Welcome to the Arva app!
These GTU are intended for users of the Arva mobile application, holders of Arva brand avalanche victim detectors (DVA) (hereinafter referred to as "Users"). Users may be individuals or professionals depending on the case.
SERVICES OFFERED ON THE ARVA MOBILE APPLICATION
The Arva mobile app offers a range of services for mountain rescue. These services are free and may evolve over time. The publisher reserves the right to modify, delete, or add services and/or modify their conditions or application modalities.
The main current services are as follows:
1) Avalanche victim detector (DVA) warranty extension
The warranty extension has a duration of 3 years, starting from the end of the legal warranties of 2 years for hidden defects and conformity. This warranty extension applies only to the detector(s) entered by the User in the mobile application no later than 3 months from the date of purchase. The scope and conditions of application of the warranty extension are specified in the general terms of sale available on the website https://www.arva-equipment.com/en/content/18-cgv
2) Detector functionality check
The Arva app allows the User to test the proper functioning of their avalanche victim detector before using it in real conditions. The diagnostic function is only possible on detectors with Bluetooth connectivity.
3) Preparation and training for avalanche victim search
Users have the opportunity to train for avalanche victim search through quizzes and tutorials. They also have a checklist of points to check and equipment to bring before going into the mountains.
4) Promotions and discount coupons
Users can also, if they have given their express and prior consent, be informed in the Arva app of promotions and discount coupons from NIC IMPEX on equipment offered for sale on the website www.arva-equipment.com Bluetooth connection
5) DVA settings
The function allows, after Bluetooth pairing, to view and modify the active settings one by one. Each function is detailed with explanations of its operation and the proposed settings.
ACCESS TERMS TO THE APPLICATION
The Arva mobile app is accessible from a mobile phone (iOS and Android). Each User has a personalized account on the application. Before your first connection to the application, the User is invited to:
1° enter an identifier (an email address) and a strong and definitive password (which the User must change regularly for security reasons)
The User undertakes to inform the publisher by any means and as soon as possible in case of:
- theft or loss of an identifier or password following a hack;
- loss or theft of the phone that could allow unauthorized access to the application by a third party.
The User also has the option to request the deletion of their account. An email will then be sent to them by the publisher for confirmation of this deletion.
In the event of deletion of the personal space, the User no longer has access to the application. However, the data may be retained by the publisher and its subcontractors, in accordance with its own personal data use policy.
Closing the account in the application terminates the warranty extension on the entered detector(s).
Any User account may be suspended/closed without notice in the event of serious or repeated non-compliance by a User with these GTU.
GENERAL OBLIGATIONS OF THE USER
The User undertakes to use the Arva application under the following conditions:
- not to use it to obstruct or alter its operation, especially by intentionally or unintentionally cluttering it with the untimely transfer of content, except in cases of intended use;
- not to extract, copy, duplicate, elements, and graphics from the application, on which only the publisher has intellectual property rights;
- not to introduce malicious files/programs or files containing computer viruses;
- not to store or transmit unauthorized content that would be illegal or could constitute incitement to the commission of crimes and offenses, defamation and insults, invasion of privacy, or acts endangering minors;
- not to store or transmit content that would violate the right to image, any intellectual property right, or any other right belonging to others.
PROVIDED TECHNICAL SERVICES
The User undertakes to use the Arva application under the following conditions:
The publisher provides the following services:
- Hosting of the application and the data it contains: Hosting is done on Google's Firebase public cloud.
- Availability of the application: The publisher makes all commercially reasonable efforts to ensure the availability of the application, except during maintenance periods.
- The publisher may interrupt access and/or use of the application, occasionally, for maintenance and/or improvement work.
- Security of the application. The publisher takes all necessary measures to perform the services related to the application in security conditions in compliance with French regulations in force.
The publisher holds intellectual property rights over the works composing the Arva mobile application, allowing the User the right to access and use the mobile application in accordance with these terms.
The User acknowledges that these terms do not confer any ownership rights on the mobile application. The provision of the application under the conditions provided for in these terms cannot be construed as the assignment of any intellectual property rights, within the meaning of the French Intellectual Property Code.
Thus, the right of access and use granted to the User under these terms is exclusive of any transfer of intellectual property rights. This concerns in particular the rights referred to in articles L 122-1, L 122-6, L 122-7 of the Intellectual Property Code.
The publisher grants the User, for an indefinite period and worldwide, a right of access and use of the mobile application, this right being non-exclusive, non-transferable, and non-transferable.
The User strictly prohibits any use other than the purpose of these terms, in particular any reproduction, adaptation, modification, representation, translation, arrangement, distribution, decompilation, without this list being exhaustive.
The User undertakes not to infringe in any way the publisher's rights over the works and not to perform acts that may result in the infringement of all or part of any element or component of the mobile application.
The User is advised that the use of the works not in compliance with these terms exposes them to legal action (unfair competition, infringement, etc.).
The User is informed that the publisher may use pre-existing software for which it has obtained necessary rights for their use.
In particular, the User is informed that the Arva application may be composed of or contain so-called "free" or "open source" works.
