Privacy Policy
LAST UPDATED: MAY 01, 2024
This Data Privacy Policy (“Privacy Policy” or this “Policy”) represents the minimum standards that DataXali (“DataXali”, “we”, “us”) have established regarding data privacy, to ensure that we collect, use, store and disclose Personal Data in a fair, transparent and secure manner.
This Policy complies with (and in some cases exceeds) the main requirements of applicable laws and regulations. It is also aligned with other specific DataXali policies relating to the collection and use of Personal Data information implemented by each entity of the DataXali Group to cover the specific processing needs of Personal Data necessary for the activity daily (e.g. cookie policy, specific local policies such as employee privacy policies, specific customer information notices, etc.). This Policy recognizes that some DataXali subsidiaries are located in countries with varying legal and cultural approaches to privacy and data protection. This Privacy Policy may therefore be supplemented by other policies and procedures in certain geographic regions, as may be appropriate to comply with applicable laws and meet cultural norms.
In the event of a conflict between this Privacy Policy and applicable local privacy policies and/or applicable local law from time to time, or in the event of inapplicability of the provisions of this Privacy Policy, applicable local policy and law local authorities will prevail.
Some useful definitions are provided in section 2 of this Privacy Policy for your ease of reference.
Scope
1.1 The Policy covers all Personal Data in any form, including but not limited to electronic data, disks and paper documents and all types of processing, manual or automated, which are in the possession of DataXali or under the control control of DataXali, in all geographic areas where DataXali operates. This includes information held about DataXali members, partners, employees, contractors, consultants, customers, consumers, suppliers, business contacts and any third parties.
1.2 This Policy also applies to any Third Party that performs services for or on behalf of DataXali and who are expected to adopt standards of conduct consistent with the principles set out in this Privacy Policy.
Definitions
2.1 DataXali means the relevant DataXali entity processing Personal Data and the various subsidiaries of DataXali.
2.2 Third Party means a third party or Business Partner who receives from DataXali or is granted access to or who is otherwise entrusted with Personal Data on behalf of DataXali, for example suppliers, contractors, subcontractors and other providers Services.
2.3 Data Subject means an identified or identifiable natural person whose Personal Data is processed by DataXali.
2.4 Informed Consent means any freely given, specific and informed indication of the Data Subject's agreement to the processing of their Personal Data, when this is required.
2.5 Personal Data means any information allowing a natural person to be directly or indirectly identified, in particular by reference to an identification number or to one or more elements specific to their physical, physiological, mental, economic, cultural or social identity. Data is considered Personal Data when it allows anyone to link that data to a natural person, even if the person or entity holding that information cannot make that link.
2.6 Application Data means any Personal Data that is Processed by the DataXali Services, whether by DataXali or by Third Parties who perform services for or on behalf of DataXali. For greater clarity, Personal Data Processed via DataXali marketing websites is not Application Data.
2.7 Sensitive Data (or Special Category of Data) includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identify a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person.
2.8 Personal Data relating to criminal convictions and offenses constitutes a subset of Personal Data, which by its nature has been classified by law or applicable policy as deserving additional privacy and security protections .
2.9 Process / Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to collection, recording, organization, storage , access, adaptation, modification, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deletion, erasure or through other means, such as DataXali marketing websites (“Process” will be construed accordingly).
2.10 DataXali Services means the services used by you in accordance with the applicable agreement, which may include DataUniX or DataXrop), including any updates or replacements thereto and technical support provided by DataXali from time to time .*
How do we ensure the lawfulness, fairness and transparency of your Personal Data?
Personal Data is processed on legal grounds with the informed knowledge of the Data Subjects.
3.1 We will only use Personal Data on a legal basis:
If necessary to perform a contract (for example, with our employees, contractors, customers using DataXali Services, suppliers); in particular, we will use the Application Data only for the purpose of providing the DataXali Services as provided for in this contract; Or
If required to comply with a legal obligation (for example, where we need to meet our obligations as an employer); Or
When we have a legitimate business need or legitimate business reason to use Personal Data in the course of our commercial activities (for example, when carrying out processing to better know our customers and send them promotional offers), except that this does not apply to Application Data; Or
When we have obtained Informed Consent from the Data Subject where it is specifically required by law or applicable policy. This may in particular be the case when none of the other legal bases described above are applicable and to the extent permitted by applicable law.
