Data Privacy & Askia
Introduction
We are committed to protecting your personal information and being transparent about the data we hold about you (“personal data”).
This Privacy Notice, together with our Cookies Policy applies to all visitors and users of our websites at https://www.askia.com, https://support.askia.com; https://blog.askia.com; https://demo.askia.com and any other websites operated by or on behalf of Askia from time to time together with our services accessible through such websites ("the sites") as well as to customers and prospective customers of our software solutions and related consultancy and support services. The purpose of this Privacy Notice is to set out how we will use your personal data as well as your privacy rights. It also relates to personal data you provide to us by phone, SMS, email, in letters and other correspondence and in person.
This Privacy Notice does not apply to any survey data that we may process for and on behalf of our customers as part of the provision of Askia’s software solutions and related technical support services (including via Askia’s onsite Help Centre). In such a case Askia (or the relevant member of the Askia group) is a processor acting on your behalf and such processing is governed by the terms of the applicable software supply agreement between us and you.
We use your information in line with all applicable laws and regulations concerning the protection of personal data from time to time in force, including the General Data Protection Regulations (GDPR) as the same may be amended or replaced from time to time. Nothing in this Privacy Notice limits your statutory rights in relation to your personal data.
1.0 Who will hold your information?
For the purposes of this Privacy Notice, the data controller is Askia SAS a company incorporated in France under number B 398 856 369 whose registered office is at 25 rue d’Hauteville 75010 Paris ("Askia”, “we”, “us”).
2.0 What information do we collect and how?
2.1 We may collect, store and use the following kinds of personal data:
- Identity Data: name, title, username, password or other identifier;
- Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the sites;
- Profile Data: your interests, preferences, comments, feedback and survey responses;
- Usage Data: information about how you use our sites, solutions and services;
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences; and
- Other: any other information you chose to send or otherwise make available to us.
2.2 We use different methods to collect personal data from and about you as follows:
Direct Interactions: You may give us your personal data directly (whether acting in your own name or on behalf of a company or organisation that you are employed by or to which you provide services) by filling in forms on our sites, contacting us in relation to our software solutions and services, using our onsite Helpdesk or by corresponding with us by email, post, phone, in person or otherwise. This includes personal data you provide when you:
- request a quote or demo;
- agree to purchase our software or services;
- create an Askia account;
- use our onsite Helpdesk or other technical support services;
- fill out our Leave a Reply form or otherwise give us feedback;
- subscribe to our newsletters and other publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- report a problem with our sites, software or services or contact us for any other reason.
Automated Technologies or interactions: As you interact with our sites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
Third parties or publicly available sources: We may receive Technical Data from various third parties, for example analytics providers such as Google; advertising networks; and search information providers.
2.3 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.4 We may keep a record of correspondence, telephone calls if you contact us.
2.5 We may monitor or record your communications with us to assist us with the development of our sites, software and related services; to train our staff; and if so requested by order of a court, regulatory body or law enforcement organisation.
3.0 How do we use your personal data
3.1 We will only use your personal data for the purposes specified in this Privacy Notice or in relevant parts of the sites and only ever as permitted by law.
3.2 We may use your personal information to:
- enter into and perform a contract with you for the provision of Askia software solutions and services requested by you including providing you with technical support and consultancy services;
- register your Askia account;
- send you general (non-marketing) commercial communications including relating to Askia solutions and services you have purchased from us;
- send you our newsletter and other marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology;
- ask you to Leave a Reply or take a survey;
- provide and administer the sites and manage internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, filtering spam and to develop the sites in order to improve your experience;
- deal with enquiries and complaints made by you; and
- notify you about changes to our Privacy Notice.
4.0 Marketing and consent
4.1 We may use your personal data to form a view on what products, services and offers may be of interest to you (“marketing”).
4.2 You will receive marketing communications from us if you have requested such information from us or purchased products and services from us and you have not opted out of receiving that marketing.
4.3 We will always obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.
4.4 You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you at any time.
5.0 Lawful basis for using your personal data
5.1 We process your personal data based on the lawful bases set out below. We may process information you provide based on more than one lawful basis depending on the specific purpose for which we are using it.
- Contract: To enter into a contract with you and fulfil our contractual obligations to you (e.g. to provide you with software solutions and services which you have requested). This processing is necessary for us to provide the software and services you have requested including registering and managing your account with us).
- Consent: Where you have consented to our use of your personal data, for example where you opt-in to receive relevant marketing communications from us (e.g. offers).
- Legal Obligation: Where processing is necessary to comply with legal or statutory requirements on us. This may include cooperating with police in relation to their investigations.
