Privacy policy
Updated on 19 February 2024
The English version is not the official one.
If necessary, please consult the French version (Version en français).
- 1. What information do we collect? How do we use it and why?
- 2. How do we share your information with third parties and abroad?
- 3. What is our cookies policy?
- 4 . What are your rights regarding your data?
- 4.a. Right of access (article 15 GDPR)
- 4.b. Right to portability (Article 20 GDPR)
- 4.c. Right of rectification (Article 16 of the GDPR)
- 4.d. Right of erasure (Article 17 GDPR)
- 4.e. Right to object (Article 21 of the GDPR)
- 4.f. Right to restrict processing (Article 18 of the GDPR)
- 4.g. Right to give instructions concerning the fate of data after your death (article 85 of the Data Protection Act)
- 4.h. Right to withdraw consent (Article 7 GDPR)
- 4.i. Right of appeal
- 5. Is your data secure?
- 6. How can you exercise your rights regarding your data?
Hello and welcome to our Privacy Policy. Here we explain how we collect, use, share, store and transfer your information in the operation of the “assisteu.eu” website (the “Website”) and what rights you have over your information.
Before we begin, please note that the terms “we”, “us” or “assistEU” refer to assistEU SAS, the company responsible for all the uses described in this policy, registered with the Nanterre Trade and Companies Register under number 883 586 455, whose registered office is located at 144, avenue Charles de Gaulle, 92200 Neuilly-Sur-Seine.
Our Data Protection Officer (the “DPO”) is Adrien Touchagues. You can contact him by e-mail at dpo@assisteu.eu, in particular to exercise your rights or ask questions.
The term “you” and its derivatives refer to you, the reader of this privacy policy.
1. What information do we collect? How do we use it and why?
1.a. Use of information from all visitors to the Site
For each visitor to the Site, the following information is transmitted by default by your Internet browser and is therefore collected automatically by us:
- The operating system of your terminal (Windows, Mac, Android, iOS, etc.);
- The internet browser you are using and its language;
- Your IP address;
- The time of your visit;
- Technical information about your type of device (computer, smartphone, etc.);
- Where applicable, the website that referred you to asssiteu.eu.
This information is automatically collected and stored by our hosting service provider, OVH SAS, for a defined period of time in accordance with its terms of use and confidentiality, which can be consulted at the following address: https://www.ovhcloud.com/en/terms-and-conditions/privacy-policy/. The legal basis for the collection and use of this information is the need to collect and process it in order to implement our general terms and conditions.
We also collect any information that you send us using the various forms that may be available on the site (contact us, request a demonstration, request an appointment, etc.). Your information is used to receive and respond to your message. It is kept as part of our history of messages received until you exercise your right to have it deleted, or for a maximum of three years from the date of receipt of the form. All information requested in the contact forms is mandatory.The English version is not the official version.
In case of need, please refer to the French version.
The legal basis for the collection and use of this information is your consent, expressed by clicking on the “Send” button when sending the form.
1.b. Use of the information of our prospective customers, clients and assistEU account holders
In order to access the assistEU features, you must create an account (hereinafter the “Account”) under the conditions specified in the Terms and Conditions. The Account may be linked to a subscription or a free trial, as specified in our Terms and Conditions. In order to create an Account, you must provide us with the following information so that we can verify your identity, grant you access to the Site and secure that access:
- Your first and last name;
- Your professional email address and occupation;
- If applicable, the name of your practice structure, your position and your areas of practice; and
- Your telephone number.
This information is required to access the service.
This information is kept for a period of one year after your last visit or until you delete your account.
Our legal basis for collecting and using this information is that this collection and usage is necessary to comply with our Terms and Conditions.
If you are invited to create an account by an assistEU administrator or a client organisation, we collect and use your telephone number to ensure better support for our business relationship and to manage training sessions. This information is retained until you delete your account. In this case, the collection and use of your telephone number is legally based on our interest in contacting you by the most reliable means possible in order to ensure that you can take full advantage of all the features of the product and, consequently, to ensure the proper performance of our contractual obligations in accordance with our Terms and Conditions. It is not necessary to provide this information in order to access the services.
Your IP address, which is automatically transmitted under the conditions described in paragraph 1.a. above, is also used to ensure that your account is not shared with third parties. This information will be kept for a period of three years. The legal basis for the use of this information is the need for such processing in order to comply with our Terms and Conditions, the fact that the licence to use the Service is personal and non-transferable, and our legitimate interest in preventing third parties from benefiting from our paid services without a subscription.
When you subscribe, we also collect and use payment information relating to your chosen payment method. This information is transferred to a secure payment provider (also dependent on the payment method chosen) as described in question 2. The legal basis for this collection and use is that it is necessary to comply with our terms and conditions. Your payment method is only stored by our service provider (your payment details never pass through our servers) and only for the time necessary to process your payment or recurring subscription.
