PRIVACY POLICY

last update: 2016/06/29

PREAMBLE

This Privacy Policy is for users of the site www.opendatasoft.com (hereinafter designated as the ”PLATFORM”), and informs users of the way that personal information may be collected and processed by Société OpenDataSoft, (hereinafter “OPENDATASOFT”).

Through the PLATFORM, OPENDATASOFT provides Software as a Service (“SaaS”) that works with: open data portals, internal data references, smart city platforms, and MARKETPLACE DATASETS to provide:

  • Processing and publication of datasets for systems management;
  • User data search and visualization; and
  • Reuse of data via simple and powerful APIs for developers.

Respect for your private life and your personal data is a priority for OPENDATASOFT, and OPENDATASOFT’S two essential principles govern use of this service: - You remain in control of your personal data. - Your data will be handled in a transparent, confidential, and secure fashion.

ARTICLE 1. DEFINITIONS

Capitalized terms used but not defined herein shall have the meanings ascribed to them in the GTCs, available at https://legal.opendatasoft.com/en_US/terms-of-use.html .

ARTICLE 2. IDENTITY OF CONTROLLER

Legal notice: The CONTROLLER is the person who determines the means and purposes of personal data processing. The SUBCONTRACTOR is a person processing personal data on behalf of the CONTROLLER, who acts under the authority and direction of the CONTROLLER.

OPENDATASOFT is the CONTROLLER (collector and processor) of the CLIENT’S personal data collected and processed by OPENDATASOFT during the CLIENT’S subscription to the SERVICE for the purpose of creating a DOMAIN.

OPENDATASOFT acts as a SUBCONTRACTOR of the CLIENT when the latter collects and processes data via its DOMAIN, which it manages in its sole discretion. Therefore, each CLIENT shall have the status of CONTROLLER of the data for BENEFICIAIRIES processed with CLIENT’S DOMAINS and DATASETS published on CLIENT’S DOMAINS. For example, in a case where a CLIENT subscribes to the “MARKETPLACE” SERVICE, the CLIENT would process its BENEFICIAIRIES’ data in its capacity as the CONTROLLER, and OPENDATASOFT would be only a SUBCONTRACTOR.

This Privacy Policy is limited to data processing performed by OPENDATASOFT in the context of registration with, and use of, the SERVICE. BENEFICIAIRIES are referred to the privacy policies, policies concerning personal data, and policies concerning the CLIENT’S DATASETS published by CLIENTS in each DOMAIN. Publication of such policies is the sole responsibility of the CLIENTS.

ARTICLE 3. DATA COLLECTION & PROCESSING

OPENDATASOFT will collect personal data:

  • When you visit the OPENDATASOFT web site (the “SITE”).
  • When you use the functionalities and/or the SERVICES provided on the SITE.
  • When you register, create a DOMAIN and/or use your BACK-OFFICE.
  • When you engage in exchanges with OPENDATASOFT or with other USERS via the SITE.

Regardless of the manner in which personal data is collected, OPENDATASOFT will inform you of: (a) the purposes of processing, (b) whether the responses sought are required or optional, (c) possible consequences for you and OPENDATASOFT if you do not respond, (d) for data recipients, whether there are access rights and how they are to be exercised, and (e) how you can correct the data we have collected.

The data that may be collected and processed by OPENDATASOFT to accomplish the purposes described in this Privacy Policy includes:

  • Data for identification (first name, last name, postal, and e-mail addresses);

  • Data concerning the management and security of the BACK-OFFICE (IDENTIFIERS, passwords, API keys);

  • Data concerning follow-up on commercial relationships: purchase order numbers, invoices, requests for information, and history of exchanges with departments; and

  • Connection data (IP addresses, connection logs).

ARTICLE 4. SPECIFIC PROVISIONS CONCERNING PAYMENT DATA

4.1 Payment data collected

“Payment data” refers to the following:

  • Data concerning payment methods used by a CLIENT for an order or subscription to a SERVICE payable to OPENDATASOFT, potentially including BBAN or Basic Bank Account Number, checking account number, bank card number, or bank card expiration date;

  • Data concerning an order or subscription for SERVICE by a CLIENT and the resulting transaction, such as the transaction number and the itemization of the order; and

  • Data concerning payment of invoices such as payment procedures, discounts, receipts, outstanding balances, etc.

4.2 Purpose of collecting payment data

The purpose of collecting and processing the data described in Section 4.1 above is for the management of payments for the SERVICE in the context of the PREMIUM offer. OPENDATASOFT is responsible for processing such payments.

4.3 Recipients of payment data

(i) With respect to data that is processed to manage payment for the SERVICE in the context of the PREMIUM offer as indicated in this Article 4..

In this case, only OPENDATASOFT is responsible for the data processing, and thus shall be responsible for the payment data.

