banner.earlyAccessbanner.claimSpot
Version 1.0

Vinci 26 – Privacy Policy

Business Portal

Last updated: December 14, 2025

1. Scope

This Privacy Policy explains how Vinci 26 processes personal data in connection with the Vinci 26 Business Portal (the "Service").

It applies exclusively to business owners, managers, staff members, administrators, and other professionals using the Business Portal ("Users"). It does not apply to end customers of the Businesses.

2. Data Controller

Controller: Vinci 26

For customer-related personal data entered into the Service by a Business, the Business acts as the Data Controller and Vinci 26 acts as the Data Processor within the meaning of the General Data Protection Regulation (EU) 2016/679 ("GDPR").

3. Categories of Personal Data Processed

3.1 User Account Data

  • First and last name
  • Email address
  • Phone number (optional)
  • Profile photo (optional)
  • Role, permissions, and business associations

3.2 Authentication and Security Data

  • Hashed passwords
  • Two-factor authentication status
  • Recovery codes (hashed)
  • OAuth identifiers and provider metadata (where applicable)

3.3 Business-Related Data

  • Business name, type, and configuration
  • Business contact details
  • Staff assignments, working schedules, and service associations

3.4 Technical and Usage Data

  • IP address
  • Device, operating system, and browser information
  • Log files and audit logs
  • Date, time, and scope of actions performed within the Service

4. Purposes of Processing

Personal data is processed for the following purposes:

  • Provision and operation of the Service
  • User authentication and authorization
  • Security, fraud prevention, and abuse detection
  • Business administration and user management
  • Compliance with legal obligations
  • Improvement, maintenance, and monitoring of the Service

5. Legal Bases for Processing (GDPR Art. 6)

Processing is based on one or more of the following legal bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests (platform security, service reliability, fraud prevention)
  • User consent, where explicitly required

6. Data Processing Roles

  • User Personal Data: Vinci 26 acts as Data Controller
  • Customer Personal Data entered by Businesses: Vinci 26 acts as Data Processor on behalf of the Business

Processor obligations are governed by a separate Data Processing Agreement (DPA).

7. Data Sharing and Recipients

Personal data may be shared with:

  • Hosting and infrastructure providers
  • Authentication and security service providers
  • Communication service providers (email and notifications)
  • Public authorities where legally required

Personal data is never sold.

8. International Data Transfers

Where personal data is transferred outside the European Union or European Economic Area, appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

9. Data Retention

Personal data is retained:

  • For the duration of the contractual relationship
  • As required by applicable law
  • In accordance with internal retention policies

After termination of the Business account, data may be deleted or anonymized unless legal retention obligations apply.

10. Security Measures

Vinci 26 implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit
  • Role-based access control
  • Two-factor authentication
  • Audit logging and monitoring
  • Regular security reviews

11. Data Subject Rights

Users have the right to:

  • Access their personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of personal data, where applicable
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

12. Exercising Your Rights

Requests to exercise data subject rights may be submitted through official Vinci 26 support channels. Identity verification may be required.

13. Cookies and Local Storage

The Business Portal uses cookies and similar technologies that are strictly necessary for:

  • Authentication and session management
  • Security
  • User preferences and language settings

No non-essential cookies are used without explicit consent.

14. Automated Decision-Making

The Service does not perform automated decision-making or profiling that produces legal or similarly significant effects within the meaning of GDPR Article 22.

15. Personal Data Breaches

In the event of a personal data breach, Vinci 26 will notify affected Users and competent supervisory authorities in accordance with GDPR requirements.

16. Children's Data

The Service is intended solely for individuals aged 18 or older. Vinci 26 does not knowingly process personal data of minors.

17. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. Material changes will be communicated through the Service.

18. Contact

Data protection and privacy-related inquiries must be submitted through official Vinci 26 communication channels.