Cobbaï Privacy Policy

as of April 21st , 2021

Privacy and security are of utmost importance to Cobbaï and we strive to ensure that our technical and organisational measures in place respect your data protection rights.

This Privacy Policy describes how we manage, process and store personal data submitted in the context of providing our services. “Personal data” refers to any information relating to an identified or identifiable natural person; an identifiable natural person being one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Privacy Policy does not apply to third party sites, if and where applicable.

Consent

In subscribing to our services or filling in a contact form on our website (cobbai.com) or other sites owned by Cobbaï, you agree and accept that we may gather, process, store and/or use the personal data submitted in accordance with the rules set forth below. By giving your consent to us, you also retain the right to have your personal data rectified, to be forgotten and/or to be erased.

PERSONAL DATA COLLECTED

1. Identity and contact details of the data processor

Personal data is collected on our website by Cobbaï SAS, a Société par Actions Simplifiée registered under the laws of France under number 853 380 459 with the Paris Trade & Companies Register, and having its registered office at 4 rue Troyon, 75017 Paris, France

2. Data collected on the site

When you subscribe to our services, the following data is collected and managed: email, first name, last name, Intracommunity VAT number where applicable, login, postal address, country, telephone number, IP address(es) and domain name.

By using our services, the following data is collected and managed: log-on data and browsing data where you authorise it, order history, complaints, incidents, information on subscriptions and messages on our site. Some data is collected automatically by reason of your activity on the site (see paragraph on cookies below). Please be advised that we may for the purpose of delivering our services have Access to some personal information of your customers (for instance their email address).

The data submitted should not include any sensitive personal data, such as Government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals.

3. Purposes of processing and legal basis

The principal purpose of collecting your personal data is to offer you a safe, optimum, efficient and personalised experience. To this end, you agree and accept that we may use your personal data to:

We use the personal data submitted to us only in accordance with the applicable data protection legislation.

For our clients who have signed up on our website, we process your personal data for the performance of the contract between us to provide our services.

For our newsletter, use case studies and marketing material sign ups, we process your personal data based on the express consent you provide for this specific purpose.

We may share non-personally identifiable information (such as visiting pages, exit pages, number of clicks etc.) with third-parties to help us to understand the usage patterns for certain services.

4. Newsletter and marketing emails

We use your contact information and information about how you use the Services to communicate directly with you, including by sending you newsletters, promotions or information about current and future products and services. You may opt out of receiving such communications at any time by (i) clicking the unsubscribe link included in all the emails you receive or (ii) contacting us as indicated in “CONTACT US” section below.

5. Email statistics

Without systematically doing so, we may analyse and track the various rates (for example: click, open, bounce rates) and the number of emails sent which you open to assess performance rates on our emailing campaigns.

6. Testimonials

Cobbaï may publish a list of Customers & Testimonials on its site with information on our customers’ names and job titles. Cobbaï undertakes to obtain the authorisation of every customer before publishing any testimonial on its website. If you wish to be removed from this list, you can send us an email to [email protected] and we will delete your information promptly.

7. Third party disclosures

Personal data relating to you collected on our website are destined for Cobbaï’s own use and may be forwarded to Cobbaï’s partner companies so that we may obtain assistance and support in the context of carrying out our services. Cobbaï ensures that it has in place clear data protection requirements for all of its third party providers.

Cobbaï does not sell or rent your personal data to third parties for marketing purposes whatsoever.

In addition, Cobbaï does not disclose your personal data to third parties, except if: (1) you (or your account administrator acting on your behalf) requests or authorises disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested (i.e. to check you are employing best practice in your mailings or for the purposes of processing an acquisition card with credit-card issuing companies); (3) Cobbaï is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the third party is a subcontractor or sub-processor of Cobbaï in the carrying out of services (for example: Cobbaï uses the services of an Internet provider or a telecommunications company). In any event Harvest will make sure that the recipients of the data comply with the applicable data protection regulation.

In accordance with Article 28 of the GDPR, access to your Personal Data by our sub-processors is subject to the signature of a written agreement which allows us to monitor and control the way our sub-processors handle your personal data.

