Download as pdf

PRIVACY POLICY

last update: 2017/02/26

PREAMBLE

This Privacy Policy applies to you as a user of the website www.opendatasoft.com (hereinafter designated as the ‘PLATFORM’), and its purpose is to inform you of the way in which your personal information may be collected and processed by Société OPENDATASOFT, a company with its registered office located at 130, rue de Lourmel, 75015 PARIS, and with registration number RCS PARIS 538 168 329 (hereinafter ‘OPENDATASOFT’).

Through the PLATFORM, OpenDataSoft provides a software as a service (SaaS) service that works with numerous uses: Open Data portals, internal data references, smart city platforms, marketplace datasets…

This service involves a number of activities, including:

  • Processing and publication of datasets for systems management.
  • User data search and visualization.
  • Reuse of data via simple and powerful APIs for developers.

We take your privacy very seriously. We ask that you read this Privacy Policy carefully as it contains important information about how we will process your personal data.

In the context of your use of our services, OpenDataSoft undertakes to uphold the following two essential principles:

  • You remain in control of your personal data
  • Your personal data will be handled in a transparent, confidential and secure fashion.

ARTICLE 1. DEFINITIONS

  • BACK-OFFICE: The administrative interface of the DOMAIN provided for the CLIENT by OpenDataSoft. Using the BACK OFFICE, the CLIENT can customize the graphic interface of its DOMAIN, define administrator rights for its DOMAIN, as well as security levels for the creation of DATASETS, their modification, publication, etc. BACK- OFFICE functionalities are specified in detail at http://docs.opendatasoft.com.

  • BENEFICIARY: The end USER benefiting from a right of access to DATASETS published by the CLIENT.

  • CLIENT: The producer of DATASETS listed on the PLATFORM, who has subscribed to one of the offers put forward by OpenDataSoft for use of the SERVICES.

  • DATASETS: Data produced by CLIENTS, published on the PLATFORM and made accessible to all or some of the different categories of USERS, depending on the offer subscribed by the CLIENT and the licenses offered by the latter.

  • DOMAIN: The domain name of the type http://.opendatasoft.com opened by the CLIENT in connection with the offer subscribed for the purpose of publishing its DATASETS. Specific DOMAINS can also be opened subject to conditions (transmission of the relevant HTTPS certificate making it possible to secure access to the domain – private code, certificate and possible intermediate certificates)

  • IDENTIFIER: The electronic messaging address and password that you choose when you register as a CLIENT on the SITE, that allows you to connect to your BACK-OFFICE.

  • PLATFORM or SITE: This designates the platform published by OpenDataSoft, as well as all of its graphic, audio, visual, software and textual components. The PLATFORM is the exclusive property of OpenDataSoft. It is accessible at https://www.opendatasoft.com/..

  • SERVICE: This designates all the various services offered by OpenDataSoft through the PLATFORM. The SERVICES are specified in the General Conditions of Use (‘GCU’) accessible at https://legal.opendatasoft.com/en_GB/terms-of-use.html.

  • USERS: All users of the PLATFORM, including:

    • BENEFICIAIRIES accessing DATASETS, and
    • The CLIENT, producer of DATASETS

ARTICLE 2. IDENTITY OF CONTROLLER

OpenDataSoft is the ‘data controller’ of the personal data that it collects during the processing of the CLIENT subscribing to the SERVICE for the purpose of creating a DOMAIN.

In relation to any personal data that the CLIENT provides to OpenDataSoft via its DOMAIN for it to process as part of the SERVICES, OpenDataSoft will be acting as the ‘data processor’ of the CLIENT and the CLIENT shall be the data controller in respect of that data. The CLIENT shall be solely responsible for all such data as well as all BENEFICARIES data processed by the CLIENT’s DOMAIN and all DATASETS published in that DOMAIN.