The licenses related to these modules or libraries (which are made available to the User in case of a written request) may contain pure and simple exclusions of all warranties. In this case, the User accepts that the publisher cannot provide them with more warranty than they themselves hold from the licenses of these "free" or "open source" modules or libraries. The publisher therefore excludes any warranty related to "free" or "open source" modules or libraries whose licenses contain a warranty exclusion. By way of derogation from Article 1626 of the Civil Code, no warranty of eviction is granted by the publisher.
By choosing to use the services of the application, the User is solely responsible for the choices they make.
The User accepts that the publisher's liability cannot be engaged due to the unsuitability of the services to their needs.
The publisher is also not responsible for harmful consequences related to the communication network, access failures.
The publisher's liability can only be incurred for direct damages attributable to it in the performance or non-performance, even partial, of its obligations under these terms, specifying that indirect damages are excluded.
Thus, the liability of the publisher cannot be sought for any indirect damage, such as the loss of a chance, the loss of data, bodily harm, or any other special damage or events beyond its control or any act not attributable to it.
By express agreement between the parties, the liability of the publisher is limited, all direct damages combined, to the sum of 500 €.
The publisher may subcontract all or part of the services of the mobile application, notably to Google.
In any case, the publisher will remain responsible for the subcontractors it uses.
The publisher is also authorized to transfer the application and these GTU, without, however, being jointly responsible for the proper performance of these by the assignee.
The Parties intend to establish the rules regarding admissible evidence between them in the event of a dispute and their probative force. The following provisions constitute the proof agreement entered into between the Parties, which undertake to respect this article. The Parties agree that in the event of a dispute, the following elements and methods are admissible in court and will prove the data and facts they contain as well as the signatures and authentication methods they express:
- User's personal data
- Information and stored data
- Checkboxes to collect consent
- Automatic notifications
MODIFICATION OF GTU
The publisher reserves the right to adapt or modify the terms of these general conditions at any time, which will be accessible from the application.
When necessary, you will be prompted to accept future modifications to the GTU.
PROTECTION OF PERSONAL DATA
In the context of these terms, the publisher may process the User's personal data when accessing and using the mobile application.
The publisher undertakes to comply with Law No. 78-17 of January 6, 1978 (known as the "Data Protection and Freedom Law" or "LIL") and General Data Protection Regulation ("GDPR") No. 2016/679.
APPLICABLE LAW – COMPETENT JURISDICTIONS
These GTU are governed by French law.
In the event of a dispute not amicably settled, express jurisdiction is granted to the court of the defendant's place of residence, in accordance with Article 42 of the French Civil Procedure Code, or, at the defendant's option, the place of performance of the services, in accordance with Article 46 of the French Civil Procedure Code.
Personal Data – Platform Management
The services related to the ARVA mobile application involve the processing of personal data.
This policy informs you about the characteristics of these processes and your rights regarding your personal data.
The data controller is the company NIC IMPEX:
SAS with a share capital of 250,000 euros, whose registered office is 8 rue des Bouvières 74940 Annecy, registered with the RCS of Annecy under number 327957684, and whose legal representative is the company Financière du Lion, itself represented by Mr. Patrick Giraudon.
Who does this policy apply to?
This policy applies to users of the ARVA mobile application.
Purposes (what are the collected data used for)
The processing aims to provide the services offered by the data controller within the mobile application (warranty extension, diagnostics, training, etc.).
The processing also aims to provide technical services supporting the mobile application, especially those subcontracted to Google Firebase.
For the provision of services offered by the data controller within the mobile application, the processing serves various purposes, such as:
- User authentication
- Creation, management, and deletion of user accounts
- Establishment and monitoring of warranty extensions
- Sending diagnostic reports by email upon user request
- Management of the sending of commercial promotions and discount coupons
- Monitoring statistics on search and rescue training tests
- Sending automatic notifications
The processing also aims to provide technical services supporting the mobile application, especially those subcontracted to Google Firebase. This processing serves various purposes, including maintenance, hosting, and security.
The User is informed that these technical services are subcontracted by the data controller to the company Inventhys (for application maintenance) and to Google Firebase.
If the User wants to learn more about the processing of Firebase service data, they can refer to this link
Nature of the processing
The following processing operations are possible: collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, transmission or dissemination by transmission or any other form of provision, matching, transfer, deletion.
Legal basis for processing: what gives us the right to process data
For the provision of services offered by the data controller within the mobile application, the legal bases are as follows:
- The conclusion of contract(s) between the data controller and the user, namely the General Terms and Conditions (GTC) and, on the other hand, the avalanche detector purchase contract.
- Legitimate interest, for example, for the establishment of statistics on training.
- Consent for sending commercial promotions and discount coupons
Regarding the provision of technical services supporting the mobile application, the User is informed that the data controller has established contracts with subcontractors providing services, including Google Firebase.
For these technical services, the legal bases are as follows:
- The conclusion of contract(s) between the data controller and the User, namely, on the one hand, the General Terms and Conditions (GTC) and, on the other hand, the avalanche detector purchase contract.
