The BubbleYou Solution is the property of ADS, registered in the Nanterre Trade and Companies Register under number 831 830 948, whose registered office is located at 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux, France.

ADS’s activity notably involves the development and the operation of the SaaS Solution (Software as a Service) BubbleYou and the associated services enabling any organisation to create and administrate a collaborative social platform.

In the remainder of these terms of subscription, we will refer to ADS as BubbleYou.

We have adopted this data protection policy (the “Policy“) to explain the way in which We collect, process, store, use and share Subscribers’ personal data (“Subscriber Data“), which they provide to Us and/or which We collect when they subscribe to a Subscription and use the Solution and Services.

The content of this Policy is linked to the content of the BubbleYou Solution’s general terms of subscription (the “GTS“). Therefore, all the capitalised terms used in this Policy shall have the meaning given to them in the GTS, which can be viewed and printed at the bottom of the Website homepage by clicking on the link “GTS”.

Within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR“) and of the law no. 78-17 of 6 January 1978, as amended by the law of 6 August 2004, and then by the law of 20 June 2018, relating to information technology, data files and civil freedoms (the “LIL“) and any other French or European regulation applicable in this regard (the “Applicable Legislation on the Protection of Personal Data“), We act in the capacity of the data controller of Subscriber Data for processing carried out in the context of the subscription and the management thereof, as well as the monitoring of the commercial relationship, excluding any processing performed during the use of the Community Services, for which we act as a data processor within the meaning of the Applicable Legislation on the Protection of Personal Data, that are described in the Data Processing Agreement appended to the GTS.

We reserve the right to modify the Policy at any time. If We modify the Policy, We will post the changes on the Site and in the Subscriber’s Personal Area, and Subscriber’s continued use of the Solution and associated Services will constitute acceptance of such changes.

Subscriber Data is information that directly or indirectly identifies them. We process the following Data in the context of their subscription, the management thereof and the monitoring of the commercial relationship that We maintain with them:

• Connection data such as browsing data (time, date, time spent, browser) and IP address, when the Subscriber browses the Site, connects to the Solution and throughout their use thereof,
• Identification data such as last name, first name, login details, date of birth, e-mail address (personal or professional depending on whether the Subscriber is an individual or a professional), and postal address when the Subscriber takes out a Subscription, creates an Account, communicates with Us and/or receives our promotional communications,
• Professional data such as company name and place of business ID [SIRET] when the Subscriber is a professional,
• Order data such as the order number, Subscription details, transaction number, transaction amount, date and time of the transaction, when the Subscriber takes out a Subscription,
• Payment information such as the bank account number and/or the last four digits of the credit card number and the payment receipt when the Subscriber pays for their Subscription.
• The Subscriber’s conversations and correspondence with the customer service and technical support.

We process Subscriber Data for the proper performance of our contract with them, notably for the following purposes:

• To manage Subscriptions, notably the taking out thereof, their payment and their cancellation,
• To manage the commercial relationship with the Subscribers and to manage their complaints and to enable them to communicate with the Customer Service and/or the After-sales Service,
• To manage requests to adapt the Solution to the specific needs of a Subscriber and to provide an additional service, and the contractualisation and the payment thereof.

We process Subscriber Data where necessary for the purposes of our legitimate interests, including the following objectives:

• To enable them to browse the Website and the Solution,
• To manage the Subscriber’s Account and allow the Subscriber to create it, modify their User ID and allow Us to send them a link to reset their password if it is lost or forgotten.
• To communicate with them and to send them information and promotional content concerning the Solution and ADVYTEAM, to carry out all kinds of promotional and loyalty operations and to carry out surveys.

We process Subscriber Data to fulfil a legal obligation in connection with the processing of requests to exercise the rights of data subjects.

We share Subscriber Data with our internal departments such as IT, sales, marketing and customer service.

We also share Subscriber Data with our data processors who are responsible for hosting the data and paying for the Subscriptions.  In this case, We ensure that our data processors adhere to our Data Protection Policy and comply with the same data protection obligations as are imposed on Us. We also ensure that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of our Data Processing Policy and, more generally, of the Applicable Legislation on the Protection of Personal Data.

Finally, We may disclose Subscriber Data to the appropriate authorities to exercise our legal rights or to comply with the law or a court order.

Except as required by law or jurisdiction, we are not obligated to inform Subscribers of these Data disclosures.

We guarantee our Subscribers that none of their Data shall be transferred outside the European Union.

We guarantee our Subscribers that their Data will be hosted in Clouds present in the territory of the European Union.

For the payment of Subscriptions, payments via the platform and customer support, data is saved by Chargebee, Hubspot and payment platforms (Stripe, PayPal, etc.).

We (through our service providers) store Subscriber Data in storage facilities located within the European Union for no longer than is necessary for the purposes for which We collect and process such Data and, in any event, in accordance with legal requirements.

