last update: 12/08/2016
This Confidentiality policy is addressed to you in your capacity as a user of the site www.opendatasoft.com (hereinafter designated as the ‘PLATFORM’), and its purpose is to inform you of the way in which your personal information may be collected and processed, should the need arise, by Société OpenDataSoft, a simplified joint-stock company with a capital of 271,750.00 euros, located at 130, rue de Lourmel, 75015 PARIS, RCS PARIS 538 168 329 (hereinafter ‘OpenDataSoft’).
Through the PLATFORM, OpenDataSoft provides an SaaS service that works with numerous uses: Open Data portals, internal data references, smart city platforms, marketplace datasets...
This service allows for the following things:
Processing and publication of datasets for systems management.
User data search and visualization.
Reuse of data via simple and powerful APIs for developers.
Respect for your private life and your personal data is a priority for Société OpenDataSoft (hereinafter referred to as ‘OpenDataSoft’) which undertakes to respect Law n°78-17 of January 6, 1978, amending the law that goes by the name of “Computers and Freedom.”
In the context of use of this service, OpenDataSoft undertakes to uphold the following two essential principles:
You remain in control of your personal data
Your data will be handled in a transparent, confidential and secure fashion.
ARTICLE 1. DEFINITIONS
BACK-OFFICE: This designates the administrative interface of the DOMAIN provided for the CLIENT by OpenDataSoft. Using the BACK OFFICE, the CLIENT can undertake to personalize the graphic interface of his DOMAIN, define administrator rights for the DOMAIN, as well as security levels for the creation of DATASETS, their modification, publication, etc. BACK- OFFICE functionalities are specified in detail at http://docs.opendatasoft.com.
BENEFICIARY: This designates the end USER benefiting from a right of access to DATASETS published by the CLIENT.
CLIENT: This designates the producer of DATASETS listed on the PLATFORM, who has subscribed to one of the offers put forward by OpenDataSoft for use of the SERVICE.
DOMAIN: This designates the domain name of the type http://
.opendatasoft.com opened by the CLIENT in connection with the offer subscribed for the purpose of publishing its DATASETS. Specific DOMAINS can also be opened subject to conditions (transmission of the relevant HTTPS certificate making it possible to secure access to the domain – private code, certificate and possible intermediate certificates)
IDENTIFIER: This designates the electronic messaging address and password that you choose when you register as a CLIENT at the SITE, that allows you to connect to your BACK-OFFICE.
DATASETS: This designates data produced by CLIENTS, published on the PLATFORM and made accessible to all or some of the different categories of USERS, depending on the offer subscribed by the CLIENT and the licenses offered by the latter.
PLATFORM or SITE: This designates the platform published by OpenDataSoft, as well as all of its graphic, audio, visual, software and textual components. The PLATFORM is the exclusive property of OpenDataSoft. It is accessible at https://www.opendatasoft.com/..
SERVICE: This designates all the various services offered by OpenDataSoft through the PLATFORM. The SERVICES are specified in the general user conditions (CGU - conditions générales d’utilisation) accessible at https://legal.opendatasoft.com/en/terms-of-use.html .
USERS: This designates the various categories of PLATFORM users. Accordingly, those considered to be USERS are:
- BENEFICIAIRIES accessing DATASETS,
- The CLIENT, producer of DATASETS
ARTICLE 2. IDENTITY OF CONTROLLER
Legal notice : The controller is, under the Computers and Freedom Law, the person who determines the means and purposes of processing. The sub-contractor is a person processing personal data on behalf of the controller, he acts under the authority of the controller, following the instructions of the latter..
The CLIENT’s personal data is collected and processed by OpenDataSoft, controller of the personal data collected and processed by OpenDataSoft during the CLIENT’s subscription to the SERVICE for the purpose of creating a DOMAIN.
OpenDataSoft, on the other hand, shall act as a subcontractor of the CLIENT when the latter collects and processes data via its DOMAIN, which it manages under its sole responsibility. Accordingly, each CLIENT shall have the status of controller of the data for BENEFICIAIRIES processed with their DOMAINS and DATASETS published in the said DOMAIN.
