How do we use your data?

We collect the personal data that you provide to our departments or when placing an order for our goods and services. We use this information to render the services requested, keep guarantee documents and, if you so agree, send you marketing and instructional materials. We do not sell your information for commercial purposes. For more detailed information on how we use your data, see the Privacy Policy below.

PREFACE

This Privacy Policy is intended for you as a user of the website www.opendatasoft.com (hereinafter the “PLATFORM”). Its purpose is to inform you of how your personal information may be collected and processed, should the need arise, by OpenDataSoft, a simplified joint-stock company with a capital of €331,051.00 domiciled at 130, rue de Lourmel, 75015 PARIS, RCS PARIS 538 168 329 (hereinafter “OpenDataSoft”).

Via the PLATFORM, OpenDataSoft provides a SaaS service that has several possible uses such as Open Data portals, internal system data repositories, smart city platforms.

This service enables the following:

• Processing and publication of datasets for systems management,
• User data search and visualization.
• Reuse of data via simple and powerful APIs for developers.

Our priority is to respect your privacy and personal data and we undertake to strictly comply with the French Computing and Civil Liberties Act of January 6, 1978 (hereinafter the “CCL Act”) as modified and the EU General Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”).

Under all circumstances, we undertake to uphold these two (2) basic principles:

• You remain in control of your personal data
• Your data will be processed in a secure manner with transparency and confidentiality.

ARTICLE 1. DEFINITIONS

• BACK OFFICE: The DOMAIN’s administrative interface that OpenDataSoft provides to the CLIENT. The BACK OFFICE enables the CLIENT to customize his/her DOMAIN’S graphic interface and set administrator rights for the DOMAIN and security levels to create DATASETS, edit and publish them, etc. BACK OFFICE functionalities are listed at https://docs.opendatasoft.com.
• BENEFICIARY: The end USER who has a right to access the DATASETS published by the CLIENT.
• CLIENT: The DATASET producer registered on the PLATFORM who has subscribed to one of the services offered by OpenDataSoft for the purpose of using the SERVICE.
• DOMAIN: The domain name for the http://.opendatasoft.com type that the CLIENT opened as part of the subscribed service to publish DATASETS. Under some conditions (if a DNS entry configured by the CLIENT is added), specific DOMAINS can also be opened.
• USERNAME: The electronic messaging address (or the username) and password that you choose when registering as a CLIENT on the WEBSITE, which are used to log into the BACK OFFICE.
• DATASETS: Data that are generated by CLIENTS, published on the PLATFORM and made available to all or some USER categories depending on the CLIENT’S subscribed service and licenses he/she provides.
• PLATFORM or WEBSITE: The platform published by OpenDataSoft and all of its graphic, audio, visual, software and textual components. The PLATFORM is the exclusive property of OpenDataSoft. The PLATFORM’S URL is https://www.opendatasoft.com/.
• SERVICES: All the services offered by OpenDataSoft on the PLATFORM. SERVICES are explained in the General Terms of Use (GTU) at https://legal.opendatasoft.com/fr/terms-of-use.html.
• USERS: All the categories of PLATFORM users. The following are considered to be USERS:
• BENEFICIARIES that access DATASETS,
• The CLIENT, or the DATASET producer.

ARTICLE 2. THE CONTROLLER’S IDENTITY

OpenDataSoft collects and processes the CLIENT’S personal data. It is the controller of any personal data that OpenDataSoft collects and processes when the CLIENT subscribes to the SERVICE in order to create a DOMAIN.

However, OpenDataSoft will act as the CLIENT’S processor when the CLIENT collects and processes data through his/her DOMAIN, which it is solely responsible for administering. As such, each CLIENT shall have controller status for the data of BENEFICIARIES carried out from his/her DOMAINS and any DATASETS published on said DOMAIN. Once OpenDataSoft itself publishes its own DOMAIN, it then has the same controller status as CLIENTS.

Therefore, this privacy policy pertains to data processes conducted by OpenDataSoft for the purposes of registering for a SERVICE. BENEFICIARIES should refer to the information that CLIENTS publish on each DOMAIN for the specific policy on personal data and, more broadly, on the DATASETS published via said DOMAINS, for which the publisher of said DOMAINS is solely responsible.

ARTICLE 3. CONTACT INFORMATION FOR OUR DATA PROTECTION OFFICER

Our Data Protection Officer (hereinafter the “DPO”) is available to answer any of your requests, including if you wish to exercise your rights pertaining to personal data. You may contact the DPO by email at cil@opendatasoft.com or by mail at OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS.

ARTICLE 4. DATA COLLECTION AND ORIGIN

As part of operating the WEBSITE, OpenDataSoft is likely to collect personal data pertaining to the USERS of its WEBSITE. Moreover, data on your navigation of our WEBSITE may also be used to determine your needs and topics of interests, and to target our marketing and advertising materials accordingly. In any event, you are informed of the reasons we collect your data from online data collection forms, your customer account or our Cookie Policy.

ARTICLE 5. CONSENT

When you open your DOMAIN or manage your BACK OFFICE on the WEBSITE, you fill out a range of forms and provide a variety of your personal data in order to receive all the SERVICES that OpenDataSoft offers. These data are required to carry out your contract with OpenDataSoft.

