The A9 Company (hereafter referred to as "The Company"), an SAS with a capital of 81,382 euros, is registered with the Registry of Trades and Companies of Paris under RCS Paris B 451 911 812. Its headquarters are located at 65 rue de Reuilly, 75012 Paris, France - email address: support@gymglish.com. Its EEC VAT number is FR10451911812. The Company primarily provides online training services. The Company’s website publication manager is Benjamin Levy.
Explanatory comments:
The Company places great importance upon the security of personal data and commits to ensure its protection under European and French standards relating to the processing of this data.
Explanatory comments in the right-hand column of this document have no binding legal value; they serve only to facilitate the overall comprehension of the document, re-written in simpler terms.
The Company reserves the right to amend this document at any time.
If applicable, the revision number and date located at the top of this document will identify the version.
Each update will be published on our Site. Any changes will take effect upon said publication.
By continuing to use the Site, the Services and/or Applications, or by accessing them after an update of our terms, you acknowledge and accept all of the modifications therein.
For translations, the reference document for interpretation shall be the original French, whose latest applicable version is available at the following address: https://www.gymglish.com/documents/privacy-policy-fr-latest.pdf
Subscription refers to placing the Service at a User’s disposal for a fixed price and duration and, where appropriate, a maximum number of Lessons completed by the User.
Activation refers to The start date of the Subscription.
Listings refers to the service offer(s) proposed directly by a Seller to other Users via the Marketplace.
Application or mobile Application refers to a program designed and/or produced by the Company that is downloadable and executable from the operating system of a smartphone or tablet.
Client refers to an adult and able person or company who either accepts the Listing of a Seller on the Marketplace or purchases a Subscription on his own account, or on behalf of one or more User(s).
Lesson refers to the content of the lesson, the content of the corrections and the content of any supplementary corrections tailored to each User.
Course refers to all of the Lessons completed by and tailored to each User.
Marketplace refers to a dedicated space on the Site allowing for Listings by Sellers to be posted and viewed by the Users.
Provision refers to service offered directly to the User by a Seller through a Listing on the Marketplace.
Product refers to 1) the training service with our artificial intelligence Aimigo Coach, 2) one of the Learning Series service offers published by the Company, such as Gymglish, Frantastique, Wunderbla, Hotel Borbollón, Saga Baldoria, Wunderbla or Rich Morning Show, or 3) training programs using Aimigo Studio technology operated by the Company but whose content is published by third parties.
Service refers to the supply of our Products (Aimigo Coach, Learning Series and Aimigo Studio) as well as technical support to customers.
Site refers to the set of web pages managed by the Company, including aimigo.coach, gymglish.com, gymglish.fr, frantastique.com, frantastique.fr, richmorning.com.
Trial refers to the testing of the Service, proposed free of charge to the User for a limited period of time.
”User” or ”You” or ”They” refers either to someone who has created an account on the Marketplace, or a person who uses the Service. Each User may subscribe to one or more Course.
Seller refers to an adult and able person or company who uses the Marketplace and posts Listings viewable by Users.
Supervisor refers to, if applicable, the individual(s) responsible for monitoring Users for whose account the Client has subscribed to the Service.
Supervisor Space refers to a space on the Site for Supervisors where they can invite Users, purchase Subscriptions, and supervise the training of Users.
The Company commits to keep its legal obligations in terms of respecting personal data in France, the country in which it has its headquarters, namely:
The French Information and Liberties Law No. 78-17 of January 6, 1978 as amended by the Law of August 6, 2004;
European Directive 95/46 of October 24, 1995, regarding the protection of personal data and privacy, transposed into French law by the Law of August 6, 2004;
The French Law for Confidence in the Digital Economy ("LCEN") No. 2004-575 of June 21, 2004 (Article L. 33-4.2 of the Post and Telecommunications Code and Article L. 121-20-5 of the Consumption Code) integrating into French law Directive 2000/31/CE of June 8, 2000 on Electronic Commerce and Directive 2002/58/CE of July 12, 2002 on the Protection of Personal Data and Privacy in Electronic Communications, amended by Directive 2009/136/CE of November 9, 2009.
