Through the PLATFORM available at https://www.OpenDataSoft.com, OpenDataSoft provides Software as a Service (“SaaS”) solutions that work with open data portals, internal data references, smart city platforms, and data marketplaces to provide:
- publication of datasets for systems management/managers;
- User data search and visualization; and
- Reuse of data via simple and powerful APIs for developers
Respect for your private life and your personal data is a priority for THE COMPANY which undertakes to collect and process your personal data in accordance with the provisions of the most recent version in force of the French Data Protection Act No. 78-17 of 6 January 1978 and with the provisions of European Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").
As part of the use of this service, THE COMPANY shall respect two essential principles:
- You remain in control of your PERSONAL DATA;
- Your data will be handled in a transparent, confidential, and secure fashion.
ARTICLE 1. DEFINITIONS
- BENEFICIARY: means the end USER who connects to the DOMAIN and who has been granted a right of access to DATASETS published by the COMPANY.
- DATASETS: means data produced by THE COMPANY, published on the PLATFORM, and made available to all or some categories of USERS, depending on THE COMPANY’s subscription and the licenses the COMPANY has granted.
- DOMAIN: means the domain name of https://opendata.vallourec.com that THE COMPANY has registered in connection with its subscription, on which it can publish its DATASETS. Specific DOMAINS can also be registered subject to conditions (e.g., use of a HTTPS certificate to secure access to this domain using private key, and possible intermediate certificates).
- OPENDATASOFT PLATFORM: means the platform OPENDATASOFT publishes, including all its graphic, audio, visual, software and textual components. The OPENDATASOFT PLATFORM is the exclusive property of OPENDATASOFT. It is accessible at https://www.opendatasoft.com/fr/.
- "PERSONAL DATA" means any information relating to an identified or identifiable natural person. A person is "identifiable" if he or she can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to him or her.
- USER: means all kinds of users, either a BENEFICIARY or a THE COMPANY.
ARTICLE 2. IDENTITY OF CONTROLLER
Legal notice: The DATA CONTROLLER is the person who determines the means and purposes of personal data processing. The SUBCONTRACTOR is a person processing PERSONAL DATA on behalf of the DATA CONTROLLER, who acts under the authority and direction of the DATA CONTROLLER.
OpenDataSoft acts as a SUBCONTRACTOR of the THE COMPANY when the latter collects and processes data via its DOMAIN, which it manages in its sole discretion. Therefore, each THE COMPANY shall have the status of CONTROLLER of the data for BENEFICIAIRIES processed with THE COMPANY’S DOMAINS and DATASETS published on THE COMPANY’S DOMAINS.
ARTICLE 3. DATA COLLECTION & PROCESSING
As part of the exploitation of its DOMAINE, THE COMPANY may collect PERSONAL DATA concerning USERS of its DOMAIN.
The COMPANY collects PERSONAL DATA either online (through the intermediary of Your terminal using cookies, login data, during navigation on the DOMAIN 's pages or via collection forms) or offline, and this personal data protection policy applies regardless of the method in which your PERSONAL DATA is collected. In the event of online collection, this personal data protection policy appears on the DOMAIN and, in the event of offline collection, you will be notified of the existence of the personal data protection policy.
THE COMPANY will collect BENEFICIARIES’ personal data
- When you visit the DOMAIN;
- When you use the functionalities and/or the SERVICES provided on the DOMAIN (e.g : API Calls)
- When you engage in exchanges with the COMPANY or with other BENEFICIARIES via the DOMAIN;
Regardless of the manner in which PERSONAL DATA is collected, THE COMPANY will inform you of: (a) the purposes of processing, (b) whether the responses sought are required or optional, (c) possible consequences of failure to reply, (d) data recipients, (e) the existence of a right to access, modify and oppose the data processing.
THE COMPANY may obtain your consent and/or allows you to object to the use of your PERSONAL DATA for certain purposes.
- Data for identification (first name, last name, postal, and e-mail addresses);
- Data concerning the management and security of each account created from the DOMAIN (identifiers, passwords, API keys);
- Data concerning follow-up on requests for information, and history of exchanges with departments;
- Connection data (IP addresses, connection logs).
Processing of PERSONAL DATA includes in particular the use, storage, recording, transfer, adaptation, analysis, summarization, modification, declaration, sharing and destruction of the personal data according to what is necessary given the circumstances or legal requirements.
ARTICLE 4. PURPOSES OF PROCESSING
The legitimate interest of processing is based on the very nature of the service provided by the COMPANY, which involves the collection of the personal data of Users and their consent.
Your data is collected by THE COMPANY to ensure:
- The proper functioning and ongoing improvement of the DOMAIN and its functionalities and its security;
- To enable interactive and personalized use of the DOMAIN;
- Transmission of newsletters;
- Management of BENEFICIAIRIES, (e.g., customer satisfaction surveys);
- Management of requests for rights of access, corrections, and opposition;
- Maintenance of statistics to improve the functioning of the DOMAIN and the quality of services it offers.
The COMPANY will also use this data as needed for legal and regulatory purposes.
ARTICLE 5. CONSENT
When you open your DOMAIN, you will complete a variety of forms and provide PERSONAL DATA.
By providing THE COMPANY with your personal data, you expressly consent to have such data collected and processed by THE COMPANY for the purposes described in each support of data collections.
As a BENEFICIARY, you consent to have your connection data to the DOMAIN collected to facilitate your navigation.
ARTICLE 6. DATA RECIPIENTS
In the event of access to the DOMAIN from a country outside of the European Union whose legislation or regulations relating to the collection, use and declaration of data differs from those of the European Union, please note that by continuing to use the DOMAIN, which is governed by French Law, the corresponding usage conditions and this personal data protection policy, you are agreeing to transfer your PERSONAL DATA to the European Union.
