TOMORRO, a simplified joint-stock company with capital of 12,254.18 euros, headquartered at 13, rue Sainte Ursule - 31000 Toulouse, registered with the Toulouse Trade and Companies Registry under number 881 239 800 (the "Company"), offers a tool for centralizing and managing contracts within companies on a secure digital platform (the "Platform" or the "Solution"). This document uses and incorporates the definitions of the terms set out in the Platform's General Terms and Conditions of Use, some of which are listed below for information purposes: "Subscriber": refers individually and/or collectively to the Customer, the Manager(s) and/or the Collaborator(s).
"Subscriber Account": refers to the personal space reserved for a Subscriber, enabling him/her to access the Solution by means of an individual login and password.
"User": refers to any user of the Platform, in particular the Customer, the Manager(s) and/or the Collaborator(s). User": refers to any user of the Platform, in particular the Customer, the Manager(s), the Collaborator(s) or the Co-contractors.
The purpose of this policy (the "Data Processing Policy") is to inform the User of the Company's practices regarding the collection, use and sharing of information that the User may provide to the Company through the use of the Platform and/or the Support Service (hereinafter defined). The User must read this document carefully in order to understand the Company's practices regarding the processing of Personal Data (as defined below). All personal data identifying the User directly (in particular surname, first name, postal, electronic and/or telephone details) or indirectly, are considered as confidential data and are treated as such, subject to the evolution of the legal framework on the qualification of personal data (hereinafter, the "Personal Data").
By subscribing to and/or using the Solution, the User accepts that the Company may have access to information concerning him/her, in particular, for the Subscriber, when creating his/her Subscriber Account, or concerning Documents transferred, created or saved directly by him/her on the Platform. Personal Data will be processed according to procedures strictly related to the purposes mentioned in article 4 below. In addition, the Company undertakes to ensure that the User's Personal Data is treated securely and confidentially, in accordance with article 8, and takes appropriate measures to prevent the loss, misuse, alteration and deletion of such Personal Data. The Company provides the Subscriber with an assistance service in order to optimize his/her use of the Platform. The use of the aforementioned assistance service by the Subscriber may lead the Company to collect Personal Data, the processing of which will be subject to the terms of the Data Processing Policy. This service will take the form of:
a chat, including dialogue software integrated into the Platform provided by Intercom (hereinafter, the "Chat"), and/or
an assistance service that will provide the Subscriber with personalized answers (hereinafter, the "Assistance Service" or "Assistance").
The chat and helpdesk services may be referred to collectively as the "helpdesk service".
Data generated when the User uses the Solution is processed and stored on servers located exclusively in France.
Under the terms of the Data Processing Policy, the User instructs the Company to carry out all the operations mentioned below:
to collect, enter and store Documents and Projects for the purposes of their management in accordance with the Service,
to produce statistics,
read and analyze the Customer's Personal Data contained in the Documents,
carry out tests and maintenance operations on the Solution,
archive customer data in any way, and
more generally, to carry out any processing of Personal Data necessary for the performance of the Service.
1. Identification of the data controller
The party responsible for processing Personal Data on the Platform and the Support Service is the Company.
As the party responsible for processing, the Company may process the User's Personal Data collected on the Platform in accordance with the purposes described in the Data Processing Policy.
The Company determines the purposes, technical and legal means of processing Personal Data and undertakes to take all necessary measures to ensure the security of the processing and compliance with the French Data Protection Act of January 6, 1978, as amended by the Act of August 6, 2004 (hereinafter, the "Act") and the European Regulation of April 26, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the "GDPR").
2. Personal data that may be collected on the Platform
2.1 Personal data transmitted by the User to the Company
By subscribing to and/or using the Platform, the User will be required to transmit to the Company, directly or indirectly, information, some of which may be of an identifying nature. This may include information on the User's person or company, on how to contact him/her, on his/her Documents shared on the Platform, on his/her location, on his/her browsing or on other technical data automatically collected during his/her use of the Solution, etc... Ces informations sont obligatoires ; dans le cas contraire, la Société ne sera pas en mesure de fournir à l'Utilisateur toutes les fonctionnalités de la Plateforme ou du Help Desk.
