BBULB is committed to a policy of respect and protection of privacy, particularly regarding the personal data of users (hereinafter referred to as "Users") of its mobile application Pop’ndium (hereinafter referred to as "the Application" or "Pop’ndium"). BBULB follows a proactive approach to ensure compliance with personal data protection regulations (hereinafter referred to as the "Regulations"), including the General Data Protection Regulation (hereinafter referred to as "GDPR") and the amended French Data Protection Act of 1978 (hereinafter referred to as the "Data Protection Act"), as the Regulations evolve. It is essential that the trust relationship between BBULB and Pop’ndium Users is based on a strictly necessary, transparent, and secure use of private data in the digital space.
This policy outlines the commitments made by BBULB and explains how Users can exercise their rights regarding their personal data (hereinafter referred to as "Personal Data").
The GDPR has strengthened the transparency and consent requirements established by the Data Protection Act and has provided individuals with new rights. It complements existing laws, notably regarding Cookies with the 2002 ePrivacy Directive, updated by the 2022 European Privacy Regulation known as the "ePrivacy Regulation".
Individuals' rights can be exercised whenever data considered as personal is collected by a data controller.
Personal data refers to any information relating to an identified or identifiable natural person (notably by reference to an identifier, location data, or multiple elements specific to their physical, psychological, genetic, economic, cultural, or social identity).
A data controller is a natural or legal person implementing Personal Data processing (through collection, storage, or other means) for a specific purpose and managing the technical and/or human resources associated with this processing. The responsibility for processing may also be shared with a third party (a service provider, a social network, etc.).
In compliance with the Regulations, BBULB collects Personal Data only when strictly necessary and when the User has given their consent. However, some processing activities do not require consent, particularly those based on the necessity of fulfilling legal obligations.
For each processing activity, the purposes, recipients of Personal Data, and conditions for data retention are detailed in the notices and the General Terms of Use of Pop’ndium.
BBULB takes all necessary precautions to ensure the security, integrity, and confidentiality of Users' Personal Data.
Indeed, BBULB implements enhanced Personal Data protection through appropriate technical and organizational measures. These essential measures are taken to prevent, in particular, any unlawful or accidental access, use (alteration, destruction, etc.), loss, disclosure, unauthorized modification, or misuse of Personal Data.
BBULB processes Users' Personal Data only for a specific, legal, and legitimate purpose.
Personal Data is processed for purposes including, but not limited to:
Personal Data is collected by BBULB following a positive, free, and informed choice of the User, depending on the intended processing purposes.
For each purpose, BBULB ensures that only strictly necessary data is requested or collected. As such, forms collecting personal data explicitly indicate which data must be provided mandatorily and which are optional (usually marked with an asterisk).
Voici la liste non exhaustive des différentes Données Personnelles pouvant être collectées en fonction des différentes fonctionnalités et services proposés par BBULB :
Here is a non-exhaustive list of the different types of Personal Data that may be collected based on the various features and services offered by BBULB:
Personal Data is kept only for the time reasonably necessary to provide the service, improve it, and comply with applicable legal requirements or User requests. Beyond the retention periods recommended by the CNIL depending on the processing concerned, Users' personal data is deleted from BBULB's databases. The retention periods practiced by BBULB therefore depend entirely on the purpose pursued by the processing in question.
Only BBULB employees who need to know the data for their function are authorized to access the collected personal data.
The data is stored by BBULB or its subcontractors, depending on the processing concerned, in compliance with regulations. In the case of subcontracting, the contract binding BBULB and the subcontractor ensures a high level of confidentiality and data security. It requires the subcontractor to continuously implement all necessary technical and organizational measures to process and store personal data securely.
Additionally, BBULB implements the following security measures:
BBULB is committed to assisting the User as much as possible in exercising their rights. Indeed, BBULB guarantees Users whose personal data is collected:
The User must submit any request to exercise their rights by email or postal mail to:
BBULB
Personal Data Protection
122 avenue de Strasbourg 67170 BRUMATH
Email: contact@popndium.com
The request will be processed within 30 days of receiving the message.
For more information, the User may consult the CNIL website at any time.