- Legitimate interest, for example, for the maintenance and security of the application.
The User is also informed that for certain subcontracted services, personal data may be stored and/or data transfers may occur outside the European Union, wherever Google or its agents have facilities, notably in the United States.
For these transfers outside the EU, the legal bases may be, depending on the cases, the following: adequacy decision and/or appropriate safeguards and/or compliance with Article 49 of the GDPR (consent and/or transfer necessary for the performance of a contract).
To learn more about transfers, the User is invited to refer to the "Transfer of data outside the EU" section of this policy.
Processed personal data
The data controller and its subcontractors process the following categories of data:
- Identification data: name, first name, address, phone, email
- Data related to the purchased and entered product(s) by the User in the application (name and purchase date of the avalanche transceiver, serial number)
- Data related to training conducted in the field using the application (number, date, training time)
- Connection data (IP address, logs, identifiers, password)
Data retention period
The data undergoing processing is kept for a duration not exceeding that necessary for the purposes for which it is recorded (principle of minimization of processing).
For the provision of services offered by the data controller within the mobile application, the retention periods are as follows:
- User Accounts: data is kept as long as the account is active. The data is then kept for a period of 5 years from the last activity. In the event of a User's account deletion request, their data is kept for 6 months.
- Diagnostic reports are not retained
- For sending commercial promotions and discount coupons: data is kept for 3 years. At the end of this period, new User consent is required.
- For the establishment of statistics on search and rescue training tests: data is kept for 5 years.
- Connection data (IP address, logs, identifiers, password) are kept for variable durations
For example, for authentication, Firebase Authentication retains registered IP addresses for a few weeks. It retains other authentication information until the data controller initiates the deletion of the associated user, after which the data is deleted from live and backup systems within 180 days.
To learn more about the retention of connection data, the User can refer to the conditions mentioned by Google Firebase on this link
Mandatory or optional nature of data collection
The collected data is mandatory to achieve the processing purposes.
The data is transmitted directly by the person concerned.
Recipients of the data
Persons in charge of technical services are recipients of all or part of the data: Inventhys and Google Firebase (hosting, maintenance, security).
What security measures are in place?
The data controller implements appropriate technical and organizational measures to ensure a level of security adapted to the risk.
The data controller takes measures to ensure that any natural person acting under the authority of the data controller or the subcontractor, who has access to personal data, does not process it except on the instructions of the data controller, unless required to do so.
Firebase services encrypt data in transit using HTTPS and logically isolate customer data.
Moreover, several Firebase services also encrypt their data at rest.
To protect personal data, Firebase uses extensive security measures to minimize access:
• Firebase limits access to certain employees whose business objective is to access personal data.
• Firebase records employees' access to systems containing personal data.
• Firebase allows access to personal data only to employees who sign in with Google Sign-In and two-factor authentication
For more information on the security of Google's Firebase services, the User can consult this page
Transfer of data outside the EU
The data controller carries out transfers of personal data outside the European Union through its subcontractor Google.
Personal data may be stored and/or data transfers may occur outside the European Union, wherever Google or its agents have facilities, notably in the United States.
To learn more about data storage locations, the User can consult this page
Most Firebase services operate on Google's global infrastructure. They may process data at any location on Google Cloud Platform or in any Google data center. For certain services, it is possible to select a specific data location that limits processing to that location.
Given the U.S. national security legislation, data transfers to the United States at the request of the U.S. government cannot be ruled out. The Court of Justice of the European Union ruled in a decision of 07/16/20 that U.S. legislation is not as protective of personal data and recourse rights as European regulations.
The data controller undertakes to ensure that these transfers are carried out:
- either to countries with a level of protection deemed adequate by European data protection authorities
In the absence of an adequacy decision:
- with appropriate safeguards under Article 46 of the GDPR, Google Firebase has decided to rely on standard contractual clauses for relevant data transfers
- in accordance with Article 49 of the GDPR.
a) The User has given explicit consent to the intended transfer of their personal data, after being informed of the risks that this transfer may pose to them due to the absence of an adequacy decision and appropriate safeguards;
b) the transfer is necessary for the performance of the contract between the data subject and the data controller.
In the case of Arva, the contract is materialized by the avalanche detector purchase contract concluded with the User as well as the GTC accepted obligatorily before accessing the Arva application.
Without Firebase services involving these data transfers, the mobile application cannot be used by the User.
Automated decision making
The processing does not provide for fully automated decision-making.
Fate of Personal Data After Death - Right of Access, Rectification, Deletion, and Data Portability
The individual subject to processing can establish directives regarding the storage, erasure, and communication of their personal data after their death. These directives can be general or specific.
The individual subject to processing also has the right of access, objection, rectification, deletion, and, under certain conditions, data portability of their personal data. The individual has the right to withdraw their consent at any time if consent is the legal basis for processing.
The request must indicate the name and first name, email or postal address, of the individual subject, and must be signed and accompanied by a valid identity document.
These rights can be exercised by contacting:
Mr. Pierre Hudry
Phone: 04 50 57 13 51
The individual subject to processing has the right to file a complaint with the supervisory authority (CNIL).