Privacy and Cookies policy for ATOTI – Legal Notice
Preamble
The purpose of this privacy policy (“Privacy Policy“) is to inform all visitors of the ATOTI website available at www.Atoti.io (the “Website“) on how ActiveViam SAS (registered on the Trade and Companies Register under number 824 978 852) (“ATOTI”, “We” and “Us”) processes personal data, as data controller.
This Privacy Policy is available on the Website and may be amended from time to time to take into account any newly-implemented processing, developments regarding the processing of personal data and/or the applicable legislation. Please ensure that You read any new versions made available by ATOTI.
1. Legal Notices
a) Website Publisher
ActiveViam Simplified Stock Company with capital of € 1 240 406, registered offices located at 46 rue de l’Arbre Sec, Paris (75001), France, registered with the RCS of Paris, number 824 978 852, intra-community VAT number FR95 824978852, is the publisher of the website https://alto.Atoti.io/.
Phone: +33 1 40 13 91 00
Email: contact@Atoti.io
The Publishing Director is Georges Bory as legal representative of the President.
b) Hosting provider : OVH SAS
- Address : 2, rue Kellermann, 59100 Roubaix France
- Contact information: +33 8 99 49 87 65 – customersupport@ovh.co.uk
2. Data controller and Data subjects concerned by this Privacy Policy
ATOTI is responsible for all data processing operated on the Website. ATOTI is subject to the obligations imposed by the regulations in force in France and in the European Union regarding the processing of personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (together the “Regulation“). If you use or access all or part of the Services, as defined in the ATOTI Community Website Terms of Use, through an external website, such as Github that include a single sign on process, ATOTI and the service provider of the chat tool as co-controllers and these third party providers’ privacy policy will apply as well. Each party remains liable for the data they may access and process.
Data subjects are ATOTI’s consultants, partners, customers and/or prospects, as well as their employees, and, more generally, anyone using or visiting the Website (the “Users” or “You” or “Your”).
3. Definitions
“Personal Data” or the “Data” means any information that allows either to directly identify a User, for example its first and last names, or to indirectly identify one, for example its IP address, email or personal ID number.
“Processing” of Personal Data means any operation or set of operations (automated or manual) applied to Data or to Data sets. This includes the collection, recording, organization, retention, modification, consulting, use, transfer, distribution or otherwise display, reconciliation, interconnection, limitation, or destruction etc. of said Data.
4. Collected and processed Data
Data that You provide – ATOTI collects Data directly from Users, including via Data collection forms on the Website, such as registration to the ATOTI community space and forum, or otherwise, or during chats, discussions or email exchanges. This Data can be updated by Users. To this end, any update change must be immediately communicated to ATOTI or changed directly on the Website whenever this is possible.
Data obtained by third parties – Data can also be provided indirectly from Your personal devices (computer or other devices), through a secure connection to our information system or through an application programming interface (API) such as Google, Twitter, LinkedIn, GitHub or Instagram. ATOTI also uses YouTube’s API services. The privacy policies for these services offered by YouTube and Google is available at the following link: http://www.google.com/policies/privacy. In this case, ATOTI and the services providers are considered as co-controllers. Additionally, ATOTI collects Data using cookies and/or trackers that can analyze Users’ behavior on the Website.
Data regarding third parties that You provide us with – If You provide us with Data relating to another User (e.g. Your employees’ Data for support purposes or for partner / third party recommendations), You guarantee that You have obtained the prior authorization from this third party to process their Data in their name and, more generally, to send us said Data and that You can receive any correspondence relating to their Data on their behalf. You must also inform them about the processing of their Data and that they can consult the Privacy Policy on the Website.
The type of Data being processed – Data collected is strictly limited to the purpose for which it has been collected as listed below. As such, the Data that We collect from Users include first and last names, email address, employer’s identity (if identifiable by the email’s domain and browsing Data (cookies).
We also collect Data from Users that are members reporting events and/or issues on the dedicated Github repository of the ATOTI community, such as username and password, interests, preferences, feedback and survey responses, information about how You use our Website, products and Services, marketing and communications Data, including Your preferences in receiving marketing communications from Us (if any).
In addition to the above Data, if You provide us with this information, We also process the following Data concerning: IP address, position / job title, login details, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives Us information about how You accessed Our Website.
5. Legal basis for the Data Processing
The legal basis for ATOTI’s Processing of Data are as follows:
(i) compliance with a legal obligations;
(ii) performance of a contract (License Agreements and the Website Terms of Use);
(iii) legitimate interest;
(iv) Your consent, particularly with regard to trackers and marketing activities.
In addition, when providing Data is mandatory, it will be clearly indicated (e.g. marked with an asterisk).
