General terms and conditions of use • MYM for creators

DATA PROTECTION AND PRIVACY POLICY

Version dated 19.10.2023

This Privacy Policy is intended for you, Users of the MYM platform (hereinafter “ the Platform”). Its purpose is to inform you on the way in which your personal data may be collected and processed.

Respecting your privacy and protecting your personal data is a key priority for us, which is why we are committed to processing it in strict compliance with the French Data Protection Act of 6 January 1978 (hereinafter the "IEL Act") as amended and the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter the "GDPR").

1. Who are we and how do we use your data ?

The MYM Platform is operated by AIR MEDIAS, a simplified joint stock company with a share capital of 502,000 euros, registered in the Lyon Trade and Companies Register under number 809 565 906 and with headquarters located at 16 rue Cuvier 69006 Lyon.

AIR MEDIAS (MYM) is the Data Controller for the use of your personal data in order:

To give you access to all the services offered by the Platform, in particular:

Make the Platform available to you;
Recommend Creators/Users to you according to your preferences and transfer messages sent by Creators via the Platform to you;
Moderate the content and messages you encounter on the Platform;
Ensure the cybersecurity of the computer systems on which your data is hosted;
Delete and archive your data when necessary;
Continuously improve the Platform;
Manage the cookies we use to ensure the smooth operation of the Platform;
Assist you in the process of validating your account and accompany you in your use of the Platform.

To allow you to use our payment service providers, in particular :

Provide our Users with means of payment for the purchase of Content;
Provide our Creators and Ambassadors with the means to transfer their income to their bank accounts;
Establish our internal accounting and comply with tax requirements;

To promote our Platform, in particular:

Offer you promotional codes, support or useful resources;
Communicate on our social networks;
Respond to the reviews you leave about us on various sites;

To resolve any disputes and respond to request from authorities, in particular :

Manage any legal disputes;
Manage your requests to exercise your rights (GDPR);
Respond to requests from judicial and administrative authorities;
Combat leaks of Platform Content on the web.

For your understanding :

Under the IEL Act and the GDPR, the Data Controller is the person who decides the methods and purposes of the processing, in other terms the person who decides why and how the data is processed.

In cases where two or more Data Controllers jointly decide the methods and purposes of the processing, they are Joint Data Controllers (or Joint Controllers).

The Data Processor is a person processing personal data on behalf of the Data Controller, acting under the authority and on the instructions of the Data Controller.

2. Definitions

« Content » : means any element published by a User on the Platform, whether a Media item published by a Creator, a message (in particular via messaging) or content of any kind whatsoever (text, image, video, sound, multimedia) published by a User.
" Data Controller": the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing, in accordance with Article 4 (7) of the RGPD.
« Data » : means the Personal Data that is subject to Use under this Privacy Policy.

« Personal Data » : means personal data as defined in article 4 (1) of the GDPR.

« General Data Protection Regulation » or « GDPR » : means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

« Data Processor » : means the natural or legal person, public authority, department or other body that processes Personal Data on our behalf and in accordance with our instructions, in accordance with Article 4 (8) of the GDPR.

« User »: means any person browsing on the Platform https://mym.fans/, whether a Fan, Creator, Ambassador or simple internet user.

« Use/To use » : means any operation usually referred to as "processing" of data, within the meaning of Article 4 (2) of the GDPR.

Capitalised terms in this Privacy policy which are not defined above shall have the meaning given to them in our General Terms and Conditions of Use.

3. Why do we use your data and on what grounds ?

We solely collect the Data necessary for the explicit purposes specified below:

For your understanding:

The purpose for which we process your personal data is the reason why we process your data, the objective we pursue by using it. It is our responsibility to explain this to you and to show you why the objective we are pursuing is lawful.

The lawfulness of the use of your personal data corresponds to the legal basis, i.e. what authorises us to collect and use the data. These legal bases are listed exhaustively in the GDPR.

