By clicking "Accept all cookies", you agree that cookies will be stored on your device to enhance site navigation, analyze site usage, and contribute to our marketing efforts.
Please refer to our cookie management policy for more information.


By using this website, you consent to the collection and use of your Personal Data as described in this Privacy Policy (the "Policy"). 

The purpose of the Policy is to provide you with comprehensive information about the conditions under which Smart-Chain collects and processes your Personal Data. 

SMARTCHAIN has made strong commitments to protect its software solution's User data in accordance with current French and European regulations regarding mandatory disclosure of information.

The Policy is an integral part of the Legal Notice, and each term defined in the Legal Notice bears the same meaning in the Policy.

By accessing and using the website (hereinafter the "Site") and the Products you agree to be bound by this Policy, which may be amended or updated at any time without notice. Any modification will be posted on the Site, with its date of update. We advise you to consult the Policy regularly.
1 - Definition 
1.1 - What is Personal Data ?
Any term defined in Article 4 of Regulation EU (2016/679) of the European Parliament and of the Council of 27 April 2016 (hereinafter the "GDPR") and mentioned in this Policy is understood to have the same meaning.
Thus, Personal Data (hereinafter  "Personal Data") means any information relating directly or indirectly to an identified or identifiable natural person. Processing means any operation, whether or not carried out by automated means and applied to Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other scope of availability, reconciliation or interconnection, limitation, erasure or destruction.
1.2 - Who are the users?
The term User refers to all natural persons who may be concerned by collection of their data conducted by Smart-Chain (hereinafter  "User").  The categories of data collected depend on the nature of the relationship that Users enter into with Smart-Chain.

In the context of usage of our Site and Products, Users are :

- Visitors: if you browse the Site without performing any action, you are a Visitor;

- Prospect: if you contact us to obtain information about our Products or subscribe to our Newsletter, you are a Prospect;

- Customer: If you have subscribed to one of our Products, you are a Customer;

- Applicant: If you have filled in an application form on the Site, you are an Applicant;
1.3 - Who is the Data Controller?
Smart-Chain is a Data Controller within the meaning of Article 4 paragraph 7 of the GDPR for all data processing collected by its Site and Products. Smart-Chain is therefore, pursuant to its role as Data Controller, likely to collect Personal Data, for predefined purposes and legal bases. 
1.4 - What are the Products?
The Products concerned are those marketed by the Site and for which Personal Data will be collected. 

The products are as follows: 

Bloom: This is the functional creation tool designed for the NFT Marketplace, enabling Customers to customize and create NFT collections. It is a web 3.0 fast pass tailored to the Customer's image, offering a range of NFT products to accelerate the transition to web 3.0, while guaranteeing a personalized NFT experience that the Customer owns and controls;

Secure: This is a solution for anchoring document hashes in the blockchain and verifying that a hash has indeed been anchored. In this way, the product offers time-stamping proof to certify the anteriority of a document, with a dedicated space to view anchors and verify traceability;
2 - Data Collected
Smart-Chain certifies that no sensitive or particular data within the meaning of Articles 9 and 10 of the GDPR are collected in connection with its Site and Products. 
The Personal Data collected are as follows:
2.1 - Site access and use
The Site collects data from the following Users: 
When they fill in an information form or send an email to , the following data is collected: 
  • Surname and first name of the individual;
  • Company name and position held; 
  • Postal or email address; 
  • Phone number;
  • Sex, age or signature;
  • Contents of sent messages ;
  • History of sent messages;
When Applicants send their applications by e-mail to, the following information is collected: 
  • Surname and first name;
  • E-mail or postal adress;
  • CV;
  • Content of sent messages;
  • History of sent messages;
2.2 - Subscription and use of Products
When using Bloom and Secure products, Smart-Chain will collect data from Customers who have signed the General Terms of Service applicable to each product.
The following data is collected: 
  • Identification and authentication data: technical logs, computer traces, security and terminal usage information, IP address;
  • Tax data: tax number, tax status, country of residence;
  • Various legal documents: transfer deed, succession deed, resale of securities deed;
  • Banking, financial, and transactional data: banking details, card number, transaction-related data, including transfer information, investor profile, asset value;
  • Product payment data (invoices, purchase orders or quotations): first and last name of the legal representative of the Customer company;
  • Data regarding your habits and preferences;
  • Data regarding the use of products and services subscribed to in connection with banking, financial and transactional data;
  • Data regarding interactions with us in our offices, on our Site, on our application, on our pages, on social networks, during telephone or video interviews and conversations, in emails;
3 - Purpose and Legal Basis of Processing
Smart-Chain warrants, on the one hand, that data is collected on one of the legal bases for processing described within Article 6 of the GDPR and, on the other hand, that Users' Personal Data is used in accordance with purposes determined prior to collection.