In light of the foregoing, this confidentiality policy concerns data processing performed by OpenDataSoft in the context of registration with the SERVICE, and BENEFICIAIRIES are referred to the statements published by CLIENTS in each DOMAIN for specification of their policy concerning personal data and concerning, more generally, the DATASETS published via the said DOMAINS under the sole responsibility of the CLIENTS.
ARTICLE 3. CNIL FORMALITIES
The processing of your personal data by OpenDataSoft has been the subject of a declaration to the National Computers and Freedom Commission (CNIL – Commission Nationale de l’Informatique et des Libertés) under the number 1758522 prior to the launch of the SITE.
Subsequently, OpenDataSoft has also appointed the law firm HAAS Avocats as Computer and Freedom Correspondent, (CIL – Correspondant Informatique et Libertés) to strengthen its policy of protecting USERS’ private lives. To contact the CIL of OpenDataSoft, please send an e-mail to the following address: firstname.lastname@example.org.
ARTICLE 4. DATA COLLECTION & PROCESSING
In the context of its operation of the SITE, OpenDataSoft is permitted to collect personal data concerning the USERS of its SITE. Such data shall be processed in accordance with the purposes set forth for collection, observing the terms of CNIL Decision n°2012-209 of June 21, 2012, “concerning the creation of a simplified standard for automated processing of personal data relating to the management of clients and prospects” (NS 48)
Specifically, OpenDataSoft is permitted to collect personal data:
When you visit the SITE
When you use the functionalities and/or the SERVICE provided on the SITE
When you register, create a DOMAIN and/or use your BACK-OFFICE
When there are exchanges with OpenDataSoft or with other USERS via the SITE
Regardless of the manner in which it is collected, OpenDataSoft undertakes to inform you of the purposes of processing, whether the responses sought are required or optional, of possible consequences for it if there is a failure to respond, of data recipients, whether there are access rights and how they are to be exercised, correcting and challenging data processing.
When necessary pursuant to the Computers and Freedom Law, OpenDataSoft undertakes, as appropriate, to solicit your consent and/or allow you to challenge the use of your data for certain purposes.
The data that can be collected and processed by OpenDataSoft to accomplish the purposes described in Article 6 of this confidentiality policy includes:
Data for identification (first name, last name, postal and e-mail addresses)
Data concerning the management and making secure of the BACK-OFFICE and FRONT-OFFICE (identifiers, passwords, API keys)
Data concerning follow-up on commercial relationships: purchase order numbers, invoices, requests for information, history of exchanges with departments.
Connection data (IP addresses, connection logs)
ARTICLE 5. SPECIFIC PROVISIONS CONCERNING PAYMENT DATA
5.1 Données de paiement collectées
“Payment data” is understood to refer to the following:
Data concerning payment methods used by a CLIENT for an order or subscription to a SERVICE payable to the OpenDataSoft RIP (BBAN or Basic Bank Account Number) or RIB (postal account number) checking account, bank card number, bank card expiration date)
Data concerning an order or subscription for SERVICE by a CLIENT and the resulting transaction, such as the transaction number and the itemization of the order.
Data concerning payment of invoices: payment procedures, discounts, receipts, outstanding balances, etc.
5.2 Purpose of collecting payment data
The purpose of collection and processing of the data mentioned in 5.1 is to manage payment for the SERVICE in the context of the PREMIUM offer. In this context, OpenDataSoft is responsible for processing payment data concerning the CLIENTS of this offer.
5.3 Recipients of payment data
(i) With regard to the data indicated in 5.1 that is processed to manage payment for the SERVICE in the context of the PREMIUM offer.
In this case, only OpenDataSoft, the party responsible for the aforesaid processing, shall be responsible for the aforesaid data.
5.4 Duration of retention of payment data
Bank card data is suppressed as soon as the transaction is completed, that is to say, with the actual payment of the purchase order.