- Legitimate interest: Where processing is necessary for our legitimate interests (or those of a third party) provided that these do not conflict with your interests or fundamental rights. This may include, to improve our sites, to understand how visitors and customers use our sites, to demonstrate, market and sell our software solutions and services to prospective customers, to undertake market research and inform our marketing, to run our business and maintain the security of our sites, software solutions and services.
6.0 Disclosing your personal data
6.1 Except as provided in this Privacy Notice, we will not provide your information to third parties.
6.2 We may disclose your personal data to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this Privacy Notice.
6.3 We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries (“Group Companies”).
6.4. We may also use or disclose your personal data to our third party service providers and partners, acting as our processors, who help to support our sites, software solutions and services and which may be based outside the EEA including:
- IT systems administration providers
- CRM and marketing service providers
- Cloud hosting providers e.g. Google
- Spam filtering provider when you Leave a Reply via our sites. (Information provided by you will be processed in accordance with our third party provider’s privacy policy made available to you when you Leave a Reply).
You can see further details of our processors and the processing they carry out on our behalf here.
6.5 In addition, we may disclose your personal data:
- to the extent that we are required to do so by law, or in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and reducing credit risk); and
- in the event that we sell or buy any business or assets, to the prospective buyer or seller of such business and assets and their advisers. If our business is sold your details will be passed onto the new owner of the business.
6.6 We may share any information that we collect with parties including: our legal and professional advisors, the police, other public or private sector agencies, governmental or representative bodies (which may include insurance companies, finance companies and/or other agencies) in accordance with the relevant legislation for the purposes of the prevention or detection of offences, and/or the apprehension or prosecution of offenders.
7.0 Storing and transferring your data
7.1 We share your personal data with our Group Companies. This may involve transferring your data outside the European Economic Area (EEA) to the USA or other third country from time to time. For details
7.2 Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. See Section 6 Disclosing your Personal Data above.
7.3 Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. Further details.
- In relation to certain service providers, by using specific contracts approved by the European Commission which give personal data the same protection it has in Europe. Further details.
- Where third parties are based in the USA, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. Further details.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8.0 Security of your personal data
8.1 Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet.
8.2 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
8.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8.4 You are responsible for keeping your password and user details confidential. We will not ask you for your password.
9.0 Retention period
9.1. We will process personal data for as long as necessary to fulfil the purpose we collected it for, including the purpose of legal, accounting and reporting requirements, and for as long as necessary for the prevention and detection of criminal activity. The period for which we process and store personal data varies depending on the reason why we are processing it. Where you register an account or are a customer we will retain your personal data for as long as your account is live or as necessary to continue to provide you with our contracted solutions and services and for a further period thereafter to enable us to satisfy our legal, accounting and reporting requirements.
9.2 In some circumstances you can ask us to delete your data: see Right to be forgotten below for further information.
9.3 In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice.
10.0 Your rights
10.1. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. In the event that we refuse your request under rights of access, we will provide you with a reason as to why;
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
- Right of portability – in certain circumstances you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing, automated processing or profiling; and
- • Right to complain to the supervisory authority – you have the right to complain as outlined in section 14 below
Please email dpo@askia.com if you have any queries regarding your rights. You can exercise your rights as set out above by emailing dpo@askia.com. All of the above requests will be forwarded on should there be a third party involved (as set out in this Privacy Notice) in the processing of your personal data.
11.0 Updating information
11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
12.0 Policy amendments
12.1 We may update this Privacy Notice from time-to-time by posting a new version on our sites. You should check this page occasionally to ensure you are happy with any changes.
12.2 We may also notify you of changes to our Privacy Notice by email.
13.0 Third-party websites
13.1 The sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
14.0 Privacy shield
Askia complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Askia has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, Askia commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Askia at: dpo@askia.com
Askia has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
15.0 Contact and complaints
If you wish to make a complaint about how your personal data is being processed by Askia (or third parties as described above), or how your complaint has been handled, in the first instance please email your concerns to dpo@askia.com. You also have the right to lodge a complaint directly with the relevant local supervisory authority and seek the possibility, under certain conditions, for you to invoke binding arbitration and to understand Askia’s liability in cases of onward transfers to third parties.
In the UK, the supervisory authority is the Information Commissioner’s Office (“ICO”) Please visit www.ico.org.uk.
In France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés (“CNIL”). Please visit https://www.cnil.fr/en/home.
In Germany, the supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information. Please visit https://www.bfdi.bund.de/DE/Home/home_node.html or your relevant state data protection body.
In the US, the supervisory authority is the Federal Trade Commission (FTC). Please visit https://www.ftc.gov.
If you have any questions about this Privacy Notice or our treatment of your personal data, please email dpo@askia.com or post to:
DPO
Askia SAS
25 Rue d’Hauteville
75010 Paris