When interacting via the support service, the user is sometimes asked, with his/her consent, to leave his/her contact details (name, email and telephone number). The processing of information collected in this way will be subject to the terms of the data processing policy. L'utilisateur s'engage à fournir des données d'identification personnelles exactes, véridiques, à jour et complètes, et garantit qu'il ne fera aucune fausse déclaration et ne fournira aucune information erronée.
It is the User's responsibility to ensure that the information he or she provides on the Platform does not contain "sensitive" Personal Data within the meaning of Article 9 of the GDPR, such as information about his or her religion, medical information, complete bank identification numbers, etc. Avec le consentement de l'Utilisateur, la Société peut publier sur la Plateforme son témoignage sur son expérience en tant qu'utilisateur de la Plateforme. Ce témoignage peut inclure, entre autres, des informations sur l'entreprise de l'Utilisateur, son nom, sa fonction, etc. La Société s'engage à ne jamais publier de telles informations sur la Plateforme sans le consentement explicite de l'Utilisateur.
2.2 Personal data automatically collected by the Company
During each of the User's visits to the Platform, the Company may collect, in accordance with applicable law and with the User's consent, information relating to the devices on which the User uses the Platform or the networks from which the User accesses the Platform, such as :
Platform connection data: IP address, configuration information (machine type, browser, etc.) and browsing information (date, time, pages viewed, errors, content viewed, search terms used, download errors, length of time certain pages are viewed, your device's advertising ID, interactions with the page, etc.).
Support service usage data: date conversation created, date subscriber last used the service, etc.
The Company does not process sensitive data within the meaning of Article 9 of the GDPR (i.e. personal data revealing racial or ethnic origin, philosophical, political, trade union or religious opinions, or data concerning sex life or health).
3. Legal basis for the collection and processing of personal data
The company is responsible for processing personal data on the platform and the support service.
The user's specific, free and informed consent,
Fulfilment of a legal obligation incumbent on the company,
The execution of the Quotation concluded between the Company and the Customer (in particular for the execution of the General Conditions), and
The company's legitimate interests (in particular to ensure the security of transactions).
4. Purpose of the procession Personal data
The main purpose of collecting the User's Personal Data is to provide the User with an optimal, efficient and personalized experience when using the Solution. To this end, the User acknowledges that the Company may use his/her Personal Data on the basis of its legitimate interest in providing him/her with a quality service.
Personal Data is collected and processed for the following purposes:
the processing of the Customer's Personal Data as part of the Service,
access to and use of the platform and/or support service,
access to the subscriber's account,
improve navigation on the platform and correct any errors,
improving and customizing the platform's functionalities,
compliance with administrative, social, tax, legal and financial obligations,
contact and support,
managing commercial and customer relations,
commercial prospecting, and
managing requests to exercise the rights of data subjects as listed in article 9 below.
5. Retention period for personal data
In accordance with the requirements imposed by the Law, by the GDPR and, more broadly, by the regulations in force, the Company retains the User's Personal Data for as long as the User uses the Platform.
The Company does not undertake to retain all of the User's Personal Data. The Subscriber's Personal Data will be irreversibly deleted within forty-five (45) working days of the deletion of the Subscriber's Account or the end of the Quotation not followed by a renewal, or in the case of the Co-contractor within sixty (60) days of his last use of the Platform.
Personal Data may also be kept for a period of ten (10) years in the archives, with restricted access, in order to (i) comply with the Company's legal and regulatory obligations, and/or (ii) enable it to assert a legal claim, before being permanently deleted.
6. Recipient of personal data
The User's Personal Data is intended for persons duly authorized to process it within the Company, such as, in particular, the managers of the sales department, the customer service, the marketing department, the administrative department and the IT department.
Within the framework of the exercise of its activities and the provision of the Service, the User authorizes the Company to have recourse to subcontractors.
