Updated 4 November 2019
I. Nature of Data Collected by SELLSY
1.1. SELLSY collects and processes data that Users voluntarily provide to access or use SELLSY as well as data concerning the preferences of Users and traffic (such as IP addresses).
The purposes of this Data Processing are to enable Users to create an Account to access SELLSY, to use the Software, to improve services in placing cookies on Users’ devices and sending them commercial offers and marketing.
More precisely, SELLSY processes Users date Data to enable Users to:
- Consult SELLSY websites
- Create an Account to access and use the Sellsy Software
- Register for online demonstrations, events or contests
- Download our online resources
- Improve services by placing cookies on users’ devices
- Send you commercial and marketing offers
To open an Account, Users must provide SELLSY with at least the following personal identification information to use the Software:
- Telephone number
Users can complete their profile with other Personal Data (their address, secondary telephone number, date of birth, the name of their customers or prospects, etc.).
SELLSY will never collect or process sensitive Personal Data in accordance with GDPR regulations, for example regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, health, etc.
1.2. SELLSY also collects Data relating to the commercial relationship with its Users: history, subscribed Tools, billing and payment, participation in promotional offers, requests and incidents reported to the support service, etc.
1.3. SELLSY automatically collects certain data during visits to the website go.sellsy.com. For example, information about the origin of the connection, the type and version of the user’s Internet browser, the duration of connection, etc.
The goal is to facilitate navigation, improve use, benefits and better understand the customer experience.
The SELLSY Cookies Policy is available here.
II. Use of Personal Data of Users
SELLSY uses Personal Data only in the cases provided for by the regulations in force, which are:
- The execution of the service provision contract relating to the use of the SELLSY Software and/or;
- Compliance with a legal obligation and/or;
- Your consent to process your Data
- Our legitimate interest in conducting prospecting or promotion operation concerning the SELLSY Group, our products, promotions or the events we organize with the SELLSY Group
- Of course, SELLSY never uses personal data for marketing and commercial purposes without respecting the wishes of the data subjects who can always unsubscribe from these communications.
III. Processing of Personal Data
SELLSY collects and processes Users’ Personal Data in a fair and lawful manner and in compliance with the principles of European Regulation 2016/679 of 27 April 2016 (GDPR).
SELLSY is responsible for the processing of Personal Data of Users within the meaning of the GDPR.
SELLSY has appointed a Data Protection Officer (DPO) who continuously monitors SELLSY’s compliance with GDPR principles and rules. Their mission is notably:
- to make SELLSY employees aware of the protection of Personal Data;
- to support the teams during the implementation of processing;
- to respond to requests related to the exercise of Users’ rights in accordance with Article VIII.
The DPO can be contacted via this dedicated email address: firstname.lastname@example.org.
IV. Retention of Personal Data of Users
SELLSY makes every effort to prevent the loss, misappropriation, intrusion, unauthorised disclosure, alteration or destruction of Personal Data disclosed by Users.
- The data is stored on SELLSY’s own servers, hosted within the infrastructure of CLARANET France. The server security check and the update of operating software is carried out in real time.
- All information sent to SELLSY is encrypted [256-bit TLS protocol].
- SELLSY employees are subject to an obligation of confidentiality and non-disclosure and have all signed a specific commitment to the protection of Personal Data.
- Access to Data is governed by a strict access control policy, reserved to authorised persons, under defined conditions.
- When SELLSY uses subprocessors to process Personal Data, SELLSY ensures that these subprocessors guarantee an equivalent level of security protection.
SELLSY retains Personal Data in accordance with legal provisions:
SELLSY keeps the information relating to the management of the Customer Account, orders, billing, payments 10 years after the end of the contract or the last contact from the Inactive Customer;
SELLSY keeps the information related to the creation and management of prospecting files 3 years from the collection of data or the last contact from the prospect;
SELLSY keeps inactive Customer Data for the purpose of sending information about the commercial and marketing offers, within 3 years after the end of the business relationship.
SELLSY has the obligation to keep, for one year, the Personal Data following the creation, modification, or removal of User Content:
- Login identification;
- The identification given by the terminal;
- Types of protocols;
- Nature of the operation;
- Date and time of the operation;
- Identification used by the author of the operation.
When the retention of the Data is no longer justified by the management of a Customer Account, a legal obligation or commercial requirements, and notwithstanding the exercise of the rights of deletion or modification, SELLSY will delete the Data in a secure fashion.
4.3. Account Cancellation
Users may also request that their Account be deleted in accordance with the Terms. Their data will be deleted by SELLSY without prejudice to Article 4.2 above.
V. Access to the Personal Data of Users
5.1. Access to Data by SELLSY Employees
According to the purposes defined in Article 1, the customer service, support, administrative, accounting, technical, marketing and sales departments are likely to have access to Personal Data.
Access to your data is based on individual access permissions as specified in Article 4.1.
5.2. Data Transmission
SELLSY can outsource the following services:
- Providers sending postal or digital mail
- Maintenance and technical development providers
Pursuant to Article 28 of the GDPR, SELLSY’s subcontractors’ access to the Data is provided for by a contract signed between SELLSY and the subprocessor, which sets out its obligations with respect to the protection of Personal Data that are available to SELLSY.
5.3. Additional restrictions on use of your data as a Gmail account user
- The App will only have access access to: read, write, modify or control Gmail messages bodies (including attachments) to provide a webmail client that allows users to compose, send, read and process emails;
- The App will not transfer this Gmail data to others, unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition or sale of assets;
- The App will not use this Gmail for serving advertisements;
- The App will not allow humans to read this data, unless we have your affirmative agreement for specific messages, or where doing so is necessary for security purposes such as investigating abuse to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.
Sellsy’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
VI. Transfer of Personal Data
SELLSY retains Personal Data in the European Union.
If the Data collected by SELLSY in connection with the Services were to be transferred, in a very marginal way, to subcontractors located in other countries, SELLSY shall ensure that appropriate safeguards are provided to control any transfer of Personal Data.
SELLSY may provide Users’ Personal Data only if it is required by law or ordered by a French court.
VII. Communication from SELLSY
7.1 SELLSY can send emails to Users at the email address associated with their account for technical or administrative reasons or to inform the Users of the change of the services.
7.2 SELLSY can also send Users SMS messages or emails containing commercial and marketing offers or concerning your participation in events, under the conditions of Article VIII. A deactivation link allows Users to unsubscribe at any time.
If you are unsubscribed from these communications you will nevertheless continue to receive the communication listed in Article 7.1.
VIII. Exercise of User Rights
In accordance with the French Data Protection Act and the European Regulation 2016/679 of 27 April 2016 (GDPR), in force on 25 May 2018, Users have the following rights concerning the processing:
- right of access
- right to rectification
- right to object
- right to erasure
- right to data portability
- right to restriction of processing
Users may exercise these rights by writing to SELLSY at their postal address: 50 avenue du Lazaret 17000 LA ROCHELLE or contact the DPO directly at email@example.com.
All requests must be justified and accompanied by a copy of a valid ID.
Users may also:
- modify their Personal Data directly from their Account, if they have one
- manage the receipt of promotional communications (not related to a transaction) by simply clicking on the “unsubscribe” link at the bottom of emails sent by SELLSY
- manage the reception of SMS messages by sending a “STOP” text message