Main purpose	Detail	Legal basis
Make the Platform available to Users	Register Users Host Content on the Platform Transmit messages sent by Creators via the Platform Verify the age of Subscribers and certify Creators Connect Subscribers with Creators and Creators with Ambassadors Answer Users' questions and requests Send you the documents and information you need to use our services (e.g. for Creator Certification) by e-mail, SMS, etc.	The performance of our contracts (GTCU/ToS/GST depending on whether you are a User, Creator or Ambassador)
Moderate Contents on the Platform	Answer Users' notices Ensure the removal of illicit Content from the Platform Prevent the sharing of address details on the Platform	Our legal obligation to answer notices of illicit content made on the Platform (Article 6 of the french law “LCEN”, DSA). Our legitimate interests. Performance of our contracts (GTCU/ToS)
Ensure the cyber security of our IT services	Implement security measures to ensure the smooth operation of the IT system (applications and network) Test the resilience of the IT system to cyber threats	Our legal obligation to implement the technical and organisational security measures necessary to ensure the security of your data (Article 32 GDPR).
Delete and archive data	Meet our archiving and data purging obligations.	Our legal obligation to delete your data when it is no longer relevant to keep it (Article 5 GDPR)
Continuous improvement of the Platform	Ensure the smooth operation of the Platform Improve the Platform by means of interview campaigns with Users	Our legitimate interest in ensuring that the Platform performs at the highest level and is of the highest quality, in particular through visitor statistics. Your consent, where required.
Manage cookies	Enable Users to share content on social networks Measure technical performance or ergonomics Measure traffic Offer personalised advertising	Our legitimate interest in guaranteeing that the Platform performs at the highest level and is of the highest quality, in particular through visitor statistics. Your consent, where required
Manage payment services for Users	Enable payment for subscriptions and Content on the Platform Fight fraud	The performance of the GTCS
Return Earnings to Creators and Ambassadors	Transfer Earnings to personal accounts Monitor the financial performance of an account Hold funds until the corresponding transactions have been validated	The performance of the ToS and the GST
Draw up our accounts	Keep the company's general accounts Prepare our tax returns.	Our legal obligation to keep accounting and tax documents (Article L123-22 of the French Commercial Code and Article 1649 ter A of the French General Tax Code)
Promote our Platform	To send you marketing, advertising and promotional messages by e-mail, SMS or any other means of communication, in accordance with applicable legal provisions, or to suggest and advise you of goods or services that may be of interest to you. Promote the Platform's brand image on social networks (advertising campaigns, etc.). Contact you on our networks	Our legitimate interest in recruiting new Users
Reply to reviews you leave us on various websites	Provide a personalised response to online reviews	Our legitimate interest in providing solutions to Users
Manage any legal disputes	Prepare, conduct and follow up legal proceedings	Our legitimate interest in defending our interests before the courts
Manage your requests to exercise your rights	Qualify requests for rights Investigate requests for rights Carry out the relevant technical operations	Our legal obligation under Articles 15 et seq. of the GDPR and Articles 48 et seq. of the IEL Act
Manage requests and checks from the authorities	Follow up and meet requests from the relevant authorities (police, independent administrative authority, etc.)	Our obligations under the various applicable regulations (GDPR, consumer code, general tax code)
Help prevent leaks of Platform Content on the web	Deal with your requests when a leak of Content is detected Fight against websites hosting such Content Hold Users responsible for acts of infringement of Content.	Our legitimate interest in ensuring that the exclusive Content hosted on the Platform is protected. The performance of the GTCS
Send you emails	Send e-mails and other alerts to Users who have requested them	Our legitimate interest in ensuring that our Users are guided in their experience on the Platform.

4. What data do we collect and how long do we keep them ?

In order to provide you with the services of the Platform, we collect some of your Personal Data. At MYM, we are committed to limiting the use of your Data and therefore believe that respecting your privacy means collecting only the data that is necessary.

In addition, we undertake to ensure that any Data collected is kept in a form that allows you to be identified for no longer than is necessary for the purposes for which it is collected and processed.

