Privacy Policy

KERMAP publishes and makes available to users a platform called NIMBO MAPS that allows them to visualize all or part of the Earth by juxtaposing satellite images organized in such a way as to allow fluid movement and tracking of a chronology. 

Access to and use of the Platform and/or the Services require the User’s prior and unconditional acceptance of the General Terms of Use (“GTU”) and the Privacy Policy.By checking the box “I acknowledge that I have read these T&Cs and the Privacy Policy, and I accept them without reservation” when creating a User Account, the User expresses such consent.

ARTICLE 1. Scope of application

This Privacy Policy applies to the policy implemented by KERMAP regarding the collection and use of Personal Data when using the Platform and Services by Users.

The Privacy Policy does not apply to third-party websites to which the User may be redirected when using the Platform or the Services. KERMAP invites the User to consult the legal notices and privacy policies of these sites.

Due to the rapid evolution of technology, KERMAP may regularly make changes to the Privacy Policy. Therefore, KERMAP invites the User to regularly consult its content.

ARTICLE 2. Personal Data

The User acknowledges and expressly accepts that the Personal Data collected by KERMAP during the creation of the User’s Account, and within the framework of the use of the Services, will be subject to automated processing by KERMAP in compliance with the provisions of the Applicable Regulations.

ARTICLE 3. Categories of data collected

The User’s Personal Data that KERMAP needs for the Purposes (as defined below) are the following: last name, first name, email address, login details for the Platform.

The User understands and acknowledges that the provision of Personal Data collected is essential to the performance of its obligations under the GTU by KERMAP. Should the User fail to provide or withdraw his or her Personal Data, KERMAP will not be held responsible for any total or partial failure to fulfill its obligations under the terms of this agreement.

In accordance with the provisions below concerning cookies, KERMAP also automatically collects browsing data, such as: IP address, date and time of connection of a Terminal to an online communication service, type of operating system used, type and version of browsing software used by a Terminal, language of use, etc.

ARTICLE 4. Cookies and tracers

The User is informed that, in order to facilitate access to and use of the Platform and the Services, cookies and other tracking technologies may be installed on their Terminal.

A cookie is a non-executable text file installed on the User’s Terminal when using the Platform or the Website.

In addition, the User is informed and acknowledges that the installation of cookies allows KERMAP to offer personalized content (e.g. connection history, user preferences) and improve overall browsing experience on both the Platform and the Website.

To this end, KERMAP uses audience measurement tools, including Google Analytics, to gain a better understanding of user behavior and engagement across its digital interfaces. These tools help KERMAP analyze website and platform traffic, detect performance issues, and optimize navigation and content. The use of Google Analytics is subject to the User’s prior consent, which may be withdrawn at any time.

The User may withdraw their consent to the installation of cookies at any time by configuring their browser or terminal settings. However, the User acknowledges that refusing or deleting cookies may affect access to or the functionality of the Services.

Purposes of data collection

KERMAP undertakes to use Personal Data only for the following purposes (the “Purposes”):

1. Execution of the GTU, and TOS if applicable:

• Provision of access to the Platform and the Services agreed upon in the GTC and TOS
• Maintenance and technical operation of the Platform
• Creation and administration of User Accounts
• Notification of any changes to the functionality of the Platform or amendments to the GTU

Legal basis: performance of a contract, legitimate interest (fraud prevention, compliance verification)
Categories of Personal Data: contact and identification details, User Account data, Platform and Services usage data

2. Customer management operations:

• Handling data subject requests
• Providing services available through the Platform
• Managing customer relations (e.g. satisfaction surveys, support tickets, complaints)

Legal basis: performance of a contract, legitimate interest (customer engagement)
Categories of Personal Data: contact and identification details, User Account data, Platform and Services usage data

3. Improving the user experience – Statistics and analytics:

• Managing requests for access, rectification, or opposition related to Personal Data
• Managing feedback or inquiries about the Services or their content
• Recognizing the User during browsing and adapting Services and content accordingly
• Providing access to optional features (e.g. newsletter)
• Measuring audience and performance across the Platform and Website (e.g. behavior analysis, navigation issues, traffic volumes, content interest)

To that end, KERMAP uses Google Analytics, which operates on the basis of user consent. Data collected may include anonymized navigation information such as page views, session durations, and interaction events, for statistical purposes only.

