PERSONAL DATA PROTECTION POLICY
Effective May 25th, 2018
ABSTRIUM SAS, a French company (registered in Paris under number 752.256.966), whose registered office is at 160 bis rue du Temple, 75003 Paris France. Abstrium is the editor of the file sharing software "Pydio". Abstrium is responsible for the processing of your personal data.
This policy informs you about the categories of personal data we process, how we use them, the categories of recipients to whom we disclose them, and the rights you have.
What data do we collect?
Abstrium may collect personal data directly from you or indirectly via third parties. In accordance with the principle of minimisation, we collect only the data necessary for the purposes for which they are processed.
The different categories of data collected during your subscription and in the context of your use of our services or applications are as follows:
- identification data (in particular surname, first name, sex, customer number, job);
- contact details (including postal or e-mail address and telephone number);
- usage data (including web pages visited, software downloads);
- connection data (in particular IP address of your terminals, connection and usage logs);
- financial data (average and historical payments)
- commercial data (list of products and services from which you benefit).
Abstrium does not provide any sites or services for children under the age of 16 and does not knowingly collect information from children under the age of 16.
How do we collect information?
We collect information about you and any other parties whose details are provided to us by you when you:
You register to use our websites, applications or services (including during free trials); this may include your name, address, e-mail address and telephone number. We may also ask you to provide us with additional information about your business and your preferences;
Place an order using our websites, applications or services; this may include your name (including your company name), address, contact details (including telephone numbers and e-mail address) and payment information;
Complete online forms (including reminder requests), take part in studies, post messages on our discussion forums, post blogs, enter contests or sweepstakes, download information, such as white papers or other publications, or take part in any other interactive area on our website or application or service;
Interact with us using social networks;
Provide us with your contact information when you register or access any website, application or service that we make available or when you update such contact information; and
Contact us offline, by phone, fax, SMS, e-mail or mail, for example.
We may also collect information from your devices (including mobile phones) and applications used by you or your users to access and use any of our websites, applications or services (for example, we may collect the identification number and type of the device used, geolocation and connection information, such as statistics about the pages visited, traffic to and from the sites, the referring URL link, advertising data, your IP address, browsing history and web log information). We will ask your permission before we do so. We may do this by using cookies or other similar technologies.
We may supplement the personal information we collect from you with information obtained from third parties who are authorized to share it; for example, information from credit institutions, service providers seeking information or public sources (for example, for customer due diligence purposes); however, in each case, we do so in accordance with applicable law.
How do we use your information?
Purposes of personal data processing
Your personal data are collected and processed only on the basis of the legal grounds provided by the Regulation:
1. In the context of the execution of a contract, a pre-contractual relationship or a product evaluation:
- Customer and prospect account management;
- Customer or user identification and authentication;
- Communications with the customer or prospect (technical and commercial assistance);
- Management of pre-litigation, litigation and unpaid claims
- Management of rights and requests for the exercise of people's rights
- Provision and operation of services
- Hosting of customer or user data
- Administration and management of the network and services;
- Management of versions and security updates of our software.
2. For legitimate interests or, where applicable, on the basis of your consent:
- Fight against fraud and prevention of non-payment;
- Enriching and enhancing the customer/prospect base;
- Provision of localized content and customized recommendations based on usage analysis;
- Development of Abstrium or third party products and services and commercial prospecting;
- Carrying out statistical studies, analyses and audience measurements;
- Deployment, operation and security of the network
3. To ensure compliance with our legal and regulatory obligations as defined by the legislation in force.
If we carry out treatment for purposes other than those described above, we will inform you and, if necessary, ask for your consent.
Retention period of personal data
We keep your data only as long as necessary to fulfil the purposes mentioned above or to enable us to meet our legal and accounting obligations.
Personal data used for commercial prospecting purposes may be kept for a maximum period of three (3) years from the end of the commercial relationship or a product evaluation.
