PURCHASELY PRIVACY POLICY

PRELIMINARY REMARKS

The purpose of this Privacy Policy is to inform the Data Subjects concerning the method according to which their data is collected from the website https://www.purchasely.com/ and/or according the Services (such as defined hereafter), how the latter is collected by Purchasely and, finally, the Specific Rights (such as defined hereafter) from which the Data Subjects benefit with regard to such processing, such as defined hereafter.

 

Article 1. DEFINITIONS

 

The following terms, whether they are used in the singular or the plural in this Privacy Policy, shall have the following definition or the definition used in the Terms of Services :

 

Agreement	shall mean the Terms of services, the Contractual Undertaking signed by the Client and Purchasely, the Data Processing Agreement and this Privacy Policy
Data Subject	shall mean the individual (Client, Associate, Partner, Lead) whose Personal Data is processed by Purchasely;
Intermediate archiving	shall mean the movement of Personal Data which is still of an administrative interest for Purchasely, (such as, for example, in the event of litigation and/or a statutory obligation) in a separate database, separated automatically or manually, and for which, in any event, the access is restricted. This archiving is an intermediate stage prior to the deletion of the relevant Personal Data or its anonymization;
Lead	shall mean any lead of Purchasely including any web user of the Website which is not a Client and/or a Partner and/or an Associate ;
Personal Data	shall mean the Data Subject’s personal data, within the meaning of the Regulations concerning the Personal Data collected and processed by Purchasely in the context of the use of the Website and/or the Services ;
Purchasely	shall mean Purchasely, a simplified joint-stock company, with a share capital of 50,056.00 €, with its registered office located at 17, chemin des loriots, 93230 Romainville, registered with the Bobigny Registry of Trade and Companies under the number 890 405 921, represented by Mr. Jean-François Grang, acting and with the necessary authorization as CEO
Privacy Policy	shall mean this confidentiality policy and the Personal Data protection policy for the Data Subjects, implemented by Purchasely
Regulations	shall mean the Law no.78-17 dated January 6, 1978 relating to I.T., files and liberties, in accordance with the General Data Protection Regulation (GDPR);
Specific Rights	shall mean the rights granted by the Regulations for the Data Subjects concerning the processing of their Personal Data and mentioned in detail in Article IX;
Terms of Services	shall mean the document available at the following url https://www.purchasely.com/terms-of-service ;
Website	shall mean the website https://www.purchasely.com/ ;

 

Article 2. RECORD OF ALL CATEGORIES OF PROCESSING ACTIVITIES CARRIED OUT BY PURCHASELY

 

Processing	Processing designation
Processing 1	All the operations enabling the Service Console access control
Processing 2	All the operations which is necessary for the performance of the Agreement or in order to take steps at the request of the Data Subject prior to entering into the Agreement
Processing 3	All the operations which is necessary for the prospection and marketing
Processing 4	All the operations which is necessary for the performance and the improve of the Services
Processing 5	All the operations which is necessary for the management of the exercise of Specific Rights

 

 

Processing no.1: All the operations enabling the Service Console access control

Description of the processing

 

The Services provided by Purchasely integrate an administration console. The processing no. 1 concerns all the personal information for the Client or the Associates or the Partners, enabling an access control of the Service administration console.

The password is directly created by the Data Subject accessing the Console. It is stored in an encrypted and hashed version. It is not decryptable.

 

Processing purposes

 

Access control of the Service administration console.

 

Legal basis for the processing

 

Performance of the Agreement.

