PERSONAL DATA PROTECTION CHARTER
1 – Purpose of the Charter
The purpose of this charter (hereinafter the “Charter”) is to inform you about how Archireport collects your personal data, in strict compliance with your rights.
Archireport declares that it collects and processes personal data concerning you, in accordance with the French Data Protection Act (Law No. 78-17) of 6 January 1978 and the General Regulation on the Protection of Personal Data (hereinafter the “GDPR”) which came into force on 25 May 2018.
2 – Identity of the data controller
The company responsible for collecting your personal data is Archireport (hereinafter “We/Us”), a simplified joint stock company registered with the Rennes Commercial Registry Office under number 531 980 605. Our head office is at 213 rue du Gacel – 35 410 Saint Aubin du Pavail. Archireport has declared a personal data protection officer (DPO) to the CNIL; this is Simon Bos, who can be contacted by email at firstname.lastname@example.org. Declaration No. DPO-1680.
3 – Definition and nature of the personal data processed
When you use the website https://www.archireport.com (hereinafter the “Site”), and/or the corresponding mobile application (hereinafter the “Application”), Archireport may ask you to provide certain personal data.
The term “personal data” as defined in Article 4 of the GDPR means “any information relating to an identified or identifiable natural person (‘data subject’). An ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.”
4 – Information collected
4.1 Information you give to Archireport
When using the Site and the Application, you provide Archireport with some of your personal data. All these personal data are automatically processed.
The data entered are the following:
- First and last name
- Your company’s contact details
- Postal address and email address
- Telephone number
- Data about your transactions on the Site and/or the Application
- All the data concerning the projects you work on in the Archireport application (project name, location, identity of the people and companies involved in the project).
4.2 Information automatically collected by Archireport
When you log on to our Site or Application, Archireport may collect and process some of your personal data, including:
- Login data
- Browsing data
- Content and URLs visited
- Dates and times of when you connect to the Site or Application
- Type and manufacturer of the device used and the operating system
- Aggregate data about browsing, location, crashes, and error reports
5 – What happens to the personal data collected or processed by Archireport
Your personal data is collected for the following purposes:
(i) To manage your access to and use of certain services that are accessed from the Site and/or the Application.
(ii) To conduct customer management operations concerning contracts, orders, deliveries, invoices, loyalty programmes, and customer service monitoring.
(iii) To make up a file of registered members, users, and current and prospective customers.
(iv) To send newsletters, requests and promotional messages. You will be given the chance to opt out of these when your data is collected.
(v) To produce statistics on sales and how often our services are used.
(vi) To manage user reviews of our products, services or content.
(vii) To manage unpaid invoices and any disputes concerning the use of our products and services.
(viii) To fulfil our legal and regulatory obligations.
We guarantee that your personal data will not be processed for any purposes other than those listed above.
When we collect your personal data, we will tell you whether the data requested is required or optional. We will also explain what might happen if you do not provide the data.
6 – Who has access to the personal data collected
Archireport, its duly authorised staff, supervisory bodies (auditors in particular), and trusted subcontractors (hosting companies, providers of analytical solutions, payment services) may have access to your personal data. Those who have access to your personal data are informed about data protection and undertake to process your data strictly for the purposes determined. Your personal data may also be sent to public organisations, for the sole purpose of fulfilling our legal obligations, to court officers, ministry workers, or debt collection organisations.
7 – Transferring personal data
If Archireport were to be partially or fully taken over by a third party, your personal data may be transferred to the new owner. If this should happen, you will be informed of the operation and you will be able to exercise your right to have the data provided deleted.
8 – Your personal data rights
In accordance with legal and regulatory provisions, you have:
- A right of access to and information about your personal data. Upon request, you can receive a copy of the personal information we hold about you and check that we are processing this data lawfully.
- A right to the rectification of your personal data.
- A right to have your personal data deleted. You also have the right to ask us to delete or withdraw your personal information if you have exercised your right to object to the processing of your personal data (see below).
- A right to object to the processing of your personal data. You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data for direct marketing purposes or to processing carried out on the basis of Archireport’s legitimate interests.
- A right to request the restriction and withdrawal of the processing of your personal information. This allows you to ask Archireport to suspend the processing of your personal information, for example, if you wish to establish the accuracy of or reason for processing the data. If you consented to the collection, processing and transfer of your personal information for a particular purpose, you have the right to withdraw your consent for that data processing at any time. Once we receive notification of your withdrawal of consent, we will no longer process your information for the purpose(s) for which you gave consent, unless we have a legitimate reason to do so.
- A right to the portability of your personal data to you or to another data controller in a structured, electronic format.
You can exercise these rights by simply informing us by email at:
email@example.com or by post: Archireport, 213 rue du Gacel, 35410 CHATEAUGIRON, France.
Before responding to a request, we may ask you for additional information and proof of your identity.
Archireport will make every effort to respond to your request as quickly as possible and will certainly do so within the legal time limit.
As a user of the Site and/or the Application, you can modify and/or delete all of your personal information directly or by sending an email request to firstname.lastname@example.org.
In accordance with the provisions of Article 13 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority if you consider that Archireport is unlawfully processing your personal data.
