HomeConfidentiality and data protection

Confidentiality and data protection

This Privacy Policy is addressed to you, the users of the Loly platform (hereinafter « the Platform ») and is intended to inform you about the way in which we may collect and use your personal data.

Respecting your privacy and protecting your personal data is a priority for us, which is why we are committed to processing it in strict compliance with the French Data Protection Act of January 6, 1978 (hereinafter « IEL Act ») as amended and the General Data Protection Regulation (EU) of April 27, 2016 (hereinafter « GDPR »).

  1. Who are we and how do we use your data?
    The Loly Platform (hereinafter « Loly ») will have the status of Data Controller for the use of your personal data in order to:

    Allow you to access all the services offered by the Platform and in particular:
    1. Make the Platform available to you; 
    2. Recommend Creators/Users to you according to your preferences and transfer messages sent by Creators via the Platform to you; 
    3. Moderate the content and messages you encounter on the Platform;
    4. Ensure the cybersecurity of the computer systems on which your data is hosted;
    5. Delete and archive your data when necessary;
    6. Continuous Improvement of the Platform;
    7. Manage the cookies we use to ensure the proper functioning of the Platform;
    8. Assist you in the process of validating your account and accompany you in your use of the Platform.

  2. Allow you to use our payment services and in particular;
    1. Provide our Users with payment methods for the purchase of Content;
    2. Provide our Creators and Ambassadors with means to remit their income to their bank accounts;
    3. Establish our internal accounting and comply with tax requirements;

  1. Allow us to highlight our Platform and in particular;
    1. Offer you promotional codes, support or useful resources;
    2. Communicate on our social networks;
    3. Respond to the opinions you leave about us on various sites;

