2 years from the closure of the last case. | FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*. | |
| Products and services improvement | Consent | User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the User, serial number of the drone, blurred images selected by an algorithm. | Internal services to Parrot | 2 years from the last date of collection of the data. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud. | FREEFLIGHT 7 |
| Consent | User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the User, serial number of the drone. | Internal services to Parrot | 2 years from the last date of collection of the data. | FREEFLIGHT 6, FREEFLIGHT THERMAL | |
| Online storage of flight plans | Consent | User's email, GPS position of the drone of all flights, GPS coordinates of the mobile terminal of the User, serial number of the drone, blurred images selected by an algorithm. | Internal services to Parrot and third-party providers | 2 years from the last date of collection of the data. For images: either 5 years maximum, either 2 years from the last use of the Parrot Cloud. | FREEFLIGHT 7 |
| Following activation statistics | Legitimate interest | Serial number of the drone, IP address of the network connection, type of terminal. | Internal services to Parrot and third-party providers | 5 years from activation. | FREEFLIGHT 7, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*. |
| Identify the cyberattacks | Legitimate interest | Connection logs and account connection to the different services of Parrot Cloud: IP address, account name of Parrot Cloud, login hours. | Internal services to Parrot and third-party providers | 1 year from the last date of collection of the data. | PARROT.COM, FREEFLIGHT 7, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*. |
| Legitimate interest | Unidentified connection logs, IP address, login hours. | Internal services to Parrot and third-party providers | 1 year from the last date of collection of the data | PARROT.COM, FREEFLIGHT 6, FREEFLIGHT PRO, FREEFLIGHT THERMAL, LEGACY APPLICATIONS*. | |
| Legitimate interest | 4 G linking server (SIP server): connection diaries containing name and surname of the User, IP address of the drone, IP address of the phone/remote control, serial number of the drone, the reference of its “secure element” (security physical component in the drone) and login hours. | Internal services to Parrot and third-party providers | 1 year from the last date of collection of the data | FREEFLIGHT 7 |
*LEGACY APPLICATIONS: FREEFLIGHT JUMPING, A.R DRONE FREEFLIGHT 2, FREEFLIGHT MINI.
APPENDIX 2 – THIRD PARTY ACTING ON THE WEBSITE
| PURPOSES | LEGAL BASIS | DATA TYPES | PERIOD OF RETENTION | APPS/SITE |
|---|---|---|---|---|
| Website hosting and web service | Consent / Legitimate interest | Data targeted in Appendix 1 | Duration targeted in Appendix 1 | AWS |
| Payment online (purchases on the Website) | Contract | See third-party website | See third-party website | PayPal |
| Web analytics cookies | Consent | User ID chosen randomly by Google Analytics | 14 months | Google Analytics |
| Tracking tools of the after sales services open cases | Consent | Name, surname, email, address, phone number. Serial number of the drone. | 2 years from the closure of the case. | Salesforce |
Parrot Drones S.A.S. - Simplified joint-stock company with capital of 60,627,825 euros - 808 408 074 RCS Paris
174-178 Quai de Jemmapes 75010 Paris (France)