Octobat Privacy Notice
Last Updated Date: November 9th, 2021
This privacy notice (the “Privacy Notice”) sets forth the collection and use practices of Octobat (hereinafter “Octobat”, “we”, “us” or “our”) for personal information that Octobat collects from you in the course of carrying out the services rendered to you through the Octobat website available at the following address: www.octobat.com and through any of its web pages (the “Site”).
We want to develop relationships with our users based on respect and integrity. We are aware of the trust and confidence you demonstrate when you use our services, visit the Site and provide us with information. This Privacy Notice is posted to demonstrate our commitment to protecting your privacy online.
While you are accessing, browsing, navigating and using the Site and the services it provides, you communicate personal data related to you to Octobat and, where applicable, Third Parties.
These personal data are protected by law, and thus, Octobat, as data controller, has implemented appropriate security measures in order to protect your personal data. Please read this Privacy Notice carefully as it explains how Octobat collects and uses your personal data. This Privacy Notice supplements any documents or notices that may refer to this Privacy Notice.
1. Information Collected By Octobat
Octobat gathers in the following situation the following types of information:
|Collection point||Provided categories of data||Examples of data|
Communications From You.
When you email or write to us, you may provide us with your Personal Information as part of your message.
Other Personal Information
Name, surname, email
You may provide us with Personal Information when you call or email us to request technical assistance with our services or information that you would like to receive about our services.
Name, surname, email, telephone
Tax ID, company name, company address, share capital
Email/Direct Mail Campaigns That You Approve.
If you elect to receive our newsletters or other promotional communications, from time to time we may contact you with information about new services, promotions or special offers. If you want to stop receiving promotional communications from us, you can follow the unsubscribe instructions at the bottom of each email, contact firstname.lastname@example.org or, if you have an Account with us, change your preferences by signing into your Account through the Site.
|Personal Identifiers||Email, name, surname|
Browsing of the Site
We (or service providers on our behalf) may automatically collect information from you using “cookies” or “web beacons”.
|Cookies||Please refer to our Cookies Notice|
Detail regarding the personal information (collectively, “Personal Information”) that you might provide through the Site:
- Personal Identifiers.
A “Personal Identifier” is information that can be used to identify and/or contact a natural person and includes name, postal address, telephone number, email address.
- Other Personal Information.
“Other Personal Information” is information combined with Personal Identifiers voluntarily provided by users of the Site, purchase history or correspondence sent to us through the Site. If you choose to create a user account (“Account”) on our Site, you will be required, during the registration process, to provide certain information, such as your username for your accounts, an email address and a password which will be associated with the Personal Identifiers you have provided.
- Log in Information for Third Party Services.
If you choose to take advantage of Octobat tax calculation features, we will collect from you information sufficient to enable Octobat to access your payment services on your behalf in order to access information that can be used to calculate tax amounts for your customers.
- Financial Data.
We can collect tax ID, VAT number, share capital, company ID, bank account number, invoices, and credit notes, and device-specific data to comply with EU VAT rules, such as the IP Address.
We do not collect sensitive information such as information about your race, political views, religious views or health conditions. The provision of certain types of personal data might be necessary or optional depending of the services you wish to receive. Mandatory data will be identified as such at the moment of its collection. If you do not provide us with the Personal Information that we require as mandatory, we may not be able to provide you with the services offered through the Site.
2. Use of Information Collected By Us
We use the Personal Information described above to:
|PURPOSES||EXAMPLES OF USE OF YOUR PERSONAL DATA||LEGAL BASES|
|Administer your Accounts with Octobat||To create and maintain your account|
Execution of contract
Access third party services, including payment services, with your authorization to enable Octobat to access such services
To calculate VAT and other taxes
Execution of contract
Process any services you purchase through the Site
To invoice you
Execution of contract
Customize the service Octobat provides to you through the Site
To provide you with purchased services
Execution of contract
Administrate or otherwise carry out Octobat’s obligations in relation to any agreement you have with Octobat
To improve the purchased services
To carry out market research and tracking of sales data
and with your prior consent, send you information about Octobat
To send you Newsletters
To send you information by email, postal mail, telephone or text message or other means about our services.