  2. Allow us to resolve any dispute and respond to the requests of the authorities;
    1. Manage possible legal disputes;
    2. Manage your requests for the exercise of rights (GDPR);
    3. Respond to requests from judicial and administrative authorities;
    4. Fight against leaks of Content from the Platform on the web;
1.For your good understanding: A controller is, within the meaning of the Data Protection Act and the GDPR, the person who determines the means and purposes of the processing, i.e. who determines why and how your personal data is used. When two or more controllers jointly determine the purposes and means of processing, they are the joint controllers (or co-controllers). The processor is a person who processes personal data on behalf of the controller, he acts under the authority of the controller and on the instructions of the controller.
  1. Definitions
    1. « Content »: means any element published by a User on the Platform, whether it is a Media published by a Creator, a message (in particular via messaging) or content of any kind (text, image, video, sound, multimedia) published by a User.
    2. « Data »: means the Personal Data that is used as part of this Privacy Policy.
    3. « Personal Data »: means personal data as defined in Article 4 (1) of the GDPR, i.e. any information that identifies a person.
    4. « General Data Protection Regulation » or « GDPR »: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
    5. « Controller »: the natural or legal person, public authority, department or other body that, alone or jointly with others, determines the purposes and means of processing, in accordance with Article 4 (7) of the GDPR.
    6. « Subcontractor »: means the natural or legal person, public authority, department or other body that processes Personal Data on our behalf and according to our instructions, in accordance with Article 4 (8) of the GDPR.
    7. « User »: refers to any person browsing the https://Loly.fans/ Platform, whether User, Creator, Ambassador or simple Internet user.
    8. « Use/Use »: means any operation usually designated as a « processing » of data, within the meaning of Article 4 (2) of the GDPR. 
  1. Terms with a capital letter in this privacy policy, which would not be defined above, will have the meaning given to them in our General Terms and Conditions of Use.
  2. Why and in what capacity do we use your data? We only collect the Data necessary for the purposes described below:
1.For your understanding: The purpose of the processing of your personal data corresponds to the reason why we process your data, to the purpose we pursue by using it. It is our responsibility to explain this to you and to show you why the objective we are pursuing is legitimate. The legitimacy of the use of your personal data corresponds to the legal basis, i.e. what authorizes us to collect and use the data. These legal bases are exhaustively listed by the GDPR.
1.Main purpose1.Detail1.Legal basis
1.Make the Platform available to UsersRegister Users Host Content on the Platform Transmit the messages sent by the Creators via the Platform Check the age of Subscribers and certify Creators Connect Subscribers with Creators and Creators with Ambassadors Respond to Users’ questions and requests Send you the documents and information necessary for the use of our services (for example as part of Creator Certification) by e-mail, SMS1.The execution of our contracts (CGU/CGS/CGP depending on whether you are a Subscriber, Creator or Ambassador)
1.Moderate Content on the PlatformRespond to Users’ reports Ensure the removal of Illegal Content from the Platform Prevent the sharing of contact information on the Platform1.Our legal obligation to respond to notifications of illegal content made on the Platform (Article 6 LCEN, DSA). Our legitimate interest. The execution of our contracts (CGU/CGS)
1.Ensure the cybersecurity of our IT servicesImplement security devices to ensure the proper functioning of the information system (applicable and network) Test the termination of the information system in the face of cyber threats1.Our legal obligation to implement the technical and organizational security means necessary to ensure the security of your data (Article 32 GDPR)
1.Delete and archive dataComply with our data archiving and purging obligations.1.Our legal obligation to delete your data when it is no longer relevant to keep it (Article 5 GDPR)
1.Improve the Platform continuouslyEnsure the proper functioning of the Platform Improve the Platform through interview campaigns with Users1.Our legitimate interest in guaranteeing the best level of operation and quality of the Platform thanks in particular to visit statistics. Your consent, when required.
1.Manage cookiesAllow Users to share content on social networks Measures technical performance or ergonomics Measure the affluence Offer personalized ads1.Our legitimate interest in guaranteeing the best level of operation and quality of the Platform thanks in particular to visit statistics. Your consent
1.Manage payment services for SubscribersAllow payment for subscriptions and Content on the Platform Fight against fraud1.The execution of the GTC
1.Pay the winnings to Creators and AmbassadorsTransfer income to personal accounts Track the financial performance of an account Confide the funds for the time of validation of the corresponding transactions1.The execution of the CGS
1.Establish our internal accountingKeep the company’s general accounting Establish our tax returns.1.Our legal obligation to keep accounting and tax documents (Article L123-22 of the Commercial Code and Article 1649 ter A of the CGI)