Here are the categories of Personal Data we may use:

Main purpose	Collected Data	Duration
Make the Platform available to Users	For our Creators and Ambassadors: Identification data: name, first name(s), address, telephone number, email addresses, pseudonym, date of birth, data indicated in the biography, connection token.	Your name, first names, date of birth, email address and telephone number are kept for a period of 5 years from the deletion of your account. Your username, biography and connection token are kept for a period of 1 year from the deletion of your account.
	Creator’s Media	Media in your Feed are immediately deleted after deleting your account. Push and Private Media (upon an order of a Subscriber) will remain available on their account until its deletion
	Identity document and facial photograph	This data is kept in active base for 1 year from the deletion of your account in active base. It is kept for an additional 5 years in intermediate archiving.
	Connection data: connection logs	This data is deleted 12 months after collection.
	For the Fans : Identification data: name, first name(s), address, telephone number, email addresses, pseudonym, date of birth	Your name, first names, date of birth, email address and telephone number are kept for a period of 5 years from the deletion of your account. Your username and connection token are kept for a period of 1 year from the deletion of your account.
	Your account	The account is deleted after three years of inactivity
	Identity document and facial photograph (optional)	This data is kept in active base for 1 year from the deletion of your account in active base. It is kept for an additional 5 years in intermediate archiving. The facial photograph and data created to estimate the User's age are deleted immediately after receiving the result of the estimation.
	Connection data: connection logs	This data is deleted 12 months after collection.
Moderate Contents on the Platform	Media whose lawfulness is contested	Illicit Media is kept for 6 months from the date it was made inaccessible.
Moderate Contents on the Platform	Name, first name and pseudonym of the person who made the report Message containing prohibited elements (contact details, meeting proposals).	For our Users: for a period of between 6 years from the report or, if applicable, the deletion of the account (3 years from the last activity on the account) it being understood that the report is kept for 6 years. For third parties reporting Content: 6 years from the report.
Ensure the cyber security of our IT services	All your data hosted on the Platform, in order to ensure that access to said data is secure.	Until the deletion of your account (3 years from the last activity on the account)
Delete and archive data	Data that requires archiving or deletion.	Data is immediately deleted.
Continuous improvement of the Platform	Identification data: Name, first name, pseudonym.	2 years from collection
Continuous improvement of the Platform	Recording and minutes of video interviews we conduct with you.	1 year from collection for videos and 2 years for textual recordings.
Manage cookies	Logs and connection data of Users and identification data of computer equipment; Data collected via cookies and other trackers present on our Platform; for more details, see https://corporate.mym.fans/charte-cookies/.	Cookies and other trackers are deleted from your terminals 13 months after they are deposited. Data collected through cookies and trackers is kept for 25 months.
Manage payment services for Users	Bank data; Credit card number; PayPal email address. Data required for invoicing	The data is kept for a period of 13 months from payment for evidentiary purposes by our payment service providers. Your PAN and visual cryptograms are not kept.
Return earnings to Creators and Ambassadors	Bank data; IBAN	18 months from the deletion of your account.
Return earnings to Creators and Ambassadors	PayPal email address; Data required for invoicing	10 years from the end of the accounting year.
Draw up our accounts	Order descriptions (amount, nature of purchase, etc.) Your tax identification data.	10 years from the end of the accounting year.
Promote our Platform	Identification data: E-mail address, phone number, Media.	In the case of emailing-sms campaigns: For as long as your account exists. In the case of advertising campaigns: For the duration of the campaign (generally 1 to 6 months from publication).
Reply to reviews you leave us on various websites	Identification data: Name, first name, pseudonym, content of our exchanges.	Your data is not kept by the Platform.
Manage any legal disputes	Identification data: Name, first name, pseudonym, content of our exchanges. Any information relevant to the dispute.	This data is kept until all legal remedies are exhausted.
Manage your requests to exercise your rights	Identification data: Email address, name, first name, content of the request.	This data is kept for 6 years from the date the request is resolved.
Manage requests and checks from the authorities	Any information that the authority requires from us. This may include : Full name, pseudonym Presumed illegal media Billing summary Connection logs (device used, etc.) Any other information useful to the authority.	This data is kept for 6 years from the time it is transferred to the competent authority.
Help prevent leaks of Platform Content on the web	Identification data : Email address, surname, first name, content of the request from the Creator whose Media has been distributed.	This data is kept for 6 years from the time the request to remove the content is processed.
Send you emails	Identification data: Email address, surname, first name, account pseudonym. Contextual data: Data relating to your journey on the Platform (e.g. assistance to certify you).	This data is kept for 3 years from the last contact.