6. The purposes of Data Processing
Data relating to Users is processed as per the following purposes:
- Animation of the ATOTI community: including via a third party tool (e.g. Gitter),
- Provision of services: Answering Your comments, questions, dealing with reported issues and providing service. Enforce Our Website’s Terms and End User License Agreement, protect ATOTI’s activities and assets, partners or Users.
- License management: ATOTI collects and processes Data relating to User that are using the ATOTI Software, as defined in the ATOTI Community Website Terms of Use of, and the ATOTI Templates.
- Auditing: As part of an audit or potential purchase operation of ATOTI, audits by potential investors, buyers or purchasers may be carried out and include an access to the Data. Internal audits may also be carried out to check that our processes are being correctly implemented or to verify Data processing from the Customer database.
- End User relationship management: In order to provide End User with the best service and improve our solutions, ATOTI also processes End User Data when managing the termination of a license or in order to offer new services, commercial offers and discounts. As part of its End User relationship management, ATOTI must also record all email exchanges with the End User or Members’ employees. Finally, ATOTI may conduct surveys on the quality of the Services provided in order to improve said Services.
- Marketing: create a database of persons interested in ATOTI Software and Services and conduct possible marketing actions, as well as to manage and send newsletters (unless Users have expressly opted out).
7. Who can access Your Data at ATOTI?
Access to Data is limited to the individuals and departments of ATOTI that require an access to such information in order to fulfil their duties within ATOTI. Data collected can thereby be accessed within ATOTI by the appropriate departments in order to manage the different Processing (sales department for marketing, legal department for license management and disputes, IT department for support).
8. Third party recipients and Data transfer
For certain purposes, ATOTI may sometimes use the services of subcontractors or service providers (e.g. those in charge of maintaining ATOTI’s information system or providing administrative services such as Gitter for the task assignment) such as IT service providers (e.g. hosting website) offering SaaS solutions who require an access to the Data to perform their service, including some which may be located outside of France. In this case, ATOTI chooses third party providers which provide serious commitments in terms of data processing, confidentiality and security in compliance with Regulation. This is particularly important if these transfers take place outside of the EU.
In the following specific cases, ATOTI may also communicate Data to third parties:
- ATOTI may disclose Your Data when We have Your consent, including when You choose to disclose information publishing on the ATOTI Community website.
- As part of the Processing for auditing purposes as provided for above, Data may be communicated to a purchaser, prospective purchasers and their counsels.
- If all or part of ATOTI’s assets are acquired by a third party, Data will become one of the transferred assets. Data will be processed by the purchaser who will act as the new Data controller and the purchaser’s privacy policy will then govern the Processing of the Data.
- If ATOTI is obliged to disclose or provide access to Data in order to comply with any legal obligation or a court decision, or in order to enforce or perform the service agreement or circumstances other than those accepted, or to protect the rights, property or safety of ATOTI, its customers or its employees;
- If this transfer of Data by ATOTI is permitted by law.
ATOTI does not sell or give access to any Data to third parties, except giving access to entities that are part of the ActiveViam group.
9. Data retention
Data is stored as long as is strictly necessary in order to allow us to perform our Services, until (i) You unsubscribe from the ATOTI Community, (ii) the duration required by law or (iii) for a duration proportionate to the purpose. In any case, this Data must be stored in accordance with CNIL recommendations. Considering the contemplated Processing, Data collected is deleted within 3 years of its collection or within 3 years of the last contact with You.
Furthermore, anonymous data and data relating to Users may be kept for an unlimited period of time when it does not contain or no longer contains any Personal Data.
10. Actions carried out on Data
The following actions are conducted on Data:
- Collection and recording,
- Organization and structuring,
- Hosting or retention using third-party software,
- Consultation,
- Selection(using a solution published by a third party),
- External archiving,
- Transmission, distribution or otherwise in any form making available of the Services,
- Modification/consultation by marketing, accounts or IT department,
- Deleting or destroying.
11. Data localization and security measures
All Data is hosted by providers located in the European Union, in compliance with the Regulations applicable for this type of Data.
ATOTI transfers Data to entities located outside the European Union in the following instances :
- to entities part of the ActiveViam group,
- if ATOTI has specifically informed User,
- in cases where ATOTI must submit and/or enforce judicial acts (summons, rulings, conservatory measures, etc.) overseas due to the User residing outside the European Union,
- when ATOTI uses the services of a provider located overseas.
In any case, ATOTI ensures that all transferred Data is transferred in compliance with the applicable Regulation and is adequately protected in order to guarantee the Data’s security, integrity and confidentiality in accordance with the applicable Regulation.