The European GDPR (General Data Protection Regulation) rules
The processing of personal data implemented by the Company is subject to a declaration to the CNIL (declaration No. 1276610/0-A9) and the hosting of this data is in Europe.
We receive, retain and process information that the User or Client provides whenever they access our Services or use them, for instance, whenever:
they fill out a registration form for a Test;
they fill out a purchase form in the online store;
they use the Service;
they create an account on the Marketplace;
they communicate with the Company;
they sign their Lesson or send their photograph to confirm their identity.
they authorize access by the Company to data of a third-party site (e.g. Facebook, Google or Yahoo Mail address list, etc.). In this case, the Company will obtain personal data disclosed by the third-party site, within the limits authorized by the User or Client and permitted by the settings defined on the third-party site.
Whenever the User or Client signs up for a Test, purchases the Service of the Company or creates an account on the Marketplace through a partner site (hereafter referred to as ”the Partner”) or through a commercial link, the Company shall retain the information concerning the contact’s origin.
The Company shall also receive, retain and process:
connection data, i.e. information that is automatically saved by our servers when accessing the Site or Service, such as the IP address, the date and time of accessing the Site or Service, the pages of the Site viewed and the order of these pages, etc.
data sent by software used to access the Site or service, such as the operating system, the browser version, the preferred user language or the geographic region (since the latter is generally accessible through smartphones, especially allowing us to send lessons to the User within the appropriate time zone.)
The Company uses cookies and other similar technologies (hereafter referred to as ”Cookies”).
The Company uses its own Cookies, either in order to allow for the technical functioning of the Service or Site (for example, to remember a visitor’s preferred language on the Site), or to identify the User or Client (for example, after a login to "My Account" or to the store).
However, the Company does not store any Cookie allowing the identification of the User unless the User has explicitely given his consent, except in the online shop where a session cookie is required to store the information entered during successive stages of the purchase, as well as cookies required by FrontApp support chat (fcuid, fcaid, fccid).
Some generic cookies may also be used without the user’s explicit consent, but none of them will allow the identification of the user, for example:
a possible cookie specifying a refusal on the part of the user to use other cookies (example: a9<_/>cookie<_/>control<_/>prefs<_/>= essentials)
a possible language preference cookie to select the language in which to display our content (example: django<_/>language= en)
a possible cookie indicating that the visitor has already seen the ’before you leave’ notice of our site (example: a9-beforeyouleave-popin= true) to avoid repeating the display of said notice.
a possible campaign cookie (generic and containing no information allowing the user to be identified) allowing a user to be linked to a marketing campaign, which makes it possible, in particular, to properly display the logo of our partners in the header of lessons and emails. (example: registeredfrom= PARTNER) This cookie is valid for a maximum of 45 days.
Lastly, cookies from third-party companies (for example, from partners or service providers) may also be installed when browsing the Site or when using the Services. In this case, the Company shall ensure that these third-party companies will strictly respect the Information and Freedoms Law mentioned above and shall commit to implement the appropriate security and protection measures for the confidentiality of the data.
It is possible to configure your browser to refuse the placement of the Company’s Cookies; such a modification therefore may alter the functionality of the Company’s Site and Services. However, refusing the placement of Cookies from third-party companies should have no effect on the functionalities of the Company’s Site or Services.
The Company uses Google Analytics, a website analysis service provided by Google that uses Cookies when accessing our Sites and Services. Google details how it uses the data collected at the following address:
You can disable Google Analytics
Third parties who could install cookies on the User computer when browsing the Site are listed in section 6.5.
The Company may authorize the use of third-party social plugins ("social plugins" refers, for example, to Facebook’s "like" button or Twitter’s "share" button, etc.). If a User or Client is connected to their third-party account, this third party may access information relating to the Company’s Services (for example, Users may share the score of one of their Lessons with their social network). The third-party personal data protection charter will provide more information about its practices in terms of data, especially about the data it collects and how it uses it.