1.Highlight our platformSend you by e-mail, SMS or any other means of communication, in accordance with applicable legal provisions, marketing, advertising and promotional messages, or suggest and advise you goods or services that may be of interest to you. Promote the Platform’s brand image on social networks (advertising campaigns etc…) Contact you on our networks1.Our legitimate interest in highlighting the Creators present on the Platform and recruiting new Users
1.Respond to the opinions you leave us on various sitesProvide a personalized response to online reviews1.Our legitimate interest in providing solutions to Users
1.Manage possible legal disputesPrepare, exercise and follow a legal remedy1.Our legitimate interest in defending our interests in court
1.Manage your requests for the exercise of rightsQualify claims as a right Investigate following the request for rights Carry out the relevant technical operations1.Our legal obligation arising from Articles 15 et seq. of the GDPR and Articles 48 et seq. of the Data Protection Act
1.Manage authority requests and controlsFollow and respond to the requests of the competent authorities (police, independent administrative authority etc…)1.Our obligations under the various applicable regulations (GDPR, Consumer Code, General Tax Code)
1.Fight against leaks of Platform Content on the webProcess your requests when a Content leak is detected Fight against websites hosting this content Sanction Users responsible for acts of infringement of the Content.1.Our legitimate interest in the protection of exclusive Content hosted on the Platform. The execution of the GTC
1.Send you emailsSending e-mailings and other alerts to Users who have requested them1.Our legitimate interest in our Users being accompanied in their experience on the Platform.
  1. What information do we collect and for how long?
    To provide you with the services of the Platform, we collect some of your personal data. At Loly, we are committed to the principle of limiting the use of your data and therefore believe that respect for your privacy requires the collection of only the necessary data. In addition, we undertake to ensure that the data collected is kept in a form that allows your identification for a period that does not exceed the time necessary for the purposes for which this data is collected and processed. Here are the details of the categories of personal data we may use: 
1.Purpose1.Data processed1.Shelf life
1.Make the Platform available to Users1.For our Creators and Ambassadors: Identification data: last name, first name(s), address, telephone number, email addresses, pseudonym, date of birth, data indicated in the biography, connection token.1.Your surnames, first names, date of birth, email address and telephone number are kept for a period of 5 years from the deletion of your account. Your nickname, biography and connection token are kept for a period of 1 year from the deletion of your account.
1.Creator’s Media1.The Media in your Feed is deleted immediately after the deletion of your account. Push and Private Media (on the order of a Subscriber) remain available on his account until it is deleted.
1.Identity document and face photograph1.This data is kept in an active database for 1 year from the deletion of your active database account. They are kept for an additional 5 years in intermediate archiving.
1.Connection data: connection logs1.This data is deleted 12 months after its collection.
1.For our Subscribers: Identification data: surname, first name(s), address, telephone number, email addresses, pseudonym, date of birth1.Your surnames, first names, date of birth, email address and telephone number are kept for a period of 5 years from the deletion of your account. Your username and login token are kept for a period of 1 year from the deletion of your account.
1.Your account1.The account is deleted after three years of inactivity
1.Identity document and face photograph (optional)1.This data is kept in an active database for 1 year from the deletion of your active database account. They are kept for an additional 5 years in intermediate archiving. The photograph of the face and data created to estimate the User’s age are deleted immediately after receiving the result of the estimate.
1.Connection data: connection logs1.This data is deleted 12 months after its collection.
1.Moderate Content on the Platform1.Media whose lawfulness is contested1.Illegal Media are kept for 6 months from the date they were made inaccessible.
1.Name, first name and pseudonym of the person who made the report Message containing prohibited elements (contact details, proposal for meetings).1.For our Users: for a period of between 6 years from the report or if applicable, the deletion of the account (3 years from the last activity on the account) it is understood that the report is kept for 6 years. For third parties reporting Content: 6 years from the report.
1.Ensure the cybersecurity of our IT services1.All your data hosted on the Platform, to ensure that access to such data is secure.1.Until the deletion of your account (3 years from the last activity on the account)
1.Delete and archive data1.Data whose archiving or deletion is required.1.The data is immediately deleted.
1.Improve the Platform continuously1.Identification data: Name, first name, pseudonym.1.2 years from collection
1.Recording and reporting of the video interviews we conduct with you.1.1 year from collection for videos and 2 years for textual recordings.