8. Your data protection rights

In accordance with the French Data Protection Laws and the European General Data Protection Regulation 2016/679 (GDPR) you have a right of access, correction and removal of your personal data which you may exercise by sending us a support ticket directly on the support chat (either on the website or on the app) or, by sending an email at [email protected]. Your requests will be processed within a reasonable timeframe that cannot exceed 30 days as from the receipt by Cobbaï of the request sent by the given user. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated in a timely manner. We may require that your request be accompanied by a photocopy of proof of identity or authority (copy of a valid ID document). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to improve the efficiency of our response.

You are also able at any time to modify personal data by logging into your account and clicking on “User Settings”.

You in particular benefit from the following rights:

1/ Access and communication of your personal data

You may at any time request an access to your personal data processed by Cobbaï.

Cobbaï may oppose a given request should it be considered as being obviously abusive (such as, in particular, in the event or recurrent or systematic requests from a given user).

2/ Amendment/rectification of the personal data

You may request to amend, update, lock or delete your personal data that may be incorrect, partial or obsolete. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. You may additionally define the guidelines applicable to your personal data in the event of your death.

3/ Right of opposition

You may exercise your opposition right for (i) legitimate reasons or (ii) to oppose to the commercial use of your personal data.

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. Cobbaï shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4/ Right to erasure

You have the right to obtain from Cobbaï the erasure of your personal data without undue delay, in particular if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. Upon such request, Cobbaï shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to proceed with the erasure of any links to, or copy or replication of, those personal data.

5/ Right to restrict the processing

You have the right to obtain from Cobbaï a restriction of processing where one of the following applies: (i) the accuracy of the personal data is contested by you, for a period enabling Cobbaï to verify the accuracy of the personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (iii) Cobbaï no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you have objected to processing pending the verification whether the legitimate grounds of Cobbaï override those of the data subject.

Cobbaï undertakes to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.

6/ Data portability

You have the right to receive your personal data that you have provided to Havestr, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another company without hindrance from Cobbaï. You have the right to have the personal data transmitted directly from Cobbaï to another company, where technically feasible.

7/ Complaint

If you consider that Cobbaï does not comply with its obligations in terms of data protection, you have the right to lodge a complaint with a supervisory authority, the relevant regulatory body being the CNIL (Commission Nationale de l’Informatique et des Libertés), to the following address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France.

In the event of any complaint, please contact us in priority: [email protected] or by mail to: Cobbaï SAS, Attn: Cobbai, Guillaume Burgaud, 4 rue Troyon, 75017 Paris, France

You may at any time withdraw you consent as to the use of your personal data where we are relying on such consent to process your personal data. Please note that such withdrawal will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent or fail to provide the requested personal data, we may not be able to provide you with whole or part of the service. We will advise you if this is the case at the time you withdraw your consent.

9. Cookies/Tracking

As a general rule, Cobbaï uses cookies and tracking to improve and personalise its Website and/or measure its audience. Cookies are files saved on your computer’s hard drive when browsing on the Internet and in particular on our site. A cookie is not used to gather your personal data without your knowledge but instead to record information on site browsing which can be read directly by Cobbaï on your subsequent visits and searches on the site.

1/ Types of cookies used

The cookies used by Cobbaï are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recognise users when they re-visit the site, to secure payments which users may make, to register the language spoken by users or other preferences necessary for the service requested to be supplied.

Cobbaï also uses analytics and tracking tools to measure website and digital data to gain customer insights, to carry out analyses on browsing experience so as to improve content, and to send targeted advertisements.

2/ Cookie management

By default, cookies are not installed automatically (with the exception of those cookies needed to run the site and Cobbaï’s services, and you are informed of their installation by a banner). In accordance with the regulations that apply, Cobbaï will require your authorisation before implanting any other kind of cookie on your hard drive. To avoid being bothered by these routine requests for authorisation and to enjoy uninterrupted browsing, you can configure your computer to accept Cobbaï cookies or we are able to remember your refusal or acceptance of certain cookies. By default, browsers accept all cookies.

Depending on the browser used by Users, the methods for deleting cookies are as follows:

On Internet Explorer On Firefox On Safari On Google Chrome

You can choose to decline acceptance of all cookies, but your ability to browse certain pages of the site may be reduced.