The latter undertake to :
process Personal Data solely for the purpose(s) for which it is subcontracted and on the Company's instructions,
if they consider that an instruction constitutes a breach of the GDPR or any other provision of European Union law or Member State law relating to data protection, immediately inform the data controller,
if they are required to transfer Personal Data to a third country or international organization under European Union law or the law of the Member State to which it is subject, inform the Controller of this legal obligation prior to processing, unless applicable law prohibits such information for important public interest reasons, and
guarantee the confidentiality of Personal Data processed and ensure that persons authorized to process Personal Data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality and, where applicable, receive the necessary training in the protection of Personal Data.
However, in cases where the Company uses subcontractors located in countries offering levels of protection that are not equivalent to the level of protection afforded to personal data in the European Union, the Company undertakes to ensure that such transfer is governed by the signature of standard contractual clauses established by the European Commission or by the establishment of binding corporate rules ("BCR").
7. Disclosure to third parties
Users are informed that, subject to their prior, specific and positive consent, their Personal Data may be transferred to the Company's commercial partners, third-party suppliers and/or companies belonging to the same group as the Company. The latter may provide information on their offers and services. The Company ensures that it has clear and effective confidentiality requirements in place for all such partners.
The Company does not disclose the User's Personal Data to third parties unless:
the user authorizes this disclosure,
disclosure is necessary to process transactions or provide functionality requested by the subscriber,
the Company is compelled to do so by a governmental authority or regulatory body in the case of a court order, subpoena or similar governmental or judicial request, or to establish or defend a legal claim; or
disclosure is necessary to comply with the company's legal obligations
Insofar as the Company is legally authorized to do so, it will inform the User of any request from an administrative or judicial authority concerning his Personal Data.
8. Security and confidentiality of the User's personal data
The Company undertakes to process Personal Data in a manner that is:
within the strict framework of the objectives pursued and announced,
for as long as is necessary for their treatment, and
The security and integrity of its users' personal data is of great importance to the company. In accordance with the Law and the GDPR, the Company undertakes to take all necessary precautions to preserve the security of the User's Personal Data and, in particular, to protect it against accidental or unlawful destruction, accidental loss, corruption, dissemination or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons. The Company implements security measures in accordance with applicable industry standards to protect the User's Personal Data from the potential breaches referred to above. In order to prevent unauthorized access and to ensure the accuracy and proper use of Personal Data, the Company has put in place appropriate electronic, physical and managerial procedures to safeguard and preserve data collected through the Platform.
However, the Company points out that there is no absolute security against hacking of any kind. In the event of a breach of security affecting the rights of Users, the Company undertakes to inform the User without delay and to take all appropriate measures at its disposal to neutralize the intrusion and minimize its impact.
9. Users' rights to their personal data
9.1 Withdrawal of consent
The User has the right to withdraw consent at any time. To this end, the User shall submit a request to the Company in accordance with the procedures set out in article 9.8.
Withdrawal of consent shall not call into question the lawfulness of processing already carried out, based on consent given prior to such withdrawal.
Furthermore, the User may unsubscribe from any newsletter or email from the Company by following the unsubscribe link included in each newsletter or email. Without this practice being systematic, the User authorizes the Company to analyze and track click-through rates and the number of emails sent and opened by the User in order to measure, in particular, the performance of its emailing campaigns.
9.2 Right of access to personal data
The Company guarantees the User a right of access to his Personal Data.
In accordance with Article 15 of the GDPR, the User has the right to obtain from the Company the following information concerning his Personal Data:
the purposes of the processing,
the categories of personal data concerned,
the recipients or categories of recipients to whom Personal Data has been or will be communicated, in particular recipients established in third countries or international organizations,
if possible, the period for which Personal Data is to be retained or, if this is not possible, the criteria used to determine this period,
the existence of the right to request from the Company the rectification or deletion of Personal Data, or a limitation of the processing of Personal Data or the right to object to such processing,
the right to lodge a complaint with a supervisory authority,
any available information on the source of the personal data, and
the existence of automated processing, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, where applicable, at least useful information regarding the underlying logic and the significance and intended consequences of such processing for the data subject.
