English

Français
Italiano

English

Français
Italiano

Appearance

Privacy Policy

This Privacy Policy is up-to-date as of December 12, 2024.

1. Preamble

The purpose of this Privacy Policy is to inform all Users and Visitors:

  • The way in which their personal data is collected;
  • The rights they have regarding this data;
  • The recipients of this personal data.

The Company attaches particular importance to respect for privacy and the protection of personal data. The processing of personal data is carried out in strict compliance with the French and European regulations in force, in particular in application of the provisions of the Data Protection Act of 6 January 1978 and Regulation 2016/679 of 27 April 2016 on the protection of personal data (or « GDPR »).

2. Definitions

Customer: refers to any natural or legal person who has subscribed to the Software under the conditions set out in the T&Cs.

CNIL: refers to the Commission Nationale de l'Informatique et des Libertés, an independent administrative authority regulating personal data that supports and controls professionals in their compliance and helps individuals to control their personal data and exercise their rights.

Personal data: refers to data and information that can be used to identify a user, such as first and last names, age, postal code or e-mail address, or IP address (non-exhaustive list).

The Company: designates the company named « Dev & Software », a sole proprietorship with limited liability with a share capital of 1000 euros, whose registered office is located in PARIS (75008) (FRANCE), 60 Rue François 1er, registered with the Register of Commerce and Companies of PARIS and identified under the SIREN number 938810660.

Software: refers to the web application Back-Office.pro made available in SaaS mode.

Prospect: refers to any potential customer who has consented, or not, to provide their contact details.

Applicable regulations: refers together to the Data Protection Act of 6 January 1978 and Regulation 2016/679 of 27 April 2016 on the protection of personal data.

GDPR: Regulation 2016/679 of 27 April 2016 on the protection of personal data.

Site: refers to the site domiciled at the address: www.back-office.pro, presenting the Software and its functionalities and allowing the subscription to be taken.

User: refers to any person holding an account allowing access to and use of the Software.

Visitor: refers to any person browsing the Site without having created an account or subscribed to the Software.

3. Principles relating to the collection and processing of personal data

In accordance with Article 5 of European Regulation 2016/679, personal data are:

  • Processed in a lawful, fair and transparent manner with regard to the data subject (lawfulness, loyalty, transparency); Collected for specified, explicit and legitimate purposes, and not subsequently processed in a manner incompatible with those purposes (purpose limitation);
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
  • Accurate and, if necessary, kept up to date. All reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy);
  • Stored in a form that allows the identification of the data subjects for a period not exceeding that necessary in relation to the purposes for which they are processed (limitation of storage);
  • Processed in such a way as to ensure appropriate security of the data collected, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

4. Personal data collected and processed

4.1. Data collected

As part of its activity, the Company, or its subcontractors, may collect the following personal data:

  • Identification data: first and last names, date of birth, e-mail, language,
  • Login data: email address, encrypted password,
  • Contact details: postal address, telephone number,
  • Bank details: payment information, credit card, SEPA direct debit,
  • Browsing data: browsing time on the Site, time spent on a page of the Site, geographical position, IP address, etc.,
  • Data relating to the company concerned by the use of the Software: professional email address, domain name, sector of activity.

4.2. How data is collected

In the context of the provision and provision of the Software, the Company collects certain personal data of the User.

Personal data is collected when you do the following:

  • Subscription,
  • Creating an account (administrator or collaborator)

No personal data is collected automatically.

4.3. Purposes and duration of data storage

In accordance with Article 5 of the GDPR, the storage period cannot be indefinite and must be determined according to the purpose(s) pursued by the processing.

The data collected is kept by the data controller under reasonable security conditions for as long as the contractual relationship lasts. The Company may retain certain personal data beyond the announced period in order to comply with its legal or regulatory obligations in terms of archiving, retention of certain data for evidentiary purposes, and/or anonymization of the same.

Treatment concernedData concernedPurpose / legal basisRetention period
Use of the softwareIdentification data and contact detailsPerformance of the contractDuring the performance of the contract and 3 years after the termination of the contractual relationship
Cookies and trackersBrowsing data on the Site and data of connection to the SoftwareConsent of the data subjectUp to 13 months (CNIL, deliberation 17 Sept. 2020, n° 2020-092)
Subscription PaymentBanking and financial data, SEPA direct debit mandates, related to the provision of the SoftwarePerformance of the contractData kept until the subscription is terminated (CNIL, deliberation 6 Sept. 2018 n° 2018-303). Data archived for up to 4 years after account closure in accordance with legal obligations
Accounting and commercial management of customersIdentification data, banking and financial data and any data relating to the contractual relationshipPerformance of the contractDuring the duration of the contract increased by the duration of 3 years. Accounting data is kept for 10 years from the date of issuance
Marketing and sales prospectingCoordinatesLegitimate interest of the Company to build customer loyalty and to propose additional offers or services, to solicit prospects and consent of the person concernedFor customers: 3 years from the end of the business relationship. For prospects: 3 years from their collection by the data controller or from the last contact from the prospect (CNIL, deliberation 11 July 2013, n°2013-213).