ARTICLE 5. PURPOSES OF PROCESSING

Your data is collected by OPENDATASOFT to ensure: - The proper functioning and ongoing improvement of the SITE, its functionalities, and the SERVICE; - Management of payments for the SERVICE; - Transmission of newsletters; - Management of CLIENTS’ use of the SERVICES, including management of DOMAINS, BACK OFFICES, customer loyalty programs, sales, invoices, and follow-up on customer relationships (e.g., customer satisfaction surveys); - Management of requests for rights of access, corrections, and challenges;
- Management of overdue balances and litigation; and
- Maintenance of statistics to improve the functioning of the SITE and the quality of service. OPENDATASOFT will also use this data as needed for legal and regulatory purposes.

ARTICLE 6. CONSENT

When you open your DOMAIN or commence management of your BACK-OFFICE on the SITE, you will complete a variety of forms and provide personal data that will allow you to use the SERVICES offered by OPENDATASOFT.

By providing OPENDATASOFT with your personal data, you expressly consent to have such data collected and processed by OPENDATASOFT for use with the SERVICES and by CLIENTS (for data collected through DOMAINS published by CLIENTS) for the purposes described in the CLIENTS’ privacy policies.

As USERS, you consent to have your connection data to the SITE collected to facilitate your navigation.

ARTICLE 7. DATA RECIPIENTS

The email address provided at the creation of your BACK-OFFICE will not be visible to other USERS, and will only be used by OPENDATASOFT for the purposes set forth in Article 4 (Specific Provisions Concerning Payment Data) above.

Furthermore, your e-mail address and phone number will not be accessible to other USERS.

When you communicate with other USERS, the internal mailbox used will not disclose your identification information unless and until you decide to reveal such information to the other USER(S).

You are the one who decides whether or not to reveal your identity to a specific CLIENT, who will then be able to identify your profile as belonging to you.

Your personal data will not be communicated, exchanged, sold, or leased without your express prior consent, pursuant to the applicable legal and regulatory provisions.

We will only share personal information with companies or individuals outside of OPENDATASOFT if we have a belief in good faith that access, use, preservation, or disclosure of the information is reasonably necessary to: - meet any applicable law, regulation, legal process, or enforceable governmental request; - enforce applicable Terms and Conditions of Service, including investigation of potential violations; - detect, prevent or otherwise address fraud, security, or technical issues; and/or - protect against harm to the rights, property, or safety of OPENDATASOFT, our users, or the public, as required or permitted by law.

ARTICLE 8. DURATION OF DATA RETENTION

OPENDATASOFT attempts to ensure that the data it collects is retained in a manner that allows for your identification only for as long as necessary to achieve the purposes for which such data has been collected and processed.

However, data establishing proof of a right or contract or data retained to comply with a legal obligation can be kept on file in accordance with the limitations periods of applicable law. Your identification data is retained for three (3) years from the latest of the closure of your DOMAIN, collection of such data, or the last contact between you and OPENDATASOFT.

Finally, with regard to the cookies indicated in Article 10 of this Privacy Policy, the information stored on your computer or any other element used to identify you for purposes of audience statistics shall not be retained beyond a period of thirteen (13) months. After this deadline has elapsed, usage data associated with an IDENTIFIER is either suppressed or rendered anonymous. [

ARTICLE 9. YOUR RIGHTS

You have a right to access, correct, update, lock, or delete personal data concerning you that is inaccurate, incomplete, mistaken, out-of-date, or whose collection, use, communication, or retention is prohibited.

Provided there are legitimate grounds to do so, you can also object to any personal data about you that OPENDATASOFT processes.

When making a request for the correction, deletion, updating, or locking of data processed by OPENDATASOFT, please send an email to cil@opendatasoft.com, or send a message by standard postal delivery sent to 130, rue de Lourmel, 75015 PARIS, stating your identity and the reason you are requesting such action.

When making a request for the correction, deletion, updating, or locking of data processed by CLIENTS through their DOMAINS, please send an email to the address appearing on each DOMAIN, or send a message by standard postal delivery sent to the CLIENT’S address appearing on the DOMAIN, stating your identity and the reason you are requesting such action.

ARTICLE 10. CONNECTION DATA AND COOKIES

(i) In relation to your navigation of the SITE

On its SITE, OPENDATASOFT makes use of connection data (date, time, Internet address, IP address of the visitor’s computer, page consulted) and cookies (small files registered in your computer), making it possible to identify you, store your queries, and make use of the SITE’S metrics and audience statistics, particularly with regard to the pages consulted.

While navigating on the SITE, you accept OPENDATASOFT’S installation of these “technical” cookies for the sole purpose of enabling or facilitating electronic communication between your terminal equipment and our site, facilitating management and navigation on the latter.

Our access to information stored in your terminal equipment, or the registering of information therein, will only be done:

  • To enable or facilitate electronic communication; or
  • As necessary for the provision of our online communication service at your express request.