Smart-Chain undertakes to solely use this data for the purposes set out below and certifies that there is not and will never be any misappropriation regarding such data processing purposes by Smart-Chain, or any of its subcontractors.
The table below sets out the purposes and legal basis for the collected data's processing:
Tableau récapitulatif des données collectéesCollected Data Purpose of Processing Legal Basis  Prospect  Business prospecting (sending newsletters, commercial offers, white papers, etc.).  BtoC: Consent You can withdraw it at any time by clicking on the unsubscribe link.  BtoB: Legitimate Interest  Candidate Processing of applications (CV and cover letter)  Creation of a candidate database  Evaluation test and candidate screening  Pre-contractual measures (Contract Execution)  Consent You can withdraw it at any time by contacting us  Smart-Chain's legitimate interest in assessing your suitability for the relevant position  Client Allow the delivery of services from the Products.  Execution of services related to Product subscription?  Complaint management  After-sales service  Contract management (subscription, order, payments, and complaints).  Accounting  Customer relationship tracking  Satisfaction surveys  Product quality studies - Product testing  Sales statistics  Contract Execution (General Sales Conditions of the Products)  Legal Obligation  Legitimate interest in improving its Products  Common to all Users  Account creation  Managing requests to exercise various user rights: access, rectification, erasure, portability, opposition, and limitation rights.  Legitimate Interest  Legal Obligation (articles 12 to 23 GDPR)
4 - Data access and data beneficiaries
Smart-Chain undertakes to share Personal Data with subcontractors and service providers offering sufficient warranties for the performance of the tasks entrusted to them. Smart-Chain's subcontractors and service providers are subject to an obligation of confidentiality and may only use data in accordance with contractual provisions and applicable legislation.

Personal Data communicated to Smart-Chain's subcontractors and service providers are communicated on a strict need-to-know basis and in accordance with the principle of minimization of Personal Data necessary to carry out the identified processing.
4.1 - Smart-Chain
The data collected will be used by Smart-Chain in strict compliance with the Policy. Access to the Personal Data collected is strictly limited to the persons in charge of processing the information.
Depending on the purposes defined in article 3, Smart-Chain's Customer, support, administrative, accounting, technical, marketing & sales managers may have access to Personal Data.

Managers of the Bloom and Secure Products have access to Customer Personal Data, including but not limited to the teams responsible for  maintenance and hosting of the Products.
4.2 - Subcontractor
Smart-Chain may be required to transmit Users' Personal Data to Third Parties who provide certain services on behalf of Smart-Chain.

The following Third Parties are processors within the meaning of Article 4 paragraph 8 of the GDPR: "the natural or legal person, public authority, service or other body which processes Personal Data on behalf of the controller".

These processors may be suppliers, service providers, or even partners. Smart-Chain may subcontract the following services:

- Data hosting and maintenance;
- Dispatch of postal or digital mail;
- Customer relationship management;
-Maintenance ;
- Product technical development;
- Analysis; 
- Customer assistance,
- Payment processing ; 
- Security operations;
- Advertising;

In accordance with Article 28 of the GDPR, access to your Personal Data by our subcontractors is provided for and framed by a contract. This contract, which binds us to our subcontractors, lists the various regulatory obligations that they are incumbent to, with regard to the protection of Personal Data.

All service providers must comply with strict confidentiality obligations. Smart-Chain ensures that these requirements are met, so that Personal Data is not processed for purposes other than those set out above.

Smart-Chain maintains an up-to-date database of its subcontractors.
4.3 - Third Parties
Third Parties refer to all external recipients of Personal Data collected by the Site and Products. The following are Third Parties within the meaning of Article 4 paragraph 10 of the GDPR: "a natural or legal person, a public authority, a service or a body other than the data subject, the controller, the sub-processor and the persons who, placed under the direct authority of the controller or the sub-processor, are authorized to process Personal Data".

Users' Personal Data is also transmitted to Third Parties such as Smart-Chain's banks, insurance companies, lawyers, notaries and auditors.

-> Third Parties in business transfers: 
The User's Personal Data may also be transmitted to Third Parties in the event of a transfer of Smart-Chain's activities to a third company (merger, assignment, dissolution, etc.).

In such a case, the Customer will be informed in advance in writing of any such transmission of his/her Personal Data and will have the right to object to such transmission.

-> “Authorized” Third Parties : 
Users' Personal Data may also be accessed by public authorities who, by virtue of legislative and regulatory provisions, have the power to require any organization to transmit documents or information in the context of a specific investigative mission.