ATOTI shall take all suitable measures and precautions to ensure the confidentiality and security of the Data and to prevent it from being tampered with, corrupted or accessed by unauthorized persons. A security policy for the information system has been implemented. For example, access to Your Data is solely limited to persons/services who require such access. This Data is stored on secured servers and banking details are encrypted. A login and password is required to access Data.
However, transferring Data via Internet is not without risk. Therefore, User represents that Data may be damaged, destroyed or deleted when accessing the Website.
12. User rights
Users have the following rights on their Data as processed by ATOTI:
- Access to or obtain a copy of their Data
- Rectification of their Data
- Have all or part of their Data deleted when the Data, (i) is no longer needed for the purposes for which it was collected, (ii) is exclusively based on User’s consent, (iii) and their Processing undergoes an objection proceeding;
- Limit the processing of their Data temporarily, when the accuracy of said Data is challenged, when the User has objected to its Processing and when the Data is no longer needed by ATOTI but is still necessary for the enforcement, exercise or defense of their rights in court
- Unsubscribe or opt out of receiving marketing and commercial documents (emails) at any time by clicking on the “unsubscribe” link in any emails or communication sent by ATOTI
- Object to the Processing or withdraw their consent at any time when Data Processing is based on consent
- Portability of their Data when Data Processing is based on consent and when the Processing is carried out using automated processes
- Decide how their Data will be used after their death
- File a complaint before the CNIL (French Data Privacy Authority).
To exercise any of these rights or for any questions relating to this Privacy Policy, Users may contact ATOTI at the following addresses: ActiveViam – ATOTI, 46, rue de l’Arbre Sec – 75001 Paris, PARIS, or at contact@Atoti.io and attach a copy of their ID card.
13. Cookies
ATOTI respects the privacy of its Users (as defined above). This ATOTI Cookies Policy applies to the cookies used by ATOTI on the Website. It describes the information We collect automatically through the use of automated information gathering tools, such as cookies and web beacons.
Cookies are small pieces of information or text that are sent to Your computer when You visit a website and are used to store or track information about Your use of that site.
ATOTI uses cookies to collect specific information, improve Your browsing experience and make Your interactions with the ATOTI website more relevant. For example, We may use cookies to determine if You have ever visited the ATOTI Website and to know the features of the site in which You are interested, which allows Us to better customize the content of Our Website.
ATOTI uses both session-based cookies and persistent cookies. Session-based cookies only exist for the duration of Your web session and expire when You close Your web browser. Persistent cookies are files that are kept in one of Your browser subfolders until they are manually deleted by You or until they are deleted by Your browser based on the time specified in the persistent cookie file.
The cookies used by the Website are the following:
- “Google Analytics”: to find out the number of site visitors and improve Your user experience on the Website;
- “Targeting cookie”: these cookies allow targeted advertisements to be sent according to the interests of the user.
In addition, the use of the Website may lead to the installation of certain cookies issued by third parties (communication agencies, audience measurement companies, social networks, YouTube, etc.) that are not controlled by ATOTI. The issue and use of these cookies are subject to the privacy policies of these third parties and subject to Your specific consent.
Web beacons (also known as pixel tags and clear GIFs) are transparent electronic images that can recognize certain types of information on Your computer, such as the type of browser used to display a web page, Your visit to a particular site linked to the web beacon and the description of a site linked to it. Certain pages of the Website or emails may contain web beacons for the operation and improvement of the Website by ATOTI.
An IP address is a unique identifier that some electronic devices use to identify and communicate with each other on the Internet. When You visit the Website, We may consult the IP address of the electronic device You are using to connect to the Internet. We use this information to determine the general physical location of the device and to deduce the geographic area in which Our visitors are located. This is personal data within the meaning of the legislation and regulations applicable to the protection of Personal Data.
Cookies are installed during Your first visit to the Website, but only subject to Your prior consent through the cookies banner which allows You to select the cookies you accept (except the cookies that are technically necessary to access the Website or the Services).
You can stop the download of cookies on Your computer by setting Your browser appropriately. Most browsers will tell You how to stop accepting new cookies, be notified when You receive a new cookie and disable existing cookies. You can get directions by visiting www.allaboutcookies.org and You can also manage, disable or allow cookies by changing Your browser settings by visiting the sites below (depending on the browser):
- Internet Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10
- Chrome: https://support.google.com/accounts/answer/61416?hl=en
- Safari: https://support.apple.com/en-us/HT201265
- Mozilla: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that the lack of cookies may prevent You from taking full advantage of the features of our Website.
We would like to draw Your attention to the fact that Your opposition to the installation or use of a cookie will be taken into account by the installation of a “refusal cookie” on Your terminal. Therefore, please do not delete this refusal cookie if You wish Your choice to be taken into account.
Last updated on 08/04/2019