Legal basis: legal compliance, performance of a contract, legitimate interest
Categories of Personal Data: contact and identification details, User Account data, Platform and Services usage data, navigation data

KERMAP does not transfer or commercially exploit Personal Data. However, anonymized and aggregated Personal Data may be used by KERMAP for research, development, or scientific study purposes.

ARTICLE 5. Recipients

The Personal Information provided when opening a User Account is intended to be used solely by KERMAP and will not be transferred or distributed in any way.

However, the following persons may access Personal Data:

• KERMAP staff in charge of the marketing department, the technical department in charge of the deployment of the Services, the department in charge of customer relations, the administrative departments, the departments in charge of internal control procedures, the logistics and IT departments and their line managers;
• Subcontractors under signed contracts (i) mentioning their obligations regarding the security and confidentiality of Personal Data under the Applicable Regulation and (ii) specifying in particular the security objectives to be achieved. These service providers have an obligation to process Personal Data in accordance with the Applicable Regulations, this Privacy Policy and present appropriate security guarantees. In particular, the company PADDLE is in charge of managing Subscriptions;
• KERMAP’s current and future subsidiaries;
• Any company within the framework of a transfer of control of KERMAP (acquisition of a majority stake, partial contribution of assets, transfer of business, merger and acquisition, without this list being restrictive);
• Legal officers and court officials, where applicable, in the exercise of any procedure and/or provision of public order;
• The CNIL and/or any competent control authority.

ARTICLE 6. Shelf life

KERMAP retains Personal Data for the duration of the User’s Account activation, and for any period of time necessary for KERMAP to fulfill its obligations under contracts entered into with KERMAP, as well as for a period of three (3) years from the last contact that the User to whom the data pertains initiated with KERMAP.

Once the User’s Account has been deleted, KERMAP may retain Personal Data for the period of time required to meet any legal, regulatory, accounting or fiscal obligation to retain Personal Data (in particular for evidentiary purposes) or to communicate it to authorized authorities (administration, police services, etc.). KERMAP may, if necessary, keep Personal Data in an anonymized form.

The cookies and tracers necessary for the operation of the User Account and the provision of the Subscription are maintained for the duration of the User Account activation.

The User may at any time withdraw their consent to the installation of cookies by configuring the connection parameters of their browser or their Terminal in accordance with Article 3 of this Privacy Policy. However, this operation may alter access to the service or its use.

ARTICLE 7. Rights of Affected Persons

In accordance with the provisions of the Applicable Regulations (in particular articles 15 to 22 of the RGPD), the Person Concerned may at any time, either via the dedicated links on the Platform, or by contacting KERMAP by email:

• Send any request for information about the Privacy Policy and the processing of your Personal Data;
• Access information about the processing of Personal Data (category of data, purposes, etc.);
• Delete your User Account and/or Personal Data;
• Correct or update Personal Data that are inaccurate;
• To limit the processing operations of its Personal Data, in case of dispute of the accuracy of the Personal Data (limitation for a period of time allowing to verify the accuracy of the Personal Data), or the lawfulness of the processing (but that the Data Subject authorizes KERMAP to continue);
• Receive a copy of the Personal Data directly provided, in a structured, commonly used and terminal-readable format (portability); it being specified that any request for a copy beyond the first one may generate administrative processing costs that will be charged. The Data Subject is informed that data derived, calculated or inferred by KERMAP from the data provided is excluded from the right to portability, as it is not provided by the Data Subject, but created by KERMAP;
• Decide not to be subject to automated decision making: the right not to be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect or produce a similar significant effect;
• File a complaint with the Commission Nationale de l’Informatique et des Libertés, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, Tel: 01 53 73 22 22.

In the event of excessive requests from the Data Subject, particularly due to their repetitive nature, KERMAP reserves the right to refuse any request for access subsequent to a request for access to his/her Personal Data duly satisfied by KERMAP.

Requests must be sent in writing or by e-mail to the address below, signed and accompanied by a photocopy of an identity document bearing the holder’s signature. The request must specify the address to which the reply should be sent. KERMAP has a period of one (1) month to respond following receipt of the request. If necessary, this period may be extended by two (2) months, depending on the complexity and number of requests.

ARTICLE 8. Security

KERMAP attaches the utmost importance to the confidentiality of Users’ Personal Data and implements the technical and organizational security measures necessary to ensure their security, it being specified and accepted by the Persons Concerned that the Internet is not a completely secure environment and that KERMAP cannot guarantee the perfect security of the transmission or storage of Personal Data on this network.