 

Personal Data processed

• Gender
• First name

• Name

• Email address (access identifier to the Services)
• User ID
• Client ID
• Applications to which the accesses have been granted

• Password (stored in an encrypted version)

• Role associated

 

Data subject categories 

• Client
• Associates
• Partners

 

Recipients of the Personal Data processed

• Amazon Web Services (Sub-contractor)

• Datadog (Sub-contractor)
• Sentry Software (Sub-contractor)

 

Sub-contractors

• Amazon Web Services, EUROPE region

Amazon Web Services EMEA SARL, French subsidiary

31 Place des Corolles, Tour Carpe Diem, 92400 Courbevoie

Contact: https://aws.amazon.com/fr/contact-us/

Tel.: +33 1 46 17 10 00

 

• Datadog
  21 Rue de Châteaudun 6th Floor

Paris, 75009 France

Tel.: +1 866 329 44 66

 

• Sentry Software

4 Place de la Défense, 92800 Puteaux

Tel.: +33 1 49 01 97 45

 

A. Duration of the Personal Data retention

• The Personal Data is kept throughout the entire duration of the Agreement between the Client and Purchasely and kept five more years as Intermediate Archiving by Purchasely to keep the proof of a right or an obligation.
• The technical log data is kept for 30 days.

Processing no.2: All the operations which is necessary for the performance of the Agreement or in order to take steps at the request of the Data Subject prior to entering into the Agreement

 

Description of the processing

 

The Data Subject’s Personal Data is necessary to enable Purchasely to do the following:

• Carry out (pre) commercial relations with the Client and/or the Partner and/or the Lead, i.e., concerning the invoices, accounts, “client relation” follow-up, with a Client and/or the Partner and/or the Lead, such as carrying out satisfaction surveys, complaint management, use of the Website and/or the Services and, more generally, the (pre) contractual relation, etc.; 
• Select Clients or Partners or the Lead to carry out surveys, opinion polls and product tests, and for loyalty programs, prospection and promotion;
• Customize its communication for Clients or Partners or the Lead, in particular through information emails, depending on the preferences identified from the use of its Website;
• Debt recovery and litigation;
  

 

Processing purposes

Any processing which is necessary for the performance of the Agreement to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into the Agreement;

 

Legal basis for the processing

Performance of the Agreement.

 

Personal Data processed

• Gender
• First name
• Name
• User ID
• Email address
• Postal address
• Billing address
• Payment method used,
• History of the connections to the Services
• History of the main actions performed on the Services
• Articles from the knowledge base consulted
• Messages exchanged with Purchasely
• Invoices

 

Data subject categories 

• Client
• Partners

 

Recipients of the Personal Data processed

• Hubspot (Sub-contractor)
• Intercom (Sub-contractor)

 

Sub-contractors

• Hubspot France
  24 Rue Cambacérès

Paris, 75008 France

Tel.: +33 1 86 26 07 91

• Intercom (Sub-contractor)

18-21 St. Stephen’s Green 3rd Floor

D02 N960

Dublin, Ireland

Contact : team@intercom.com 

 

Duration of the Personal Data retention

• The Personal Data is kept throughout the entire duration of the Agreement between the Client and Purchasely and kept five more years as Intermediate Archiving by Purchasely to keep the proof of a right or an obligation.
• The technical log data is kept for 30 days.

Processing no.3: All the operations which is necessary for the prospection and marketing

 

Description of the processing

The Data Subject’s Personal Data is necessary to enable Purchasely to do the following:

• Carry out prospection operations, i.e., the management of technical prospection operations (which includes, in particular, the technical operations such as normalization, enrichment and deduplication);
• Commercial solicitation;
• Setup commercial statistics; 
• Analysis of marketing tools (in particular classification, score, etc.)

 

Processing purposes

Any processing which is necessary for Purchasely to find new clients.

 

Legal basis for the processing

Processing is necessary for the purposes of the legitimate interests pursued by Purchasely.

