Processing manager
Kwit
SAS with share capital of €50,010
31 Rue du Fossé des Treize
67000 STRASBOURG
N° RCS Strasbourg 819 528 597
Phone: (+33) 637 868 460
E-Mail : hello@kwit.app
DPO
Maitre Apolline SCHMITT : dpo@kwit.app
Person concerned
Any user of the Kwit application or website
Purposes for which data is processed, legal basis for processing, data collected, and retention period.
The data of users of the Kwit application or website that may be subject to personal data processing includes all data directly entered by users (direct collection) and the indirectly collected data specified in the table below.
The button "Invite" friends to recommend Kwit opens user-sharing applications without transferring any data to Kwit.
Purposes
Purpose | Legal basis | Data collected indirectly | Data retention period | Comments |
Create an account and authenticate on the application by e-mail or via an SSO platform (Apple, Google, Facebook) to use the application securely | Kwit's legitimate interest in securing the use of the application | • Account creation date
• Dates and times of connection and/or sessions
• Technical information about phone and computer system
• Regional Settings | Data is kept for the duration of account use and up to 36 months from the last session (excluding regional settings, which are retained only for the time of the session). | |
Ensure that the Kwit user is over 15 years of age | Legitimate interest | • Year of birth | Data is stored for a maximum of 36 months from the last session. | |
Use the Kwit application to enable the user to combat his or her cravings to smoke and participate in the cessation of smoking/nicotine:
- Build a user profile and personalize the application experience
- Self-assessment of smoking/nicotine cessation criteria
- Track progress and program data
- Unlock your goal | • Data entered by the user (in particular when creating a user profile)
• UUID
• History of data entered by the user
• Date and time of sessions | Data is deleted when users withdraw their consent or, if not, for the duration of the account and up to 36 months from the last session. | Data processing for this purpose is only carried out locally on the phone. | |
To enable us to respond to any "contact" requests via website forms | Legitimate interest in responding to any request | • E-mail
• Messages exchanged | Data is kept for the duration of exchanges and in intermediate archives for a maximum of 5 years for evidentiary purposes. | |
Manage paid subscriptions to Kwit (excluding subscriptions taken out via the AppStore and Google PlayStore) | Contract execution | • Subscription data (Last name, First name, Address, Mail, Subscription chosen)
• Payment cookies
• Authentication cookies | Data is kept for the duration of the subscription and, in intermediate archives, for up to 5 years, except for financial data, which is held for 10 years. | |
Provide technical support for the application and produce statistics on the application's functionality on the various software packages | Legitimate interest for Kwit to respond to all technical support requests | • UUID
• Phone technical information (including model)
• Operating system technical information (including version and regional settings)
• Application technical information
• Date and time of connection | Data is kept for the duration of the technical support and, in intermediate archives, for up to 5 years for evidentiary purposes. | |
Ensure the security and stability of the application | Legitimate interest of Kwit in ensuring the security and stability of the application | • UUID
• Phone technical information (including model)
• Operating system technical information (including version and regional settings)
• Application technical information
• Connection date and time
• Technical information about the bug (stack trace) | Data deleted after a maximum period of 3 months. | |
Compile statistics on user typologies and behaviors to improve the effectiveness of smoking cessation assistance, and conduct anonymous scientific studies (data are aggregated and anonymized) | Kwit's legitimate interest in improving the effectiveness of its smoking cessation aid | • Usage data excluding data directly identifying the user | Data is anonymous. | |
Compile statistics on visits to Kwit websites | • Anonymized usage data | Data is kept for a maximum of 13 months. | ||
Send offers | • UUID
• E-Mail
• Quit date
• Gender
• Year of birth
• Username
• Last session
• Regional parameters | Data is kept for a maximum of 3 years since the last contact. | ||
Ensure compliance with the RGPD and, in particular:
- Delete account inactive for more than 36 months
- Respond to any request to exercise rights | Legal obligation | • UUID
• Login and/or session dates
• Identification (only in case of doubt as to the identity of the person making the request) | Data is kept for the duration of the response provided and in intermediate archives for up to 5 years for evidentiary purposes (except for identification documents - immediate deletion after presentation). | |
Collect user feedback on the application's functionalities to improve it, and in particular :
- Provide feedback on the various stages of the quit smoking/nicotine program | • UUID
• The date and time article was read
• The date and time the review is left | Data is deleted when users withdraw their consent or, if not, for the duration of the account and up to 36 months from the last session. | ||
Participate in the user community and enable peer assistance | • UUID
• Messages (anonymized when leaving Kwit if the Kwitter does not delete them)
• The date and time of the message
| Data is deleted when users withdraw their consent or, if not, for the duration of the account and up to 36 months from the last session. | ||
Contact Kwit experts for specific advice | Kwit's legitimate interest in responding to any request made to a Kwit expert | • UUID
• The date and time of the message | Data is kept for the duration of the account and up to 36 months from the last session | |
Share data with the healthcare professional of the user's choice | Data is deleted after a maximum of 48 hours, and the access link is not indexed. | |||
Obtain feedback on the application, new features or partnerships envisaged | • Data entered by the user
• Satisfaction feedback date | Data will be kept for a maximum of 12 months from the date of completion of the questionnaire. | ||
Respond to any contact requests sent via "A problem, contact us" or "Suggest a feature" | Legitimate interest of the Data controller in responding to any requests made | • UUID | Data is kept for the duration of the response and in intermediate archives for a maximum of 5 years from the last contact for evidentiary purposes. | |
Inform users of legal updates | Legal obligation | • E-Mail | Data is kept for the duration of the response and in intermediate archives for a maximum of 5 years from the last contact for evidentiary purposes. | |
Track website traffic | • Analytic and performance cookie | Data is stored for a maximum of 13 months. | ||
Processing claims for reimbursement | Kwit's legitimate interest in fighting fraud | • Account age
• Optional UUID of the user account in the application that carried out the purchase transaction in the application
- Value indicating :
- the extent to which the customer has consumed the integrated purchase.