To which recipients / sharing of your information?
Your personal data may be processed by Abstrium's authorised personnel, partners or service providers. The use of these partners or service providers is necessary for the proper execution of the contract between you and Abstrium.
If these recipients process your data outside the European Union, the transfers will be made in accordance with the Policy.
We may share your information with:
- any company of the same group (subsidiary and parent company),
- our service providers and agents (including their contractors) or third parties who process information on our behalf (for example, Internet platform or service providers, payment service providers and companies that we use to help us send you communications) so that they can help us provide you with applications, products, services and information that you have requested or that we believe may be of interest to you;
- third parties used by us for payment transactions, such as clearing companies, clearing systems, financial institutions and transaction beneficiaries;
- third parties, in cases where you have a relationship with the third party and have consented to us transmitting information (for example, social network sites or other third-party application providers);
- third parties, for marketing purposes, for example: to our partners and other third parties with whom we work and whose products, in our view, may be of interest to you in the conduct of your business. For example: financial service providers (such as banks, insurers and financial service providers), payment solution providers, software providers and service providers that provide professional solutions ;
- credit reference and fraud prevention agencies;
- regulators, in order to meet legal and regulatory obligations;
- police authorities, so that they can detect or prevent offences or prosecute offenders;
- any third party, in connection with existing or threatened legal proceedings, provided that we are legally authorized to do so (for example, in response to a court order);
- any third party, in order to comply with our legal and regulatory obligations, including legal or regulatory reporting and the detection or prevention of unlawful acts;
- our own auditors and consultants, for the purpose of fulfilling our audit responsibilities; another company, if we buy or sell (or negotiate the sale or purchase) of a business or assets; and any other company to which we may assign the contract that binds us.
We may share, publicly or with third parties, information about our websites, applications, products or services that do not personally identify you, including information that may be used to identify you.
What security for your data?
We have defined technical and organisational measures to protect your data appropriately according to their nature, the extent of processing and their accessibility. This can be for example data encryption, access rights management, secure flows,...
Respect for the security and protection of your data is essential for all our employees as well as our service providers.
Other sites and social networks
Our websites, applications or services may allow you to share information with social networking sites or use social networking sites to create your account or log into your social networking accounts. These social networking sites may automatically provide us with access to certain personal information about you that is maintained by those sites (for example, any content you have viewed). You should be able to manage your privacy settings from your own third-party social network account(s) so that you can choose what personal information you allow us to access from these third-party accounts.
What are your rights?
You may at any time request access to your personal data, their rectification, their deletion (insofar as this does not prevent the proper performance of the contract or compliance with Abstrium's legal obligations) and the limitation of one or more specific processing of data concerning you, under the conditions provided for by the Regulations.
You also have the right to modify or withdraw, at any time, the consents you have given us for the processing of your personal data.
You also have the right to object to the processing of your personal data and the right to their portability, under the conditions set by the Regulations.
Your personal data may be retained or deleted after your death in accordance with the Regulations. You have the right to instruct Abstrium to disclose this data to a third party you have previously designated.
Exercice your rights
You can exercise your rights at any time by visiting contacting us via our contact form on pydio.com or by mail to : ABSTRIUM SAS - Attn DPO - 160 bis rue du Temple - 75003 PARIS - FRANCE
You will then need to provide your full name and proof of identity.
If you are not satisfied with our exchanges, you have the possibility to contact the Commission Nationale de l'Informatique et des Libertés (CNIL) at the following address:
CNIL - 3 place de Fontenoy - TSA 80715 - 75334 Paris cedex 07
Update of personal data
It is important that the information you provide us with is accurate and up-to-date and that you inform us promptly of any significant changes that affect you.
To learn more about our Personal Data Protection Policy, you can contact the Data Protection Officer at the following address:
ABSTRIUM SAS - Attn DPO -160 bis rue du Temple - 75003 PARIS - FRANCE