We may also use various types of information in the event of non-payment of amounts due under the contract between us. In order to identify a person in arrears, we may collect and use information relating to the payment incident (date of arrears, amount of arrears, purpose of arrears). In such a situation, in order to proceed with the recovery of outstanding debts, we will use the personal information collected at the time of your subscription (name, first name, profession, e-mail address and billing address) to send you reminders by any means. The purpose of this use is to identify unpaid invoices confirmed by the unpaid invoices management service, and the legal basis for this collection and processing is the need to enforce our Terms and Conditions. This information will be kept until the outstanding payment has been settled and/or for a maximum of 5 years from the date on which the outstanding payment was made.
Some of assistEU’s current or future features inherently require the collection and use of information about you. This is particularly the case for alerts or bookmarks that you create, or for our personalised emails. The information used for these purposes is your browsing history, your searches and the links you click in our emails. This information is kept until you delete your account or it is automatically deleted after one year if you have not visited the Website. The legal basis for collecting and using this information is that it is necessary to comply with our Terms and Conditions.
If the contract with the client organisation provides for it, we will provide them with the statistics on your use of assistEU, together with your surname, first name and e-mail address. This processing constitutes a reuse of the data collected in the context of the use of our functionalities. The legal basis for the collection and processing of this information is our legitimate interest and that of your organisation in the proper performance of the contract binding us to you, if the contract provides for such communication.
We may use your contact details (last name, first name, email address, telephone number, professional social networks) for commercial marketing purposes, which you may object to at any time by emailing dpo@assisteu.eu or, in the case of automated marketing, by clicking on the links to these effects. This information is collected either directly from you or through specialist service providers listed in the Transfers section of this policy, or from public sources such as official directories or your website. We also keep a record of your prospecting history (date and nature of your last exchanges). In order to use all this information for commercial prospecting purposes, your information will be kept for 3 years after your last contact with our teams (last phone call, last meeting, last click on a link in an email or SMS). The legal basis for this collection and use is our legitimate interest in offering you our products and services (Recital 47 of the GDPR).
In order to manage the returns you make to us, we collect certain information about you: your first and last name, the company you work for, and the nature of your return (product improvement suggestions or defects found).
In addition, when you use the Website, we also collect certain information relating to your activity (when you click a button, copy text, print or download a page, etc.). This information – previously pseudonymised – is collected using the Matomo application and stored exclusively on our servers for tracking and analysing user behaviour. It is only accessible to our dedicated product team.
The purpose of this processing is to learn from your use of the site in order to improve the product.
2. How do we share your information with third parties and abroad?
We collect and use the information we have told you about above only for our own purposes and do not sell it to third parties under any circumstances. It will only be transferred to the service providers listed below whose services are used to provide our services. We have signed personal data processing contracts with each of these service providers.
Some of them are based outside the EU and we have therefore ensured that they provide adequate safeguards for transfers.
Below you will find a list of assistEU’s service providers, their location and the appropriate safeguards adopted where applicable.
|
Provider |
Purpose of transfer |
Provider’s country |
|---|---|---|
|
OVH |
Website hosting |
France |
|
Axeptio |
Cookie consent management |
France |
|
Mailjet |
Emailing |
Germany |
|
Stripe |
Payment and invoicing |
United States, standard contractual clauses incorporated by reference into the contract and certified Data Privacy Framework |
|
Zoom |
Webinar and call platform |
United States, standard contractual clauses incorporated by reference into the contract and certified Data Privacy Framework |
|
Hubspot |
Email marketing campaigns |
United States, standard contractual clauses incorporated by reference into the contract and certified Data Privacy Framework |
3. What is our cookies policy?
We use cookies to improve your browsing experience and to provide you with targeted information about assistEU. They do not require your consent.
According to consultations n°2020-091 and n°2020-092 of 17 September 2020, assistEU is obliged to obtain the prior consent of the Website user for all cookies that are not strictly necessary. The deposit of cookies by third parties is therefore subject to the expression of your consent through the cookie preferences. This feature is disabled by default.
When you visit our Website for the first time, a cookie preferences banner will be displayed to allow you to refuse or accept the setting of cookies.
You can change your preferences at any time. If you would like to refuse these cookies or fine tune your consent and refusal, please click on the button below.
Non-consent cookies
We use cookies that are necessary to provide or improve our services or that are useful to our secure service providers to provide their services (Axeptio, Matomo, Stripe). These cookies do not require your consent.
The Matomo functionality has been configured in accordance with CNIL recommendations to be exempt from consent.
If you wish, you can opt out of any form of tracking, including anonymous tracking, by clicking the button below.
Cookies requiring consent
assistEU does not use cookies requiring user consent.
Summary of cookies used by assistEU
|
Cookies |
Purpose |
Cookie duration |
|---|---|---|
|
Necessary identifiers and audience |
These cookies are used to facilitate navigation, optimise the performance and security of our Website, analyse statistics and measure the audience of the Website anonymously. |
|
| Authentication |
Ensure secure authentication to the service |
12 months from deposit |
|
Axeptio |
Save cookie consents |
12 months from deposit |
|
Matomo |
Analyse statistics on visits to our Website |
13 months from deposit |
|
Stripe |
Secure payment processing |
12 months from deposit |
4 . What are your rights regarding your data?