3. Access to and Sharing of Personal Information with Third Parties
Generally, Octobat does not share the Personal Information collected - or that you provide to Octobat - with third parties unless Octobat has obtained your prior consent.
However, Octobat may share the Personal Information about you with affiliates, with vendors, agents and contractors that assist Octobat in administering the Site and in providing services to you, with the online marketplaces on which you advertise and sell your products, and in response to legal process or when Octobat believes that the law requires it (for example, in response to a court order) or to protect the rights, property or safety of Octobat, the Site, users of the Site and others.
Octobat may also disclose Personal Information as is necessary to identify, contact or bring legal action against a person or entity who may be violating Octobat’s Terms of Service, or who may be causing harm to, or interfering with, other users of the Site.
Octobat may also disclose Personal Information about you to third parties who provide credit payment, reporting, order fulfillment services, and other services on Octobat’s behalf.
In addition, in the event that assets of Octobat are transferred or sold to another entity, Personal Information may be transferred to the acquiring entity and/or to potential acquiring entities.
4. Octobat Sub-processors
To support Octobat in delivering its services, we may engage third party service providers to assist Octobat with its data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor of Octobat (“Sub-processor”).
Below, we describe where they are located, and what services they provide to Octobat. Before engaging any Sub-processor, we perform extensive due diligence, including detailed security and legal analysis. We do not engage a Sub-processor unless our quality standards are met. Our Sub-processors are all subject to contractual terms that enforce compliance with applicable data protection laws.
Octobat is currently using the following Sub-processors:
|SUB-PROCESSOR||SERVICE PROVIDED||LOCATION OF THE SUB-PROCESSOR|
|Amazon Web Services||Cloud service provider||Ireland|
|Dropbox||File storage||United States of America|
|Email, file storage||United States of America|
|Zendesk||User relationship management||United States of America|
Our business needs may change from time to time. For example, we may deprecate a Sub-processor to consolidate and minimize our use of Sub-processors. Similarly, we may add a Sub-processor if we believe that doing so will enhance our ability to deliver our services. We will periodically update this page to reflect additions and removals to our list of Sub-processors.
5. Transfers of Personal Information outside of the European Economic Area
The Personal Information that Octobat collects from you and that you provide to Octobat is processed in Ireland and is stored on servers in Ireland.
Your Personal Information may also be transferred to any third parties as described in the previous section. Some of these third parties to whom your Personal information will be shared are located outside of the European Economic Area, in countries whose data protection laws may not be as extensive as those which apply to us.
If we transfer your Personal Information to countries outside of the European Economic Area, we will ensure that we do this in accordance with French data protection regulations (for example, by putting in place an appropriate data transfer agreement). We will do this with a view to ensuring the level of protection which applies to your Personal Information processed in these countries is similar to that which applies within the European Economic Area.
7. Security and Data Center Location
Octobat's data and servers are hosted by Amazon AWS's data center in Ireland (EU). They are protected by firewalls establishing a barrier between our trusted, secure internal network and the Internet, and IP restrictions, limiting access to whitelisted IP addresses.
Access to this information and servers are restricted to a limited number of Octobat employees and Third Parties who can access the information only in specific circumstances and are bound by confidentiality obligations.
Each Octobat user can only access information pertaining to its Octobat account.
All pages within our checkout process and areas containing Personal Information are secured using SSL (Secure Socket Layer) technology, which encrypts data between our computer and yours. To make sure your Internet browser is using the latest security features, you may want to download the most recent version of it, which should have full SSL support.
You are responsible for maintaining the confidentiality of your user ID and password which relate to your access to certain pages of the Site and/or any Account you set up with us.
Despite our efforts regarding security it is important to bear in mind that the Internet is not a secure means of communication. Personal Information communicated through the Internet may be intercepted by other people. We cannot guarantee the security of Personal Information sent to us through this Site. You accept that you use this Site at your own risk.
8. Closing Your Account / Retention of Personal Information
As a general rule, your personal data will only be retained for the period necessary for the accomplishment of the purposes for which said data was collected, or as necessary to fulfill legal or regulatory obligations.
