I. Nature of Data Collected by Octolis
1.1. Octolis collects and processes data that Users voluntarily provide to access or use Octolis as well as data concerning the preferences of Users and traffic (such as IP addresses).
The purposes of this Data Processing are to enable Users to create an Account to access Octolis, to use the Software, to improve services in placing cookies on Users’ devices and sending them commercial offers and marketing.
More precisely, Octolis processes Users date Data to enable Users to:
- Consult Octolis websites
- Create an Account to access and use the Octolis Software
- Register for online demonstrations, events or contests
- Download our online resources
- Improve services by placing cookies on users’ devices
- Send you commercial and marketing offers
- To open an Account, Users must provide Octolis with some personal identification information to use the Software.
Octolis will never collect or process sensitive Personal Data in accordance with GDPR regulations, for example regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, health, etc.
1.2. Octolis also collects Data relating to the commercial relationship with its Users: history, billing and payment, participation in promotional offers, requests and incidents reported to the support service, etc.
1.3. Octolis automatically collects certain data during visits to the website octolis.com and the software app.octolis.com. For example, information about the origin of the connection, the type and version of the user’s Internet browser, the duration of connection, etc.
The goal is to facilitate navigation, improve use, benefits and better understand the customer experience.
II. Use of Personal Data of Users
Octolis uses Personal Data only in the cases provided for by the regulations in force, which are:
- The execution of the service provision contract relating to the use of the Octolis Software and/or;
- Compliance with a legal obligation and/or;
- Your consent to process your Data
- Our legitimate interest in conducting prospecting or promotion operation concerning the Octolis Group, our products, promotions or the events we organize with the Octolis Group
Of course, Octolis never uses personal data for marketing and commercial purposes without respecting the wishes of the data subjects who can always unsubscribe from these communications.
III. Processing of Personal Data
Octolis collects and processes Users’ Personal Data in a fair and lawful manner and in compliance with the principles of European Regulation 2016/679 of 27 April 2016 (GDPR).
Octolis is responsible for the processing of Personal Data of Users within the meaning of the GDPR.
Octolis has appointed a Data Protection Officer (DPO) who continuously monitors Octolis’s compliance with GDPR principles and rules. Their mission is notably:
- to make Octolis employees aware of the protection of Personal Data;
- to support the teams during the implementation of processing;
- to respond to requests related to the exercise of Users’ rights in accordance with Article VIII.
The DPO can be contacted via this dedicated email address: [email protected]
IV. Retention of Personal Data of Users
Octolis makes every effort to prevent the loss, misappropriation, intrusion, unauthorised disclosure, alteration or destruction of Personal Data disclosed by Users.
- The data is hosted on Amazon Web Services for the app, and WP Engine for the website. The server security check and the update of operating software is carried out in real time.
- All information sent to Octolis is encrypted.
- Octolis employees are subject to an obligation of confidentiality and non-disclosure and have all signed a specific commitment to the protection of Personal Data.
- Access to Data is governed by a strict access control policy, reserved to authorised persons, under defined conditions.
- When Octolis uses subprocessors to process Personal Data, Octolis ensures that these subprocessors guarantee an equivalent level of security protection.
Octolis retains Personal Data in accordance with legal provisions:
- Octolis keeps the information relating to the management of the Customer Account, orders, billing, payments 10 years after the end of the contract or the last contact from the Inactive Customer;
- Octolis keeps the information related to the creation and management of prospecting files 3 years from the collection of data or the last contact from the prospect;
- Octolis keeps inactive Customer Data for the purpose of sending information about the commercial and marketing offers, within 3 years after the end of the business relationship.
- Octolis has the obligation to keep, for one year, the Personal Data following the creation, modification, or removal of User Content.
When the retention of the Data is no longer justified by the management of a Customer Account, a legal obligation or commercial requirements, and notwithstanding the exercise of the rights of deletion or modification, Octolis will delete the Data in a secure fashion.
4.3. Account Cancellation
Users may also request that their Account be deleted in accordance with the Terms. Their data will be deleted by Octolis without prejudice to Article 4.2 above.
V. Access to the Personal Data of Users
5.1. Access to Data by Octolis Employees
According to the purposes defined in Article 1, the customer service, support, administrative, accounting, technical, marketing and sales departments are likely to have access to Personal Data.
Access to your data is based on individual access permissions as specified in Article 4.1.
5.2. Data Transmission
Octolis can outsource the following services:
- Providers sending postal or digital mail
- Maintenance and technical development providers
- Pursuant to Article 28 of the GDPR, Octolis’s subcontractors’ access to the Data is provided for by a contract signed between Octolis and the subprocessor, which sets out its obligations with respect to the protection of Personal Data that are available to Octolis.
VI. Transfer of Personal Data
Octolis retains Personal Data in the European Union.
If the Data collected by Octolis in connection with the Services were to be transferred, in a very marginal way, to subcontractors located in other countries, Octolis shall ensure that appropriate safeguards are provided to control any transfer of Personal Data.
Octolis may provide Users’ Personal Data only if it is required by law or ordered by a French court.
VII. Communication from Octolis
7.1 Octolis can send emails to Users at the email address associated with their account for technical or administrative reasons or to inform the Users of the change of the services.
7.2 Octolis can also send Users emails containing commercial and marketing offers or concerning your participation in events, under the conditions of Article VIII. A deactivation link allows Users to unsubscribe at any time.
If you are unsubscribed from these communications you will nevertheless continue to receive the communication listed in Article 7.1.
VIII. Exercise of User Rights
In accordance with the French Data Protection Act and the European Regulation 2016/679 of 27 April 2016 (GDPR), in force on 25 May 2018, Users have the following rights concerning the processing:
- right of access
- right to rectification
- right to object
- right to erasure
- right to data portability
- right to restriction of processing
Users may exercise these rights by writing to Octolis at their postal address: Octolis, 5 Avenue du Général de Gaulle, 94160 Saint-Mandé, France or contact the DPO directly at [email protected].
All requests must be justified and accompanied by a copy of a valid ID.
Users may also:
- modify their Personal Data directly from their Account, if they have one
- manage the receipt of promotional communications (not related to a transaction) by simply clicking on the “unsubscribe” link at the bottom of emails sent by Octolis