ARTICLE 6. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

OpenDataSoft collects a variety of your data in order to:

• Properly operate and continuously improve the WEBSITE, its functionalities and the SERVICE

• Manage payments for SERVICES

• Send newsletters and non-marketing messages

• Manage CLIENTS

• Manage claims to rights granted by the French Computing and Civil Liberties Act as modified

• Manage unpaid invoices and litigations

As the PLATFORM publisher, OpenDataSoft also encourages its CLIENTS to ensure compliance with applicable laws when processing data received on their DOMAINS.

ARTICLE 7. THE DATA PROCESSED

At the time data are collected, you are informed as to whether providing your personal data is required or optional as well as any consequences that may occur if you do not respond.

Click below to read more about the personal data we are likely to have about you.

In all cases, and with respect to the data processing for which it alone determines the reasons, OpenDataSoft undertakes to process all data collected in compliance with the GDPR and the French Computing and Civil Liberties Act.

ARTICLE 8. WHO RECEIVES YOUR DATA

Insofar as their respective remits and for the purposes iterated in Article 6, the main people likely to have access to your data are as follows:

• Our authorized personnel: Authorized personnel in these departments: R&D, marketing, sales, administration, logistics, IT, service improvement functions, customer relations, client development and quality control.
• Authorized personnel working for our processors.

• If applicable, the relevant jurisdictions, mediators, accountants, auditors, attorneys, bailiffs, collection agencies,
• Third parties that may install cookies on your devices (cellular telephone, computer, tablet) when you give your consent. See our Cookie Policy for more information.
• Other USERS on the PLATFORM that you select

Your personal data are not divulged, shared, sold or leased without your explicit prior consent in compliance with the applicable legal and regulatory provisions.

ARTICLE 9. TRANSFERRING DATA OUTSIDE THE EUROPEAN UNION

n some cases, your personal information will be saved on servers located outside the European Economic Area (EEA). In such cases, we have taken the appropriate measures to ensure your data are stored in a completely secure manner.

You can ask to view the documents containing the relevant contractual guarantees by emailing a request to our Data Protection Officer at cil@opendatasoft.com or mailing it to OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS.

ARTICLE 10. DATA RETENTION PERIOD

We only keep your data for as long as is necessary to satisfy the purposes cited in Article 4. Click below for more information.

ARTICLE 11. YOUR RIGHTS

Pursuant to the French Computing and Civil Liberties Act and the GDPR, you have the following rights:

• A right to access (GDPR Article 15), rectify (GDPR Article 16), update, and complete your data.
• A right to lock or erase your personal data (GDPR Article 17) if they are inaccurate, incomplete, dubious, obsolete or are prohibited from being collected, used, shared or retained
• A right to withdraw your consent at any time (GDPR Article 13-2c)
• A right to restrict the processing of your data (GDPR Article 18)
• A right to object to the processing of your data (GDPR Article 21)
• A right of portability of the data you have provided us when your data have undergone automated processing based on your consent or a contract (GDPR Article 20)
• A right to determine what happens to your data after your death and to choose whether we should send your data to a third party whom you designate.

In the event of death, and in the absence of any instructions from you, we undertake to destroy your data unless it proves necessary to retain them for evidentiary purposes or to comply with a legal requirement.

You may exercise your rights by emailing cil@opendatasoft.com or by mailing a letter to OpenDataSoft – Service juridique, 130, rue de Lourmel, 75015 PARIS. You can also file a claim with the oversight authorities and, specifically, the CNIL (French Data Protection Authority).

ARTICLE 12. LOGIN DATA AND COOKIES

To properly operate the WEBSITE and SERVICES, we use login data (date, time, URL, the visitor’s ISP, pages viewed) and cookies (small files saved on your computer) in order to identify you, log your visits and gather visitor traffic analytics and statistics for the WEBSITE, particularly with respect to the pages viewed.

For this purpose, OpenDataSoft has written a Cookie Policy to provide you specific information on how they are used.

ARTICLE 13. SOCIAL MEDIA

You can click on the icons for Twitter, Facebook and LinkedIn that are posted on our website and mobile app.

When you use these buttons, we may have access to the personal information you have specified as public that can be accessed from your Twitter, Facebook and LinkedIn profiles. Nevertheless, we neither create nor use any databases separate from Twitter, Facebook and LinkedIn with the personal information you may have posted on these sites and never utilize any data about your personal life obtained in this manner.

If you do not wish for us to have access to the personal information posted on the public section of your profiles or social media accounts, you must use the resources provided by Twitter, Facebook and LinkedIn to restrict access to your data.

ARTICLE 14. SECURITY

In terms of your data’s security and confidentiality, OpenDataSoft complies with the GDPR and the French Computing and Civil Liberties Act.

We make every technical and organizational effort to ensure that our processing of personal data is secure and your data remains confidential.

As such, in terms of the nature of your data and the risks our processing pose, we take every necessary precaution to protect the security of your data and specifically to prevent them from being distorted, damaged or accessed by an unauthorized third party (physical protection of the premises, authentication procedures for people with access to the data with personal secure access using confidential usernames and passwords, secure https protocol, logging and tracking login sessions, encryption of certain data, etc.)