Security measures for KERMAP’s operating and administrative environment: All Personal Data stored on KERMAP’s servers are protected by the following measures:

• Dedicated network and dedicated administration network;
• Access rights management;
• Password Policy and Password Lockout;
• Use of antivirus and intrusion detection protection;
• Firewall protecting each network zone;
• Limitation of the number of authorized requests to prevent abnormal or abusive use of the Platform;
• Automatic expiration of the session when using the Platform.

Security measures for the User’s environment: All Personal Data stored on KERMAP’s servers are protected by the following measures:

• Hosting of Personal Data in a datacenter in France;
• Secure user portal with SSL, SSH and HTTPS protocols;
• Cloud provider with numerous security certifications;
• Use of antivirus software;
• Access management;
• Protection of hosted sensitive files from malicious direct access;
• Limitation of the number of authorized requests to prevent abnormal or abusive use of the Platform;
• Verification of Users’ email addresses, in case of fraud or suspicious forms, access may be suspended manually;
• Automatic expiration of the session when using the Platform.

Article 9. Violation of Personal Data

In the event of a security breach resulting in a violation of Personal Data, KERMAP will inform the Data Subject of the nature of the breach and the likely consequences that may result from it.

KERMAP undertakes to implement corrective measures as soon as possible and to notify the CNIL of this violation, unless the violation in question is not likely to result in a risk to the rights and freedoms of individuals, in accordance with the provisions of the Applicable Regulations.

Article 10. Location and transfer of Personal Data

KERMAP hosts Personal Data in France.

If the processing and purposes described herein require the transfer of Personal Data outside the European Union, KERMAP will ensure that the Personal Data is effectively protected.

Thus, all transfers would be made to localized recipients:

• In countries that present, according to the criteria established by the European Commission, an adequate level of protection of Personal Data;
• In countries that do not offer adequate protection but to which the transfer is regulated by standard contractual clauses issued by the European Commission or by the adoption of binding corporate rules.

ARTICLE 11. Privacy

The Parties agree to keep confidential all information of any kind exchanged, collected or arising in the course of the establishment of a Commercial Offer and the execution of the TOS (hereinafter, the “Confidential Information”).

The Confidential Information includes, but is not limited to:

• That it disclosed them after obtaining prior written authorization from the other Party or that the disclosure was made by the other Party;
• That they were publicly available at the time of their disclosure by the other Party, or that they became publicly available after such disclosure through no fault of its own;
• That they have been received, in a lawful manner, from a third party subject to no obligation of confidentiality;
• That on the date of their communication by the other Party, it was already legitimately in possession of the latter;
• That their disclosure has been imposed by a mandatory legal or regulatory provision, a final court decision or an enforceable arbitration award. The Party subject to such an obligation to disclose shall immediately inform the other Party in advance and, where appropriate, request, or give the other Party the opportunity to request, the implementation of any confidentiality protection measures or procedures applicable in the case. In all cases, the Party required to disclose Confidential Information will use its best efforts to disclose only that portion of the Confidential Information that is strictly necessary to fulfill its obligations.

Consequently, during the term of the Subscription and for a period of ten (10) years after its termination, the Parties shall refrain, for any reason whatsoever, from communicating in any way, shape or form and for any purpose whatsoever, all or part of the Confidential Information.

The Parties undertake to ensure that all of its officers and employees to whom it discloses all or part of the Confidential Information comply with this obligation and to disclose the Confidential Information only to the persons referred to above who need to know it and who are subject to a confidentiality undertaking.

ARTICLE 12. Reversibility

During the period of validity of the User Account, the User can recover free of charge the usage and registration data generated during the use of the Services and the User Account, by notifying KERMAP of his intention via the User Account.

Such data will be returned “as is” in accordance with its contents at the date of the User’s request, and the return will be made by computer file transfer in a standard “flat” file within a maximum of thirty (30) days from the said written notification by the User.

The User declares and acknowledges that the reversibility service does not include any assistance from KERMAP in the migration to the solution of a third party provider.

In the absence of a written request received within thirty (30) days following the termination of the User Account for any reason whatsoever in accordance with the terms agreed above, the User agrees that KERMAP will proceed to the destruction of data generated by the use of the Services or continue to use them in an anonymized form.