Simplimmat - Privacy Policy

The French Road Safety Authority (DSR) undertakes to ensure that the processing of personal data from "SIMPLIMMAT" complies with the General Data Protection Regulation (GPDR) and the French Data Privacy Act (“Loi Informatique et Libertés”).

 

Data controller

The data controller for SIMPLIMMAT is the French Road Safety Authority (Direction de la Sécurité Routière or DSR).

 

Security and confidentiality of the App

The DSR undertakes to take all necessary precautions to protect the security of data collected from users, and in particular to prevent it from being distorted, damaged or accessed by unauthorised third parties.

 

As there is no technical alternative to using the Google service, data cannot be encrypted using the application. As a result, data collection and storage has been reduced to the technical identifier of the telephone only.

The Exodus scan detects the presence of trackers embedded in an Android application. A tracker may be indicated in a report, but the analysis does not detect whether that tracker is enabled.

 

As the FAQ on the exodus-privacy website indicates: "Our static detection method looks in applications for the presence of a defined list of trackers. If the signature of a tracker is detected in the analysis, its presence is indicated in the report. This is not a proof of activity of these trackers".

 

For the Simplimmat app, the Exodus scan brings up a tracker: Google Firebase Analytics. This tracker is not enabled in the App.

 

The Firebase cookies and trackers used are strictly those necessary for the App to function properly. They are not linked to other operations such as personalised advertising. In accordance with article 82 of the French Data Privacy Act  and article 5 of CNIL deliberation 2020-092 of 17 September 2020 , information on browsing and account logins may be collected without your consent. The DSR reserves the right to suspend access to the App if it believes that an event likely to affect its operation or integrity requires it to do so, or in the event of maintenance. This suspension may last as long as needed for the planned intervention. Where applicable, as soon as it is aware of the dates of scheduled interventions, the DSR undertakes to warn users as soon as possible on the home page of the App or by any other means at its convenience, and to reduce downtime during the day. However, the DSR cannot be held liable under any circumstances for this suspension and will not owe any compensation.

 

Purpose of SIMPLIMMAT processing

In accordance with Act 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended, and with the General Data Protection Regulation (GPDR), the Road Safety Officer (Déléguée à la sécurité routière), in their capacity as data controller, is using the Simplimmat app for the following purposes:

  1. To make it possible to electronically declare the sale of used vehicles between private individuals and report the change of registrant
  2. To provide users with a secure title
  3. To produce statistics on user transactions
  4. To enable geolocation to auto-complete the place of sale.

 

Legal basis for data processing

The legal basis of this processing is:

  • Article 6 e) of the GDPR for the first three purposes, as the Simplimmat app is necessary for the performance of a task carried out in the public interest
  • Article 6 a) of the GDPR for the last purpose insofar as users of the Simplimmat application have given consent to the collection of their geolocation data

 

 

Data collected

This app collects the following categories of data:

  • Data relating to users and civil status (surname, first name, postal address, date and place of birth, etc.)
  • Vehicle details (registration number, vehicle technical data, date, time and place of sale, registration certificate number, vehicle mileage, vehicle administrative status, vehicle roadworthiness test, etc.)
  • Contact details of potential buyers/sellers (telephone no., e-mail address, etc.)
  • The hardware and operating system identifiers used by the processing media
  • Functional logging
  • Transaction geolocation data

 

The personal data processed comes directly from users of the App and indirectly from the SIV to carry out consistency checks and retrieve all the information relating to the vehicle and its registrant, and from UTAC to check the validity of the vehicle's roadworthiness test enabling the digital procedure to be carried out.

 

The data is transmitted to the vehicle registration system (SIV) and can be viewed by authorised agents of the Ministry of the Interior and the French National Security Agency (ANTS) within the scope of their respective responsibilities and within the limits of what is strictly necessary.

 

Technical identifiers of mobile devices are used by Firebase (Google Service) and Netsize to facilitate real-time communication by sending push notifications to the user. There is no technical alternative to the service offered by Google. As data encryption was not possible, the data was limited to the bare minimum, i.e. only the technical identifier of the phone. Firebase does not store the phone's technical identifier. This data is only kept in the App for as long as the Simplimmat user account continues to exist. The data collected by the App concerning the vehicle may come from the manual entry of information on the vehicle registration certificate by the user. Data relating to the place of sale of the vehicle is collected by the App, either by geolocation or by manual entry of the place of sale by the seller. The client can choose between the two data collection methods. Geolocation is offered to users. Its activation requires prior consent and serves only to auto-populate the dedicated field, as geolocation data is not stored as such.