The following are authorized third parties under Article 4 paragraph 9 of the GDPR: 
- Tax authorities ; 
- Social security (anti-fraud mission) ;
- Justice; 
- Police, gendarmerie, bailiffs;

When required by law, Smart-Chain may disclose Customer and/or User data if reasonably necessary:
- To comply with any applicable legal process, such as a court order, subpoena or search warrant, governmental or judicial investigation or other legal requirement; 
- To assist in the prevention or detection of illegal activity (subject, in each case, to applicable law); 
- To protect the safety of any person;

5 - Data transfer
We store your Personal Data in the European Union. Should the Data we collect be transferred to subcontractors and/or subsequent subcontractors located in countries outside the European Union (EU), we first ensure that: 
- These recipients are located in a country that has obtained an adequacy decision; 
- These recipients are located in the European Economic Area (EEA);
- Standard contractual clauses (SCC) approved by the European Commission have been signed;
6 - Data protection
6.1 - Security measures
Smart-Chain undertakes to guarantee the confidentiality, integrity and availability(CIA) of the data collected. In general, Smart-Chain implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risks involved.

Smart-Chain employees are subject to an IT charter appended to the company's internal regulations, which ensures an appropriate level of security.

Smart-Chain provides its best efforts, in accordance with the state of the art, to secure the Site and the Products in light of the complexity of the Internet and mobile networks.

Personal Data is processed in such a way as to ensure maximum security.

To this end, Smart-Chain undertakes to implement the following security measures:
- Pseudonymization and encryption of personal and sensitive data;
- Means to guarantee the confidentiality, integrity, availability and resilience of processing systems and services at all times;
- Means to restore availability and access to Personal Data within an appropriate timeframe in the event of a physical or technical incident;
- A procedure for regularly testing, analysis and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing;
6.2 - Data violation
Smart-Chain will notify the competent supervisory authority of any violation of Personal Data at the earliest opportunity after it has become aware of the violation, and by any means. 

In the event of a risk to the confidentiality, integrity or availability  of Users' Personal Data, Smart-Chain undertakes to notify the competent supervisory authority of the breach within a maximum of 72 hours.

When the risk has serious consequences for the confidentiality, integrity or availability of Personal Data, Smart-Chain is required, under the terms of this Policy and current regulations, to inform Users.
7 - Smart-Chain's Obligations as a subcontractor
When Smart-Chain acts as a subcontractor on behalf of its Customers who have subscribed to a Product (Bloom), its obligations are described in the general terms of service of these Products.
8 - Data retention Period
Personal Data is kept for no longer than is necessary for the purposes for which it is collected and processed.

A retention period is set according to each purpose:
At the end of the specified period, the data collected will be either:
- Deleted;
- Anonymized;
- Archived: Necessity must be assessed for each processing operation, and for each of these phases, data will be sorted;

When the retention of Personal Data is no longer justified by the management of a Customer account, a legal obligation, commercial requirements, the establishment, exercise or defense of our legal rights, or when you withdraw your consent or request us to do so in accordance with one of your rights, we will securely delete your Personal Data.
9 - Exercise of rights
Under the conditions of Articles 15 to 22 of the GDPR, any User may exercise the rights listed below by simple written request, imperatively accompanied by valid proof of identity bearing the holder's signature, sent by post addressed by e-mail to the following address:

Smart-Chain will process requests within a reasonable timeframe, and at the latest within one (1) month of receipt of the request. In the case of complex requests, this period may be extended to three (3) months. 

All requests must be clear, precise and justified. In any event, Smart-Chain recommends that you contact the CNIL to find out more about the regulations governing the protection of Personal Data, the rights of individuals and the possibility of lodging a complaint with this authority:

User have the following rights:
- Right of access: All Users may request access to their data and the right to receive a copy of their Personal Data. 
- Right of deletion and rectification: Users may also request the deletion of their Personal Data and the rectification of erroneous or obsolete Personal Data. 
- Right to object: Users may object to the processing of their Personal Data, in particular by withdrawing their consent to the processing of their Personal Data at any time.
- Right of limitation: Users may also request the limitation of the processing of their Personal Data. This right applies only if the User contests the accuracy of his/her Personal Data; or in the event of unlawful processing; or if Smart-Chain no longer needs his/her Personal Data for processing purposes but such data is still necessary for the establishment, exercise or defense of legal claims; or in the event of exercise of his/her right to object during the period of verification as to whether the legitimate motives pursued by Smart-Chain prevail over those of the User.
- Right to portability: All Users also have the right to data portability, i.e. the right to receive data held by Smart-Chain in a structured, commonly used and readable format, and the right to transmit this data to another data controller.
- Right to forget: Every User, a natural person, also has the right to define directives concerning the fate of his or her Personal Data after death.
- Right not to be the subject of an automated data processing decision

You are never required to provide any Personal Data requested by Smart-Chain. However, if you refuse to provide certain Personal Data, access to the Site and your Product subscriptions may be limited, suspended or even rendered impossible.
10 - Contact
If you have any questions concerning the use of your Personal Data as covered by this document, you can contact us at this address: 

If you do not agree with this Policy, you can lodge a complaint with the CNIL:

- On-line via the form available on the following page:
- Or by post to the following address: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.