The COMPANY only communicates your PERSONAL DATA to authorized and determined recipients. In particular, THE COMPANY may give access to your PERSONAL DATA to its potential service providers acting as subcontractors to perform services relating to COMPANY's IT services and applications (hosting, storage, IT maintenance services in particular). These third party service providers act only on instructions from THE COMPANY and will be bound by the same security and confidentiality obligations as THE COMPANY. THE COMPANY is committed to selecting subcontractors who are located within the EU/EEA.
Nevertheless, The COMPANY must anticipate that in the future recipients could be installed in a country outside the EU/EEA that does not offer an appropriate level of data protection compared to the European level of data protection. If necessary, The COMPANY will choose service providers who accept the standard European contract clauses as authorized by the European Commission and will require them to take all organizational and technical measures to ensure an adequate level of protection of your PERSONAL DATA.
ARTICLE 7. COMMUNICATION OF PERSONAL DATA
The COMPANY is the sole recipient of the data collected. The COMPANY will only send your PERSONAL DATA to third parties in the following cases:
THE COMPANY attempts to ensure that the data it collects is retained in a manner that allows your identification only for as long as necessary to achieve the purposes for which such data has been collected and processed.
However, data establishing proof of a right or contract or data retained to comply with a legal obligation can be kept on file in accordance with the limitations periods of applicable law (in particular Commercial Code, Civil Code, Consumer Code).
If the right of access or rectification is exercised, data relating to identity documents may be stored for the period provided for in Article 9 of the Criminal Procedure Code (ie one year). In the event of exercise of the right to object, such data may be archived during the limitation period provided for in Article 8 of the Criminal Procedure Code (ie three years).
As well, when a BENEFICIARY exercises his right to object for commercial prospection, the information allowing him to take into account his right to object will be stored for a minimum of three years from the exercise of the right to object. This data will not be used for purposes other than the management of the right to object.
ARTICLE 9. YOUR RIGHTS
You have a right to access, correct, update, lock, or delete personal data concerning you that is inaccurate, incomplete, mistaken, out-of-date, or whose collection, use, communication, or retention is prohibited.
Provided there are legitimate grounds to do so, you can also object to any personal data about you that The COMPANY processes.
When making a request for the correction, deletion, updating, or locking of data processed by the COMPANY through their DOMAINS, please send an email to the address appearing on each DOMAIN, or send a message by standard postal delivery, stating your identity and the reason you are requesting such action:
Privacy Champion (Legal department)
27 avenue du Général Leclerc
ARTICLE 10. CONNECTION DATA AND COOKIES
Each USER navigating on a DOMAIN should consult the Cookies Charter published on the DOMAIN by THE COMPANY.
ARTICLE 11. SOCIAL NETWORKS
You have the option of clicking on the icons dedicated to the social networks Twitter, Facebook, Google+, and/or LinkedIn appearing on the DOMAIN.
Any personal information that you may designate as public and accessible from your Twitter, Facebook, LinkedIn, and/or GOOGLE+ profiles shall be accessible to The COMPANY, and the USER expressly authorizes this access.
However, The COMPANY does not create or use any independent database of FACEBOOK and GOOGLE + from any personal information you may post there and the Company will not process any data relating to your privacy through this means.
If you wish to challenge The COMPANY’S access to personal information designated as public and accessible from a link between your profiles and the applicable social network, you must use the applicable social network functions to limit such access to your data.
ARTICLE 12. SECURITY
The COMPANY shall endeavor to protect your PERSONAL DATA against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction. The COMPANY has put material, electronic and organizational measures in place to prevent any loss, misuse and unauthorized access, circulation, alteration or destruction of this personal data. Amongst these protection measures, the COMPANY incorporates advanced technologies specially designed to protect personal data during transfer and to prevent transmission errors or unauthorized actions by third parties. Physical and electronic procedures are implemented to back up the Personal Data collected on the DOMAIN. The COMPANY’S employees who, as a result of their position, would have access to your PERSONAL DATA are committed to maintaining the utmost confidentiality. However, the COMPANY cannot control all of the risks associated with internet operation and draws your attention to the existence of potential risks in terms of occasional loss of data or breach of confidentiality of the data passing through the internet. The information provided on the DOMAIN may be interrupted in the case of force majeure events, events outside of the control of the COMPANY or events for which the COMPANY is not responsible. It is important that you exercise caution to prevent any unauthorized access to your personal data. You are responsible for the confidentiality of your password and the information that appears in your account. As a result, you must make sure that you close your session if you are using a shared computer.
The COMPANY is committed to guaranteeing the protection of PERSONAL DATA. If you have reason to believe that the security of your PERSONAL DATA has been compromised or that it has been misused, please contact the COMPANY at the following address:
The COMPANY will handle complaints concerning the use and disclosure of PERSONAL DATA and will attempt to find a solution in accordance with the principles of this personal data protection policy and the applicable rules on the subject.
ARTICLE 13. APPLICABLE LAW
This personal data protection policy is governed by French law.
ARTICLE 14 .Date of entry into force and Updating of the Personal Data protection policy
Use of the DOMAIN is subject to the personal data protection policy in force at the time of use. The COMPANY may modify the personal data protection policy according to its needs or if it is required to do so by the Law or regulations. These updates will be made without advance warning and will be circulated online. The previous personal data protection policy will then be terminated by operation of law and replaced by the new version, which will be made immediately enforceable for any USER from the date it is put online.
ARTICLE 15. Questions / Contact
For any questions or comments relating to this personal data protection policy or about how the COMPANY collects and uses your PERSONAL DATA, please email us at firstname.lastname@example.org or send a letter to the COMPANY.