 

SOPRA processes the personal data required to carry out third-party application maintenance for the Simplimmat app. The purpose of the corrections carried out by SOPRA is to keep Simplimmat in operational condition. Access to this data is for special cases only, limited to resolving anomalies.

 

WorldLine is the host/operator of the Simplimmat app and may process personal data in the context of data extractions for transmission to the Third Party Application Maintenance team for analysis and correction. Access to this data is controlled by the validation required by ANTS beforehand. Access to this data is for special cases only, limited to resolving anomalies.

 

 

 

 

Data retention period

The identity and vehicle data collected during the declaration of purchase and sale are retained:

  • Until the user's account is deleted, if the transfer operation is not finalised
  • For five years if the operation is completed in accordance with the vehicle registration system (Système d'Immatriculation des Véhicules - SIV).

The technical identifiers of mobile devices are stored in the app for as long as the user account continues to exist.

 

Origin of the data

The personal data processed comes:

-          directly from users of the app

-          indirectly from the SIV to carry out consistency checks and retrieve all information relating to the vehicle and its registrant

-          indirectly from UTAC to check the validity of the vehicle's roadworthiness test, enabling the digital procedure to be carried out

-          the data collected by the App concerning the vehicle may come from the scan of the vehicle registration certificate by the user.

 

Data recipients

The personal data processed comes directly from users of the App and indirectly from the SIV to carry out consistency checks and retrieve all the information relating to the vehicle and its registrant, and from UTAC to check the validity of the vehicle's roadworthiness test enabling the digital procedure to be carried out.

 

The data is transmitted to the vehicle registration system (SIV) and can be viewed by authorised agents of the Ministry of the Interior and the French National Security Agency (ANTS) within the scope of their respective responsibilities and within the limits of what is strictly necessary.

 

Technical identifiers of mobile devices are used by Firebase (Google Service) and Netsize to facilitate real-time communication by sending push notifications to the user. There is no technical alternative to the service offered by Google. As data encryption was not possible, the data was limited to the bare minimum, i.e. only the technical identifier of the phone. Firebase does not store the phone's technical identifier. This data is only kept in the App for as long as the Simplimmat user account continues to exist. The data collected by the App concerning the vehicle may come from the manual entry of information on the vehicle registration certificate by the user. Data relating to the place of sale of the vehicle is collected by the App, either by geolocation or by manual entry of the place of sale by the seller. The client can choose between the two data collection methods. Geolocation is offered to users. Its activation requires prior consent and serves only to auto-populate the dedicated field, as geolocation data is not stored as such.

 

SOPRA processes the personal data required to carry out third-party application maintenance for the Simplimmat app. The purpose of the corrections carried out by SOPRA is to keep Simplimmat in operational condition. Access to this data is for special cases only, limited to resolving anomalies.

 

WorldLine is the host/operator of the Simplimmat app and may process personal data in the context of data extractions for transmission to the Third Party Application Maintenance team for analysis and correction. Access to this data is controlled by the validation required by ANTS beforehand. Access to this data is for special cases only, limited to resolving anomalies.

 

Exercising individual rights

To exercise their rights of access, rectification and restriction (Art.15, 16 and 18 of the GDPR), users must send their request accompanied by proof of identity.

  • By post to:

Délégation à la sécurité routière – Place Beauvau – 75800 PARIS Cedex 08, France

Attn: Le Délégué ministériel à la protection des données.

  •  Or by e-mail to:

The DSR's Data Protection Officer:  donnees-personnelles-dsr@interieur.gouv.fr

 

In accordance with article 21 of the GDPR, users have the right to object to the processing of data concerning them, giving reasons relating to their particular situation. Whether the referral is made by post or electronically, the right to object will be exercised in the same way. However, the data controller may turn down this objection if there are legitimate and compelling grounds for doing so.

In accordance with article 82 of the French Data Privacy Act, users are informed that the Simplimmat app collects technical identifiers stored on their mobile device in order to enable instant electronic communication facilitating transactions between potential buyers and sellers.

This processing is supervised by the Ministerial Data Protection Officer of the Ministry of the Interior (Délégué ministériel à la protection des données -Ministère de l’intérieur- Place Beauvau 75800 Paris Cedex 08). Users may also lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL 3, Place de Fontenoy-TSA 80715 - 75334 Paris Cedex 07)

Simplimmat - Privacy Policy


The French Road Safety Authority (DSR) undertakes to ensure that the processing of personal data from "SIMPLIMMAT" complies with the General Data Protection Regulation (GPDR) and the French Data Privacy Act (“Loi Informatique et Libertés”).