If you have created an Account through the Site, we will close your Account upon your request. We may also close or deactivate inactive Accounts or Accounts that are used in violation of our Terms of Service or any applicable law.
We will retain Personal Information from closed or inactive Accounts to the extent and as long as it is necessary and relevant for our operations and to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Service, and take other actions otherwise permitted by law.
In general, Personal Information from closed or inactive Accounts will be deleted or anonymized 5 years after the Account is closed or deactivated unless we have reasonable grounds to believe that the Personal Information should be retained for one of the purposes identified above.
9. Access/Corrections/Information Removal and other rights
You have the following rights over your personal data:
you can request the access to your personal data in order to obtain clear, transparent and understandable information on how Octobat processes your personal data and on your rights (as provided in this policy), as well as a copy of your personal data.
you can request the rectification of your personal data in order to obtain the modification of your personal data if they are obsolete, inaccurate or incomplete;
you can object to the processing of your personal data when the processing is based on Octobat’s legitimate interest. Octobat will no longer process your personal data unless Octobat demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as the respect of a legal obligation (e.g. legal obligation involving the retention of documents), or for the establishment, exercise or defense of legal claims.
you can request the restriction of the processing during a limited period of time, in particular in order to carry out some verifications, where one of the following applies:
you contest the accuracy of your personal data, the processing of which is thus restricted for the period necessary for Octobat to verify the accuracy of such personal data;
the processing is unlawful and, rather than requesting their deletion, you prefer to restrict their use;
Octobat no longer needs your personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims;
you have objected to the processing, which is thus restricted pending the verification of whether the compelling legitimate grounds of Octobat may override your interests, rights and freedoms.
you can withdraw your consent when it has been obtained, without this withdrawal affecting the lawfulness of the processing operations previously carried out.
you can ask to receive your personal data in a structured, commonly used and machine-readable format and also can request their transmission to another controller where technically feasible. This right is not exercised in all circumstances, it applies only if it fulfils all the following conditions:
your request is only related to your personal data (excluding anonymous or third-party data);
your request does not adversely affect the rights or freedoms of others, in particular those of Octobat (including trade secrets or intellectual property);
the processing is carried out by automated means (paper files are therefore not included);
the processing is based on consent or the performance of a contract (to check if it is the case, you can see the article 2 of this policy).
you can request the deletion of your personal data (or right to be forgotten), where one of the following legal grounds applies:
you object to the processing of your personal data and there are no overriding legitimate reasons justifying to maintain the processing of your personal data (such as an obligation for Octobat to keep certain personal data);
you object to marketing activities;
you decide to withdraw your consent on which the processing is based;
your personal data are no longer useful for the original purposes for which they were collected or for any other type of processing;
the use that is made of your data does not comply with the applicable legal or regulatory provisions.
If you are based in France, you can define either general or specific guidelines regarding your personal data in the event of your death (for example, their deletion or transmission to any person of your choice). You may revoke your instructions at any time.
Under certain circumstances, we may ask you for specific information in order to confirm your identity and ensure the exercise of your rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to an individual who does not have the right to receive it.
If you wish to access Personal Information collected or stored by us, or if your name, e-mail, postal address, telephone number or other Personal Information changes, you may correct the relevant information by contacting email@example.com. In addition, you have the right to object, at any time, to the processing of your Personal Information on legitimate grounds by contacting firstname.lastname@example.org.
10. Changes to this Privacy Notice
Octobat reserves the right to modify the Site and this Privacy Notice at any time, in particular to reflect changes in market conditions affecting Octobat activities, changes in technology, changes in relevant laws and regulatory requirements and changes in Octobat system's capabilities. In the event that Octobat modifies this Privacy Notice, Octobat’s revised Privacy Notice shall be effective immediately upon the posting of such revised Privacy Notice on the Site. Accordingly, we would recommend that you periodically re-review this Privacy Notice.
12. Contact Information
If you have any questions or concerns about this Privacy Notice, please email our support at email@example.com.