9.3 The user's right to rectification and deletion of personal data
In accordance with the Law and the GDPR, the User has the right to rectify and/or delete the processing of his/her Personal Data. The User exercises this right by sending a written request to the Company, under the conditions set out in article 9.8.T
he User has the right to obtain the deletion of his Personal Data in the cases listed in article 17 of the GDPR.
The Subscriber may modify his Personal Identification Data (first name, last name, email and password) at any time by logging into the "My Account" section of his Subscriber Account.
9.4 Right to portability of personal data
In accordance with Article 20 of the GDPR, the User has the right to receive from the Company Personal Data concerning him/her in a structured, commonly used and machine-readable format. He/she also has the right to transmit his/her Personal Data to another data controller, without the intervention of the Company, in the cases provided for by the GDPR.
The User also has the right to decide on the fate of his/her Personal Data after his/her death (article 40-1 of the French Data Protection Act of January 6, 1978).
9.5 Right to object to the processing of personal data
The User has the right at any time to object to the processing of his/her Personal Data, where there are compelling and legitimate reasons relating to his/her particular situation. In this case, the Company will no longer process the Personal Data, unless there are compelling legitimate grounds for processing which override the interests and rights and freedoms of the User, or for the establishment, exercise or defense of legal claims....
9.6 Right to restrict processing
The User has the right to obtain the limitation of the processing of his Personal Data in the cases listed in Article 18 of the GDPR.
9.7 Right to file a complaint
The User has the right to lodge a complaint concerning the processing of his/her Personal Data by the Company with the competent supervisory authority. For example, the "Commission Nationale de l'Information et des Libertés" ("CNIL") is competent in France.
9.8 How to exercise your rights
To exercise the above rights, the User may send a request by e-mail to the following address: email@example.com or by post to the following address Leeway SAS, 13, rue Sainte-Ursule - 31000 Toulouse, France.
The Company will acknowledge receipt of this request as soon as possible. Following this acknowledgement of receipt, the Company will give itself a period of thirty (30) working days to inform the User of its decision whether or not to process the request (unless special circumstances justify a longer processing period).
In the event that a third party requests the Company to exercise its rights over the data (in particular, insofar as they have been included in the User's Personal Data), the Company will honor this request after appropriate verification.
The exercise of these rights is free of charge. However, in the event of a manifestly unfounded or excessive request, the Company reserves the right (i) to demand payment of a fee to cover administrative costs, or (ii) to refuse to comply with such requests.
9.9 Recourse in the event of a personal data breach
In the event of a breach of Personal Data that may present a risk to the User's rights and freedoms, the Company will notify the breach to the CNIL as soon as possible, and, if possible, no later than seventy-two (72) hours after becoming aware of it. The Company will also inform the User as soon as possible in accordance with the provisions of Article 34 of the GDPR.
Without prejudice to any other administrative or judicial remedy, the User who believes that the processing of his/her Personal Data constitutes a breach of the provisions of the legislation in force may lodge a complaint with a competent supervisory authority such as the CNIL.
9.10 Information request
For any questions concerning the processing of their Personal Data and the exercise of their rights, Users may contact the Company at the following address: firstname.lastname@example.org.
10.1 Purpose of cookies
The cookies used by the Company are intended to enable or facilitate communication and the provision of services requested by Users, to recognize Users when they visit the Platform, to record logged-in sessions, to measure the impact of advertising campaigns and to enable the Company to carry out internal analyses of click-through, opening and browsing rates in order to improve content.
