Download as PDF

Privacy Policy

Updated: 5/7/2018

How do we use your data?

We collect the personal data that you provide to our departments or when placing an order for our goods and services. We use this information to render the services requested, keep guarantee documents and, if you so agree, send you marketing and instructional materials. We do not sell your information for commercial purposes. For more detailed information on how we use your data, see the Privacy Policy below.

PREFACE

This Privacy Policy is intended for you as a user of the website www.opendatasoft.com (hereinafter the “PLATFORM”). Its purpose is to inform you of how your personal information may be collected and processed, should the need arise, by OpenDataSoft, a simplified joint-stock company with a capital of €331,021.00 domiciled at 130, rue de Lourmel, 75015 PARIS, RCS PARIS 538 168 329 (hereinafter “OpenDataSoft”).

Via the PLATFORM, OpenDataSoft provides a SaaS service that has several possible uses such as Open Data portals, internal system data repositories, smart city platforms.

This service enables the following:

  • Processing and publication of datasets for systems management,.
  • User data search and visualization.
  • Reuse of data via simple and powerful APIs for developers.

Our priority is to respect your privacy and personal data and we undertake to strictly comply with the French Computing and Civil Liberties Act of January 6, 1978 (hereinafter the “CCL Act”) as modified and the EU General Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”).

Under all circumstances, we undertake to uphold these two (2) basic principles:

  • You remain in control of your personal data
  • Your data will be processed in a secure manner with transparency and confidentiality.

ARTICLE 1. DEFINITIONS

  • BACK OFFICE: The DOMAIN's administrative interface that OpenDataSoft provides to the CLIENT. The BACK OFFICE enables the CLIENT to customize his/her DOMAIN'S graphic interface and set administrator rights for the DOMAIN and security levels to create DATASETS, edit and publish them, etc. BACK OFFICE functionalities are listed at https://docs.opendatasoft.com.
  • BENEFICIARY: The end USER who has a right to access the DATASETS published by the CLIENT.
  • CLIENT: The DATASET producer registered on the PLATFORM who has subscribed to one of the services offered by OpenDataSoft for the purpose of using the SERVICE.
  • DOMAIN: The domain name for the http://.opendatasoft.com type that the CLIENT opened as part of the subscribed service to publish DATASETS. Under some conditions (if a DNS entry configured by the CLIENT is added), specific DOMAINS can also be opened.
  • USERNAME: The electronic messaging address (or the username) and password that you choose when registering as a CLIENT on the WEBSITE, which are used to log into the BACK OFFICE.
  • DATASETS: Data that are generated by CLIENTS, published on the PLATFORM and made available to all or some USER categories depending on the CLIENT’S subscribed service and licenses he/she provides.
  • PLATFORM or WEBSITE: The platform published by OpenDataSoft and all of its graphic, audio, visual, software and textual components. The PLATFORM is the exclusive property of OpenDataSoft. The PLATFORM'S URL is https://www.opendatasoft.com/.
  • SERVICES: All the services offered by OpenDataSoft on the PLATFORM. SERVICES are explained in the General Terms of Use (GTU) at https://legal.opendatasoft.com/fr/terms-of-use.html.
  • USERS: All the categories of PLATFORM users. The following are considered to be USERS:
  • BENEFICIARIES that access DATASETS,
  • The CLIENT, or the DATASET producer.

ARTICLE 2. THE CONTROLLER'S IDENTITY

OpenDataSoft collects and processes the CLIENT'S personal data. It is the controller of any personal data that OpenDataSoft collects and processes when the CLIENT subscribes to the SERVICE in order to create a DOMAIN.

However, OpenDataSoft will act as the CLIENT'S processor when the CLIENT collects and processes data through his/her DOMAIN, which it is solely responsible for administering. As such, each CLIENT shall have controller status for the data of BENEFICIARIES carried out from his/her DOMAINS and any DATASETS published on said DOMAIN. Once OpenDataSoft itself publishes its own DOMAIN, it then has the same controller status as CLIENTS.

Therefore, this privacy policy pertains to data processes conducted by OpenDataSoft for the purposes of registering for a SERVICE. BENEFICIARIES should refer to the information that CLIENTS publish on each DOMAIN for the specific policy on personal data and, more broadly, on the DATASETS published via said DOMAINS, for which the publisher of said DOMAINS is solely responsible.