5. How do we secure your use of MYM?

In addition to moderating Content, MYM is secured by two main processes: age verification of Fans and certification of Creators, both of which require us to process your data.

Age verification and Fan certification

To access adult content, a Fan must undergo a procedure to certify that he or she is of legal age and can therefore access all types of content.

MYM offers various solutions for this purpose:

A Fan can use an "age estimation" solution, based on an analysis of their facial features. To do this, they take a selfie, which is processed by our partner (Yoti or any other solution that complies with French legislation) and which provides us with an estimate of the Fan's age to ensure that they are of legal age. The selfie and the data resulting from the analysis are immediately deleted once we have received the analysis result.
A Fan can also use an age "verification" solution, which will validate that the Fan is indeed of legal age, by questioning a third-party certifier such as a telephone operator or a French administration (while respecting the Fan's anonymity).

If there is any doubt about the Fan's age, he or she is automatically blocked.

They can then go through a "manual" verification process by providing a selfie and proof of identity, which are then verified by one of our agents. This process certifies the fan's account. In this case, the identification data is kept for 6 years from the end of the contractual relationship (e.g. when the account is blocked or deleted).

Creators’ certification

When registering, Creators are asked to certify their account.

This involves verifying the Creator's identity by first uploading a certain number of Media to the Platform, which will be used to establish the Creator's identity and capacity.

Next, the Creator must undergo identity verification by providing Yoti with a piece of identification, which is then analyzed via integrated software.

Finally, the Creator is invited to present his or her face for real-time analysis, which, without facial identification, compares facial features with those appearing on the ID. This data is processed and stored by Yoti, and can only be accessed by MYM via a link provided. The data is kept for eight (8) years.

If the Creator's documents are rejected by Yoti, he/she can submit to a manual verification process managed directly by our customer relations department. The data provided in this process is then very exceptionally processed and hosted by MYM, without the intermediary of Yoti.

6. How can you manage the amount of email you receive?

When a User interacts with a Creator, the latter can send him Private Media proposals.

The Creator sends the proposals on his own initiative to a pool of Users corresponding to his Subscribers, his former Subscribers, and interested Users (those who have Liked or Saved a piece of media, made an attempt to subscribe or bookmarked the Creator).

When a Creator sends a solicitation to his Subscribers, the latter receive a notification in the Platform's messaging system as well as an email to the e-mail address they provided when registering.

To stop receiving or refine the emails you receive, you have two options:

On the one hand, you can access the preferences centre available at the following address: https://mym.fans/app/settings/notifications-preferences. This interface allows you to specify in detail the notifications you wish to receive (for example, your Creators' lives or the publication of their latest posts).
You can also click on the unsubscribe link located at the bottom of any email sent via the MYM Platform.

For your understanding :

As MYM has no control over the content or frequency of the proposals sent by the Creators, the latter are responsible for the use of their Users' data obtained during their exchanges.

This data, without being exhaustive, corresponds to the content of exchanges on the messaging system, the User's pseudonym or their purchase history.

In accordance with the GDPR, the Creator must respect the confidentiality of this data, ensure that appropriate security measures have been put in place and refrain, unless in exceptional circumstances, from transferring this data to third parties.