It is noted that for payments by bank card, pursuant to Article L 133-24 of the Monetary and Financial Code, such data can be retained to serve as proof if the transaction is challenged, in temporary files, for a period of thirteen (13) months (or fifteen (15) months for deferred payment cards), based on the date the debit is incurred. In any case, data concerning the visual cryptogram is not stored, and data concerning the bank card used is discarded when its expiration date is reached.
ARTICLE 6. PURPOSES OF PROCESSING
Your various kinds of data are collected by OpenDataSoft to ensure:
The proper functioning and ongoing improvement of the SITE, its functionalities and the SERVICE
Management of payments for the SERVICE
Sending out of newsletters
Management of CLIENTS (management of DOMAINS, BACK OFFICEs, customer loyalty programs, management of sales, invoices, follow-up on customer relationships (customer satisfaction surveys, ...)
Management of requests for rights of access, corrections and challenges
Management of overdue balances and litigation
Keeping statistics to improve the functioning of the SITE and the quality of service
OpenDataSoft will also be permitted to use this data for legal and/or regulatory purposes. In any case, and for processing for which it alone defines the purposes, OpenDataSoft undertakes to process all data collected in a manner that is in compliance with the Computers and Freedom Law.
In its capacity as publisher of the PLATFORM, OpenDataSoft also calls upon its CLIENTS to see to compliance with the applicable legislation in connection with processing conducted by the latter through their DOMAINS.
ARTICLE 7. CONSENT
When you open your DOMAIN or commence management of your BACK-OFFICE on the SITE, you fill out a variety of forms and provide different sorts of personal data about yourself so you can avail yourself of all the SERVICES offered by OpenDataSoft.
Generally speaking, through the willing communication of your personal data, you expressly consent to have such data collected and processed by OpenDataSoft, as far as the SERVICES are concerned, and, as appropriate, by CLIENTS with respect to data collected through DOMAINS published by the latter, for the purposes described in the respective collection support materials.
In closing, it is specified that as USERS, you consent to have your connection data to the SITE be collected to facilitate your navigation.
ARTICLE 8. DATA RECIPIENTS
The email address provided at the creation of your BACK-OFFICE will not be visible to other USERS, and will only be used by OpenDataSoft for the purposes set forth in Article 5.
Furthermore, your e-mail addresses and phone numbers will not be accessible to other USERS.
Moreover, when you communicate with other USERS, the internal mailbox used will not permit your identification unless you decide to reveal it to your interlocutor.
So you are the one who decides whether or not to reveal your identity to this or that CLIENT, who will then be able to identify your profile as belonging to you.
Your personal data will not be communicated or exchanged, sold or leased without your express prior consent, pursuant to the applicable legal and regulatory provisions.
ARTICLE 9. DURATION OF DATA RETENTION
OpenDataSoft undertakes to see to it that the data collected shall be retained in a manner that allows for your identification for a period whose duration shall not exceed the time required for the purposes for which such data has been collected and processed.
However, data making it possible to establish proof of a right or contract, or retained for the purpose of respecting a legal obligation, can be kept on file in accordance with the provisions in force (particularly those set forth by the Code of Commerce, the Civil Code and the Consumer Code).
By way of exception, your identification data is retained for three (3) years counting from the closure of your DOMAIN, its collection or the last contact coming from you.
It is further specified that in the event of the exercise of a right of access or of correction, data relating to ID documents can be retained for the period indicated by Article 9 of the Code of Penal Procedure (that is, for a year). In the event of exercise of the right of challenge, such data can be kept on file until the deadline for prescription indicated in Article 8 of the Code of Penal Procedure (that is, for three years).
Furthermore, when a USER exercises his right to challenge receiving prospectuses, information substantiating his right to challenge shall be retained for at least three years counting from the exercise of the right of challenge. This data shall not under any circumstances be used for purposes other than the administration of the right of challenge.
Finally, with regard to the cookies indicated in Article 11 of this Confidentiality policy, it is specified that the information stored in your terminal (for example, cookies) or any other element used to identify you for purposes of audience statistics shall not be retained beyond a period of thirteen (13) months. After this deadline has elapsed, gross data associated with an identifier is either suppressed or rendered anonymous.
