Privacy Policy

.

Nimbo website and Nimbo Earth Online

Last updated: October 2025

To learn about the privacy policy of the service available at maps.nimbo.earth, please refer to the Nimbo Earth Online and stream Privacy Policy.

Nimbo website (nimbo.earth)

The nimbo.earth website and its sub-domains agri.nimbo.earth and api-demo.nimbo.earth sites (‘The Sites’) are designed in accordance with French and European regulations on the protection of personal data, in particular the general (EU) data protection regulations of April 27, 2016 (“RGPD”) and the Data Protection Act of January 6, 1978 modified (“LIL”).

Forms

Information collected through forms are recorded by Kermap into a computerized file. The collection purposes are as follows:

Contact form: contact management and follow-up of incoming requests, based on Kermap’s legitimate interest. Such personal data are processed exclusively by Kermap and are not disclosed to any third parties. This data is stored for a period of 13 months.

Newsletter sign up form: management of sign up in a database to send the Nimbo newsletter to contacts, based on Kermap’s legitimate interest. Data collected through these forms are processed exclusively by Kermap and are not disclosed to any third parties. This data is stored for a period of 13 months

You may access your personal data and ask for their correction, deletion or limitation of data processing by reaching out to the Kermap:

Kermap DPO
Email: dpo@kermap.com
Phone: +33 (0)2 30 96 07 66
Address: 1137a avenue des Champs Blancs 35510 Cesson-Sévigné

Cookies

During your visits to the Sites, cookies and similar tracking technologies may be installed automatically on your device (computer, smartphone, tablet).

Cookies do not identify you personally but record information about your browsing activity. You may manage or disable cookies at any time through your browser settings or via the consent banner displayed on the Sites. However, deactivating certain cookies may affect the display or operation of some features.

Cookies used on the Sites include:

  • Technical cookies: necessary for the use and security of the Sites. These cookies enable essential functionality (session management, display, language preferences). They cannot be refused, as they are required for the Sites to operate properly.
  • Analytics and usage cookies: used to measure the audience and analyze use of the Sites in order to improve user experience, optimize performance and evaluate the effectiveness of content and features. These cookies are implemented in compliance with applicable privacy regulations. The data collected are processed solely by KERMAP and are not shared with third parties for their own purposes.

Users can manage their consent preferences for non-essential cookies via the cookie banner. Data collected through these tools are stored only for the time necessary to fulfill their purpose and are processed in accordance with the GDPR and the French Data Protection Act.

Nimbo Earth online and stream privacy policy

KERMAP publishes and operates the Nimbo Earth Online platform (“the Platform”), which enables users to view and analyze satellite imagery of the Earth through a smooth, chronological interface.

This Privacy Policy describes how KERMAP collects, processes, and protects personal data when Users access the Platform and its Services.

By creating a User Account and checking the box “I acknowledge that I have read these Terms and the Privacy Policy and accept them without reservation,” the User confirms full acceptance of this Policy.

1. Definitions

For the purposes of this Privacy Policy:

  • “KERMAP” means KERMAP SAS, a simplified joint stock company with a single shareholder and capital of €30,000, registered with the Rennes Trade and Companies Register under number 832 361 471, headquartered at 1137 A avenue des Champs Blancs, 35510 Cesson-Sévigné (France).
  • “Platform” means the software solution published and developed by KERMAP, accessible in SaaS mode at maps.nimbo.earth.
  • “Services” means the features and data made available to Users through the Platform.
  • “User” or “Customer” refers to any natural or legal person who accesses the Platform and/or subscribes to a Service.
  • “User Account” means the personal account created by a User to access the Platform.
  • “Personal Data” means any information relating to an identified or identifiable natural person as defined by the GDPR.
  • “Terminal” means any device allowing access to the Internet or mobile network (computer, smartphone, tablet, etc.).
  • “Applicable Regulations” refers to the General Data Protection Regulation (EU) 2016/679 (GDPR), the French Data Protection Act (Law 78-17 of 6 January 1978), and any subsequent amendments or local transpositions.

2. Scope

This Privacy Policy applies to the processing of Personal Data carried out by KERMAP in connection with the use of the Platform and the Services.

It does not apply to third-party websites or services accessible through external links. Users are encouraged to consult the privacy policies of those third-party sites.

Because technology and regulations evolve, KERMAP may modify this Policy at any time. The updated version is always available on the Platform.

3. Categories of Data Collected

KERMAP collects the following categories of data:

  • Identification and contact details: last name, first name, professional email address.
  • User Account information: login credentials, subscription details, usage settings.
  • Usage and navigation data: IP address, connection dates, browser type and version, operating system, language, session duration, pages or tiles viewed, actions performed.
  • Cookies and tracers data: stored as described in Article 4.

The provision of certain data is mandatory to create a User Account and access the Services. Without this data, KERMAP may be unable to provide access to the Platform.

4. Cookies and Tracers

The Platform uses cookies and other tracking technologies to ensure secure operation, remember preferences, and measure usage for performance optimization.

4.1. Nature and purpose of cookies

  • Technical cookies: necessary for the operation and security of the Platform. They enable authentication, language selection, and display optimization. These cannot be disabled as they are essential to the Platform’s functioning.
  • Analytics and usage cookies: used for audience measurement, navigation statistics, and service improvement. They help KERMAP detect technical issues, enhance performance, and understand how Users interact with the Platform.

4.2. Analytics tools and data processing

KERMAP uses audience measurement and usage-analysis tools operated exclusively by KERMAP. These tools are configured to comply with CNIL guidelines and the GDPR.

Collected data (e.g. page views, session duration, interaction events) are aggregated and pseudonymized. They are not shared with any third parties for their own purposes.

5. Purposes and Legal Basis of Processing

KERMAP processes Personal Data solely for the following purposes (“Purposes”):

(a) Performance of the contract and service operation

  • Creation, management and authentication of User Accounts.
  • Provision of access to the Platform and subscribed Services.
  • Operation, maintenance and technical improvement of the Platform.
  • Notifications regarding updates or modifications to the Services or GTU.

Legal basis: Performance of a contract; legitimate interest (ensuring security and proper functioning).

(b) Customer relations and support

  • Responding to support requests or contact messages.
  • Managing customer relations, satisfaction surveys, and feedback.
  • Processing billing and subscription management (via Paddle, acting as Merchant of Record).

Legal basis: Performance of a contract; legitimate interest (customer service and relationship management).

(c) Improving the user experience, statistics and analytics

  • Monitoring platform usage to enhance features and user interfaces.
  • Performing statistical analyses of anonymized usage data.
  • Evaluating overall performance, responsiveness and adoption of new services.

Processing for these purposes is performed exclusively by KERMAP. Data are anonymized or pseudonymized and never shared with or sold to third parties.

Legal basis: Legitimate interest (service improvement and performance monitoring) and, where required, user consent for cookie installation.

(d) Compliance and legal obligations

  • Prevention of fraud and misuse.
  • Responding to lawful requests from competent authorities.

Legal basis: Legal obligation; legitimate interest.

6. Recipients of the Data

Access to Personal Data is strictly limited to:

  • Authorized KERMAP personnel involved in platform operation, support, marketing, and administration;
  • Subcontractors performing technical services (hosting, payment management via Paddle, analytics, maintenance) bound by written confidentiality and data-processing agreements;
  • Public or judicial authorities when required by law;
  • Potential acquirers or assignees of KERMAP in the event of a merger or transfer of activity, under confidentiality guarantees.

No Personal Data are sold, rented, or made available to third parties for independent use.

7. Retention Period

Personal Data are retained for the period strictly necessary for the purposes pursued:

  • Active account data: for the duration of the User Account and Service subscription.
  • Inactive account data: for up to three (3) years following the last contact initiated by the User.
  • Legal or regulatory retention: for the applicable statutory limitation periods.
  • Cookies and tracers: for the duration specified in the consent interface or until withdrawn by the User.

After these periods, data are deleted or irreversibly anonymized.

8. Data Subject Rights

In accordance with Articles 15 to 22 of the GDPR, Users may exercise the following rights at any time:

  • Right of access to their Personal Data;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”);
  • Right to restriction of processing in certain cases;
  • Right to portability of data provided directly by the User;
  • Right to object to processing based on legitimate interest;
  • Right to withdraw consent for cookie-based or optional analytics processing;
  • Right not to be subject to automated decision-making producing legal or significant effects.

Requests should be addressed to:

KERMAP DPO
hello@kermap.com
1137A avenue des Champs Blancs, 35510 Cesson-Sévigné, France

KERMAP will respond within one (1) month of receipt. This period may be extended by two (2) months in complex cases, with notice to the requester.

If a User believes their rights are not respected, they may lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés), 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.

9. Security of Personal Data

KERMAP implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of Personal Data, including:

  • Hosting in a secure datacenter located in France;
  • SSL/TLS encryption for all connections;
  • Strict access-rights management and password policy;
  • Firewalls and intrusion-detection systems;
  • Anti-virus protection and continuous monitoring;
  • Automatic session expiration and rate-limiting to prevent misuse.

Despite these precautions, Users acknowledge that the Internet is not a perfectly secure environment and that KERMAP cannot guarantee absolute protection against unauthorized access.

10. Personal Data Breach Notification

In the event of a breach of security likely to result in a risk to the rights and freedoms of individuals, KERMAP undertakes to:

  • Notify the CNIL within the legal timeframe; and
  • Inform the affected Users as soon as possible, specifying the nature of the breach, possible consequences, and measures taken.

11. Data Location and Transfers

All Personal Data are hosted in France.

If transfers outside the European Union become necessary (for example, through a subcontractor), KERMAP ensures that such transfers comply with the GDPR by:

  • Sending data only to countries recognized by the European Commission as providing an adequate level of protection; or
  • Using Standard Contractual Clauses or other recognized safeguards.

12. Confidentiality

The Parties undertake to maintain strict confidentiality regarding all information and data exchanged in connection with the use of the Platform and execution of the Services.

Confidential Information may only be disclosed:

  • With the prior written consent of the other Party;
  • When it has become public through no fault of the receiving Party;
  • When disclosure is required by law or an enforceable court order, in which case the disclosing Party shall inform the other Party in advance where possible.

This obligation of confidentiality remains in force for ten (10) years after the end of the contractual relationship.

13. Reversibility and Data Recovery

During the validity of a User Account, the User may request to recover data generated during the use of the Services.

KERMAP will provide the data “as is” in a standard digital format within thirty (30) days of the request.

After account termination, KERMAP deletes or anonymizes data within thirty (30) days, unless legal obligations require longer retention.

Contact:
For any question regarding this Privacy Policy or data protection practices, please contact hello@kermap.com.