MYM strongly recommends that Creators who are unsure of their obligations under the GDPR take contact with a specialist advisor.

7. What types of data are automatically collected ?

When you navigate on the https://mym.fans/ platform, we automatically record information relating to your navigation.

Connection data may be automatically recorded in our server logs, such as your IP address, your unique identifier, your operating system and its location, the type of browser you are using and the pages you have consulted.

We also invite you to consult our Cookie Policy, which provides details of the cookies and other tracers used by MYM.

8. Who are the recipients of your data?

Only the authorised persons specified below can access User data.

The other Platform Users;
The authorised personnel of AIR MEDIAS (MYM);
Service providers responsible for managing and hosting the Platform and IT system of AIR MEDIAS (MYM);
Service providers responsible for managing customer relations and moderating content;
Service providers responsible for managing payments;
Email service providers;
If applicable, the authorised personnel of our Data Processors;
Where appropriate, the relevant courts, mediators, accountants, statutory auditors, lawyers, bailiffs, debt collection agencies or police authorities in the case of judicial requisition;
Third parties that may place cookies on your terminals when you provide your consent

Your data will not be communicated, exchanged, sold or hired to any other person than those mentioned above.

9. Who can you contact to exercise your rights?

In accordance with the IeL Act and the GDPR, you have the following rights:

Right of access (GDPR article 15), rectification (GDPR article 16) and updating;
The right to erase your personal data (GDPR article 17), if it is inaccurate, incomplete, ambiguous, out of date, or if its collection, use, disclosure or storage is prohibited;
The right to withdraw your consent at any time (GDPR article 13-2c);
The right to oppose the processing of your data (GDPR article 18);
The right to oppose the processing of your data (GDPR article 21);
The right to the portability of the data you have provided to us, in cases where your data is subject to automated processing based on your consent or on a contract (GDPR article 20);
The right to file a complaint with the CNIL in France (GDPR article 77);
The right to decide what happens to your data after your death and to choose whether or not we pass on your data to a third party that you have designated. In the event of your death and in the absence of instructions from you, we undertake to destroy your data, except if we need to keep it for evidential purposes or to meet a legal obligation.

These rights can be exercised by making a simple request, by email to the address dpo@mym.fans or by post to AIR MEDIAS (MYM) - 16 rue Cuvier 69006 LYON.

If you send us a copy of your identity document to prove your identity, we will keep it for one (1) year, or three (3) years if it is provided within the framework of the exercise of a right of opposition.

For more information about your rights in France, you can also visit the website of the Commission Nationale de l’Informatique et des Libertés at the following address: http://cnil.fr.You have the right to lodge a complaint before this authority.

10. How do we keep your data secure?

MYM and its Data Processors undertake to implement all technical and organisational measures to ensure the security of the processing of personal data and the confidentiality of your data, according to the current resources available and in application of the IEL ACT, the European General Data Protection Regulation (GDPR) and French law 2018-133 of February 26, 2018 "regarding various provisions of adaptation to the law of the European Union in the field of the security".

We take appropriate precautions, as regards the nature of your data and the risks presented by our processing, to preserve the safety of the data and, in particular, to prevent it from being distorted, damaged, or from unauthorised third parties gaining access to it (physical protection of buildings, the customer authentication process with personal and protected access using confidential identifiers and passwords, encryption of the passwords, logging of connections, etc.).

To this end, we carry out audits of our information system and of service providers who have access to your personal data.

11. Do we transfer your data outside of the European Union ?

We mainly process your data within the European Union.

Due to the nature of our activity, we may need to transfer your data outside the European Union. In this event, such transfers are covered by the appropriate guarantees in accordance with regulations. Details of these guarantees are available on request from dpo@mym.fans or by post from AIR MEDIAS (MYM) - 16 rue Cuvier 69006 LYON.

12. How will you be informed of changes to the Confidentiality Policy?

This Privacy Policy is subject to modification, in particular due to legislative and regulatory changes. As such, Users may consult updates directly on the Platform.