Users or Clients may send their contacts, especially by sending an email or by copying a personalized link on social networks, an invitation to try out the Service. The person accepting the invitation shall then be considered as a member of the "Referred friends". The Company shall apply the same respect for personal data for Referred friends as that belonging to Users.
Opt-ins are agreements by Users or Clients prior to sending commercial communications (for example, to receive promotional emails) from the Company or from a third-party Partner. The Company commits to respecting opt-ins affecting it and allowing the activation or refusal of these communications in the "My Account" section of the Products.
Whenever the User or Client is signed up through a Partner, opt-ins affecting this Partner shall be managed, operated and updated by the Partner.
It is possible to configure notifications sent by the mobile Application in the settings section of the Application and/or in the device settings.
During or at the end of the Subscription, each User may receive a satisfaction survey.
The Company mainly uses personal data in order to be able to promote and offer its Services. The Company commits not to sell Users’ personal data. The Company also commits to never disclose personal data collected, namely email addresses and photographs if provided, except:
whenever personal data is required to operate the Service (for example, with the Company’s payment service providers when making a purchase, or when chatting with our artificial intelligence service);
whenever the User is not the Client, the Company may share with the Client certain personal data (for example, the participation rate and level) of the User(s) for the account on which they have subscribed to a Service; the Client may then share this information with third parties (for example, with the PRO Gymglish & Teacher offer, where teachers have access to educational data about the User); the Client may also refuse access to this data, if desired;
in certain cases provide by law, personal data may be sent to legally authorized third parties to access it upon specific request; especially, if such a measure is necessary by law to protect and/or defend the Company’s rights, to enforce this charter, and/or to protect the rights and/or interests of Users, Clients or those of the public;
whenever the User or Client signs up for a Test or purchases the Company’s Service through a partner site, the Company may share personal information (last name, first name, email address, opt-in, etc.) with this Partner, which shall only use this data under the opt-ins selected.
The Company shall ensure that these Partners strictly follow the Information and Freedoms Law mentioned above and shall commit to implement the appropriate measures of security and protection of confidentiality of the data sent to them.
When the User uses the Company’s artificial intelligence chat service chat service, the User may share their personal data.
The Company has its own artificial intelligence technology hosted on its own servers located in Europe, but may also use the services of subcontractors subcontractors (data processors as per GDPR regulations) for certain processing operations. When subcontractors are used, data exchanges will be securely encrypted.
The Company may therefore include among its subcontractors:
the company Open AI Ireland Limited (1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland). OpenAI’s privacy policy https://openai.com/policies/eu-privacy-policy concerning mainly live OpenAI technology users (such as ChatGPT), the Company has signed a complementary "Data Processing Addendum" with OpenAI OpCo LLC, available at https://www.gymglish.com/documents/2023-05-25-record-data-processing-agreement-between-gymglish-and-openai.pdf so that OpenAI’s commitments as a data processor in compliance with GDPR rules and regulations are fully explicit and compliant with the General Data Protection Regulation https://openai.com/policies/business-terms.
Microsoft Azure OpenAI Service https://learn.microsoft.com/legal/cognitive-services/openai/data-privacy
The Company reminds Users that it does not sell, rent or give away Users’ personal data nor for any other non-educational purpose. The Company may, however, use data collected during the use of the chat service powered by artificial intelligence to enhance the educational features of the Service. Access to conversation data will be restricted to those involved in the Service enhancement projects.
In general (and not only with the Company’s Services), the Company invites the Company’s Services) to be attentive to data shared with artificial intelligence.
When the User is not the Client, the Company can share with Clients and possible Supervisors the educational data related to the Service. When the Client is a higher education establishment or entity whose head office is in France or Canada, the sharing of educational data is authorized by default.
In other cases, the Supervisor must obtain authorization from the User in advance in order to access the educational data.
When Partners are also involved in training Users as part of the Service (typically a language school as part of "blended learning" hybrid training), the Company may share the educational data related to the Service with these Partners.
The Company informs its Users and Clients that processes listed below require personal data sharing. They are outsourced, only for the reasons indicated, to providers who are themselves GDPR compliant.
Data exchanges between the Company and its suppliers are cryptographically secured by https or TLS.
