DentroChat logo
Δοκιμάστε δωρεάν

free.fr privacy policy — score 58/100 (medium risk)

Τελευταία ανάλυση

Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.

Νέα ανάλυση σε άλλη πολιτική

FREE S.A.S. · free.fr

Λεπτομέρειες αναφοράς

medium κίνδυνος

Free collects a vast and vaguely defined array of personal data—including profiling scores and detailed usage metrics—shares it widely with ad networks and the Iliad group, and transfers some outside the EU, though it does clearly outline standard GDPR rights.

The privacy policy of Free S.A.S. is structured around GDPR principles but suffers from overly broad data categories, particularly regarding 'personal life data' and 'profiling'. While legal bases are generally identified, the reliance on legitimate interest for commercial prospection and the broad sharing of data with unspecified partners and ad agencies raise concerns. International transfers to the US and Morocco are acknowledged with a mention of SCCs, but specific safeguards are lacking. User rights are well-documented, but the policy is entirely silent on AI/algorithmic training and automated decision-making.

Τελευταία ανάλυση
ΠηγήURL
Μήκος29,682 χαρακτήρες

Αξιολόγηση ανά κατηγορία

Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.

Data Minimizationpoor

Categories like 'personal life data' and 'profiling data' are excessively broad and vaguely defined, conflicting with the principle of collecting only what is necessary.

Transparencyfair

The policy clearly lists purposes and legal bases, but lacks specificity on exactly who the third-party partners are and is silent on AI training.

Third-party Sharingpoor

Data is shared widely within the Iliad group, with unspecified 'advertising agencies', and security partners, without a detailed sub-processor list.

International Transfersfair

Transfers outside the EU (USA, Morocco) are disclosed with a mention of Standard Contractual Clauses, but supplementary measures or specific transfer impact assessments are not detailed.

AI/Model Trainingpoor

The policy is completely silent on whether user data is used for AI or algorithmic model training, which is a significant gap.

User Rightsgood

All standard GDPR rights are clearly explained, including conditions for erasure and portability, along with specific contact details for the DPO.

Βασικά ευρήματα

Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)

Κρίσιμο

Overly Broad and Vague Data Categories

The policy lists 'Données liées à la vie personnelle' (Personal life data) as 'any justificatory document relating to your personal situation' and 'Données issues du profilage' (Profiling data) as 'Profile, score, client segmentation'. These definitions are unbounded and fail the GDPR's data minimization principle.

Κρίσιμο

Silence on Automated Decision-Making and AI

While 'profiling' is mentioned, there is no information on automated decision-making (Article 22 GDPR) or whether data is used to train AI models, leaving users in the dark about algorithmic impacts.

Προειδοποίηση

Profiling for Fraud and Unpaid Debts

Free explicitly uses profiling for security, fraud, and unpaid debt prevention based on 'legitimate interest'. Profiling for financial risk is a high-risk processing activity that often requires more robust justification and transparency than a generic legitimate interest claim.

Προειδοποίηση

Commercial Prospection Based on Legitimate Interest

For commercial communications and prospection, Free claims 'Your consent or our legitimate interest' as the legal basis. Relying on legitimate interest for direct marketing is permissible but often contested; the policy does not explain the balancing test conducted.

Προειδοποίηση

Vague Third-Party Sharing

Data is shared with 'advertising agencies and specialized agencies' and 'companies in charge of security'. Without a specific list of sub-processors or partners, users cannot truly understand who has access to their data.

Περίληψη για τον χρήστη

Free tracks a lot of what you do, including building a 'profile' and 'score' about you, and shares this with advertisers and its parent company. You can say no to targeted ads and commercial emails, but you have to actively opt out.

Στάση συμμόρφωσης

The policy attempts to comply with GDPR by listing purposes and legal bases, but it falls short on data minimization and specificity regarding third-party processors and international transfer safeguards.

Μεταφορές ΕΕ

Data is transferred outside the EU (specifically to the USA and Morocco). The policy states that Standard Contractual Clauses are used for non-adequate countries, but it does not mention supplementary measures or specific safeguards for US transfers post-Schrems II.

Εντοπισμένα σήματα

Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο

Δεδομένα που συλλέγονται
Identification dataCommercial dataBilling and payment dataTracking and relationship dataTechnical dataUsage and activity dataPersonal life dataProfiling dataCookies and tracker data
Σκοποί επεξεργασίας
Service provision and contract managementService personalizationCommercial communications and prospectionTargeted advertisingStatistics and service improvementSecurity, fraud prevention, and unpaid debt preventionNetwork deployment and operationLegal obligations and litigation
Κοινοποίηση σε τρίτους
Iliad group subsidiariesCommercial partnersSecurity and fraud prevention partnersAdvertising agenciesLegal and financial advisorsDebt collectorsJudicial authorities
Διεθνείς μεταφορές
Transfers to USATransfers to MoroccoStandard Contractual Clauses mentioned
AI / Εκπαίδευση μοντέλων
No mention of AI trainingNo opt-out for AI training

Αποσπάσματα αποδείξεων

Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα

Données liées à la vie personnelle : tout document justificatif relatif à votre situation personnelle (justificatif de domicile, courriers, justificatifs d'une situation personnelle etc.)

Données issues du profilage : Profil, score, segmentation client

Lutter contre la fraude, y compris par le profilage

Les destinataires de vos données sont situés dans l'Union Européenne et en dehors de l'Union Européenne (États-Unis, Maroc etc.).

Communications commerciales et prospection [...] Votre consentement ou notre intérêt légitime

Λείπει ή ασαφές

  • No specific list of sub-processors or third-party partners
  • No detail on supplementary measures for international transfers
  • No information on automated decision-making logic or safeguards
  • No explicit mention of AI model training
  • No detail on the criteria for the 'profiling score'

Ερωτήσεις προς υποβολή

  • What specific types of documents fall under 'personal life data' and how is collection strictly limited to what is necessary?
  • How does Free justify 'legitimate interest' for commercial prospection, and what specific opt-out mechanisms exist beyond the general right to object?
  • What supplementary technical and organizational measures are in place for data transfers to the USA and Morocco beyond Standard Contractual Clauses?
  • Is any user data used for training AI models or algorithms, and if so, how can users opt out?
  • What specific logic, criteria, and consequences apply to the 'profiling' and 'scoring' mentioned in the data categories?
Αυτή η ανάλυση δημιουργείται από AI και δεν αποτελεί νομική συμβουλή. Συμβουλευτείτε πάντα εξειδικευμένο νομικό για αποφάσεις συμμόρφωσης GDPR.

Κοινοποίηση αυτής της ανάλυσης

Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.

Δημιουργήθηκε από το DentroChat

100% ευρωπαϊκό AI chat για όλους

Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.

Υποδομή φιλοξενούμενη στην ΕΕΚείμενο, αρχεία, εικόνες και αναζήτηση webΛειτουργίες Γρήγορη, Σκέψη και ΔημιουργικήΠροτεραιότητα στην ιδιωτικότηταΚανένα δεδομένο δεν φεύγει από την Ευρώπη
Δοκιμή δωρεάν →