1.Manage cookies1.Logs and connection data of Users and identification data of computer equipment; The data collected via cookies and other tracers present on our Platform; for more details, consult our cookie management charter.1.Cookies and other tracers are deleted from your terminals 13 months after their deposit. The data collected through cookies and tracers are kept for 25 months.
1.Management of payment services for Subscribers1.Bank data Credit card number PayPal email address Data necessary for the establishment of invoices1.The data is kept for a period of 13 months from payment for evidentiary purposes by our payment service providers. Your NAP and visual cryptograms are not kept.
1.Payment of winnings to Creators and Ambassadors1.Bank data IBAN1.18 months from the deletion of your account.
1.PayPal email address Data necessary for the establishment of invoices1.10 years from the end of the accounting year.
1.Establish our internal accounting1.Order descriptions (amount, nature of the purchase…) Your tax identification data.1.10 years from the end of the accounting year.
1.Highlight our Platform1.Identification data: Email address, telephone number. Media.1.In the case of emailing-sms campaigns: During the lifetime of your account. In the case of advertising campaigns: For the time necessary for their realization (usually 1 month to 6 months from publication).
1.Respond to the opinions you leave us on various sites1.Identification data: Name, first name, pseudonym, content of our exchanges.1.Your data is not kept by the Platform.
1.Manage possible legal disputes1.Identification data: Name, first name, pseudonym, content of our exchanges. Any information relevant to the dispute.1.This data is kept until all remedies are exhausted.
1.Manage your requests for the exercise of rights1.Identification data: Email address, last name, first name, content of the request.1.This data is kept for 6 years from the resolution of the request.
1.Manage requests and control of authorities1.Any information that the authority requires from us. These can be: Names, first names, pseudonym Media presumed illegal Billing summary Connection logs (device used etc.) Any other useful information for the authority.1.This data is kept for 6 years from its transfer to the competent authority.
1.Fight against leaks of Platform Content on the web1.Identification data: Email address, last name, first name, content of the Creator’s request whose Media has been broadcast.1.This data is kept for 6 years from the processing of the content removal request.
1.Send you emails1.Identification data: Email address, last name, first name, pseudonym of the account. Contextual data: Data relating to your journey on the Platform (e.g. assistance in certifying you).1.This data is kept for 3 years from the last contact.
  1. How do we secure your use of Loly?
    Beyond the moderation of Content, the security of Loly mainly involves two processes: the verification of the age of the Fans on the one hand, and the certification of the Creators on the other, in the context of which we are required to process your data.
  1. Age verification and Fan certification : To have access to adult content, a Fan must undergo a procedure to certify that it is of legal age and can, as a result, access any type of content. To do this, Loly uses different solutions, which are offered to Fans:
    1. The Fan can use an « age estimation » solution by analyzing the features of his face. To do this, he takes a selfie, which is processed by our partner (Yoti or any other solution in accordance with the French legislative standard) and provides us with an estimate of the Fan’s age to ensure that he is of legal age. The selfie and data from the analysis are immediately deleted after we have received the result of the analysis. 
    2. The Fan can also use an age « verification » solution, which will validate the fact that the Fan is of legal age, by questioning a third-party certifier such as a telephone operator or a French administration (while respecting the Fan’s anonymity).
  2. If a doubt remains about the age of the Fan, it is automatically blocked.
    He can then go through a « manual » verification process by providing a selfie and an identity document, which are then verified by one of our operators. This process allows the certification of the Fan account. And in this case, the identification data is kept for 6 years from the end of the contractual relationship (for example, the blocking or deletion of the account).
  3. Creator certification
    Upon registration, the Creator is asked to certify his account. This involves a verification of his identity involving first that the Creator downloads to the Platform a number of Media on his Account, which will be used to establish the identity and capacity of the Creator. Then, the Creator must undergo an identity verification by providing an identity document, which is then analyzed via integrated software. Finally, the Creator is invited to present his face for a real-time analysis, which, without facial identification, makes it possible to compare the features of the face with those appearing on the identity document. This data is processed and stored by the third party, Loly can only access it via a link provided to it. The data is kept for eight (8) years.
    If the Creator sees his parts refused by the third party, he can undergo a manual verification directly managed by our customer relations department. The data provided in this process is then very exceptionally processed and hosted by Loly.
  1. How can you manage the frequency with which you receive emails?