 

Personal Data processed

• First name
• Name
• Email address
• Postal address
• Billing address
• Messages exchanged with Purchasely
• Website browsing history
• Marketing assets downloaded

 

Data subject categories 

• Lead

 

Recipients of the Personal Data processed

• Amazon Web Services (Sub-contractor)
• Hubspot (Sub-contractor)
• Intercom (Sub-contractor) and Amazon Web Services (Subsequent Sub-contractor)

 

Sub-contractors

• Amazon Web Services, EUROPE region

Amazon Web Services EMEA SARL, French subsidiary

31 Place des Corolles, Tour Carpe Diem, 92400 Courbevoie

Contact: https://aws.amazon.com/fr/contact-us/

Tel.: +33 1 46 17 10 00

 

• Hubspot France
  24 Rue Cambacérès

Paris, 75008 France

Tel.: +33 1 86 26 07 91

 

• Intercom
  18-21 St. Stephen’s Green 3rd Floor

D02 N960

Dublin, Ireland

Contact : team@intercom.com  

 

Duration of the Personal Data retention

• The Personal Data is kept for three (3) years from the last contact with the Lead.
• The technical log data on the Website is kept for 30 days.

Processing no.4: All the operations which is necessary for the performance, the improve and the promotion of the Services

Description of the processing

The data extracted from the Services is only used in an aggregated and anonymized way without any Personal Data.

The anonymization consists in removing any personally identifiable data to make it impossible to link it back to the associated Data Subject.

In the absence of Personal Data, this processing n°4 is not subject to the Regulations. 

 

Processing purposes

Purchasely can use this aggregated and anonymized data for the performance, the improve and the promotion of the Services,  including marketing purposes (for examples Purchasely speaking in the form of conferences / white papers / eBooks / marketing content, etc.).

 

Legal basis for the processing

Processing is necessary for the purposes of the legitimate interests pursued by Purchasely and for the performance of the Agreement.

 

(Personal) Data processed

There is no Personal Data processed in this processing n°4.

Aggregated and anonymized data are generated from all the Personal Data collected by the Services carried out by Purchasely on behalf of the Client described in the Data Processing Agreement. 

 

Data subject categories 

• Client
• Associates
• Partners

 

Recipients of the data processed

• Amazon Web Services (Sub-contractor)

 

Sub-contractors

• Amazon Web Services, EUROPE region

Amazon Web Services EMEA SARL, French subsidiary

31 Place des Corolles, Tour Carpe Diem, 92400 Courbevoie

Contact: https://aws.amazon.com/fr/contact-us/

Tel.: +33 1 46 17 10 00

 

Duration of the Data retention

• There is no Personal Data processed in this processing n°4.

 

 

Processing no.5: All the operations which is necessary for the management of the exercise of Specific Rights

 

Description of the processing

Answer from Purchasely about any exercise of Specific Rights from a Data Subject. Exchanges between Purchasely and the Data Subject. Keep on records the exercise of Specific Rights from a Data Subject

 

Processing purposes

Let Purchasely answer to any exercise of Specific Rights from a Data Subject.

 

Legal basis for the processing

Processing is necessary for compliance with a legal obligation to which Purchasely is subject.

 

Personal Data processed

• Name
• Firstname
• Email address
• Exchanges between the Data Subject and Purchasely

 

Data subject categories 

• Any Data Subject

 

Recipients of the Personal Data processed

• Amazon Web Services (Sub-contractor)
• Hubspot (Sub-contractor)

 

Sub-contractors

• Amazon Web Services, EUROPE region

Amazon Web Services EMEA SARL, French subsidiary

31 Place des Corolles, Tour Carpe Diem, 92400 Courbevoie

Contact: https://aws.amazon.com/fr/contact-us/

Tel.: +33 1 46 17 10 00

 

• Hubspot France
  24 Rue Cambacérès

Paris, 75008 France

Tel.: +33 1 86 26 07 91

 

Duration of the Personal Data retention

• The Personal Data is kept for three (3) years from the last contact with the Data Subject.

 

Article 3. DATA STORAGE

All the precautions have been taken to store the Data Subjects’ Personal Data in a secure environment and prevent such data from being misrepresented, damaged or that unauthorized third parties would have access thereto. Personal Data provided by the Data Subject shall never be communicated to third parties for commercial purposes, or sold or exchanged, without the latter’s express and prior consent. 