3.2 We consider it important to assess the privacy risks before collecting, using, retaining or disclosing Personal Data, such as in a new system or as part of a new project.
3.3 DataXali will only process Personal Data in the manner described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject.
3.4 DataXali will not carry out profiling activities based on automated decision-making, unless this is legally based on a requirement of applicable law or the performance of a contract or the consent of the Data Subject, and provided that appropriate safeguards are implemented to protect the rights of Data Subjects.
3.5 We use cookie technologies on our websites to enable us to evaluate and improve the functionality of our websites. We may also use cookies for advertising or analytical purposes, subject to your consent and according to your choice using our cookie settings tool. For more information on DataXali's use of cookies, please read our online Cookie Policy.
3.6 Where required by law, we will ensure that Data Subjects are provided with relevant information regarding the processing of their Personal Data, unless it is impossible to provide such information or it would require disproportionate effort to do so. provide such information. This information will include in particular the purposes of the processing of Personal Data, the types of Personal Data collected (if the Personal Data has not been obtained directly from the data subject), the categories of recipients, the list of rights that can be exercised by the Data Subjects, the consequences of failure to respond or provide Personal Data, the conditions for the transfer of Personal Data outside the European Economic Area (“EEA”), if applicable, and the mechanism used to protect Personal Data in the event of transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the time Personal Data is initially collected from them. Privacy notices should be written in language that provides Data Subjects with a clear understanding of how their Personal Data will be used.
How do we process Personal Data for specific and legitimate purposes and verify that Personal Data is minimized and accurate?
Personal Data will only be collected and processed for specified, explicit and legitimate purposes (which could be multiple), in accordance with the principle of minimizing Personal Data and ensuring the accuracy of the Personal Data processed.
4.1 Personal Data will not be further processed in a manner incompatible with these purposes.
4.2 We carefully evaluate and define the purposes of any processing of Personal Data before launching a project (for example, management of HR data, management of recruitment data, payroll objectives, financial and accounting management, allocation of IT tools and all other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, customer relationship management, offer management, sales and marketing, supply management, communication management internal and external, compliance with anti-money laundering and anti-corruption obligations or any other legal requirements, data analysis operations, implementation of compliance processes).
4.3 We ensure that the Personal Data we collect is relevant, adequate and not excessive in relation to the purpose of the Processing and its possible use (e.g. insights, marketing, promotions). This means that only Personal Data necessary and relevant for the intended purpose can be collected and processed.
4.4 When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offenses, unless required by applicable law or where permitted by applicable law with the express prior consent of the Data Subject.
4.5 Every reasonable step will be taken to ensure that Personal Data is maintained accurately and up to date at each stage of Personal Data Processing (i.e. collection, transfer, storage and retrieval).
4.6 We encourage Data Subjects to help us keep your Personal Data up to date by exercising your rights, including those of access and rectification.
These principles ensure that the processing of Personal Data at DataXali not only complies with regulatory requirements, but also respects the fundamental rights of individuals to confidentiality and the protection of their personal information.
What security and privacy measures are implemented?
Since employees, contractors, customers, suppliers, consumers and business partners entrust us with their Personal Data, DataXali ensures the security and confidentiality of the Personal Data it processes.
5.1 Data Protection: We protect any Personal Data collected, used, stored and disclosed to support our business activities by following relevant customary, technical and organizational policies, standards and processes.
5.2 Technical and organizational measures: Industry standard technical and organizational measures are implemented to prevent accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access to Personal Data, or any other form of illicit or unauthorized processing.
5.3 Selection of service providers: When the processing must be carried out on behalf of DataXali, the latter will select service providers offering sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the laws on applicable data protection and ensures the protection of the rights of Data Subjects.