- whether the user has consented to provide consumption data.
- whether the application has successfully completed an in-app purchase that is functioning correctly
- the total amount, in USD, of in-app purchases made by the customer on all platforms.
- the total amount, in USD, of refunds the customer has received, in the application, on all platforms.
- the platform on which the customer consumed the integrated purchase
- how long the customer has been using the application.
• Customer account status | Data is kept for the duration of the account and up to 36 months from the last session |
Mandatory or optional nature of answers
Mandatory answers
When an answer is mandatory, the button allowing you to move on to the next screen is grey, and it is impossible to continue without providing an answer. This allows the data controller to process the request.
Optional answers
When an answer is optional, the button for moving on to the next screen is non-gray. It is possible to continue without providing an answer.
Data source
Data sources are as follows:
- Data entered directly by the user of the mobile application or website (direct collection);
- Technical data generated during use of the application (indirect collection);
- Algorithmic data generated from data entered by the mobile application user (indirect collection).
Children's privacy
Kwit services are designed for people aged 15 and over. Children under the age of majority in their country of residence must at least remain under the supervision and consent of their legal representatives. Otherwise, please do not attempt to use the Kwit platform or services.
If you believe that Kwit may have processed information from minors, please report this immediately to hello@kwit.app so that Kwit can remove it.
Recipients
Internally: data is transferred only to departments authorized to process it for the purposes for which it is to be used, i.e. :
- General Management
- Support department
- Technical department
- Administrative department
- Design department
Externally: data may be transferred, depending on the purpose and only after Kwit has ensured compliance with legal requirements, to the following persons:
- technical subcontractors (data hosts, payment services, dispatch services)
- authorized authorities (tax authorities, judicial authorities, etc.)
- financial subcontractors (accountants)
- legal subcontractors (lawyers, consultants, etc.)
Transfers outside the EU
Some data may be processed outside the European Union and transferred to the USA. The USA benefits from an adequacy decision. In addition, Kwit ensures that the recipient complies with the EU-US Data Privacy Framework regulation following the European Commission's decision of July 10, 2023.
Security
As the protection of information is paramount for Kwit, Kwit requires an adequate and sufficient level of security according to the criteria of the RGPD for the storage and processing of its users' data.
Rights of the data subject
Any user of the application or website has the following rights, subject to proof of compliance with legal requirements:
- Right of access to his/her data (article 15 RGPD)
- Right to rectification of data (article 16 RGPD)
- Right to erasure of data (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (article 20 RGPD)
- Right to object (Article 21 GDPR)
- Right to define directives concerning the fate of one's data after one's death
For further information, the data subject is invited to consult the CNIL's explanations of these various rights, accessible at the following link: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles.
Kwit does not engage in data profiling.
Exercising your rights
Any person concerned may exercise his or her rights by sending a letter to DPO Kwit- Maitre Apolline SCHMITT 52 Avenue des Vosges Ă 67000 STRASBOURG or by e-mail to : dpo@kwit.app.
In the event of reasonable doubt(s) as to the identity of the person concerned, the latter is hereby informed that Kwit may ask for proof of identity in order to ensure the exact identity of the person making any request and to avoid the communication of data to an illegitimate third party.
Kwit also reserves the right not to respond favorably to any request in the following cases:
- if the user is unable to prove his or her identity
- If the request prevents Kwit from complying with its regulatory obligations
- If the request involves excessive costs or effort.
Right to lodge a complaint with the CNIL
If, after contacting Kwit, the person concerned considers that his or her rights have not been respected, he or she may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or on its dedicated online form.
Modification of this RGPD information
This RGPD information may be modified at any time in particular due to legislative or case law developments. Any modification will come into force immediately after its publication.
Questions?
If you have any questions about this RGPD information, Kwit will be happy to answer any queries at hello@kwit.app.
Withdrawal of consent
Users are informed that they may withdraw their consent at any time for any processing based on their consent.
To this end, a dedicated section in the application and on the website allows users to modify their choices regarding data processing subject to their consent.
A link is also present in every e-mail sent to enable unsubscribing from offers and the newsletter anytime.
Data entered by the user
The data entered may change as the application and platforms evolve.
UUID (Unique User IDentifier)
A UUID (Unique User IDentifier) can be described as a universal unique identifier.
Each Kwit user is assigned a UUID to ensure that he or she is uniquely recognized by the application. So, even if two people had the same pseudonym, the application could differentiate between them thanks to their respective UUIDs.
A UUID in the application is unique to you, and no one else shares this number. Every time you use the app, this number makes it possible to know who you are, track your actions, and provide your personal information and preferences without mixing them with anyone else's.