The GDPR give you the following rights
- The right of access to your data;
- The right to portability to third party services;
- The right to rectify any inaccuracies;
- The right to erasure, under certain conditions;
- The right to object to processing, under certain conditions;
- The right to restrict processing;
- The right to decide what we do with your data in the event of your death;
- The right to withdraw your consent;
- The right to appeal to the CNIL or to the courts.
4.a. Right of access (article 15 GDPR)
You may have access to any information about you that we use by sending us a request, to which we will respond by providing you with a copy of all your personal data and any information required by law, including
- The types of information collected and used;
- The purposes for which it is used;
- The categories of recipients to whom your information has been or is likely to be disclosed;
- How long we will keep your information; and
- Details of your rights in relation to your information.
4.b. Right to portability (Article 20 GDPR)
If we use your data on the basis of your consent or because it is necessary for the performance of a contract, you have the right to portability of your data. This right differs from the right of access in that (i) it applies only to the data you have provided to us (excluding, in particular, aggregated statistics based on that data and data we have collected ourselves) and (ii) it allows you to obtain that data in a structured, machine-readable format.
Unlike the right of access, the right of data portability does not require the transferred file containing your data to be human readable. Strictly speaking, the file will only contain your personal data and no other information.
The right to portability of your personal data also opens up the possibility that it may be transferred to another data controller in accordance with your choices, provided that this is technically possible.
4.c. Right of rectification (Article 16 of the GDPR)
You may request that the information concerning you be rectified, completed or updated if it proves to be inaccurate, incomplete or out of date. You must give reasons for your request.
4.d. Right of erasure (Article 17 GDPR)
You may request that information about you be deleted if one of the following applies
- if your personal information is no longer necessary for the purposes for which it was collected or processed;
- if you have withdrawn your consent to the use of your personal information, provided that your prior consent was the legal basis for its collection and use and there is no other legal basis for it; or
- if you have effectively objected to the collection or use of information about you as described in the “Right to object” section; or
- if the use of your information is unlawful,
- if we are required to delete your information to comply with any legal obligation imposed on us; or
- if you were a minor when we collected your information. In the latter case, and provided you were a minor at the time of the request, a parent or guardian may also request that we delete your information.
4.e. Right to object (Article 21 of the GDPR)
You may object to our use of your information if both of the following conditions are met: (i) you can demonstrate reasons relating to your particular circumstances and (ii) the lawful basis for our use is the pursuit of a legitimate interest.
We may override your objection by demonstrating that there are compelling legitimate grounds for our use which override your interests and rights and freedoms, or for the establishment, exercise or defence of legal claims.
You may also object, at any time and without giving reasons, to the use of your personal information for the purposes of canvassing you.
4.f. Right to restrict processing (Article 18 of the GDPR)
You may request that we restrict the use of information about you:
- where you dispute the accuracy of information about you, for the period necessary to enable us to verify it
- if the use of your information is unlawful
- if you request us to retain your information where this is necessary for the establishment, exercise or defence of your legal rights; or
- where you have objected to the use of your information for the period necessary for us to verify that we have no other overriding legitimate grounds for continuing to use it.
4.g. Right to give instructions concerning the fate of data after your death (article 85 of the Data Protection Act)
You can give us instructions on how to store, delete and communicate information about you after your death.
4.h. Right to withdraw consent (Article 7 GDPR)
For all uses, including those listed above, for which your consent is the legal basis, you have the right to withdraw that consent at any time without having to give us a reason.
4.i. Right of appeal
If necessary, and if a dispute cannot be resolved amicably, you may always lodge a complaint with the competent data protection authority (in France, the CNIL, whose Website can be accessed by clicking here).
You may also, without first contacting the CNIL, bring an action before the competent court.
5. Is your data secure?
Yes, at assistEU we take data security and confidentiality very seriously. We use the HTTPS protocol with TLS 1.3: all your searches are encrypted before being sent to our servers to prevent anyone from intercepting them.
Your login details are highly secure. What’s more, our servers are secure and hosted in Gravelines, France. Our service provider, OVH, meets the highest physical and software security standards.
Finally, we have implemented internal technical and organisational measures to ensure the security and confidentiality of your data. In particular, we segregate access to data by role: only people with a legitimate reason can access the personal data we hold. We also minimise the data we send to our various service providers so that they only receive the data they need to carry out their activities.
6. How can you exercise your rights regarding your data?
If you have any questions about this personal data policy or wish to exercise any of your rights, please send an email to dpo@assisteu.eu.
In accordance with Article 12 of the GDPR, we may ask you for additional information necessary to confirm your identity if we have any doubt about your identity. We will do our best to respond as soon as possible, and in any event within the statutory time limit of one month.