The Data Protection Officer (DPO) is available to Users for any questions not addressed on this page. Contact them at the following address:
BBULB
Personal Data Protection
122 avenue de Strasbourg 67170 BRUMATH
Email: contact@popndium.com
They review messages during normal business hours and strive to respond as quickly as possible (in case of a rights exercise request, as mentioned above, processing the request requires a period of 30 days).
As part of the continuous improvement of its services, BBULB teams use APIs, including those from Google and YouTube, to program and enhance the content visible on Pop’ndium.
Pop’ndium integrates video content from Google’s YouTube service and processes Personal Data in this context. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with its parent company being Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Pop’ndium uses YouTube to distribute video content, including movie or series trailers.
The use of YouTube video content involves processing metadata and communication data (e.g., device information and IP addresses). However, usage data (e.g., website access, clicks, access times), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), or inventory data (e.g., names, addresses) may also be processed.
BBULB uses YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any Personal Data from Pop’ndium Users before they have consented to processing or viewed the video. However, the disclosure of Personal Data by YouTube is not necessarily excluded by the extended data protection mode. As such, YouTube establishes a connection with Google DoubleClick’s network, regardless of whether the User watches a video.
A connection to YouTube’s servers is established only when the User has consented to the use of YouTube on the embedded preview image. Before this, no cookies are stored by YouTube on the User’s device. Linking Personal Data with other Personal Data (partially across other devices) is possible. This risk is particularly present if the User has a YouTube account and is logged into YouTube. To avoid further linking of Personal Data, BBULB recommends Users log out of YouTube before viewing content on Pop’ndium.
Information collected by cookies is typically sent to a Google server in the United States of America (USA) and stored there. The USA does not have an equivalent general adequacy decision from the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that U.S. authorities may access and process it for their own purposes.
The legal basis for processing data in the context of embedding and displaying preview images is Article 6 (1) (f) of the GDPR.
The legal basis for this processing and the transfer of your Personal Data to the United States is your consent pursuant to Article 6 (1) (a) and Article 49 (1) (a) of the GDPR. The User has the right to withdraw their consent at any time.
Detailed information on data processing can be found in the privacy policy at the following link:
Google Privacy Policy.
Information on the opt-out option is available at:
Opt-Out Option.
Information on ad display settings can be found at:
Ad Display Settings.
By using YouTube, Pop’ndium Users also agree to comply with YouTube’s Terms of Service.
The Terms of Use for Google and YouTube can be found at the following links:
Firebase supports the login process of Pop’ndium by handling "instance identifiers," which include a timestamp. These identifiers are assigned to a specific user and allow different events or processes to be linked.
As part of processing via Firebase, Personal Data may be transferred to the United States. In the United States, there is no equivalent to the European Commission’s general adequacy decision certifying an adequate level of data protection. By transmitting your Personal Data, there is a risk that U.S. authorities may access and process it for their own purposes. To protect your Personal Data, we have concluded Standard Contractual Clauses ("SCCs"). SCCs are data protection regulations issued by the European Commission, whose conclusion imposes legal obligations on the data importer and whose implementation ensures compliance with European data protection standards. Google has implemented compliance measures for international data transfers. These measures apply to all global activities where Firebase processes Personal Data of EU individuals. These measures are based on the EU’s Standard Contractual Clauses.
BBULB maintains an online presence on the social networks Instagram and TikTok and processes Personal Data in this context. The service providers are Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
BBULB uses these networks to provide information about the company and to communicate with Users active on the network. Additionally, Personal Data may be processed through the use of these networks for market research and advertising purposes. This is done, for example, through tracking, where profiles based on interests or behavior, or cookies, may be used, among other things. However, retargeting and reach measurement are also used to create access statistics—recognizing recurring visitors, for example.
In relation to the use of our online presence on these networks, the following types of Personal Data may be processed: inventory data and contact data (e.g., name, address, email, phone number), content data (e.g., entries in online forms, use of the messaging feature), usage data (e.g., website visits, clicks, access times), metadata and communication data (e.g., device information, IP addresses).
As part of Pop’ndium’s operation, BBULB teams use the TMDB API. Therefore, it is recommended to refer to its Terms of Use: TMDB Terms of Use
As part of Pop’ndium’s operation, BBULB teams use the JustWatch API. Therefore, it is recommended to refer to its Terms of Use: JustWatch Terms of Use