Subscriber Data will be stored in our active database for the time necessary to browse the Site and the Solution, as the case may be, when taking out the Subscription, and will then be irreversibly deleted or anonymised, with the exception of Contact Data which will be stored in our active database for a period of 3 years from the end of the Subscriber’s Subscription, in order to send them promotional communications about the Solution, the Services, ADVYTEAM and/or our events.

Some Subscriber Data will be archived in an intermediary database with limited access, where We are legally required to keep it for a longer period, for example to comply with the law, to establish proof of our rights or contract with the Subscriber, or for tax, accounting or audit purposes. In these cases, the duration of the storage processing will depend on the respective legal limitations or retention periods and the Data will be deleted after the expiration of the relevant retention periods. This is notably the case for Subscriber Data that is necessary for taking out a Subscription, which will enable Us to prove the existence of a contract and which We will keep in an intermediary database for a period of 5 years in accordance with the legal limitations period.

We seek to ensure the security of Subscriber Data and have implemented security measures consistent with accepted industry practices to protect and limit access to such Data.

In particular, We have implemented appropriate technical and organisational measures to minimise the risks associated with loss of Data, the misuse thereof, and unauthorised access and disclosure, such as: secure access to Data through the use of User IDs and passwords; measures to back up Data.

However, despite our efforts to protect Subscriber Data, there is always a risk that an unauthorised third party may find a way to circumvent our security systems or that transmissions of Subscriber Data over the Internet may be intercepted. Unfortunately, we cannot guarantee the absolute security of this Data, nor can we guarantee that it will not be intercepted when Subscribers transmit it to us at the time of collection. Therefore, We invite Subscribers to take all necessary precautions to protect their Data when they are on the Internet or using the Site and when they connect to the Solution.

In any case, when We become aware of a breach of Subscriber Data that may pose a serious risk to their rights and freedoms, We notify them of this breach as soon as possible to allow them to take the necessary measures to protect themselves, in addition to informing the French National Commission for Information Technology and Civil Freedoms (“CNIL”) thereof beforehand.

If you have any questions regarding the protection of Subscriber Data, We are available to answer them by e-mail at the following address privacy@bubbleyou.com

We may use cookies to collect certain Subscriber Data, such as browsing data or the IP address. Cookies are small text files that help the Subscriber’s browser navigate our Website and our Solution. Cookies are generated by our Solution and are accepted and processed by the browser software in question. The Cookie is stored in the folder or sub-folder of this browser, enabling it to access the Cookie again in case of a new visit to our Site and/or a new login to our Solution. Therefore, the browser uses the information stored in the Cookie to simplify the navigation of our Solution, allowing the Subscriber to automatically log in or by remembering the settings that they selected during previous visits to our Site and previous logins to our Solution.

Subscribers have the following rights with respect to their Data and the processing thereof:

• right of access to their Data,
• right to rectify their inaccurate Data,
• right to have their Data erased, unless the processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims,
• right to limit the processing of their Data if (i) the Subscribers dispute the accuracy of their Data, (ii) the processing is unlawful, but they object to the deletion of the Data and request limitation instead, (iii) We no longer need the Data, but Subscribers need it to assert, exercise or defend their legal rights, or (iv) they have objected to processing,
• the right to receive a copy of their Data in a structured electronic format or to request the transfer of their Data to another data controller, where technically possible,
• the right to object to the processing of their Data for reasons related to their particular situation or for marketing purposes,
• the right to withdraw their consent at any time where processing is based on consent.

Subscribers may also file a complaint with the CNIL at the following address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

Subscribers may exercise their rights, and notably withdraw their consent, by sending Us a clear and precise request by e-mail to the following email address: privacy@bubbleyou.com or by post to the following address: ADVYTEAM Customer Service 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux. In this case, Subscriber Data will be deleted, unless the processing thereof is necessary to comply with our legal obligations, to comply with our contractual obligations or to pursue our compelling legitimate interests. However, withdrawal of consent will not affect the lawfulness of the processing carried out in the past. Subscriber’s requests will be processed by our team within a reasonable period from the date of receipt and will be accepted or denied subject to our legal obligations and within the limits of Subscribers’ rights. 

Subscribers can also access and update their Data at any time by accessing their Account settings in their Personal Area.

The Website and the Solution may contain links that redirect Subscribers to other websites such as LinkedIn, Facebook, Twitter, Pinterest, Instagram, YouTube or even Dribbble. The presence of a link to a third-party website on our Website and/or our Solution does not constitute in any way an endorsement, authorisation or affiliation with the website in question. If the Subscriber clicks on a link that redirects them to a third-party website, including an advertisement, they will leave the Community Services that they were using to go to the selected website. As We have no control over the activities of third parties, We are not responsible for the use of Subscriber Data by such third parties and We cannot guarantee that they will follow the same Data protection practices. If the Subscriber visits a third-party website through a link from our Website and/or our Solution, they should consult the data protection policy of the website in question before submitting their Data.

If you have any questions or concerns about this Policy, We are available to answer them by sending an email to the following email address: privacy@bubbleyou.com or by post at the following address: ADVYTEAM Customer Service 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux.