Privacy policy
At DATASSET, respecting your privacy is essential. When you use our services, you entrust us with your personal data. We are committed to taking care of it. This policy is designed to help you understand how we collect and process your personal data, and what your rights are.
Who is responsible for processing your data?
DATASSET, a simplified joint-stock company registered under the number 894 680 644 RCS Paris with its registered office at 152 Boulevard Pereire – 75017 Paris, is responsible for processing your data.
What data do we collect?
We collect the following personal data:
- Data you provide us: when you contact us, book a demonstration, place an order, or interact with us in any other way, we collect the personal information you provide.
- In all cases, we only ask for the information we really need. You are free to provide this information or not, but if you refuse, we may not be able to respond to your requests or give you access to our services.
- Data we collect automatically: we collect data from you and your devices when you use our services. We automatically collect this data through cookies. To learn more about these technologies, please read our Cookie Policy.
- Data we collect from other sources: subject to applicable law, we may collect personal data about you from other sources such as professional social networks.
- We may collect, or process on behalf and at the discretion of our customers, the email user data (from providers such as Google, Microsoft etc.) when you use or interact with our products and services.
- Data we collect and process on behalf of clients: When our business clients use our services, we process personal data on their behalf as a data processor. For example, when a client uploads a cap table to track their investments, we act as a data processor and process this document on behalf of the client and in accordance with their instructions. In these cases, the client is the data controller. They are responsible for most aspects of personal data processing. If you have questions or concerns about how personal data is processed in these cases, including how to exercise your rights as a data subject, you should contact the client. If we receive requests for rights concerning cases where we act as a data processor, we will forward your request to the relevant client.
Why do we collect your data and how long do we keep it?
We process your data for defined purposes, based on a "legal justification" (or legal basis), and for a limited duration. The table below details the purposes and legal bases of our processing, as well as the applicable retention periods.
{{table}}
Please note that your data may be retained for a longer period, for example, to establish proof of a right or under a legal obligation. In any case, your data is not retained beyond what is strictly necessary for the purposes for which it is processed. When your data is no longer necessary, we will ensure that it is either deleted or anonymized.
Who do we share your data with?
We share your data only with:
- Duly authorized personnel of DATASSET, who need access to your data in the course of their duties,
- Our external advisors (lawyers, auditors, etc.), when necessary for the purposes of the legitimate interests pursued by DATASSET,
- Public or judicial authorities, when we are legally required to do so.
We may also share your personal data with third parties as part of a potential or actual sale or restructuring of our company or some of our assets, in which case your data may be part of the transferred assets.
We also engage subcontractors who process your personal data on our behalf. In this context, your personal data may be transferred outside the European Economic Area (EEA) to countries (such as the United States) that do not provide a level of data protection equivalent to that which you enjoy within the EEA. In the absence of a decision of adequacy by the European Commission under Article 45 of the GDPR, the transfer of your personal data will be governed by appropriate transfer mechanisms under Articles 46 and following of the GDPR (such as standard contractual clauses adopted by the European Commission). You can obtain a copy of these mechanisms (excluding confidential provisions) by contacting us at the contact details provided in the section "Contact."
What are your rights and how to exercice them?
You have several rights regarding your data:
- You can revoke your consent at any time for any data processing based on your consent.
- You can ask us to confirm whether we are processing your data and, if so, provide you with information about the processing, allow you to access it, and obtain a copy.
- You can ask us to correct or complete your data if it is incorrect or incomplete.
- In some cases, you can ask us to delete your data or limit its processing.
- In certain cases, you can ask us to provide your data in a structured, commonly used, and machine-readable format, or you can request that it be transmitted directly to another data controller.
- You have the right to establish directives (general or specific) regarding the fate of your data after your death.
- You can object to any data processing based on our "legitimate interest." If you exercise this right, we must stop processing, unless we demonstrate compelling legitimate grounds for the processing that override your rights and freedoms, or for the establishment, exercise, or defense of legal claims.
- You can object at any time to the processing of your data for marketing purposes.
- You can exercise your rights by contacting us at the contact details provided in the "Contact" section.
You also have the right to lodge a complaint with the competent supervisory authority regarding the processing of your data. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).
How do we protect your data?
We take the security of your data seriously and implement industry-leading measures to ensure its protection, including:
- Encryption: All data is encrypted both in transit and at rest, using advanced encryption protocols like AES-256 and TLS (Transport Layer Security). This ensures that your sensitive information, including email user data, is protected from unauthorized access.
- Access Control: We use strict Role-Based Access Control (RBAC) mechanisms to ensure that only authorized personnel can access sensitive data. Regular access audits are conducted to maintain the highest security standards.
- Data Minimization: We only store essential data. For example, email content is accessed via secure API calls to the email provider, and we do not retain unnecessary information on our servers.
- Backups and Recovery: Daily backups are maintained securely to ensure data integrity and availability in case of any disruptions. In case of incidents, our disaster recovery procedures are in place to minimize any impact.
Protection of minors
Our services are not intended for minors and are not intended to be used by minors. We do not knowingly collect information from minors, nor do we request any information from them. We do not knowingly allow minors to use our services. Anyone providing their information to DATASSET as part of an order declares that they have reached the legal age of majority. If we discover that we have collected information from a minor without the consent of their parents or legal guardians, we will delete it. Please contact us at the contact details provided in Article 7 below if you believe you have provided us with information about a minor without the consent of their parents or legal guardians.
Contact
For more information about your rights, how to exercise them, or for any questions or complaints regarding the protection of your personal data, you can write to us at privacy@datasset.vc.
Modification of the policy
We may modify this privacy policy to account for changes in legislation, our services, our data processing practices, or technological advancements. Our use of personal data we collect is subject to the Privacy Policy in effect at the time the data is used. Depending on the nature of the modification, we may inform you of the change by posting an update on this page.
Purposes | Legal Bases | Retention Period |
---|---|---|
Provision of services | This processing is necessary for the performance of the contract concluded between your company and DATASSET. | Duration of the contractual relationship between your company and DATASSET |
Accounting, tax obligations, etc. | This processing is necessary for compliance with a legal obligation to which we are subject. | In the form of an intermediate archive, for the legally required retention period |
Commercial prospecting by electronic means | This processing is necessary for the pursuit of our legitimate interest in making ourselves known and developing our business. However, where required, we will ask for your consent. | Until consent is withdrawn (if applicable), or 3 years from the end of the business relationship if you are a client, or from the collection of your data or the last contact from you if you are a prospect |
Commercial statistics, studies, surveys, etc. | This processing is necessary for the pursuit of our legitimate interest in improving our processes and commercial performance. | 1 year |
Management of requests to exercise rights | This processing is necessary for compliance with a legal obligation to which we are subject. | The time necessary to respond to your request (in principle, 1 month; maximum 3 months in case of a complex request) |
Management of an opt-out list | This processing is necessary for the pursuit of our legitimate interest in respecting your wishes regarding the processing of your data. | 3 years from the exercise of the right |