Adyen, Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands: credit card payment service provider. https://www.adyen.com/policies-and-disclaimer/privacy-policy
Alipay (Europe) Limited S.A., 11-13 Boulevard de la Foire, L-1528 Luxembourg, Luxembourg: online payment provider. https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html
Amazon AWS Europe: cloud storage provider and database host of the Company. https://aws.amazon.com/en/privacy/
Appannie, 52-56bis rue de la Victoire 75009 Paris, France: application usage tracking provider. https://www.appannie.com/en/legal/privacy/
Apple: Apple Pay payment service provider. https://www.apple.com/legal/privacy/
Atsukè, 2 rue des Quatre-fils 75003 Paris, France: uses phone numbers to send promotional SMS. https://ams.atsuke.com/home/mentions-legales
Branch, 195 Page Mill Rd Suite 101, Palo Alto, CA 94306, United States : analyze the data from our mobile apps : https://legal.branch.io/#branchio-ts-cs
CIC SA, 6 avenue de Provence 75009 Paris, France: SEPA direct debit payment service provider. https://www.monetico-paiement.fr/fr/informations-legales.html
Dropcontact, STATION F, 5, Parvis Alan Turing, 75013 Paris-France: business intelligence and prospecting provider. https://en.dropcontact.io/protectiondesdonnees
Exalog SAS, 97 rue de Bellevue, 92100 Boulogne Billancourt, France: SEPA direct debit payment service provider. http://www.exalog.com/en/gdpr-faq
Facebook: login provider (facebook login), social media, facebook pixel and custom audiences. https://www.facebook.com/about/privacy
Facebook Ads/Instagram Ads, Willow Road 1601-Menlo Park, CA 94025 United States. Collects traffic and conversion data to display the most relevant ads on Facebook and Instagram https://m.facebook.com/privacy/explanation/
Front App, Inc. 550 15th St. - San Francisco - CA 94103 - United States: technical provider for our customer support. https://frontapp.com/privacy-policy
Google: login provider (google login), google ads, google marketing platform (doubleclick.net), speech synthesizer, speech recognition and Google Pay payment service provider. https://policies.google.com/privacy
Google Optimize: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Web analysis and testing tool. https://policies.google.com/privacy?hl=en
InnoCraft Ltd (NZBN 6106769), 150 Willis St, 6011 Wellington, New Zealand: collects analysis of data about visits to the Sites in order to identify and monitor misuse among other things. https://www.innocraft.com/privacy
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: provides data collection and analysis about visits to the sites (LinkedIn Insight Tag). https://www.linkedin.com/legal/privacy-policy
Mangopay SA, 10 boulevard Royal, L-2449 Luxembourg: payment service provider for marketplaces. https://www.mangopay.com/privacy
Mediahuis, Katwilgweg 2 2050 Antwerpen, Belgium: media group doing data insight analysis on visitors of the different Mediahuis entities and domains. https://www.mediahuis.be/en/privacy-policy/
Micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin, Germany: SEPA direct debit payment service provider. https://www.micropayment.de/about/privacy/?lang=en
Microsoft Ads, One Microsoft Way, Redmond, WA 98052-6399, United States. Collects traffic and conversion data to display the most relevant ads on the bing search engine https://about.ads.microsoft.com/en-us/resources/policies/microsoft-advertising-privacy-policy
Microsoft Azure OpenAI Service https://learn.microsoft.com/legal/cognitive-services/openai/data-privacy
Microsoft Clarity, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland: collects data on clicks made and records sessions https://privacy.microsoft.com/en-US/privacystatement
Mixmax, 512 2nd St, San Francisco, CA 94107, United States: direct mailing provider. https://mixmax.com/legal/privacy-policy
Online SAS, 8 rue de la ville l’Evêque - 75008 PARIS, France: backup database host of the Company. https://www.scaleway.com/en/privacy-policy/
Open AI Ireland Limited (1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland) : artificial intelligence provider for the Company.