Cookies, depending on their category, are used for the following purposes:
Analysis and personalization cookies
These cookies are used in aggregate form to enable the Company to understand the use of the Platform and/or the Support Service, to measure the effectiveness of its marketing campaigns or to personalize the Platform for the User. Google Analytics: The Company uses Google Analytics to measure the User's interaction with the Platform and generate anonymous statistics, such as bounce rate, session duration and others for optimization purposes. Browse Amplitude: We use Amplitude to analyze interactions with the application in order to improve the service offered. Browse Hubspot: The company uses Hubspot for its forms, such as the demo request form. Browse Satismeter: We use Satismeter to conduct customer satisfaction surveys. Browse Segment: We use Segment to collect, centralize and distribute product activity data. Browse Sentry: We use Sentry to collect and analyze bugs encountered in the application in order to provide you with the smoothest possible experience. Browse
Performance and functionality cookies
These cookies are used to provide the User with the Solution and to improve the performance and functionality of the Platform.
Amazon Web Services: The Company uses Amazon Web Services to securely store the User Documents and other data generated by the User when using the Platform. The data generated when using the Platform is processed and stored on servers located exclusively in France. Browse
Intercom: The Company uses Intercom to offer the Subscriber personalized conversations. Browse
Sendgrid: The Company uses Sendgrid to automatically send activity emails from the Platform, such as, but not limited to, due date reminder emails. Browse
Stripe: The company uses Stripe to bill the customer and provide a secure payment system directly integrated into the application. Browse
Customer.io: We use Customer.io to automate our product presentation communications. Browse
Datadog: The company uses Datadog as a performance protection and analysis tool. Browse
These cookies are used to make advertising messages more relevant to the User. They perform functions such as avoiding the continuous reappearance of the same advertisement, displaying advertisements correctly and, in some cases, selecting advertisements according to your interests. LinkedIn: The company uses LinkedIn's pixel technology for retargeting in online advertising campaigns. Unsubscribe Twitter: The company uses Twitter pixel technology for retargeting in online advertising campaigns. Unsubscribe Facebook: The company uses Facebook pixel technology for retargeting in online advertising campaigns. Unsubscribe
10.2 User's choices concerning cookies
The User may, at any time, set his/her browser parameters to modify his/her choices with regard to cookies. Browser settings are an effective and free way of determining how cookies are managed in advance.
10.3 Cookies with consent
With the exception of cookies required for the operation of the Platform, cookies are not installed automatically; the User's consent is requested prior to their installation, by means of a banner, in accordance with the applicable regulations on the subject.
The User may express and modify at any time and free of charge through the choices offered by his browser software the registration of a cookie.
If the User refuses the installation of cookies on his/her terminal, or if the User deletes the cookies stored on his/her terminal, he/she will no longer be able to benefit from a certain number of functionalities which are nevertheless necessary for browsing in certain areas of the Platform.
Where applicable, the Company declines all responsibility for the consequences linked to the degraded operation of its services resulting from the impossibility for it to store or consult the cookies necessary for their operation and which the User has refused or deleted.
The period of validity of consent to the deposit of cookies is thirteen (13) months. At the end of this period, the User's consent must be obtained again.
10.5 How can I exercise my choices depending on the browser used by the user?
Cookie management settings depend on the User's browser.
For example, the User may prevent the recording of Cookies by configuring his browser as follows:
9.10 Information request
For any questions regarding the processing of their Personal Data and the exercise of their rights, Users can contact the Company at the following address: email@example.com.
For Internet Explorer:
Go to Tools > Internet Options.
Click on the Privacy tab and then on Settings.
Under Settings, select Advanced, then choose "Ignore automatic cookie handling".
The Company reserves the right to modify the Data Processing Policy at any time and at its sole discretion, especially to comply with obligations stipulated by current regulations and laws.
Similarly, the Company will make these modifications when implementing improvements, additions, or changes to the Solution related to its practices regarding User's Personal Data.
The Company will inform the User of any significant changes in a timely manner.
For any questions regarding the Data Processing Policy or any requests related to the User's Personal Data, the User can contact the Company by email (firstname.lastname@example.org) or by mail (Tomorro SAS, 13, rue Sainte-Ursule – 31000 Toulouse, France).