5.4 Design and default of confidentiality: DataXali strives to take reasonable measures based on confidentiality by design and by default, appropriate to implement the necessary safeguards when processing Personal Data. DataXali will therefore implement technical and organizational measures, from the early stages of designing processing operations, so as to protect privacy and data protection principles from the outset ('Privacy by Design'). By default, DataXali must ensure that Personal Data is processed with privacy protection (e.g. only necessary data should be processed, short retention period, limited accessibility) so that, by default, Personal Data does not are not accessible to an indefinite number of people ('Privacy by Default').
5.5 Privacy impact assessment: Where the processing of Personal Data is likely to result in a high risk to the rights and freedoms of the Data Subjects, we will carry out a privacy impact assessment or “privacy assessment”. impact relating to Personal Data” before its implementation.
5.6 Violation Management: No violation is too small to take action. We will investigate all claims relating to any violation of this Privacy Policy or applicable data protection laws, potential or actual, which come to our attention or of which we become aware, and will take all reasonable measures to limit their impact.
5.7 Additional information on IT security measures: IT security measures are described in more detail in the DataXali Information Security Policy.
How long do we keep your Personal Data?
DataXali retains Personal Data only for as long as necessary for the purposes for which it was collected and processed (and for other compatible purposes), which may include:
Support or meet the commercial activities of DataXali;
Comply with a legal or regulatory requirement and comply with applicable legal prescription requirements;
Defend against legal or contractual claims (in which case Personal Data may be retained until the end of the relevant limitation period or in accordance with any applicable dispute retention policy).
6.1 Retention Policy: Personal Data is retained and destroyed consistently with applicable law and in accordance with DataXali's Data Retention Policy.
6.2 Review of the need for retention: Any individual or entity handling Personal Data on behalf of DataXali will periodically review the need to retain this data. If no justifiable legal or commercial reason no longer exists for their retention, they will be securely destroyed or anonymized.
6.3 Specificities according to the data:
Customer Data: For customers using DataXali services, Personal Data is generally retained for the duration of the contract and as long as necessary post-contract to ensure compliance with legal obligations and resolution of disputes.
Employee Data: For employees, Personal Data is retained for the duration of the employment contract and in accordance with legal requirements for post-employment retention, which may vary by jurisdiction.
Marketing Data: Data collected for marketing purposes is retained as long as the Data Subject does not unsubscribe or request its deletion, subject to legal requirements.
6.4 Transfer and anonymization: When Personal Data is no longer necessary for the intended purposes or for legal reasons, and they must not be kept, they will either be transferred outside of DataXali or made anonymous to avoid any subsequent unrelated use. allowed.
6.5 Information and transparency: DataXali undertakes to inform Data Subjects of the retention period of their Personal Data and the rights associated with this data, including their right to request the deletion or modification of the stored data.
What are your rights as a Data Subject?
DataXali is attentive to requests or requests made by Data Subjects regarding their Personal Data and, where required by law, offers Data Subjects the ability to access, correct, restrict and erase their Personal Data as required by law. provides for applicable law. We also allow them to object to the processing of their Personal Data and to exercise their right to data portability.
7.1 Right of access: We will provide access to all Personal Data relating to a Data Subject as required by law, including the purposes of the processing, categories of Personal Data processed, categories of recipients, retention period data, the rights to rectify, delete or restrict the Personal Data accessed if applicable, etc.
7.2 Right to portability: We may also provide a copy of any Personal Data that we hold in our records in a compatible and structured format to enable the exercise of the right to data portability to the extent that this is relevant under law applicable.
7.3 Right to rectification: Data Subjects may request that we correct, amend, delete any Personal Data that is incomplete, obsolete or inaccurate.
7.4 Right to erasure: Data Subjects may request deletion of their Personal Data if:
The Personal Data is no longer necessary for the purposes of the processing;
The Data Subject has withdrawn consent on which the processing is based exclusively;
The Data Subject objects to the processing;
The processing of Personal Data is illegal;
Personal Data must be erased to comply with a legal obligation applicable to DataXali.
DataXali will take reasonable steps to notify other DataXali entities of such deletion.
