1. Definitions and nature of personal data
The following terms, when written with an uppercase letter, have the same meaning as in the General Terms of Services.
When you use Siteflow’s website (hereinafter referred to as « Website ») and the Siteflow’s app (hereinafter « App »), we may ask you to provide us with personal information about you in order to use our services (hereinafter « Services »).
In the hereby policy, the term « personal data » means all data which identify you personally, such as your surname, first name, email address, phone number, name of your organization, your function, IP address, login details, as well as any other additional information you may choose to provide us.
The hereby policy informs you of the means by which we collect and process your personal data. We are committed to protecting your privacy rights and the information you provide us.
We abide by the French Act n°78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (hereinafter referred to as « Loi Informatique et Libertés »), as well as by the regulation (EU) 2016/679 (General Data Protection Regulation) (hereinafter: « GDPR »).
3. Who is responsible for the data collection?
SITEFLOW SOLUTION, a simplified stock company, registered with the Paris Registry of Commerce and Companies under n° 833 858 590, with head offices at 6 rue Legraverend, 75012 Paris, France (hereinafter referred to as: « We »)
4. Data Protection Officer / Point of contact for personal data protection
We appointed a personal data protection officer/point of contact for personal data protection who can be contacted at this email address: firstname.lastname@example.org
5. Personal data collection
The legal basis of our personal data collection is as follows:
We use your personal data to:
Manage your access to our services available on the Website or the App and enable you to use them.
Carry out customer management operations such as issuing contracts or invoices, following up with customers, etc.
Compile a list of subscribers, users, clients, and prospects.
Send newsletters, commercial solicitations, and promotional messages. If you do not wish to receive these, you may refuse when giving your consent to collect your personal data.
Develop commercial and services usage statistics.
Handle unpaid invoices and potential disputes regarding the use of our products and services.
Customize our replies to your information requests.
Comply with our legal and regulatory requirements.
Meet the demands related to the recruitment process.
When we ask you to provide your personal data, we indicate which information are mandatory or optional. Mandatory information is required for our Services to function effectively. You are entirely free to choose to provide or not optional information to us. We also let you know what a lack of response may involve for the use of our Services.
6. Recipients of personal data collected
Your personal data are accessible by:
our company’s staff, the control services involved in controls (such as external auditors).
our subcontractors: hosting providers, CRM, and support tools.
Your personal data may also be shared with public bodies, exclusively to meet our legal obligations, court officers, ministerial officials, and organizations responsible for debt recovery.
7. Location information
We collect information about your location when you use our services in order to offer features such as tablet geolocation or for calculating the distance between tablets.
The types of location data we collect depend in part on your device and account settings. For example, you can turn your Android device’s location on or off using the device’s settings app.
8. Transfer of personal data
Your personal data will not be transferred, rented or released to any third parties.
Furthermore, we would like to inform you that we share or disclose your data anonymously (meaning that you cannot be identified), for statistics purposes (e.g. number of users, the average number of users contacts, percentage of functionalities usage, number of active users).
9. Personal data retention period
With regards to data related to customers and prospects management:
Your personal data are strictly retained for the required duration of our commercial relationship with you.
When you engage with us as part of our prospecting operations, we keep your data for 3 (three) years following the end of the commercial relationship.
All the data allowing us to prove the existence of a right or a contract must be retained for the duration stipulated by the legislation currently in force.
Personal data related to a prospect, who is not a client, can be kept for 3 (three) years following their collection or starting from the date the prospect last contacted SITEFLOW SOLUTIONS.
At the end of this 3 (three) years period, we may get back in touch with you to ask whether you still wish to receive commercial solicitations.
With regards to ID:
In the event of exercising the right of access and rectification, the data related to ID can be kept for 1 (one) year as stipulated under Article 9 of the French Code of Criminal Procedure. In the event of exercising the right of opposition, these data can be archived for 3 (three) years.
We hereby inform you that we take all necessary precautions, appropriate organizational and technical measures to preserve the security, integrity and privacy of your personal data, particularly to prevent them from being manipulated, damaged or disclosed to non-authorized third parties.
We also inform you that we comply with the security measures put in place by our data hosting provider as well as by the cloud computing service Microsoft Azure, whose security measures are listed in the annex of this document.
Your data are kept and retained during their storage period on Microsoft Azure’s servers, which are located in France.
Your data will never be subject to any transfer outside of the European Union as part of the use of the services we offer.
12. Accessing your personal data
In accordance with the GDPR and the Act n°78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, you have the right to obtain the communication and, as the case may be, the rectification or erasure of your personal data. You can do so by contacting us:
13. Right to define directives related to data processing after your death
You have the right to define directives related to the retention, erasure, and communication of your personal data after your death.
Such directives can be general guidelines, meaning that they relate to the entirety of your personal data. In this case, your directives must be registered with a digital trusted third-party certified by the CNIL.
Directives can also be specific to data processed by our company. You can send them to us via email or postal address:
By sending us your directives, you specifically give us your consent to store, transmit and carry out these directives as per the terms and conditions set forth herein.
You can designate a person responsible for carrying out your directives. This person, once becoming aware of your directives, will then be habilitated to ask us to put them in place after your death. In the absence of a designated person, your heirs will be authorized to request that we carry them out.
You can change or revoke your directives at any time by contacting us via the email or postal address provided above.
14. Portability of your personal data
You have “data portability” rights regarding the personal data you actively and consciously provide to us when accessing and using our Services, as well as the data generated by your activity when using our Services. We kindly remind you that these rights do not relate to data collected and processed on any other legal basis than the consent or application of the contract that binds us.
These rights can be exercised freely, at all times, and more particularly when closing your account on the Website and/or the App in order to recover and keep your personal data.
In this case, we send your personal data to you, in any way deemed necessary, in an open standard format commonly used and machine-readable, in compliance with the state of the art.
15. Lodging a complaint with a supervisory authority
16. Limitation of data processing
You have the right to obtain the limitation of your personal data processing in the following cases:
During the verification period, when you contest the accuracy of your personal data.
When the data processing is illicit and you wish to limit this processing rather than delete all your data.
When we no longer require your personal data but you wish us to keep them to exercise your rights.
During the verification period of the legitimate grounds, when you object to the processing of your personal data.
18. Entry into effect