Accordingly, this Privacy Policy concerns data processing performed by OpenDataSoft in the context of data collected during the CLIENT’s registration with the SERVICE. BENEFICIAIRIES should consult the privacy statements published by CLIENTS in each DOMAIN to understand how DATASETS and personal data is processed in relation to each DOMAIN; such processing is determined by and under the sole responsibility of CLIENTS.

ARTICLE 3. CNIL FORMALITIES

The processing of your personal data by OpenDataSoft has been notified to the National Computers and Freedom Commission in France under the number 1758522 prior to the launch of the SITE.

OpenDataSoft has also appointed the French law firm HAAS Avocats as its Computer and Freedom Correspondent, (“CIL” – Correspondant Informatique et Libertés) to strengthen its policy of protecting USERS’ privacy. To contact the CIL of OpenDataSoft, please send an e-mail to the following address: cil@opendatasoft.com

ARTICLE 4. DATA COLLECTION & PROCESSING

OpenDataSoft may collect your personal data:

  • When you visit the SITE
  • When you use the functionalities and/or the SERVICE provided on the SITE
  • When you register, create a DOMAIN and/or use your BACK-OFFICE
  • When there are exchanges with OpenDataSoft or with other USERS via the SITE

The data that can be collected and processed by OpenDataSoft to accomplish the purposes described in Article 6 of this Privacy Policy include:

  • Data for your identification (such as first name, last name, postal and e-mail addresses)

  • Data concerning the management and making secure of the BACK-OFFICE and FRONT-OFFICE (identifiers, passwords, API keys)

  • Data concerning follow-up on commercial relationships: purchase order numbers, invoices, requests for information, history of exchanges with departments.

  • Connection data (IP addresses, connection logs)

  • Payment data

ARTICLE 5. SPECIFIC PROVISIONS CONCERNING PAYMENT DATA

5.1 Payment data collected

“Payment data” refers to the following:

  • Data concerning payment methods used by a CLIENT for an order or subscription to a SERVICE payable to the OpenDataSoft RIP (BBAN or Basic Bank Account Number) or RIB (postal account number) checking account, bank card number, bank card expiration date)

  • Data concerning an order or subscription for SERVICE by a CLIENT and the resulting transaction, such as the transaction number and the itemization of the order.

  • Data concerning payment of invoices: payment procedures, discounts, receipts, outstanding balances, etc.

5.2 Purpose of collecting payment data

The purpose of collection and processing of the data mentioned in 5.1 is to manage payment for the SERVICE in the context of the PREMIUM SERVICE. In this context, OpenDataSoft is responsible for processing payment data concerning the CLIENTS of this offer.

5.3 Recipients of payment data

(i) With regard to the data indicated in 5.1 that is processed to manage payment for the SERVICE in the context of the PREMIUM offer.

In this case, OpenDataSoft, the party responsible for the aforesaid processing, shall be responsible for the aforesaid data.

5.4 Duration of retention of payment data

Except as set out in the next paragraph, Bank card data will cease to be retained as soon as the transaction is completed, that is to say, once full payment for the purchase order has been received by OpenDataSoft in cleared funds.

It is noted that for payments by bank card, such data may be retained to serve as proof if the transaction is challenged, in temporary files, for a period of thirteen (13) months (or fifteen (15) months for deferred payment cards), based on the date the debit is incurred. In any case, data concerning the visual cryptogram is not stored, and data concerning the bank card used is discarded when its expiration date is reached.

ARTICLE 6. PURPOSES OF PROCESSING

Your various kinds of data are collected by OpenDataSoft to ensure: - The proper functioning and ongoing improvement of the SITE, its functionalities and the SERVICE - Management of payments for the SERVICE - Sending out of newsletters - Management of CLIENTS (management of DOMAINS, BACK OFFICEs, customer loyalty programs, management of sales, invoices, follow-up on customer relationships (customer satisfaction surveys, …) - Management of requests for rights of access, corrections and challenges
- Management of overdue balances and litigation
- Keeping statistics to improve the functioning of the SITE and the quality of service OpenDataSoft will also be permitted to use this data for legal and/or regulatory purposes. In any case, and for processing for which it alone defines the purposes, OpenDataSoft undertakes to process all data collected in a manner that is in compliance with applicable data protection laws.

