Updated on 10/11/2021
The BubbleYou Solution is the property of ADS, registered in the Nanterre Trade and Companies Register under number 831 830 948, whose registered office is located at 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux, France.
ADS’s activity notably involves the development and the operation of the SaaS Solution (Software as a Service) BubbleYou and the associated services enabling any organisation to create and administrate a collaborative social platform.
In the remainder of these terms of subscription, we will refer to ADS as BubbleYou.
We have adopted this data protection policy (the “Policy“) to explain the way in which We collect, process, store, use and share Subscribers’ personal data (“Subscriber Data“), which they provide to Us and/or which We collect when they subscribe to a Subscription and use the Solution and Services.
The content of this Policy is linked to the content of the BubbleYou Solution’s general terms of subscription (the “GTS“). Therefore, all the capitalised terms used in this Policy shall have the meaning given to them in the GTS, which can be viewed and printed at the bottom of the Website homepage by clicking on the link “GTS”.
Within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR“) and of the law no. 78-17 of 6 January 1978, as amended by the law of 6 August 2004, and then by the law of 20 June 2018, relating to information technology, data files and civil freedoms (the “LIL“) and any other French or European regulation applicable in this regard (the “Applicable Legislation on the Protection of Personal Data“), We act in the capacity of the data controller of Subscriber Data for processing carried out in the context of the subscription and the management thereof, as well as the monitoring of the commercial relationship, excluding any processing performed during the use of the Community Services, for which we act as a data processor within the meaning of the Applicable Legislation on the Protection of Personal Data, that are described in the Data Processing Agreement appended to the GTS.
We reserve the right to modify the Policy at any time. If We modify the Policy, We will post the changes on the Site and in the Subscriber’s Personal Area, and Subscriber’s continued use of the Solution and associated Services will constitute acceptance of such changes.
Subscriber Data is information that directly or indirectly identifies them. We process the following Data in the context of their subscription, the management thereof and the monitoring of the commercial relationship that We maintain with them:
We process Subscriber Data for the proper performance of our contract with them, notably for the following purposes:
We process Subscriber Data where necessary for the purposes of our legitimate interests, including the following objectives:
We process Subscriber Data to fulfil a legal obligation in connection with the processing of requests to exercise the rights of data subjects.
We share Subscriber Data with our internal departments such as IT, sales, marketing and customer service.
We also share Subscriber Data with our data processors who are responsible for hosting the data and paying for the Subscriptions. In this case, We ensure that our data processors adhere to our Data Protection Policy and comply with the same data protection obligations as are imposed on Us. We also ensure that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of our Data Processing Policy and, more generally, of the Applicable Legislation on the Protection of Personal Data.
Finally, We may disclose Subscriber Data to the appropriate authorities to exercise our legal rights or to comply with the law or a court order.
Except as required by law or jurisdiction, we are not obligated to inform Subscribers of these Data disclosures.
We guarantee our Subscribers that none of their Data shall be transferred outside the European Union.
We guarantee our Subscribers that their Data will be hosted in Clouds present in the territory of the European Union.
For the payment of Subscriptions, payments via the platform and customer support, data is saved by Chargebee, Hubspot and payment platforms (Stripe, PayPal, etc.).
We (through our service providers) store Subscriber Data in storage facilities located within the European Union for no longer than is necessary for the purposes for which We collect and process such Data and, in any event, in accordance with legal requirements.
Subscriber Data will be stored in our active database for the time necessary to browse the Site and the Solution, as the case may be, when taking out the Subscription, and will then be irreversibly deleted or anonymised, with the exception of Contact Data which will be stored in our active database for a period of 3 years from the end of the Subscriber’s Subscription, in order to send them promotional communications about the Solution, the Services, ADVYTEAM and/or our events.
Some Subscriber Data will be archived in an intermediary database with limited access, where We are legally required to keep it for a longer period, for example to comply with the law, to establish proof of our rights or contract with the Subscriber, or for tax, accounting or audit purposes. In these cases, the duration of the storage processing will depend on the respective legal limitations or retention periods and the Data will be deleted after the expiration of the relevant retention periods. This is notably the case for Subscriber Data that is necessary for taking out a Subscription, which will enable Us to prove the existence of a contract and which We will keep in an intermediary database for a period of 5 years in accordance with the legal limitations period.
We seek to ensure the security of Subscriber Data and have implemented security measures consistent with accepted industry practices to protect and limit access to such Data.
In particular, We have implemented appropriate technical and organisational measures to minimise the risks associated with loss of Data, the misuse thereof, and unauthorised access and disclosure, such as: secure access to Data through the use of User IDs and passwords; measures to back up Data.
However, despite our efforts to protect Subscriber Data, there is always a risk that an unauthorised third party may find a way to circumvent our security systems or that transmissions of Subscriber Data over the Internet may be intercepted. Unfortunately, we cannot guarantee the absolute security of this Data, nor can we guarantee that it will not be intercepted when Subscribers transmit it to us at the time of collection. Therefore, We invite Subscribers to take all necessary precautions to protect their Data when they are on the Internet or using the Site and when they connect to the Solution.
In any case, when We become aware of a breach of Subscriber Data that may pose a serious risk to their rights and freedoms, We notify them of this breach as soon as possible to allow them to take the necessary measures to protect themselves, in addition to informing the French National Commission for Information Technology and Civil Freedoms (“CNIL”) thereof beforehand.
If you have any questions regarding the protection of Subscriber Data, We are available to answer them by e-mail at the following address email@example.com
Subscribers have the following rights with respect to their Data and the processing thereof:
Subscribers may also file a complaint with the CNIL at the following address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.
Subscribers may exercise their rights, and notably withdraw their consent, by sending Us a clear and precise request by e-mail to the following email address: firstname.lastname@example.org or by post to the following address: ADVYTEAM Customer Service 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux. In this case, Subscriber Data will be deleted, unless the processing thereof is necessary to comply with our legal obligations, to comply with our contractual obligations or to pursue our compelling legitimate interests. However, withdrawal of consent will not affect the lawfulness of the processing carried out in the past. Subscriber’s requests will be processed by our team within a reasonable period from the date of receipt and will be accepted or denied subject to our legal obligations and within the limits of Subscribers’ rights.
Subscribers can also access and update their Data at any time by accessing their Account settings in their Personal Area.
The Website and the Solution may contain links that redirect Subscribers to other websites such as LinkedIn, Facebook, Twitter, Pinterest, Instagram, YouTube or even Dribbble. The presence of a link to a third-party website on our Website and/or our Solution does not constitute in any way an endorsement, authorisation or affiliation with the website in question. If the Subscriber clicks on a link that redirects them to a third-party website, including an advertisement, they will leave the Community Services that they were using to go to the selected website. As We have no control over the activities of third parties, We are not responsible for the use of Subscriber Data by such third parties and We cannot guarantee that they will follow the same Data protection practices. If the Subscriber visits a third-party website through a link from our Website and/or our Solution, they should consult the data protection policy of the website in question before submitting their Data.
If you have any questions or concerns about this Policy, We are available to answer them by sending an email to the following email address: email@example.com or by post at the following address: ADVYTEAM Customer Service 2-4, rue Maurice Hartmann 92130 Issy-les-Moulineaux.