 

Data controller

The data controller for SIMPLIMMAT is the French Road Safety Authority (Direction de la Sécurité Routière or DSR).

 

Security and confidentiality of the App

The DSR undertakes to take all necessary precautions to protect the security of data collected from users, and in particular to prevent it from being distorted, damaged or accessed by unauthorised third parties.

 

As there is no technical alternative to using the Google service, data cannot be encrypted using the application. As a result, data collection and storage has been reduced to the technical identifier of the telephone only.

The Exodus scan detects the presence of trackers embedded in an Android application. A tracker may be indicated in a report, but the analysis does not detect whether that tracker is enabled.

 

As the FAQ on the exodus-privacy website indicates: "Our static detection method looks in applications for the presence of a defined list of trackers. If the signature of a tracker is detected in the analysis, its presence is indicated in the report. This is not a proof of activity of these trackers".

 

For the Simplimmat app, the Exodus scan brings up a tracker: Google Firebase Analytics. This tracker is not enabled in the App.

 

The Firebase cookies and trackers used are strictly those necessary for the App to function properly. They are not linked to other operations such as personalised advertising. In accordance with article 82 of the French Data Privacy Act  and article 5 of CNIL deliberation 2020-092 of 17 September 2020 , information on browsing and account logins may be collected without your consent. The DSR reserves the right to suspend access to the App if it believes that an event likely to affect its operation or integrity requires it to do so, or in the event of maintenance. This suspension may last as long as needed for the planned intervention. Where applicable, as soon as it is aware of the dates of scheduled interventions, the DSR undertakes to warn users as soon as possible on the home page of the App or by any other means at its convenience, and to reduce downtime during the day. However, the DSR cannot be held liable under any circumstances for this suspension and will not owe any compensation.

 

Purpose of SIMPLIMMAT processing

In accordance with Act 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended, and with the General Data Protection Regulation (GPDR), the Road Safety Officer (Déléguée à la sécurité routière), in their capacity as data controller, is using the Simplimmat app for the following purposes:

  1. To make it possible to electronically declare the sale of used vehicles between private individuals and report the change of registrant
  2. To provide users with a secure title
  3. To produce statistics on user transactions
  4. To enable geolocation to auto-complete the place of sale.

 

Legal basis for data processing

The legal basis of this processing is:

  • Article 6 e) of the GDPR for the first three purposes, as the Simplimmat app is necessary for the performance of a task carried out in the public interest
  • Article 6 a) of the GDPR for the last purpose insofar as users of the Simplimmat application have given consent to the collection of their geolocation data

 

 

Data collected

This app collects the following categories of data:

  • Data relating to users and civil status (surname, first name, postal address, date and place of birth, etc.)
  • Vehicle details (registration number, vehicle technical data, date, time and place of sale, registration certificate number, vehicle mileage, vehicle administrative status, vehicle roadworthiness test, etc.)
  • Contact details of potential buyers/sellers (telephone no., e-mail address, etc.)
  • The hardware and operating system identifiers used by the processing media
  • Functional logging
  • Transaction geolocation data

 

The personal data processed comes directly from users of the App and indirectly from the SIV to carry out consistency checks and retrieve all the information relating to the vehicle and its registrant, and from UTAC to check the validity of the vehicle's roadworthiness test enabling the digital procedure to be carried out.

 

The data is transmitted to the vehicle registration system (SIV) and can be viewed by authorised agents of the Ministry of the Interior and the French National Security Agency (ANTS) within the scope of their respective responsibilities and within the limits of what is strictly necessary.

 

Technical identifiers of mobile devices are used by Firebase (Google Service) and Netsize to facilitate real-time communication by sending push notifications to the user. There is no technical alternative to the service offered by Google. As data encryption was not possible, the data was limited to the bare minimum, i.e. only the technical identifier of the phone. Firebase does not store the phone's technical identifier. This data is only kept in the App for as long as the Simplimmat user account continues to exist. The data collected by the App concerning the vehicle may come from the manual entry of information on the vehicle registration certificate by the user. Data relating to the place of sale of the vehicle is collected by the App, either by geolocation or by manual entry of the place of sale by the seller. The client can choose between the two data collection methods. Geolocation is offered to users. Its activation requires prior consent and serves only to auto-populate the dedicated field, as geolocation data is not stored as such.

 

SOPRA processes the personal data required to carry out third-party application maintenance for the Simplimmat app. The purpose of the corrections carried out by SOPRA is to keep Simplimmat in operational condition. Access to this data is for special cases only, limited to resolving anomalies.

 

WorldLine is the host/operator of the Simplimmat app and may process personal data in the context of data extractions for transmission to the Third Party Application Maintenance team for analysis and correction. Access to this data is controlled by the validation required by ANTS beforehand. Access to this data is for special cases only, limited to resolving anomalies.

 

 

 

 

Data retention period

The identity and vehicle data collected during the declaration of purchase and sale are retained:

  • Until the user's account is deleted, if the transfer operation is not finalised
  • For five years if the operation is completed in accordance with the vehicle registration system (Système d'Immatriculation des Véhicules - SIV).

The technical identifiers of mobile devices are stored in the app for as long as the user account continues to exist.

 

Origin of the data

The personal data processed comes:

-          directly from users of the app

-          indirectly from the SIV to carry out consistency checks and retrieve all information relating to the vehicle and its registrant

-          indirectly from UTAC to check the validity of the vehicle's roadworthiness test, enabling the digital procedure to be carried out

-          the data collected by the App concerning the vehicle may come from the scan of the vehicle registration certificate by the user.

 

Data recipients

The personal data processed comes directly from users of the App and indirectly from the SIV to carry out consistency checks and retrieve all the information relating to the vehicle and its registrant, and from UTAC to check the validity of the vehicle's roadworthiness test enabling the digital procedure to be carried out.

 

The data is transmitted to the vehicle registration system (SIV) and can be viewed by authorised agents of the Ministry of the Interior and the French National Security Agency (ANTS) within the scope of their respective responsibilities and within the limits of what is strictly necessary.

 

Technical identifiers of mobile devices are used by Firebase (Google Service) and Netsize to facilitate real-time communication by sending push notifications to the user. There is no technical alternative to the service offered by Google. As data encryption was not possible, the data was limited to the bare minimum, i.e. only the technical identifier of the phone. Firebase does not store the phone's technical identifier. This data is only kept in the App for as long as the Simplimmat user account continues to exist. The data collected by the App concerning the vehicle may come from the manual entry of information on the vehicle registration certificate by the user. Data relating to the place of sale of the vehicle is collected by the App, either by geolocation or by manual entry of the place of sale by the seller. The client can choose between the two data collection methods. Geolocation is offered to users. Its activation requires prior consent and serves only to auto-populate the dedicated field, as geolocation data is not stored as such.

 

SOPRA processes the personal data required to carry out third-party application maintenance for the Simplimmat app. The purpose of the corrections carried out by SOPRA is to keep Simplimmat in operational condition. Access to this data is for special cases only, limited to resolving anomalies.

 

WorldLine is the host/operator of the Simplimmat app and may process personal data in the context of data extractions for transmission to the Third Party Application Maintenance team for analysis and correction. Access to this data is controlled by the validation required by ANTS beforehand. Access to this data is for special cases only, limited to resolving anomalies.

 

Exercising individual rights

To exercise their rights of access, rectification and restriction (Art.15, 16 and 18 of the GDPR), users must send their request accompanied by proof of identity.

  • By post to:

Délégation à la sécurité routière – Place Beauvau – 75800 PARIS Cedex 08, France

Attn: Le Délégué ministériel à la protection des données.

  •  Or by e-mail to:

The DSR's Data Protection Officer:  donnees-personnelles-dsr@interieur.gouv.fr

 

In accordance with article 21 of the GDPR, users have the right to object to the processing of data concerning them, giving reasons relating to their particular situation. Whether the referral is made by post or electronically, the right to object will be exercised in the same way. However, the data controller may turn down this objection if there are legitimate and compelling grounds for doing so.

In accordance with article 82 of the French Data Privacy Act, users are informed that the Simplimmat app collects technical identifiers stored on their mobile device in order to enable instant electronic communication facilitating transactions between potential buyers and sellers.

This processing is supervised by the Ministerial Data Protection Officer of the Ministry of the Interior (Délégué ministériel à la protection des données -Ministère de l’intérieur- Place Beauvau 75800 Paris Cedex 08). Users may also lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL 3, Place de Fontenoy-TSA 80715 - 75334 Paris Cedex 07)