Privacy Policy

1. Definition

User account : refers to the personal space of a user registered for the Azopio Service on the Azopio platform

Cookie : refers to any information deposited on the hard drive of an Internet user by the server of the site he is visiting. It contains several data : the name of the server which deposited it, an identifier in the form of a unique number, possibly an expiration date. This information is sometimes stored on the computer in a simple text file which a server accesses to read and save information.

Personal Data : refers to any information related to an identified individual or someone who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to him.

Data Subject : refers to the individual whose Personal Data is processed.

Platform : refers to all of Azopio’s software resources, accessible on the Internet, in particular from the app.azopio.com website and through which Azopio provides the Services to the User.

Processing controller : refers to any individual, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the Processing; when the purposes and means of this Processing are determined by European Union law or the law of a Member State, the Data Controller may be appointed or the specific criteria applicable to his appointment may be provided for by the law of the European Union or by the law of a Member State.

GDPR : refers to Regulation (EU) 2016/679 of the European Parliament and of the European Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the directive 95/46 / CE (known as the General Data Protection Regulation)

Processing of Personal Data : refers to any operation or set of operations related to such data, regardless of the process used, and in particular the collection, recording, organization, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, as well as blocking, deletion or destruction.

Azopio Service(s) : refers to the application entity as well as its database accessible via the app.azopio.com website and allowing each User to archive, consult, print, share, extract key information contained in the documents, to transfer and save these documents.

Site : refers to the Azopio websited accessible on https://app.azopio.com

User(s) : refers to Internet users browsing the Site (“Site Users”) and persons who have subscribed to the Azopio Service (“Service Users”).

2. Processing of personal data

2.1. Processing Controller

The person responsible for Processing Personal Data in connection with the use of the Site and the Services it offers is Azopio, a simplified joint-stock company with a capital of 5,000 euros, registered with the RCS of Paris under number 821 449 634 and whose registered office is at 38, Avenue de Wagram, 75008 Paris, France, represented by its acting Chairman.

2.2. Personal data collected

When browsing the Site, the following data is collected: IP address(es) and domain name, connection data and navigation data when the User authorizes it.

When creating a User Account, the following data is collected: last name, first name, address, company name and name of the person concerned where applicable, email address, telephone number, postal address, intra-community VAT number, for Paid Services banking data (bank card number, expiry date of the bank card, visual cryptogram), data related to the monitoring of the commercial relationship and the settlement of invoices (order history, complaints, incidents, information relating to subscriptions and correspondence) as well as the accounting data relating to his professional activity imported within the framework of the execution of the Service.

The mandatory or optional nature of the data is indicated during collection by an asterisk.

In addition, certain data is collected automatically as a result of the actions of the User on the Site (see the paragraph on cookies).

Additional Limits on Use of Your Google User Data : Notwithstanding anything else in this Privacy Policy, Azopio is subject to the following restrictions related to the User’s Google data:

  • The Azopio Service will only use access to read Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email fetcher that allows Azopio to read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • The Azopio Service will not use this Gmail data for serving advertisements.
  • The Azopio Service will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.

Azopio’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements.

2.3. Data recipients

The Personal Data collected is intended for Azopio’s sales, customer support and accounting departments.

They can be sent to the subcontracting companies which Azopio can call upon in the context of the performance of its services.

Azopio does not transfer or rent Personal Data to third parties for marketing purposes, without the express consent of Azopio users.

Apart from these assumptions, the disclosure of Personal Data to third parties may only take place in the following cases:

  • with their authorization
  • at the request of the legally competent authorities, on judicial requisition, or in the context of a legal dispute

2.4. Purposes – Legal basis of the Processing

The processing of data collected in connection with the use of the Services is necessary for its execution and for the purpose of:

  • the commercial and accounting management of the contract
  • the management of prospecting operations
  • the development of trade statistics and the monitoring of compliance with regulations on information technology and freedoms
  • the provision of technical support to the User
  • more generally any purpose referred to in Article 2 of the Deliberation Number 2012-209 of June 21, 2012 creating a simplified standard concerning the automated processing of personal data relating to the management of users and prospects.

The processing of data relating to navigation on the Site is intended to facilitate navigation and to produce visitor statistics.

These Processing are based on article 6, paragraph 1, point b) of Regulation (EU) 2016/679 of the European Parliament and of the European Council of April 27, 2016.

2.5. Data retention period

Personal Data processed in connection with the use of the Services are kept for a period of 5 (five) years from the closure of the User Account.

Personal Data related to prospects are kept for a period of 3 (three) from their collection by the Data Controller or from the last contact from the prospect.

Personal Data processed in the context of browsing the Site are kept for a period of 13 months from their collection.

3. Personal rights

The persons whose Personal Data are collected benefit from a right of access to the Personal Data concerning them, the rectification or the deletion of these, a limitation of the Processing, the portability of the data as well as the right to oppose the Processing.

The Data Subject is however informed that the Personal Data collected is necessary for the downloading of the content so that in the event of use of his right to delete the data, to oppose or limit the Processing, the content may not be provided.