https://openai.com/policies/business-terms, /url
https://openai.com/policies/eu-privacy-policy and above all
OVH SAS, 2 rue Kellermann - 59100 Roubaix, France: backup database host of the Company. https://us.ovhcloud.com/legal/privacy-policy
PayPal Europe, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg: Paypal payment service provider. https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Phantombuster, 22, rue Pierre et Marie Curie - 94200 Ivry-sur-Seine, France: business intelligence and prospecting provider. https://hub.phantombuster.com/page/terms-of-service
Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estonia: customer relationship management provider. https://www.pipedrive.com/en/privacy
Rackspace Ltd, 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ, Great Britain: servers host of the Company. https://www.rackspace.com/information/legal/privacystatement
RevenueCat Inc., 1032 E Brandon Blvd
Ringover Group SAS, 50 bis rue Maurice Arnoux, 92120 Montrouge, France: corporate phone services. https://www.ringover.com/privacy
Squadata, 5 Imp. Morel, 69003 Lyon. Uses email addresses for email retargeting https://www.squadata.net/private-policy/
Smartlook, Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic: collects data on number of clicks and records sessions on mobile apps. https://help.smartlook.com/docs/privacy-policy
Swello, 14 Rue Hoche, 83000 Toulon, France: collects data from our various social network pages (Facebook, Twitter, LinkedIn and Instagram) for analysis and statistical purposes (community, profiles of our subscribers, etc.) https://swello.com/en/privacy
TikTok Ads, 10100 Venice Blvd, Culver City, CA 90232, United States: Collects traffic and conversion data to display the most relevant ads on the TikTok and Pangle networks. https://ads.tiktok.com/i18n/official/policy/privacy
Vimeo, Inc., 555 West 18th Street, New York, New York 10011 United States : online video streaming. https://vimeo.com/privacy
Yesware, Inc., 75 Kneeland Street, 15th Floor, Boston, MA 02111, United States: business intelligence provider. https://www.yesware.com/privacy
Zappier, Inc. 548 Market St nr 62411, San Francisco, CA 94104-5401, United States: services automation provider. https://zapier.com/privacy
Personal data is stored and retained for the duration necessary to complete the purposes for which they are collected, under applicable law. Thus, financial and educational data is retained indefinitely. This will allow the Service to be resumed after a possible interruption, even a long one. The Company also commits that:
All Cookies placed by the Company onto browsers are created for a timespan requested of less than thirteen months;
Login data serving mainly to identify any potential operating problems (e.g. history files of logging into the Company’s web servers) are deleted at the latest one year after being collected.
The law gives all Users, Clients and all Referred friends the right to access, correct, delete and revoke consent to processing of their personal data. Modifying personal data (last name, first name, country, email address) belonging to the User or Clients may be performed in the "My Account" section.
The Company does not have any dedicated DPO (Data Protection Officer) because it does not handle sensitive data.
The data related to the Services of the Company are by nature not very portable. However, a synthetic view of the pedagogical data is available in the "My Account" section and can be downloaded as a set of web pages.
It is possible at any time to request full deletion of your personal data by asking support@gymglish.com or by writing to the following address: A9 SAS - Service des données personnelles, 65 rue de Reuilly -75012 Paris.
The Company is particularly careful about payment data security.
Payments are managed and secured by certified PCI DSS suppliers using SSL technology (Secure Socket Layer) for encrypting payment information during transactions over the network. This ensures the safety and confidentiality of payment information.
The Company never keeps the credit card information of its Clients.
The host of the Company is Rackspace GmbH, Luise-Ullrich-Str. 20 80636 Munich, Germany. The company Rackspace is certified ISO/ IEC 27001, ISO 14001, ISO 9001, SOC 1 (SSAE 18), SOC 2, SOC 3, PCI DSS Level 1 FedRAMP JAB P-ATO, NIST 800-53, FISMA, NIST 800-171 (DFARS), CJIS, ITAR, FIPS 140-2, HITRUST HIPAA, HITECH, Swiss-US Safe Harbor, CDSA, SAS 70 Type II, Privacy Shield and Safe Harbor: see https://www.rackspace.com/compliance. Rackspace can be reached by phone on +44 20 3131 6381.