I. Nature of Data Collected by SELLSY
1.1. SELLSY collects and processes data that Users voluntarily provide to access or use SELLSY as well as data concerning the preferences of Users and traffic (such as IP addresses).
The purposes of this Data Processing are to enable Users to create an Account to access SELLSY, to use the Services, to improve Services in placing cookies on Users’ terminals and sending them commercial offers and marketing.
To open an Account, Users must provide SELLSY with at least the following personal identification information to use the Solution:
- Company name
- Telephone number
Users can complete their profile with other Personal Data (their address, telephone number, date of birth, the name of their customers or prospects, etc.).
SELLSY will never collect or process sensitive Personal Data within the meaning of the regulations, for example regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, health, etc.
1.2. SELLSY also collects Data relating to the commercial relationship with its Users: history, subscribed modules, billing and payment, participation in promotional offers, requests and incidents reported to the support service, etc.
1.3. SELLSY automatically collects certain data during visits to the website http//www.sellsy.com: for example, information about the origin of the connection, the type and version of the user’s Internet browser, the duration of connection, etc.
The goal is to facilitate navigation, improve use, benefits and better understand the customer experience.
The SELLSY Cookies Policy is available here.
II. Use of Personal Data of Users
SELLSY uses Personal Data only in the cases provided for by the regulations in force, which are:
the execution of the service provision contract relating to the use of the SELLSY Solution and/or;
compliance with a legal obligation and/or;
the existence of a legitimate interest in using the data: thus, SELLSY processes the personal data of the recipients of marketing information and commercial offers, on the basis of their legitimate commercial interest. Of course, SELLSY never uses personal data for marketing and commercial purposes without respecting the wishes of the data subjects who can always unsubscribe from these communications.
III. Processing of Personal Data
SELLSY collects and processes Users’ Personal Data in a fair and lawful manner and in compliance with the principles of European Regulation 2016/679 of 27 April 2016 (GDPR).
SELLSY is responsible for the processing of Personal Data of Users within the meaning of the GDPR.
SELLSY has appointed a Data Protection Officer (DPO) who continuously monitors SELLSY’s compliance with GDPR principles and rules. Its mission is notably:
- to make SELLSY employees aware of the protection of Personal Data;
- to support the teams during the implementation of processing;
- to respond to requests related to the exercise of Users’ rights in accordance with Article VIII.
IV. Retention of Personal Data of Users
SELLSY makes every effort to prevent the loss, misappropriation, intrusion, unauthorised disclosure, alteration or destruction of Personal Data disclosed by Users.
- The data is stored on SELLSY’s own servers, hosted within the infrastructure of CLARANET France. The server security check and the update of operating software is carried out in real time.
- All information sent to SELLSY is encrypted [256-bit TLS protocol].
- SELLSY employees are subject to an obligation of confidentiality and non-disclosure and have all signed a specific commitment to the protection of Personal Data.
- Access to Data is governed by a strict access control policy, reserved to authorised persons, under defined conditions.
- When SELLSY uses subprocessors to process Personal Data, SELLSY ensures that these subprocessors guarantee an equivalent level of security protection.
4. 2. Term
SELLSY retains Personal Data in accordance with legal provisions:
SELLSY keeps the information relating to the management of the Customer Account, orders, billing, payments 10 years after the end of the contract or the last contact from the Inactive Customer;
SELLSY keeps the information related to the creation and management of prospecting files 3 years from the collection of data or the last contact from the prospect;
SELLSY keeps inactive Customer Data for the purpose of sending information about the commercial and marketing offers, within 3 years after the end of the business relationship.
SELLSY has the obligation to keep, for one year, the Personal Data following the creation, modification, or removal of User Content:
- Login identification;
- The identification given by the terminal;
- Types of protocols;
- Nature of the operation;
- Date and time of the operation;
- Identification used by the author of the operation.
When the retention of the Data is no longer justified by the management of a Customer Account, a legal obligation or commercial requirements, and notwithstanding the exercise of the rights of deletion or modification, SELLSY will delete the Data in a secure fashion.
4.3. Account Cancellation
Users may also request that their Account be deleted in accordance with the Terms. Their data will be deleted by SELLSY without prejudice to Article 4.2 above.
V. Access to the Personal Data of Users
5.1. Access to Data by SELLSY Employees
The customer service, support, administrative, accounting, technical, marketing and sales departments are likely to have access to Personal Data.
Access to your data is based on individual access permissions as specified in Article 4.1.
5.2. Data Transmission
SELLSY can outsource the following services:
- Providers sending postal or digital mail
- Maintenance and technical development providers
Pursuant to Article 28 of the GDPR, SELLSY’s subcontractors’ access to the Data is provided for by a contract signed between SELLSY and the subprocessor, which sets out its obligations with respect to the protection of Personal Data that are available to SELLSY.
5.3. Additional restrictions on use of your data as a Gmail account user
- The App will only use access to: read, write, modify or control Gmail messages bodies (including attachments) to provide a webmail client that allows users to compose, send, read and process emails;
- The App will not transfer this Gmail data to others, unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition or sale of assets;
- The App will not use does this Gmail for serving advertisements;
- The App will not allow humans to read this data, unless unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.
VI. Transfer of Personal Data
SELLSY retains Personal Data in the European Union.
If the Data collected by SELLSY in connection with the Services were to be transferred, in a very marginal way, to subcontractors located in other countries, SELLSY shall ensure that appropriate safeguards are provided to control any transfer of Personal Data.
SELLSY may provide Users’ Personal Data only if it is required by law or ordered by a French court.
VII. Communication from SELLSY
SELLSY can send emails to Users at the email address associated with their account for technical or administrative reasons or to inform the Users of the change of the Services.
SELLSY can also send Users emails containing commercial and marketing offers. A deactivation link allows Users to unsubscribe at any time.
VIII. Exercise of User Rights
In accordance with the French Data Protection Act and the European Regulation 2016/679 of 27 April 2016 (GDPR), in force on 25 May 2018, Users have the following rights concerning the processing:
- right of access
- right to rectification
- right to object
- right to erasure
- right to data portability
- right to restriction of processing
Users may exercise these rights by writing to SELLSY at their postal address: 50 avenue du Lazaret 17000 LA ROCHELLE or contact the DPO directly at firstname.lastname@example.org.
All requests must be justified and accompanied by a copy of a valid ID.
Users may also modify their Personal Data directly from their Account.