In your capacity as publisher of the PLATFORM, you (the CLIENT) warrant to OpenDataSoft that you shall fully comply with applicable data protection law in connection with all processing conducted by you through your DOMAINS.

ARTICLE 7. CONSENT

When you open your DOMAIN or commence management of your BACK-OFFICE on the SITE, you fill out a variety of forms and provide different sorts of personal data about yourself so you can avail yourself of all the SERVICES offered by OpenDataSoft.

By providing that personal data to us, you expressly consent to have such data collected and processed by OpenDataSoft, as far as the SERVICES are concerned, and, as appropriate, by CLIENTS with respect to data collected through DOMAINS published by the latter, for the purposes described in this Privacy Policy and in the respective collection support materials.

You consent to your connection personal data to the SITE be collected and processed by OpenDataSoft to facilitate your navigation.

You may withdraw your consent to OpenDataSoft processing your personal data at any time by writing to cil@opendatasoft.com, although please note that OpenDataSoft may still process some of your personal information to the extent that it is required for it to fulfil any contractual obligations that it has to you, and/or in order to comply with applicable laws and regulations. Your refusal to provide certain personal information may prevent OpenDataSoft from performing a specific service. OpenDataSoft’s processing of your personal data for the purposes of marketing services to you are optional and based on your voluntary consent provided by you as set out in this Article.

ARTICLE 8. DATA RECIPIENTS

The email address provided at the creation of your BACK-OFFICE will not be visible to other USERS, and will only be used by OpenDataSoft for the purposes set forth in Article 5.

Furthermore, your e-mail addresses and phone numbers will not be accessible to other USERS.

Moreover, when you communicate with other USERS, the internal mailbox used will not permit your identification unless you decide to reveal it to other USERS.

Accordingly, you are the one who decides whether or not to reveal your identity to other USERS, who if you were to decide to reveal your identity) would then be able to identify your profile as belonging to you.

Your personal data will not be communicated or exchanged, sold or leased without your express prior consent, or pursuant to the applicable legal and regulatory provisions.

ARTICLE 9. DURATION OF DATA RETENTION

OpenDataSoft undertakes to see to it that the data collected shall be retained in a manner that allows for your identification for a period whose duration shall not exceed the time required for the purposes for which such data has been collected and processed.

However, data making it possible to establish proof of a right or contract, or retained for the purpose of respecting a legal obligation, can be kept on file in accordance with applicable law and codes.

By way of exception, your identification data is retained by OpenDataSoft for three (3) years counting from the closure of your DOMAIN, its collection or the last contact coming from you.

It is further specified that in the event of the exercise of a right of access or of correction, data relating to identification documents can be retained (after closure of your DOMAIN) for the period of up to one year (subject to applicable law). In the event of exercise of the right of challenge, such data can be kept on file (after CLOSURE of your DOMAIN) for a period of up to three years (subject to applicable law).

Furthermore, when a USER exercises his right to challenge receiving prospectuses, information substantiating his right to challenge shall be retained for at least three years counting from the exercise of the right of challenge. This data shall not under any circumstances be used for purposes other than the administration of the right of challenge.

Finally, with regard to the cookies indicated in Article 11 of this Privacy Policy, the information stored in your terminal (for example, cookies) or any other element used to identify you for purposes of audience statistics shall not be retained beyond a period of thirteen (13) months. After this deadline has elapsed, gross data associated with an identifier is either deleted or rendered anonymous.