These rights can be exercised by sending an email to privacy@azopio.com or by mail to: Azopio SAS, Confidentiality Policy, 38, Avenue de Wagram, 75008 Paris, France

Azopio responds to the person who has made use of one of the aforementioned rights within one month of receiving the request.

This period may nevertheless be extended by two months, given the complexity and the number of requests. In this case, Azopio will inform the concerned Person of this extension within one month of receiving the request.

When the Data Subject makes their request in electronic form, the information is provided electronically when possible unless they request otherwise.

If Azopio refuses to respond to the request for information made by the Data Subject, the latter specifies the reasons for this refusal.

The Data Subject has the possibility to lodge a complaint with the “Commission Nationale de l’Informatique et des Libertés” or the supervisory authority of the Member State of the European Union in which he resides and to lodge a legal appeal.

The different rights of the Data Subject are detailed below:

  • Right of Access
    Any person can contact the Data Controller if Personal Data concerning them are subject to Processing.

If so, the Data Subject may obtain a copy of the Personal Data subject to Processing as well as the following information:

    • purposes of the Processing ;
    • categories of Personal Data concerned ;
    • recipients or categories of recipients of the data ;
    • where possible, the planned retention period of the data or, when this is not possible, the criteria used to determine this period ;
    • when Personal Data is not collected from the Data Subject, any information available as to their source ;
    • where applicable, the existence of automated decision-making, including profiling, and useful information concerning the underlying logic, as well as the importance and expected consequences of this Processing for the Data Subject.

 

  • Right of Rectification
    Any person whose Personal Data is the subject of Processing has the right to obtain the rectification of the data concerning him which is inaccurate and that this data be completed if the purpose of the Processing so requires.

 

  • Right to erasure
    Anyone whose Personal Data is subject to Processing has the right to obtain from the Controller the erasure of such data in the following cases:
    • When the Personal Data are no longer necessary for the purposes for which there were collected or otherwise processed;
    • When the data Subject has withdrawn the consent on which the Processing was based and there is no other legal basis for the Processing ;
    • In the event that the Processing is based on the legitimate interest of the Data Controller, when the Data Subject has objected to the Processing there is no overriding legitimate reason for the Processing,
    • In the event that the Processing is for the purpose of prospecting or profiling linked to such prospecting, when the Data Subject has objected to the Processing ;
    • when the Personal Data has been the subject of unlawful Processing ;
    • when the Personal Data must be erased to comply with a legal obligation provided for by European Union law or by the law of the Member State to which the Data Controller is subject ;

 

The Data Controller may, however, refuse to erase the data in the following cases:

    • to comply with a legal obligation which requires the Processing provided for by European Union law or by French law ;
    • when the Processing is solely for statistical purposes ;
    • when the Processing is necessary for the establishment, exercise or defense of legal claims.

 

  • Right of limitation
    Any person whose Personal Data is the subject of Processing may ask the Controller to limit Processing in the following cases :
    • when it disputes the accuracy of its Personal Data, for a period allowing the Data Controller to verify the accuracy of the data ;
    • when the Processing does not comply with the regulations but the data holder does not wish to erase them;
    • when the Data Controller no longer needs the Personal Data for the purposes of the Processing but these are still necessary for the user for the establishment, exercise or defense of legal claims;
    • when it has objected to the Processing, during the verification whether the legitimate reasons pursued by the Data Controller prevail over those of the Data Subject.

 

When Processing has been limited, with the exception of retention, data can only be processed in the following cases :

    • with the consent of the Data Subject,
    • for the establishment, exercise or defense of legal claims,
    • for the protection of the rights of another individual, or for important reasons of public interest of the European Union or of a Member State.

If the limitation should then be lifted, the Data Controller will inform the Data Subject in advance.

 

  • Right to portability
    Any person whose Personal Data is the subject of Processing may request the Controller to communicate this data to him or to transmit them to another Controller in the following cases :
    • when the Processing has been set up following the consent of the Data Subject
    • when the Processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of pre-contractual measures taken at the latter’s request
    • when the Processing is carried out using automated processes

 

  • Right of opposition
    Any person whose Personal Data is the subject of Processing has a right to object to such Processing under the following conditions :
    • when the Processing based on the satisfaction of the legitimate interests pursued by the Controller or by a third party, for reasons relating to his particular situation and if the Controller does not demonstrate that there are legitimate and compelling reasons for the Treatment prevailing over the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims
    • when the Processing is carried out for the purposes of prospecting or profiling linked to such prospecting may object to this Processing, unconditionally
    • when the Processing is carried out for statistical purposes, for reasons relating to its particular situation

4. Data storage place

The hosting servers on which Azopio processes and stores Personal Data are exclusively located within the European Union, also including data relating to invoicing (surname, first name, postal address) which are processed by the platform. Billing Center located in Castelnau-le-Lez, France, and having implemented an internal privacy policy in accordance with the GDPR but excluding, however, payment data (bank data) which is processed by the Stripe payment platform located in San Francisco, CA, USA, a company having implemented an internal privacy policy in accordance with the GDPR.