ARTICLE 10. YOUR RIGHTS
It is noted that, pursuant to the provisions of Law n°78-17, known as the “Computers and Freedom” of January 6 1978, as amended by the Law of August 6, 2004, you have a right of access, of correction, of updating, of locking or deletion of personal data concerning you that is inaccurate, incomplete, mistaken, out-of-date, or whose collection, use, communication or retention is prohibited.
Provided there are legitimate grounds to do so, you can also challenge any personal data concerning you undergoing the processing that we perform.
When processing conducted by OpenDataSoft in the context of its provision of these SERVICES is concerned, these rights can be exercised through a simple e-mail request sent to the dedicated address email@example.com, or by standard postal delivery sent to 130, rue de Lourmel, 75015 PARIS, substantiating it with your identity and a legitimate reason if such is required by the law.
When processing conducted by CLIENTS through their DOMAINS is concerned, these rights can be exercised through a simple e-mail request sent to the address appearing on each DOMAIN, or by standard postal delivery sent to the CLIENT address appearing on the DOMAIN, also substantiating it with your identity and a legitimate reason if such is required by the law.
ARTICLE 11. CONNECTION DATA AND COOKIES
(i) In relation to your navigation on the SITE
On its SITE, OpenDataSoft makes use of connection data (date, time, Internet address, IP address of the visitor’s computer, page consulted) and cookies (small files registered in your computer), making it possible to identify you, store your queries, and make use of the SITE’s metrics and audience statistics, particularly with regard to the pages consulted.
While navigating on the SITE, you accept OpenDataSoft’s installation of this kind of so-called “technical” cookies, for the sole purpose of enabling or facilitating electronic communication between your terminal equipment and our site, facilitating management and navigation on the latter.
Our access to information stored in your terminal equipment, or the registering of information therein, will thus only be done in the following cases:
To enable or facilitate electronic communication;
When it becomes necessary for the provision of our online communication service at your express request.
You may, as with other data, exercise your right of access to this connection data by submitting a request to firstname.lastname@example.org, or by standard postal delivery to 130, rue de Lourmel, 75015 PARIS, with confirmation of your identity.
If your browser allows it, you can deactivate these cookies at any time, following the procedure indicated by the browser. However, OpenDataSoft informs you that such deactivation may have the effect of slowing down and or disrupting access to the SITE.
(ii) In relation to your navigation on DOMAINS
In the event that a CLIENT uses so-called “tracer” cookies on its DOMAIN, each USER navigating on this DOMAIN is invited to consult the Charter on cookie management published by the CLIENT in order to avail himself of all of the information set forth in Article 32II of the Computers and Freedom Law.
It should indeed be noted that DOMAINS are published by CLIENTS under their sole responsibility, with OpenDataSoft having nothing more than a role as subcontractor as far as the law is concerned.
ARTICLE 12. SOCIAL NETWORKS
You have the option of clicking on the icons dedicated to the social networks, Twitter, Facebook Google + and LinkedIn appearing on the SITE.
In this regard, any personal information that you may designate as public and accessible from your Twitter, Facebook, LinkedIn and GOOGLE+ profiles shall be accessible to OpenDataSoft, which the USER expressly authorizes.
However, OpenDataSoft will not create or use any database separate from FACEBOOK and GOOGLE+ based on any personal information that you may publish there, and OpenDataSoft will not make use of any significant information from your private life in this connection.
If you wish to challenge OpenDataSoft’s access to personal information published in the public space of your profiles in the social network BACK-OFFICES, you must then use the means provided by FACEBOOK and GOOGLE to limit access to your data.
ARTICLE 13. SECURITY
OpenDataSoft respects the Computers and Freedom Law in matters pertaining to the security and confidentiality of your data.
Accordingly, OpenDataSoft takes necessary precautions to preserve data security, based on the nature of your data and the risks posed by our processing, and in particular to prevent their being impaired, damaged or having unauthorized third parties get access to them (physical protection of premises, authentication procedures for our clients with personal and secure access using confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).