 

Article 4. SPECIFIC RIGHTS

In accordance with the Regulations, the Data Subject may, at any time, benefit from the following Specific Rights: 

• access,
• rectification, 
• erasure, 
• limitation of processing,
• portability,
• objection,
• post-mortem directives.

 

4.1. Access rights

The Data Subject is entitled to obtain confirmation from Purchasely that his Personal Data are used for a processing and in the affirmative, the access to such Personal Data and the following information: 

1. the processing purposes;
2. the categories of the Personal Data; 
3. the recipients or recipient categories to which the Personal Data has been or shall be communicated; 
4. when possible, the envisaged retention period for the Personal Data or, when this is not possible, the criteria used to define such duration; 
5. the existence of the right to request Purchasely for the rectification or deletion of Personal Data, or a limitation of his Personal Data, or the right to object to this processing; 
6. the right to introduce a complaint with the French Data Protection Authority; 
7. when the Personal Data is not collected from the Data Subject, any information available regarding its source;
8. the existence of automatic decision making, including profiling, and, at least in similar circumstances, appropriate information concerning the underlying rationale and the importance and consequences provided for the Data Subject for this processing.

When the Personal Data is transferred to a third party country or an international organization, the Data Subject shall be entitled to be informed of the appropriate guarantees concerning this transfer. 

Purchasely shall provide a copy of the Personal Data subject to processing. 

Purchasely may require the payment of reasonable expenses based on the administrative costs for any additional copy requested by the Data Subject. 

When the Data Subject presents his request electronically, the information shall be provided in standard electronic format, unless he has requested otherwise. 

The right for the Data Subject to obtain a copy of his Personal Data must not violate the rights and freedoms of others. 

 

4.2. Rectification rights

The Data Subject shall be entitled to obtain from Purchasely, as soon as possible, the rectification of his Personal Data, if the latter is inaccurate. He shall also be entitled to request that any incomplete Personal Data be completed, including by providing a complementary declaration. 

 

4.3. Right of erasure

The Data Subject shall be entitled to request their Personal Data data erasure, when one of the following reasons apply: 

1. the Personal Data shall no longer be necessary for the initial purpose for which it was collected or processed by any other means by Purchasely;
2. the Data Subject has withdrawn his consent for the processing of this Personal Data and there is no other statutory basis for the processing;
3. the Data Subject shall exercise his right of objection under the conditions recalled above and there is no imperative legitimate reason for the processing;
4. the Personal Data has been lawfully processed;
5. the Personal Data must be deleted to respect a statutory obligation;
6. the Personal Data has been collected from a child 

 

4.4. Rights to restriction

The Data Subject shall be entitled to request from Purchasely the processing of his Personal Data when one of the following reasons apply: 

1. Purchasely shall verify the accuracy of the Personal Data following the objection by the Data Subject concerning the accuracy of the Personal Data; 
2. The processing is unlawful and the Data Subject objects to the deletion of the Personal Data and requests limited use thereof; 
3. Purchasely shall no longer require the Personal Data for the purposes of the processing but such data shall still be necessary for the Data Subject for the acknowledgment, exercise or defense for litigation; 
4. The Data Subject has objected to the processing under the conditions recalled hereafter and in such case Purchasely shall verify whether the legitimate reasons stipulated prevail over the alleged reasons. 

 

4.5. Right to Data Portability

The Data Subject shall be entitled to obtain his Personal Data from Purchasely, in a structured format, commonly used and machine readable, when: 

A. the Personal Data processing is based on consent, or on an agreement

and

B. the processing is made through automated processing

When the Data Subject exercises his right of portability he is entitled to request that the Personal Data be communicated directly by Purchasely to another data controller designated by the latter, when this is technically possible. 

The right to the Data Subject’s portability of Personal Data shall not violate the rights and freedoms of others. 

