PRIVACY POLICY
PREAMBLE
Through the PLATFORM available at https://www.OpenDataSoft.com, OpenDataSoft provides Software as a Service (“SaaS”) solutions that work with open data portals, internal data references, smart city platforms, and data marketplaces to provide:
- Processing and publication of datasets for systems management/managers;
- User data search and visualization; and
- Reuse of data via simple and powerful APIs for developers
This privacy policy applies to you, as a user of the domain available at https://www.fabriquenumeriquedupasse.fr. The purpose of this document is to provide you with information on how your personal data will be collected and processed by UMR ArScAn (hereinafter THE COMPANY).
Respect for your private life and your personal data is a priority for THE COMPANY which undertakes to comply with the Data Protection Act n° 78-17 of January 6, 1978.
As part of the use of this service, THE COMPANY shall respect two essential principles:
- You remain in control of your personal data;
- Your data will be handled in a transparent, confidential, and secure fashion.
ARTICLE 1. DEFINITIONS
- BENEFICIARY: means the end USER who has been granted a right of access to DATASETS published by the COMPANY.
- DATASETS: means data produced by THE COMPANY, published on the PLATFORM, and made available to all or some categories of USERS, depending on THE COMPANY’s subscription and the licenses the COMPANY has granted.
- DOMAIN: means the domain name of the type https://www.fabriquenumeriquedupasse.fr that THE COMPANY has registered in connection with its subscription, on which it can publish its DATASETS. Specific DOMAINS can also be registered subject to conditions (e.g., use of a HTTPS certificate to secure access to this domain using private key, and possible intermediate certificates).
- SERVICE: means all the services proposed by OPENDATASOFT thanks to its PLATFORM. The SERVICES are explained In the GTCs available at http://legal.opendatasoft.com/en_FR/terms-of-use.html.
- OPENDATASOFT PLATFORM: means the platform OPENDATASOFT publishes, including all its graphic, audio, visual, software and textual components. The OPENDATASOFT PLATFORM is the exclusive property of OPENDATASOFT. It is accessible at https://www.opendatasoft.com/fr/.
- USER: means all kinds of users, either a BENEFICIARY or a THE COMPANY.
ARTICLE 2. IDENTITY OF CONTROLLER
Legal notice: The CONTROLLER is the person who determines the means and purposes of personal data processing. The SUBCONTRACTOR is a person processing personal data on behalf of the CONTROLLER, who acts under the authority and direction of the CONTROLLER.
Your personal data is collected and processed by THE COMPANY, who is the controller (collector and processor) of the personal data collected and processed by THE COMPANY during .
OpenDataSoft acts as a SUBCONTRACTOR of the THE COMPANY when the latter collects and processes data via its DOMAIN, which it manages in its sole discretion. Therefore, each THE COMPANY shall have the status of CONTROLLER of the data for BENEFICIAIRIES processed with THE COMPANY’S DOMAINS and DATASETS published on THE COMPANY’S DOMAINS.
This Privacy Policy is limited to data processing performed by THE COMPANY as part of the exploitation of its DOMAIN.
ARTICLE 3. CNIL’S FORMAILITIES
The processing of your personal data by THE COMPANY has been the subject of a declaration to the French National Computers and Freedom Commission (CNIL – Commission Nationale de l’Informatique et des Libertés) under the number prior to the opening of the DOMAIN.
A computer and freedom correspondant (CIL - Correspondant Informatique et Libertés) has been appointed by the company.
You can contact them at
ARTICLE 4. DATA COLLECTION & PROCESSING
As part of the exploitation of its DOMAINE, THE COMPANY may collect personal data concerning USERS of its DOMAIN. THE COMPANY will process such data in accordance with the purposes set forth in, and in accordance with, the terms of French CNIL Decision n°2012-209 of June 21, 2012, “concerning the creation of a simplified standard for automated processing of personal data relating to the management of clients and prospects” (NS 48).
In particular, THE COMPANY will collect BENEFICIARIES’ personal data
- When you visit the DOMAIN;
- When you use the functionalities and/or the SERVICES provided on the DOMAIN;
- When you engage in exchanges with the COMPANY or with other BENEFICIARIES via the DOMAIN;
Regardless of the manner in which personal data is collected, THE COMPANY will inform you of: (a) the purposes of processing, (b) whether the responses sought are required or optional, (c) possible consequences of failure to reply, (d) data recipients, (e) the existence of a right to access, modify and oppose the data processing.
THE COMPANY may obtain your consent and/or allows you to object to the use of your personal data for certain purposes when required by the Data Protection Act n° 78-17 of January 6, 1978
The data that may be collected and processed by THE COMPANY to accomplish the purposes described in this Privacy Policy includes:
- Data for identification (first name, last name, postal, and e-mail addresses);
- Data concerning the management and security of each account created from the DOMAIN (IDENTIFIERS, passwords, API keys);
- Data concerning follow-up on commercial relationships: purchase order numbers, invoices, requests for information, and history of exchanges with departments; and
- Connection data (IP addresses, connection logs).