ARTICLE 10. YOUR RIGHTS

Your attention is drawn to your following rights under data protection law: (i) the right to request a copy of the information that we hold about you; (ii) the right (in certain circumstances) to have inaccurate personal data that we process about you rectified, blocked, erased or destroyed; and (iii) the right to object, on legitimate grounds, to the processing of your personal information. As an example, you could object at any time to receiving direct marketing communications from OpenDataSoft; you may also exercise your right of objection partially, for example by only objecting to receive advertising communications by electronic means (sms, mms, email, push-notification, telephone calls, fax messages). You may also exercise the rights above mentioned (including, without limitation, the right to object) in relation to the processing of your personal information for profiling purposes.

if you wish to exercise one or more of these rights, please contact us by email at cil@opendatasoft.com, or by post sent to 130, rue de Lourmel, 75015 PARIS, substantiating it with your identity and a legitimate reason for your request (if such a legitimate reason is required by applicable law).

In relation to personal data processing conducted by CLIENTS through their DOMAINS, please send an email to the address appearing on each DOMAIN, or by standard postal delivery sent to the CLIENT address appearing on the DOMAIN, also substantiating it with your identity and a legitimate reason for your request (if such a legitimate reason is required by applicable law).

ARTICLE 11. CONNECTION DATA AND COOKIES

(i) In relation to your navigation on the SITE (outside of DOMAINS)

On its SITE, OpenDataSoft makes use of connection data (date, time, Internet address, IP address of the visitor’s computer, page consulted) and cookies (small files registered in your computer), making it possible to identify you, store your queries, and make use of the SITE’s metrics and audience statistics, particularly with regard to the pages consulted.

While navigating on the SITE, you accept OpenDataSoft’s installation of this kind of so-called “technical” cookies, for the sole purpose of enabling or facilitating electronic communication between your terminal equipment and our site, facilitating management and navigation on the latter.

Our access to information stored in your terminal equipment, or the registering of information therein, will thus only be done in the following cases:

  • To enable or facilitate electronic communication;
  • When it becomes necessary for the provision of our online communication service at your express request.

You may, as with other data, exercise your right of access to this connection data by submitting a request to cil@opendatasoft.com, or by standard postal delivery to 130, rue de Lourmel, 75015 PARIS, with confirmation of your identity.

If your browser allows it, you can deactivate these cookies at any time, following the procedure indicated by the browser. However, OpenDataSoft informs you that such deactivation may have the effect of slowing down and/or disrupting access to the SITE.

(ii) In relation to your navigation on DOMAINS

In the event that a CLIENT uses so-called “tracer” cookies on its DOMAIN, each USER should review the cookies management section of the privacy statement published by the CLIENT in order to understand how such cookies are operated and managed.

Please note that DOMAINS are published by CLIENTS under their sole responsibility, with OpenDataSoft having nothing more than a role as a technical intermediary.

ARTICLE 12. SOCIAL NETWORKS

You have the option of clicking on the icons dedicated to the social networks, Twitter, Facebook Google + and LinkedIn appearing on the SITE.

In this regard, any personal information that you may designate as public and accessible from your Twitter, Facebook, LinkedIn and GOOGLE+ profiles shall be accessible to OpenDataSoft, which you hereby expressly authorize.

However, OpenDataSoft will not create or use any database separate from FACEBOOK and GOOGLE+ based on any personal information that you may publish there, and OpenDataSoft will not make use of any significant information from your private life in this connection.

If you wish to challenge OpenDataSoft’s access to personal information published in the public space of your profiles in the social network BACK-OFFICES, you must then use the means provided by FACEBOOK and GOOGLE to limit access to your data.

ARTICLE 13. SECURITY

OpenDataSoft is committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.

Accordingly, OpenDataSoft takes necessary precautions to preserve data security, based on the nature of your data and the risks posed by our processing, and in particular to prevent their being impaired, damaged or having unauthorized third parties get access to them (for example, through physical protection of our premises, authentication procedures for our CLIENTS with personal and secure access using confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).