 

4.6. Right to objection 

The Data Subject may object at any time to the processing of his Personal Data, for his own specific reasons, based on Purchasely’s legitimate interest. Accordingly, the latter shall no longer process the Personal Data, unless he is able to prove the existence of imperative and legitimate reasons for the processing which prevail over the Data Subject’s interests, rights and liberties, or to retain such data for the acknowledgment, exercise or defense for litigation. 

 

4.7. Post-mortem directives

The Data Subject shall be entitled to communicate directives to Purchasely relating to the retention, deletion and sharing of his Personal Data after his demise, and such directives may also be registered with a “certified digital confidence third party”. These directives, or “digital will”, may designate a person in charge of the performance thereof; failing that, the Data Subject’s heirs shall be appointed. 

In the absence of any directive, the Data Subject’s heirs may contact Purchasely for the following reasons:

1. to access the processing of the Personal Data enabling “the organization and settlement of the deceased’s succession”;
2. to receive communication of the “digital assets” or “data belonging to family souvenirs, transferable to the heirs”; 
3. proceed with the closure of the Data Subject’s account on the Website and object to the continuation of the processing of his Personal Data. 

In any event, the Data Subject shall be entitled to mention to Purchasely, at any time, if he does not wish, in the event of his demise, that his Personal Data be communicated to a third party. 

 

Article 5. EXERCISE OF THE USERS’ SPECIFIC RIGHTS

These rights may be exercised, at any time, with Purchasely by email to our DPO Nicolas Tissier at the following address: dpo@purchasely.com

In order to assert its rights following the conditions mentioned above and in the event whereby Purchasely would have doubts concerning the party at the origin of the request, Purchasely may request the latter to provide proof of identity by mentioning his surname, name, email address and that his request be accompanied with a copy of a valid identity document. 

A response shall be sent to the Data Subject within a maximum period of one (1) month following the date of receipt of the request. 

If necessary, this period may be extended by two (2) months by Purchasely which shall inform the Data Subject in the event of the complex nature of the request and/or the number of requests. 

In the event of a request by the Data Subject for the deletion of his Personal Data and/or in the event of the exercise of his right to request the deletion of his Personal Data, Purchasely may nonetheless retain such data in the form of Intermediate Archiving, and for the duration required to meet its statutory requirements, or for evidential purposes during the applicable statute of limitation period.

The Data Subject may also file a claim before the competent authority (the French Data Protection Authority).

 

Article 6. COOKIES DEPOSITED ON THE DATA SUBJECT’S TERMINAL FOLLOWING HIS BROWSING ON THE WEBSITE

Cookies are used on the Website. 

A cookie corresponds to information deposited on its terminal which enables the Data Subject to access the Website. 

Cookies are related to the Data Subject’s browsing on the Website and which enable the pages that he has visited to be defined, and their date and time of consultation.

At no time shall these cookies enable Purchasely to personally identify the Data Subject.

The Data Subject can opt-in or opt-out to the cookies by browsing to the Website and clicking on the link “Cookie settings” in the footer. 

The Data Subject shall find more assistance on the relevant pages of his browser (hereafter the most frequently used browsers):

• Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647
• Safari: https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=fr_FR
• Firefox: http://support.mozilla.org/fr/kb/Activer%20et%20désactiver%20les%20cookies
• Opera: http://help.opera.com/Windows/10.20/fr/cookies.html

The Data Subject may also set his browser in order for a code to be sent mentioning the Websites that he does not wanted tracked (“Do No Track” option):

• Internet Explorer: http://windows.microsoft.com/fr-fr/internet-explorer/use-tracking-protection#ie=ie-11
• Safari: http://support.apple.com/kb/PH11952
• Chrome: https://support.google.com/chrome/answer/114836
• Firefox: https://support.mozilla.org/fr/kb/comment-activer-option-ne-pas-pister
• Opera: http://help.opera.com/Windows/12.10/fr/notrack.html