You may, as with other data, exercise your right of access to this connection data by submitting a request to cil@opendatasoft.com, or by sending a message via standard postal delivery to 130, rue de Lourmel, 75015 PARIS, with confirmation of your identity.

If your browser allows it, you can deactivate these cookies at any time by following the procedure indicated by the browser. However, such deactivation may have the effect of slowing down and or disrupting your access to the SITE.

(ii) In relation to your navigation on DOMAINS

In the event that a CLIENT uses “tracer” cookies on its DOMAIN, each USER navigating on this DOMAIN should consult the privacy policy published by the CLIENT to determine the purposes and implications of such use.

DOMAINS are published by CLIENTS and are their sole responsibility.

ARTICLE 11. SOCIAL NETWORKS

You have the option of clicking on the icons dedicated to the social networks Twitter, Facebook, Google+, and/or LinkedIn appearing on the SITE.

Any personal information that you may designate as public and accessible from your Twitter, Facebook, LinkedIn, and/or GOOGLE+ profiles shall be accessible to OPENDATASOFT, and the USER expressly authorizes this access.

If you wish to challenge OPENDATASOFT’S access to personal information designated as public and accessible from a link between the SITE and the applicable social network, you must use the applicable social network functions to limit such access to your data.

ARTICLE 12. SECURITY

OPENDATASOFT takes necessary precautions to preserve data security based on the nature of your data and the risks posed by our processing. In particular, OPENDATASOFT takes precautions to prevent the data from being impaired, damaged, or subject to unauthorized access. The measures taken include physical protection of our premises, authentication procedures for our clients with personal and secure access using confidential identifiers and passwords, logging of connections, and encryption of certain data.

ARTICLE 13. PROVISIONS APPLICABLE TO RESIDENTS OF THE EUROPEAN UNION

The following provisions apply only to Personal Data collected from residents of the European Union, regardless of where they are located at the time their Personal Data is collected.
13.1 For residents of the European Union only, the following Article 14 applies: ARTICLE 14. DATA COLLECTION & PROCESSING OPENDATASOFT may collect personal data concerning USERS of its PLATFORM. OPENDATASOFT will process such data in accordance with the purposes set forth in, and in accordance with, the terms of French CNIL Decision n°2012-209 of June 21, 2012, “concerning the creation of a simplified standard for automated processing of personal data relating to the management of clients and prospects” (NS 48).

13.2 For residents of the European Union only, Article 4 (Specific Provisions Concerning Payment Data) of the Privacy Policy is supplemented with the following provisions:

4.4 Duration of Retention of Payment Data Bank card data is suppressed as soon as the transaction is completed, i.e., upon the actual payment for the purchase order.

For payments by bank card, pursuant to Article L 133-24 of the French Monetary and Financial Code, such data can be retained in temporary files to provide proof of a challenged transaction is challenged for a period of thirteen (13) months (or fifteen (15) months for deferred payment cards), based on the date the debit is incurred. Data concerning the visual cryptogram is not stored, and data concerning the bank card used is discarded upon its expiration date.

13.3 For residents of the European Union only, Article 5 (Purposes of Processing) of the Privacy Policy is supplemented with the following provisions:

OPENDATASOFT shall process all data in compliance with the French Computers and Freedom Law.

As publisher of the PLATFORM, OPENDATASOFT requires its CLIENTS to comply with all applicable legislation in connection with processing conducted by CLIENTS through their DOMAINS.

13.4 For residents of the European Union only, Article 9 (Duration of Data Retention) of the Privacy Policy is supplemented with the following provisions:

In the event any person exercises their right to object to the use of their personal data, OPENDATASOFT can retain such data on file until the deadline for prescription indicated in Article 8 of the French Code of Penal Procedure (i.e., for three years).

When a USER exercises his right to object to receiving prospectuses, information substantiating his right to object shall be retained for at least three years from the exercise of his right to object. This data shall not be used for purposes other than the administration of the right to object.

13.5 For residents of the European Union only, Article 12 (Security) of the Privacy Policy is supplemented with the following language:

OpenDataSoft respects the French Computers and Freedom Law in matters pertaining to the security and confidentiality of your data.

13.6 For residents of the European Union only, a new Article 15 is added as follows:

ARTICLE 15. CNIL FORMALITIES

The processing of your personal data by OPENDATASOFT has been the subject of a declaration to the French National Computers and Freedom Commission (CNIL – Commission Nationale de l’Informatique et des Libertés) under the number 1758522 prior to the launch of the PLATFORM.

OPENDATASOFT has also appointed the law firm HAAS Avocats as Computer and Freedom Correspondent, (CIL – Correspondant Informatique et Libertés) to strengthen its policy of protecting USERS’ private lives. To contact the CIL of OPENDATASOFT, please send an e-mail to the following address: cil@opendatasoft.com.