7.5 Right of restriction: Data Subjects may request restriction of their Personal Data if:
The accuracy of Personal Data is contested, allowing DataXali to verify its accuracy;
The Data Subject prefers to restrict Personal Data rather than delete it despite the fact that the processing is unlawful;
The Data Subject wishes DataXali to retain Personal Data because he or she needs it for the defense of legal claims;
The Data Subject has objected to the processing, but DataXali verifies whether it has legitimate grounds for the processing which override the Data Subject's rights.
7.6 Right to withdraw consent: When the processing of Personal Data is based on the consent of the Data Subject, the Data Subject may withdraw this consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.
7.7 Right of opposition: The Data Subject may also indicate his opposition to the processing of his Personal Data at any time to:
for marketing or profiling purposes to send targeted advertising;
oppose the sharing of your Personal Data with third parties or within DataXali;
when the processing is based on the legitimate interest of DataXali, unless DataXali demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
7.8 Digital Legacy: Data Subjects have the right to set guidelines (general or specific) regarding the use of their personal data after their death.
To exercise these rights, please use the contact details provided below in Section 10 of this Privacy Policy. The Data Subject also has the right to file a complaint with the competent supervisory authority regarding Personal Data.
When and how do we disclose your Personal Data?
Personal Data is only disclosed outside of DataXali when there is an overriding legal justification to do so.
8.1 Controlled Disclosure: Disclosure is made on a strictly limited “need to know” basis when the justification for transferring the Personal Data is clear – either because the Data Subject has consented to the transfer or because the disclosure is required to perform or reach an agreement, or for a legitimate purpose that does not infringe the fundamental rights of the Data Subject, including the right to privacy (for example, sharing in the context of a merger and acquisition transaction). In each case, the Data Subject will be aware that disclosure is likely to occur. Assurances will also be sought from recipients that they will use Personal Data only for legitimate/authorized purposes and will keep it secure.
8.2 Necessity and relevance: If necessary and relevant, personal data may be disclosed:
To DataXali subsidiaries for purposes described in the Policy;
To authorized employees, representatives, agents and intermediaries of DataXali for purposes described in the Policy;
To partners, agencies and service providers, including IT service providers for technical reasons, who assist DataXali in providing its products/services.
Main suppliers of DataXali, where applicable:
Google Inc. (or one of its subsidiaries), in particular for data hosting and lead sales cycle management;
Microsoft Corporation (or one of its subsidiaries), in particular for data hosting;
SalesForce, for the automation of marketing services;
HubSpot, for managing marketing, sales and customer service;
Zendesk, for customer service and customer relationship management (CRM);
Salesloft, for sales engagement management.
DataXali may also disclose Personal Data to the extent required by law and/or competent authorities.
8.3 Specific disclosure required by law: If a particular disclosure is required to meet a legal obligation (for example to a government agency or to the police/security service) or in connection with legal processes, generally Personal Data may be provided as long as that the disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation (i.e. the Data Subject has been informed of the possibility of such event in Informed Consent or is notified at the time of the request for disclosure).
How are international transfers of EU Personal Data protected?
Personal Data originating from DataXali entities operating within the EU will not be transferred outside the European Economic Area (EEA) to a third country that does not guarantee an adequate level of protection, unless appropriate safeguards are provided. implemented in accordance with applicable laws.
9.1 International data transfer: The international transfer of Personal Data is a very sensitive subject and is taken seriously before transferring Personal Data from its EEA country of origin to another non-EEA country, whether such transfer is for technical reasons (e.g. storage, hosting, technical support, maintenance) or for primary purposes (e.g. centralization of customer database management).
9.2 Guarantees for international transfer: We never carry out international transfers of Personal Data from an EEA country to a non-EEA country without ensuring that appropriate transfer mechanisms, as required by applicable data protection laws, are in place to ensure adequate protection of data during its transfer (e.g. adequacy decision, signing of the European Commission Standard Contractual Clauses where appropriate).
9.3 Agreements and verifications: DataXali ensures that any international transfer agreement for Personal Data includes strict confidentiality and security clauses, in accordance with international standards and specific EU regulations on data protection.
9.4 Monitoring and compliance: Regular reviews are carried out to ensure that third countries where Personal Data is transferred maintain appropriate safeguards. This includes monitoring legislative or regulatory changes that could affect the protection status of Personal Data.