Legal notice: Pursuant to the French Computing and Civil Liberties Act and the GDPR, the controller is the person who determines the methods and purposes of the processing. If the purposes and methods of processing are jointly determined by two or more controllers, they are jointly responsible for the processing, i.e. co-controllers. The processor is someone who processes personal data on behalf of the controller and acts under the controller's authority and by its rules.

ARTICLE 3. CONTACT INFORMATION FOR OUR DATA PROTECTION OFFICER

Our Data Protection Officer (hereinafter the “DPO”) is available to answer any of your requests, including if you wish to exercise your rights pertaining to personal data.

You may contact the DPO by email at cil@opendatasoft.com or by mail at OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS.

The Data Protection Officer is tasked with informing, advising and overseeing OpenDataSoft's compliance as it performs processing operations on the PLATFORM.

Pursuant to data protection regulations, the DPO serves as the point of contact for:

Anyone involved in anything having to do with the processing of data conducted by OpenDataSoft or when claiming your rights,

The CNIL (French Data Protection Authority) as part of its liaison function. In addition, the DPO may contact this authority to request an opinion or prior consultation on any matter pertaining to personal data protection,

Other DPOs designated by processor organizations or participating controllers.

ARTICLE 4. DATA COLLECTION AND ORIGIN

As part of operating the WEBSITE, OpenDataSoft is likely to collect personal data pertaining to the USERS of its WEBSITE.

Moreover, data on your navigation of our WEBSITE may also be used to determine your needs and topics of interests, and to target our marketing and advertising materials accordingly.

In any event, you are informed of the reasons we collect your data from online data collection forms, your customer account or our Cookie Policy.

The data collected are processed in compliance with the purposes stated at the time they are collected pursuant to CNIL Decision No. 2012-209 of June 21, 2012 “to create a simplified standard on the automated processing of personal data when managing customers and potential customers” (NS 48).

Whenever necessary and as applicable, we undertake to obtain your consent and/or allow you to object to the use of your data for certain purposes. For example, the option to send you sales offers or to install third-party cookies on your devices (cellular telephone, computer, tablet) for the purposes of tracking visitors to our website and app and of showing you interest-based targeted marketing and advertising materials.

ARTICLE 5. CONSENT

When you open your DOMAIN or manage your BACK OFFICE on the WEBSITE, you fill out a range of forms and provide a variety of your personal data in order to receive all the SERVICES that OpenDataSoft offers. These data are required to carry out your contract with OpenDataSoft.

In general, by voluntarily providing your personal data you are giving your consent to OpenDataSoft to collect and process those data with respect to any SERVICES and, where applicable, to CLIENTS with respect to data collected via DOMAINS that they publish for the purposes explained on each collection medium.

As USERS, you agree for your WEBSITE login information to be collected to enable you to navigate the WEBSITE within the context of using SERVICES.

As pertains to sales offers, OpenDataSoft only markets B2B products. As such, OpenDataSoft could proceed with this processing without obtaining the person’s prior consent insofar as he/she had been previously informed and is able to object to the processing as recommended by the CNIL (French Data Protection Authority).

ARTICLE 6. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

OpenDataSoft collects a variety of your data in order to:

  • properly operate and continuously improve the WEBSITE, its functionalities and the SERVICE

Contractual: Data processing is required to execute pre-contractual measures taken upon your request, for your membership, and to execute and manage your contract.

Our valid interest in ensuring the best experience possible on our PLATFORM and the best quality possible for our SERVICE.

The scope of our efforts to properly operate and continuously improve the WEBSITE and SERVICES includes:

Answers to your requests and questions

Help and support services

Tests and satisfaction surveys on the functionalities provided

Utilizing PLATFORM user statistics

You can find more details about installing cookies and other trackers in our Cookies Policy.

  • manage payments for SERVICES

Contractual: Data processing is required to execute pre-contractual measures taken upon your request, for your membership, and to execute and manage your contract.

Collecting and processing payment data for the purpose of managing payments for the SERVICE provided in the PREMIUM package. Within this scope, OpenDataSoft is the controller of the payment data for CLIENTS subscribed to this package.