    When a Subscriber interacts with a Creator, the latter can send him private media proposals. The Creator sends the proposals on his own initiative to a pool of Users that corresponds to his Subscribers, his former Subscribers, and interested Users (those who have liked or registered a media, made an attempt to subscribe or favorited the Creator).
    When a Creator sends a request to his Subscribers, they receive a notification in the Platform’s email as well as an email on the box they entered at registration. To no longer receive or refine the emails you receive, you can click on the unsubscribe link at the bottom of any email sent via the Loly Platform. 
1.For your understanding: Loly has no control over the content or periodicity of the proposals sent by the Creators, the latter are responsible for processing with regard to the use of their Subscribers’ data obtained during their exchanges. This data, without being exhaustive, corresponds to the content of the exchanges on the messaging system, the User’s nickname or his purchase history. In accordance with the GDPR, the Creator must respect the confidentiality of this information, ensure that he has put in place appropriate security measures and refrain, with some exceptions, from transferring this data to third parties. The Loly platform strongly recommends that Creators who question their obligations under the GDPR contact specialized advice.
  1. What data do we automatically recover?
    When you browse the https://Loly.fans/ Platform, we automatically record information about your browsing. Connection data can thus be automatically recorded in our server logs such as your IP address, your unique identifier, your operating system and its location, the type of browser you use, the pages you have visited. We also invite you to consult our cookies charter, which will provide you with details of the cookies and other tracers used by Loly.
  2. Who are the recipients of your data?
    Only the authorized persons mentioned below will be able to access your data when necessary:
  1. Other Users of the Platform;
  2. Loly’s authorized staff;
  3. Service providers responsible for the management, hosting of the Platform and Loly’s computer system;
  4. Service providers responsible for customer relationship management and content moderation;
  5. Service providers responsible for payment management;
  6. E-mailing providers;
  7. If applicable, the authorized staff of our subcontractors;
  8. Where applicable, the courts concerned, mediators, accountants, auditors, lawyers, bailiffs, debt collection companies, police or gendarmerie authorities in the event of a judicial requisition;
  9. Third parties who may place cookies on your terminals when you consent to them
  1. Who can you contact to exercise your rights?
    In accordance with the Data Protection Act and the GDPR, you have the following rights:
  1. Right of access (Article 15 GDPR), rectification (Article 16 GDPR) and update;
  2. Right to erasure of your personal data (Article 17 GDPR), when it is inaccurate, incomplete, ambiguous, outdated, or whose collection, use, communication or storage is prohibited;
  3. Right to withdraw your consent at any time (Article 13-2c GDPR);
  4. Right to limit the processing of your data (Article 18 GDPR);
  5. Right to object to the processing of your data (Article 21 GDPR);
  6. Right to the portability of the data you have provided to us, when your data is subject to automated processing based on your consent or a contract (Article 20 GDPR);
  7. Right to lodge a complaint with the CNIL (Article 77 GDPR);
  8. Right to define the fate of your data after your death and to choose whether we communicate (or not) your data to a third party you have previously designated. In the event of death and in the absence of instructions from you, we undertake to destroy your data, unless their retention is necessary for evidentiary purposes or to meet a legal obligation.
  9. How do we secure your data?
    We undertake, including through our possible subcontractors, to implement all technical and organizational measures to ensure the security of the processing of personal data and the confidentiality of your data, thanks to the current technical means and in application of the amended Data Protection Act, the European Data Protection Regulation (GDPR) and Law No. 2018-133 of 26 February 2018 « on various provisions for adaptation to European Union law in the field of security ».
    We take the necessary precautions, in view of the nature of your data and the risks presented by the use we may make of it, to preserve the security of the data and, in particular, prevent it from being distorted, damaged, or that unauthorized third parties have access to it (physical protection of the premises, authentication process of our customers with personal and secure access via confidential identifiers and passwords, password encryption, connection logging…).
    In this perspective, we conduct audits of our information system as well as providers with access to your personal data.
  10. How do we transfer your data outside the European Union?
    We mainly process your data within the European Union.
    Given the nature of our activity, we may have to carry out transfers of your data outside the European Union. In this case, these transfers are accompanied by appropriate guarantees in accordance with the regulations.

  11. How will you be informed of a change to the Privacy Policy?
    Our Privacy Policy may be modified in particular according to the various legislative and regulatory developments. You will be able to consult the update directly on the Platform.