4.4. Security

The Company implements all organizational and technical measures to ensure an appropriate level of security for the personal data collected, and in particular to avoid any loss of confidentiality, integrity or accessibility.

5. Cookie Policy

During visits to the Site, cookies may be installed on the browser software of any visitor. The Company uses the following cookies:

  • Analytical cookies: this type of cookie is used to anonymously collect information on the use of the Site such as the time spent browsing the Site, the time spent on a page of the Site, the geographical position, the IP address, etc. (non-exhaustive list). This information is used for anonymous statistical analysis to improve the use of the Site.
  • Functional cookies or « session cookies »: this type of cookie keeps track of the User's visit to the Site and avoids asking for the same information, such as login information, multiple times.

In order for data to be collected by cookies, the User or Visitor must first consent to it. Accepting or refusing cookies has no impact on the navigation of the Site.

6. Recipients of personal data

6.1. Use of subcontractors

As part of its activity, the Company uses the following service providers:

  • « AWS (Amazon Web Service) »: cloud file storage system
  • « CRISP »: messaging service via chatbot
  • « Google Analytics »: an analytical cookie that collects data on the Visitor's device and behavior,
  • « Google Cloud »: various services offered by Google, in particular the translation service and the « connect with Google » function,
  • « Hetzner Online GmbH »: data hosting,
  • « Mailchimp »: marketing communication service and in particular newsletters,
  • « OpenAI »: artificial intelligence research organization commercializing ChatGPT,
  • « Rollbar »: error monitoring and tracking system,
  • « Stripe »: invoicing and payment service.

6.2. Location and transmission of personal data outside the European Union

The Company turns primarily to service providers located in the European Union for whom European Regulation 2016/679 of 27 April 2016 is automatically applicable. The personal data collected by the Company is hosted for the duration of the processing on the servers of the company « Hetzner Online GmbH » located in GERMANY.

The Company also uses subcontractors located abroad, and in particular in the United States. As such, certain personal data may be processed and/or transferred outside the European Union. This is why the Company has taken care to choose service providers concerned with the protection of personal data and compliant with the GDPR to ensure security, integrity, and confidentiality in the collection and processing of personal data in the context of the use of the Software.

Personal data is not communicated, given, transferred or sold without the prior express consent of the data subject in accordance with the applicable regulations.

7. Data Controller

Personal data is collected by the Company.

For any questions relating to the processing of personal data, and more generally regarding this Privacy Policy, the data controller can be contacted by email: [email protected].

8. Data collection and processing rights

Any person concerned by the processing of his or her personal data may invoke the following rights, in application of the applicable regulations:

  • Right of access, rectification and right to erasure of data (Articles 15, 16 and 17 of the GDPR);
  • Right to data portability (Article 20 of the GDPR);
  • Right to restriction and objection of data processing (Articles 18 and 21 of the GDPR);
  • The right not to be subject to a decision based exclusively on an automated process;
  • The right to determine the fate of data after death;
  • Right to refer the matter to the competent supervisory authority (Article 77 of the GDPR).

To exercise these rights, an e-mail should be sent to [email protected].

In order for the data controller to be able to comply with their request, the data subject may be required to provide them with certain information such as: their first and last names, their e-mail address, and to be able to prove their identity.

9. Consent to the processing of personal data

9.1. Lawfulness of processing

In accordance with Article 6 of the GDPR, processing is lawful if:

  • the data subject has consented to the processing of his or her personal data for one or more specific purposes;
  • the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject;
  • the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

9.2. Consent

The User consents that, by using the Software, he/she expressly consents to the collection, use and storage of the data listed above under the conditions set out in this Privacy Policy.

In accordance with Article 7 of the GDPR, the data subject has the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent carried out before such withdrawal.

10. Changes to the Privacy Policy

The Company reserves the right to modify this Policy at any time in order to ensure that any user of the Software complies with the law in force.