  • send newsletters and non-marketing messages

Your consent when sending newsletters of a marketing nature intended to offer you our latest products and those of our partners when applicable

Our valid interest when sending emails of a non-marketing nature, such as informational content about the PLATFORM'S operational status

  • manage CLIENTS

Our valid interest in ensuring the best business relationship possible with you and the best quality possible for our services

Your consent when it is required by regulations in force, specifically in terms of marketing and cookies

Customer relations management includes:

Contract management

DOMAIN management

BACK OFFICE management

Management of our loyalty program

Business monitoring of the relations

Billing

Compiling sales statistics

Management of reviews on our products, services and content

  • manage claims to rights granted by the French Computing and Civil Liberties Act as modified

OpenDataSoft is bound by a legal requirement to process data

You have a right of access, rectification, erasure and potability for your data or you may object to OpenDataSoft processing some of your data (or request it be restricted), withdraw your consent if it is the legal basis for processing, or even decide what is done with your data that OpenDataSoft processed once you are deceased.

  • manage unpaid invoices and litigations

OpenDataSoft is bound by a legal requirement to process data

Our valid interest in collecting payment for the services you are provided and, when applicable, handling litigations proceedings

The management of unpaid invoices and litigations includes:

Managing pre-litigation procedures for unpaid invoices

Preparing, conducting and monitoring legal remedies

Executing any resulting court rulings

As the PLATFORM publisher, OpenDataSoft also encourages its CLIENTS to ensure compliance with applicable laws when processing data received on their DOMAINS.

ARTICLE 7. THE DATA PROCESSED

At the time data are collected, you are informed as to whether providing your personal data is required or optional as well as any consequences that may occur if you do not respond.

Click below to read more about the personal data we are likely to have about you.

The following data are likely to be processed in order to properly operate and continuously improve the WEBSITE, its functionalities and the SERVICE:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth.

Information about how you use the PLATFORM:

Your logs and login data to analyze how our services are used

The following data are likely to be processed in order to manage payments for SERVICES:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth.

Transaction-related information such as the transaction number, and details about the purchase, subscription, good or services you selected

Your logs and login data to analyze how our services are used

So-called payment data, specifically:

oInformation about the payment methods a CLIENT uses when signing up for a plan or subscribing to one of OpenDataSoft's fee-based SERVICES: bank statement stubs (RIP/RIB), check, bank card number, bank card expiration date

oInformation about a CLIENT'S plan, subscription or SERVICE and the resulting transaction, such as the transaction number and details about the plan

oInformation about bill payments: payment methods, discounts granted, receipts, balances and outstanding invoices

The following data are likely to be processed in order to send newsletters and non-marketing messages:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth.

Information about the offer you sign up for

The following data are likely to be processed in order to manage customer relations and monitoring:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth.

Transaction-related information such as the transaction number, and details about the purchase, subscription, good or services you selected

Information about bill payments: payment methods, discounts granted, receipts, balances and outstanding invoices

Your login history to track activity on our website or mobile app

The following data are likely to be processed in order to manage claims to rights granted by the GDPR and the French Computing and Civil Liberties Act as modified:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth. A copy of a piece of identification may be kept on file as proof of exercising the right to access, rectify or object, or to comply with a legal requirement. As such, we are required to verify your age at the time of placing an order and must obtain a copy of an ID for that purpose

Information about your request to exercise your rights

The following data are likely to be processed in order to manage unpaid invoices and litigations:

Information about your identity: title, last and first names, address, telephone number, email addresses, customer number, date of birth.

Information about bill payments: payment methods, discounts granted, receipts, balances and outstanding invoices

Information about offenses, convictions or security measures: litigious events, details, documents and evidence intended to establish facts likely to be charged, elements of the litigations, date, type, grounds, amounts and any scheduled sentencing

In all cases, and with respect to the data processing for which it alone determines the reasons, OpenDataSoft undertakes to process all data collected in compliance with the GDPR and the French Computing and Civil Liberties Act.