9.5 Information and consent: Before completing an international transfer of Personal Data, DataXali will inform the affected Data Subjects of the details of the transfer, including the reason for the transfer, the specific data that is transferred, and the protection measures in place. Explicit consent from Data Subjects will be obtained where required by law.
9.6 Review and adjustment of practices: DataXali's transfer practices are regularly reassessed to ensure that they remain compliant with the latest legal requirements and best practices, and adjusted accordingly.
How do we handle complaints?
DataXali is committed to resolving legitimate privacy concerns of its staff, customers and other contacts. If any staff member believes that he/she has violated this Privacy Policy, he/she should immediately contact the DataXali Privacy Contact at: legal@dataxali.io and report the incident.
10.1 Reception and management of complaints:
Data Subjects are informed that they may complain about privacy issues:
(i) by writing an email to the DataXali Privacy Contact at the email address mentioned above;
(ii) by directly contacting our Data Protection Officer, Emeline Cuchot, at the following address: 5 rue Clavel, 75019 Paris, at the email address emeline.cuchot@dataxali.eu, or at the telephone number +33 (0)1 42 00 00 00.
10.2 Cooperation with supervisory authorities:
If a Data Subject covered by this Privacy Policy files a complaint regarding the processing of their Personal Data or that of another person, and the complaint is not resolved satisfactorily, DataXali will cooperate with the data protection authorities. competent data and will comply with the advice of these authorities to resolve any unresolved complaints.
10.3 Internal procedures:
If a complaint is received, DataXali will initiate an internal procedure to investigate the complaint. This includes reviewing the relevant Personal Data processing practices and identifying any non-compliance with this Privacy Policy or applicable data protection laws.
Upon recommendation by authorities or DataXali's privacy contact, appropriate measures will be taken to remedy any adverse effects and promote future compliance.
10.4 Response to Data Subjects:
DataXali will ensure that Data Subjects receive a timely response to their complaint, providing details of the actions taken to resolve the complaint and the results of any investigation.
10.5 Protection of Data Subject Rights:
If necessary, DataXali will adjust its processing operations to better protect the rights of Data Subjects and prevent further incidents.
DataXali will notify the Data Subject of the results of the investigation and any corrective action taken.
10.6 Warranty Program:
Data Subjects protected by the Children's Online Privacy Protection Act (COPPA) with questions or concerns about this Policy may also send an email to the iKeepSafe Safe Harbor program consumer complaint email address: COPPA@ikeepsafe.org.
Updating this Privacy Policy
As our business and regulatory environment evolves regularly, this Privacy Policy may also change. We therefore invite you to consult it regularly.
11.1 Notification of changes:
Users of our products will be notified in advance of any material changes to this Privacy Policy via in-app notifications.
11.2 Responsibility for updating:
DataXali undertakes to review and update this Privacy Policy to reflect new legal practices and new technologies, changes in our operations and business practices, and to ensure that the policy remains compliant with applicable laws and regulations .
11.3 Update process:
Any changes to this Privacy Policy will be made with the supervision of our Data Protection Officer and after careful consideration of the potential impacts on the protection of the Personal Data of Data Subjects.
The updated policy will also be consulted, where relevant, with regulators and relevant stakeholders to ensure its full compliance and effectiveness.
11.4 Archiving of previous versions:
Previous versions of this Privacy Policy will be archived and accessible for review to allow Data Subjects to see how their Personal Data may have been processed in the past and to understand any changes made.
11.5 Communication of changes:
In the event of a significant change in the way we process Personal Data, in addition to notifications via the application, a notice will also be published on our website and, if necessary, communicated directly to Data Subjects by e-mail or by a other direct means of communication.
11.6 Entry into force of the modifications:
Changes to this Privacy Policy will be effective immediately upon posting, unless a specific effective date is stated. It is important that Data Subjects review the updated Policy to ensure they are aware of these changes.
11.7 Consent to Changes:
Continued use of DataXali's services following the posting of changes to this Privacy Policy will constitute consent to the changes, unless the Data Subject otherwise expresses disagreement with the new terms by ceasing use of the services. and contacting DataXali to express concerns.