5. Complaints to a supervisory authority

Any person whose Personal Data is the subject of Processing may lodge a complaint relating to the Processing of data concerning him/her with the CNIL or the supervisory authority of the Member State of the European Union in which he/she resides.

6. Cookies

The site may automatically collect standard information. All information collected indirectly will only be used to track the volume, type and configuration of traffic using this site, to develop its design and layout and for other administrative and planning purposes and more generally to improve the service offered to the User.

6.1. Types of cookies used

  • Cookies necessary for browsing the site

These cookies are necessary for the operation of the Azopio.com website. They allow the use of the main functionalities of the Site.

Without these cookies, users cannot use the Site normally.

  • Functional cookies

These cookies are used to personalize the user experience.

  • Analytical cookies

These cookies make it possible to know the use and performance of the Site and to improve its operation by carrying out analyzes of information page visits, by monitoring open rates, click-through rates and rates. rebound at the individual level.

  • Share button cookies

These social cookies allow users to share pages and content on third party social networks through social sharing buttons.

6.2. Cookies management

Users have the option of accepting or rejecting cookies on a case-by-case basis or rejecting them once and for all by setting their browser.

If the User chooses to refuse all cookies, navigation accessing certain pages of the Site will be reduced.

Depending on the browser used by users, the procedures for deleting cookies are as follows:

  • On Internet Explorer

Click on the Tools button, then on Internet Options.
On the General tab, under Browsing history, click Settings.
Click on the View files button.
Select the cookies to refuse and click on delete.

  • On Firefox

Click on the Tools icon in the browser, select the Options menu
In the window that appears, choose “Privacy” and click on “Display cookies”
Select the cookies to refuse and click on delete.

  • On Safari

Click on the Edit icon, select the Preferences menu.
Click on Security then on Show cookies.
Select the cookies to refuse and click on delete

  • On Google Chrome

Click on the Tools icon, select the Options menu, then click the Advanced options tab and access the “Confidentiality” section.
Click on the “Show cookies” button.
Select the cookies to refuse then click on delete.

6.3. Lifetime of cookies

Cookies are placed on the User’s terminal for a maximum period of 13 months from the manifestation of the User’s consent.

After this period, consent will be collected again.

7. Security and personal data protection measures in place

7.1. Security

Azopio has taken all necessary precautions to preserve the security of Personal Data and, in particular, to prevent it from being distorted or damaged or from unauthorized third parties having access to it.

These measures include the following:

  • Multi-level firewall
  • Well-known anti-virus and detection of intrusion attempts
  • Encrypted data transmission using SSL/https/VPN technology
  • The means to restore the availability of Personal Data and access them within appropriate timeframes in the event of a physical or technical incident
  • A procedure aimed at testing, analyzing and regularly assessing the effectiveness of the technical and organizational measures to ensure the security of the processing.

 

In addition, access to the Processing by the recipient Azopio services requires authentication of the persons accessing the data, by means of an individual access code and password, sufficiently robust and regularly renewed.

Data passing through unsecured communication channels is subject to technical measures aimed at making this data incomprehensible to any unauthorized person.

Any questions about the security of our Website can be directed to support@azopio.com.

7.2. Subcontractors

Azopio only uses subcontractors who provide sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the GDPR and guarantees the protection of the rights of the Data Subject.

As such, the Azopio infrastructures for the execution of the Service are installed in highly secure Data-Centers, located in the European Union, offering all the security guarantees such as anti-intrusion protection, anti-intrusion protection. fire, data replication on several servers, a platform protected 24/7 by video surveillance and access limited to authorized personnel.

7.3. Azopio’s commitments in the event of a personal data breach

In the event of a Personal Data breach, Azopio shall notify the breach in question to the competent supervisory authority as soon as possible and, if possible, no later than 72 hours after becoming aware of it, unless the breach in question is not likely to create a risk for the rights and freedoms of natural persons.

When a Personal Data violation is likely to generate a high risk for the rights and freedoms of the Data Subject, Azopio communicates the Personal Data violation to the Data Subject as soon as possible except in the following cases:

  • It was able to implement appropriate technical and organizational protection measures making the Personal Data incomprehensible to any person who is not authorized to have access to it, such as encryption
  • It has taken subsequent measures which ensure that the high risk to the rights and freedoms of the Data Subject is no longer likely to materialize
  • It has carried out a public communication or a similar measure allowing the Data Subjects to be informed in an equally effective manner.

8. Data protection officer

Azopio has appointed a Data Protection Officer with the CNIL in the person of Mr. Sébastien Peypoux who now assumes the functions of Data Protection Officer.

9. Modification of the privacy policy

Azopio reserves the right to change this Privacy Policy in order to comply with changes in the laws and regulations in force.

The modifications made will be notified via the Site or by email, as far as possible, at least 30 (thirty) days before their entry into force.