ARTICLE 8. WHO RECEIVES YOUR DATA

Insofar as their respective remits and for the purposes iterated in Article 6, the main people likely to have access to your data are as follows:

  • Our authorized personnel: Authorized personnel in these departments: R&D, marketing, sales, administration, logistics, IT, service improvement functions, customer relations, client development and quality control.
  • Authorized personnel working for our processors.

Some processor categories have access to data:

SaaS Solutions CRM, including analytical solutions. Location: EU & United States.

Cloud storage providers. Location: EU & United States.

Payment and billing processing solutions. Location: EU & United States.

Tracking solutions. Location: EU & United States.

Emailing solutions. Location: EU & United States.

Mail dispatch solutions. Location: EU.informaore

  • If applicable, the relevant jurisdictions, mediators, accountants, auditors, attorneys, bailiffs, collection agencies,
  • Third parties that may install cookies on your devices (cellular telephone, computer, tablet) when you give your consent. See our Cookie Policy for more information.
  • Other USERS on the PLATFORM that you select

Other USERS will not see the email address you provided when creating your BACK OFFICE. It is only used by OpenDataSoft for the purposes set forth in Article 5.

In addition, other USERS cannot view your electronic addresses and telephone numbers.

When you communicate with other USERS, the internal mailbox will also not show your identity unless you choose to disclose it to that person.

It is therefore your decision whether or not to reveal your identity to an individual CLIENT, who will then be able to associate your profile with you.

Your personal data are not divulged, shared, sold or leased without your explicit prior consent in compliance with the applicable legal and regulatory provisions.

ARTICLE 9. TRANSFERRING DATA OUTSIDE THE EUROPEAN UNION

In some cases, your personal information will be saved on servers located outside the European Economic Area (EEA). In such cases, we have taken the appropriate measures to ensure your data are stored in a completely secure manner.

You can ask to view the documents containing the relevant contractual guarantees by emailing a request to our Data Protection Officer at cil@opendatasoft.com or mailing it to OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS.

ARTICLE 10. DATA RETENTION PERIOD

We only keep your data for as long as is necessary to satisfy the purposes cited in Article 4.

To manage our business relationship and customer monitoring

Your data are kept throughout the duration required to execute the contract.

These data are then archived for five years to serve evidentiary purposes. Your invoices and accounting data are retained for a period of 10 years.

If a contract does not exist, your data are kept for three years from when they are collected or from your last contact with us

For bank card payments

Bank card data are deleted once the transaction is complete, i.e. as soon as the order payment is received.

It is hereby reiterated that pursuant to Article L 133-24 of the French Monetary and Finance Code, these data may be kept as proof if a transaction is contested in temporary archives for a period of 13 months following the debit date, which is extended to 15 months for deferred debit cards. In all cases, security codes are not stored and bank card data are deleted on the expiration date.

For marketing materials

For clients: three years from ending the business relationship. For non-clients: three years from the date of your last contact

If you have not purchased any products from our company or have not used your account in the last 27 months and are not subscribed to our newsletter, we will no longer retain your personal data for marketing purposes.

These data are then archived for five years for evidentiary reasons in compliance with the French laws in force (Insurance Code, Mutual Insurance Code, Code of Commerce, Civil Code, Social Security Code, and Consumer Code).

To manage your identification documents in the event you exercise your rights

One year if exercising your right to access or rectify

Three years if exercising your right to object

For visitor analysis statistics

26 months. After this period, your data are deleted or anonymized

To properly operate and continuously improve the WEBSITE and SERVICES

13 months. After this period, the raw visitor traffic data linked to a username are either deleted or anonymized.

To manage unpaid invoices and litigations

In the context of managing a pre-litigation process, the data are deleted once the dispute has been settled amicably or, in lieu thereof, at the limitation of the related lawsuit.

With respect to data collected and processed in the course of a litigation procedure, they must be deleted if all ordinary and extraordinary repeals against the court ruling have been exhausted.

ARTICLE 11. YOUR RIGHTS

Pursuant to the French Computing and Civil Liberties Act and the GDPR, you have the following rights:

  • A right to access (GDPR Article 15), rectify (GDPR Article 16), update, and complete your data.
  • A right to lock or erase your personal data (GDPR Article 17) if they are inaccurate, incomplete, dubious, obsolete or are prohibited from being collected, used, shared or retained
  • A right to withdraw your consent at any time (GDPR Article 13-2c)
  • A right to restrict the processing of your data (GDPR Article 18)
  • A right to object to the processing of your data (GDPR Article 21)
  • A right of portability of the data you have provided us when your data have undergone automated processing based on your consent or a contract (GDPR Article 20)
  • A right to determine what happens to your data after your death and to choose whether we should send your data to a third party whom you designate.