ARTICLE 5. PURPOSES OF PROCESSING
Your data is collected by THE COMPANY to ensure :
- The proper functioning and ongoing improvement of the DOMAIN and its functionalities;
- Management of payments;
- Transmission of newsletters;
- Management of BENEFICIAIRIES, including commercial management, invoices and follow-up on customer relationships (e.g., customer satisfaction surveys);
- Management of requests for rights of access, corrections, and opposition;
- Management of overdue balances and litigation; and
- Maintenance of statistics to improve the functioning of the DOMAIN and the quality of services it offers.
The COMPANY will also use this data as needed for legal and regulatory purposes. In any case, The COMPANY undertakes to process data for the purposes defined in compliance with the Data Protection Act n° 78-17 of January 6, 1978
ARTICLE 6. CONSENT
When you open your DOMAIN, you will complete a variety of forms and provide personal data.
By providing THE COMPANY with your personal data, you expressly consent to have such data collected and processed by THE COMPANY for the purposes described in each support of data collections.
As a BENEFICIARY, you consent to have your connection data to the DOMAIN collected to facilitate your navigation.
ARTICLE 7. DATA RECIPIENTS
Your personal data will not be communicated, exchanged, sold, or leased without your express prior consent, pursuant to the applicable legal and regulatory provisions.
ARTICLE 8. DURATION OF DATA RETENTION
THE COMPANY attempts to ensure that the data it collects is retained in a manner that allows your identification only for as long as necessary to achieve the purposes for which such data has been collected and processed.
However, data establishing proof of a right or contract or data retained to comply with a legal obligation can be kept on file in accordance with the limitations periods of applicable law (in particular Commercial Code, Civil Code, Consumer Code).
If the right of access or rectification is exercised, data relating to identity documents may be stored for the period provided for in Article 9 of the Criminal Procedure Code (ie one year). In the event of exercise of the right to object, such data may be archived during the limitation period provided for in Article 8 of the Criminal Procedure Code (ie three years).
As well, when a BENEFICIARY exercises his right to object for commercial prospection, the information allowing him to take into account his right to object will be stored for a minimum of three years from the exercise of the right to object. This data will not be used for purposes other than the management of the right to object.
Finally, with regard to the cookies indicated in Article 11 of this Privacy Policy, the information stored on your computer or any other element used to identify you for purposes of audience statistics shall not be retained beyond a period of thirteen (13) months. After this deadline has elapsed, raw data associated with an IDENTIFIER is either suppressed or rendered anonymous.
ARTICLE 9. YOUR RIGHTS
Under Data Protection Act n° 78-17 of January 6, 1978, you have a right to access, correct, update, lock, or delete personal data concerning you that is inaccurate, incomplete, mistaken, out-of-date, or whose collection, use, communication, or retention is prohibited.
Provided there are legitimate grounds to do so, you can also object to any personal data about you that THE COMPANY processes.
When making a request for the correction, deletion, updating, or locking of data processed by THE COMPANY through their DOMAINS, please send an email to the address appearing on each DOMAIN, or send a message by standard postal delivery to , stating your identity and the reason you are requesting such action.
ARTICLE 10. CONNECTION DATA AND COOKIES
Each USER navigating on a DOMAIN should consult the Cookies Charter published on the DOMAIN by THE COMPANY where all information requested under Article 32II of the Data Protection Act n° 78-17 of January 6, 1978 are provided.
ARTICLE 11. SOCIAL NETWORKS
You have the option of clicking on the icons dedicated to the social networks Twitter, Facebook, Google+, and/or LinkedIn appearing on the DOMAIN.
Any personal information that you may designate as public and accessible from your Twitter, Facebook, LinkedIn, and/or GOOGLE+ profiles shall be accessible to THE COMPANY, and the USER expressly authorizes this access.
However, THE COMPANY does not create or use any independent database of FACEBOOK and GOOGLE + from any personal information you may post there and the Company will not process any data relating to your privacy through this means.
If you wish to challenge THE COMPANY’S access to personal information designated as public and accessible from a link between your profiles and the applicable social network, you must use the applicable social network functions to limit such access to your data.
ARTICLE 12. SECURITY
THE COMPANY respects the French Computers and Freedom Law in matters pertaining to the security and confidentiality of your data.
THE COMPANY takes necessary precautions to preserve data security based on the nature of your data and the risks posed by our processing. In particular, THE COMPANY takes precautions to prevent the data from being impaired, damaged, or subject to unauthorized access. The measures taken include physical protection of our premises, authentication procedures for USERS with personal and secure access using confidential identifiers and passwords, logging of connections, and encryption of certain data.