9 – How long we keep your personal data for
(i) Regarding data used for current and prospective customer management:
Your personal data will be kept only for the period of time strictly necessary to manage our business relationship with you. However, data that may be used as proof of a right or a contract, and which are required by law to be retained for a certain period of time, will be kept for the relevant period as stipulated by the applicable law.
(ii) Regarding potential client prospecting operations:
Data about the client may be kept for a period of three (3) years from the date on which our business relationship ends. Personal data relating to a prospective but not actual client may be kept for a period of three (3) years starting from the date of collection or the last date of contact with the prospective client. We may contact you again before this three-year period runs out to find out if you wish to continue receiving our offers.
(iii) Regarding proof of identity:
If you exercise your right to access or amend your data, the data concerning your proof of identity may be kept for the period of time provided for under Article 9 of the French Criminal Procedure Code, i.e. one (1) year. If you exercise your right to object, these data may be kept for the period of time provided for under Article 8 of the French Criminal Procedure Code, i.e. six (6) years.
(iv) Regarding bank card data:
Financial transactions relating to the payment of the subscription that allows you to use the Site and/or the Application, are entrusted to a payment services provider who is responsible for the smooth functioning of the process and for security.
To carry out these services, the service provider may be given personal data relating to your bank card numbers, which they will collect and store in our name and on our behalf. Archireport does not have access to these data. Data relating to your bank cards will be retained for the duration of your subscription period on the Site and/or the Application. By ticking the box provided specifically for this purpose on the Site and/or the Application, you expressly consent to the retention of these data. Data relating to bank cards may be kept in intermediate archives to be used as proof in the event of any dispute over transactions, for the length of time provided for under Article L 133-24 of the French Monetary and Financial Code, which is 13 months from the date of debit. This period may be extended to 15 months to allow for the possibility of cards being used for deferred payments.
(v) Regarding the management of lists of people who have objected to prospecting campaigns:
Data allowing your right to object to be taken into account are kept for at least three (3) years from the date on which you exercised your right to object.
(vi) Regarding audience measurement statistics:
Data stored in users’ terminals or any other element that may be used to identify users and monitor traceability and frequency of use will kept for no longer than six (6) months.
10 – Security
We take all due precautions and organisational measures, and use appropriate technology to safeguard the security, integrity and confidentiality of your personal data and, particularly, to prevent them from becoming distorted or damaged, or being accessed by unauthorised third parties.
11 – Where we store the personal data collected
When you use Archireport, the personal data collected is stored, depending on your place of residence and/or choice:
- Within the European Union, for the personal data of European residents.
- On the American continent, for the personal data of residents of the American continent.
- In Australia, for the personal data of residents of that continent.
In all cases, Archireport undertakes to ensure that the measures taken by its subcontractor(s) comply with the European regulations concerning the processing of personal data.
The annex concerning the data protection of the subcontractor chosen by Archireport is available by clicking on the following link: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
12 – Cookies
Cookies are text files, often encrypted, that are stored in your browser. They are created when you visit a particular website; the site sends information to your browser, which then creates a text file. Each time you revisit the same site, the browser recovers the file and sends it to the site’s server.
There are two types of cookies: technical cookies and advertising cookies, and they serve different purposes.
Technical cookies are used throughout your visit to the site to facilitate and perform certain functions. For example, a technical cookie may be used to save your answers when filling in a form, or your language or page layout preferences, when such options are available.
Advertising cookies can be created not only by the site you actually visit but also by other sites which use that same site to publish advertisements, information, widgets or other elements. These cookies can be used for targeted advertising, meaning specific advertisements will be shown depending on the websites that you visit.
Archireport only uses technical cookies. They are stored in your browser for six (6) months.
We do not use advertising cookies. However, if we were to use advertising cookies at some time in the future, we would inform you in advance, allowing you to deactivate them if you so wish.
13 – Analytics tools, metrics, support
We use analytics tools on our Site and our Application:
- Sentry and Firebase are used for analysis and crash reporting.
- Crisp is used for user support.
- coreBOS is used as a customer relationship management tool.
14 – Subcontracting personal data processing
In order to comply with the provisions of Article 28 of the GDPR, which requires a contract to be drawn up if personal data is processed by a subcontractor on behalf of a data controller, we have added an annex to our Personal Data Protection Charter: SUBCONTRACTING AGREEMENT FOR PROCESSING PERSONAL DATA, which is applicable from 25 May 2018, the date on which the GDPR came into effect.
In compliance with the GDPR, this document details the conditions under which Archireport, in its capacity as a subcontractor, undertakes to process any personal data you host or store as part of the services used. We invite you to read the annex containing the SUBCONTRACTING AGREEMENT FOR PROCESSING PERSONAL DATA, and to agree to it directly from your Archireport account.
15 – Amendments
Archireport reserves the right, at its sole discretion, to amend some or all of this Charter, at any time. Amendments will be effective once the new version of the Charter is published. Use of the Site and/or the Application once these amendments have come into effect constitutes your recognition and acceptance of the new Charter. If you do not agree with the new Charter, you should no longer access the Site and/or the Application.
16 – Date of effect
This Charter came into effect on 1 October 2021.