In the event of death, and in the absence of any instructions from you, we undertake to destroy your data unless it proves necessary to retain them for evidentiary purposes or to comply with a legal requirement.

You may exercise your rights by emailing cil@opendatasoft.com or by mailing a letter to OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS. You can also file a claim with the oversight authorities and, specifically, the CNIL (French Data Protection Authority).

If your claim pertains to processing performed by OpenDataSoft in the course of providing SERVICES, you may exercise these rights by emailing a request to cil@opendatasoft.com or by sending a letter to 130, rue de Lourmel, 75015 PARIS. Please include proof of your identity and a valid reason as required by law.

If your claim pertains to processing performed by CLIENTS on their DOMAINS, you may exercise these rights by emailing a request to the address provided on each DOMAIN or by sending a letter to the CLIENT’S address provided on each DOMAIN. Please also include proof of your identity and a valid reason as required by law.

ARTICLE 12. LOGIN DATA AND COOKIES

To properly operate the WEBSITE and SERVICES, we use login data (date, time, URL, the visitor's ISP, pages viewed) and cookies (small files saved on your computer) in order to identify you, log your visits and gather visitor traffic analytics and statistics for the WEBSITE, particularly with respect to the pages viewed.

For this purpose, OpenDataSoft has written a Cookie Policy to provide you specific information on how they are used.

(i) About your navigation on the WEBSITE

By navigating the WEBSITE, you consent to OpenDataSoft installing so-called technical cookies that are solely intended to enable or facilitate electronic communications between your end device and our website by making it easier to manage and navigate.

Therefore, we will only access information stored on your end device or enter data on that device in the following cases:

To enable or facilitate electronic communications,

When it proves necessary to provide our online communications service at your explicit request.

As for other data, you may exercise your right to access these login data by emailing a request to cil@opendatasoft.com or by sending a letter to 130, rue de Lourmel, 75015 PARIS. Please include proof of your identity.

If your browser permits, you can disable these cookies at any time by following the instructions provided by that browser. However, OpenDataSoft hereby informs you that disabling them may result in slower and/or interrupted access on the WEBSITE.

(ii) About your navigation of the DOMAINS

In the event a CLIENT uses so-called tracking cookies on his/her DOMAIN, each USER visiting said DOMAIN should read the Cookie Policy published by the CLIENT to obtain all the information cited in Article 32II of the French Computing and Civil Liberties Act.

It is hereby reiterated that CLIENTS are solely responsible for what they publish on their DOMAINS. In the eyes of the law, OpenDataSoft is only the processor.

ARTICLE 13. SOCIAL MEDIA

You can click on the icons for Twitter, Facebook and LinkedIn that are posted on our website and mobile app.

Social media sites make the website more enjoyable and shares help promote it.

When you use these buttons, we may have access to the personal information you have specified as public that can be accessed from your Twitter, Facebook and LinkedIn profiles. Nevertheless, we neither create nor use any databases separate from Twitter, Facebook and LinkedIn with the personal information you may have posted on these sites and never utilize any data about your personal life obtained in this manner.

If you do not wish for us to have access to the personal information posted on the public section of your profiles or social media accounts, you must use the resources provided by Twitter, Facebook and LinkedIn to restrict access to your data.

ARTICLE 14. SECURITY

In terms of your data's security and confidentiality, OpenDataSoft complies with the GDPR and the French Computing and Civil Liberties Act.

We make every technical and organizational effort to ensure that our processing of personal data is secure and your data remains confidential.

As such, in terms of the nature of your data and the risks our processing pose, we take every necessary precaution to protect the security of your data and specifically to prevent them from being distorted, damaged or accessed by an unauthorized third party (physical protection of the premises, authentication procedures for people with access to the data with personal secure access using confidential usernames and passwords, secure https protocol, logging and tracking login sessions, encryption of certain data, etc.)