3/ Duration of cookies

Cookies are placed on the User’s terminal for a maximum period of 13 months from the date of the User’s consent.

After this period, consent will be re-obtained.

THIRD PARTY DATA

In the context of using our services, namely creating contact lists, Cobbaï has access to the contact lists you create, as well as the subject and content of the messages stored in your account.

This data is stored on secure servers and only a limited number of people are authorised to access your messages, in particular for the purpose of providing support services.

You may modify and or delete contacts at any time from your account.

In no case does Cobbaï sell, share or rent out your contact lists to third parties, nor does it use them for any purposes other than those set forth in this policy. We will use the information from your contact lists only for legal requirements, to invoice and collect summaries for our own statistics and for the purposes of providing you with customer support services.

As creator of the messages and contact lists, you are considered the data controller within the meaning of the GDPR, and Cobbaï is acting only as a data processor. In this capacity, you are responsible in particular for:

If a recipient of your emails sent via our services requests us to modify or delete his/her personal data, we will honor that request after proper verification and will inform you of it.

DATA RETENTION PERIODS

Cobbaï collects your personal data for the purpose of carrying out its contractual obligations as well as information about how and when you use our services and we retain this data in active databases, log files or other types of files so long as you use our services.

Cobbaï only stores your data for the time needed to provide to you our services, and in no event no longer than 3 months after closing your account (unless otherwise required by law). You are able to access your personal data for as long as you hold an active account with us and for a period that varies depending on the type of data concerned. Your event data (statistics, for example), will be deleted every 13 months during active use of your account. Other data may be deleted at any time during active use of your account in accordance with the provisions set forth above.

LOCATION OF DATA STORAGE AND TRANSFERS

The host servers on which Cobbaï processes and stores its databases are located exclusively within the European Union.

Cobbaï will inform you immediately, to the extent we are legally authorised to do so, in case of any application or order originating from an administrative or judicial authority relating to your personal data.

In order to perform our services, we may transfer some of your Personal Data to third party service providers located or using servers located outside the European Union (the “EU”) and the European Economic Area (the “EEA”). In such a case, we make sure that:

SECURITY

Within the framework of its services, Cobbaï attributes the very highest importance to the security and integrity of its customers’ personal data.

Thus and in accordance with the GDPR, Cobbaï undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.

To this end, Cobbaï implements industry standard security measures to protect personal data from unauthorised disclosure. In using industry recommended methods of encoding, Cobbaï takes the measures necessary to protect information connected with payments and credit cards.

Cobbaï undertakes to put in place the following organisational and technical safety measures: (i) means allowing to ensure the confidentiality (data pseudonymisation, encryption, etc.), the integrity, availability and permanent resiliency of the processing systems and services; (ii) means allowing to restore the availability of the personal data and access to such data within an appropriate timeframe in the event of material or technical issue; (iii) process allowing to regularly test, analyse and evaluate the efficiency of the technical and organizational safety in place to ensure the safety of the data processing, (iv) only make the personal data available to its officers duly authorised on the basis of their functions and role, to the extent strictly necessary to the due performance of their functions (need to know basis).

Such measures shall comply with the GDPR provisions.

Cobbaï shall be responsible for the compliance with these provisions and more generally the GDPR by its employees and affiliates (and their employees).

Additionnally, Cobbaï in particular undertakes to (i) process the data solely for the purpose(s) mentioned in this Privacy Policy, (ii) guarantee the confidentiality of the personal data processed, (iii) ensure that the persons authorised to process the personal data hereunder have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and receive the appropriate personal data protection training, and (iv) take into consideration, in terms of its tools, products, applications or services, the principles of data protection by design and by default.

Moreover, in order to avoid in particular all unauthorised access, to guarantee accuracy and the proper use of the data, Cobbaï has put the appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through its services.

Nothwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect you, Cobbaï undertakes to inform you thereof without undue delay (that cannot exceed 48 hours as from our knowledge of the breach) and to use its best efforts to take all possible measures to neutralise the intrusion and minimise the impacts. The notification will be accompanied by any appropriate documentation to allow, if necessary, the notification to be made to any regulation body. This notification will describe in clear and plain language the nature of the personal data breach and at least (i) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects involved and the categories and approximate number of personal data records concerned; (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) describe the likely consequences of the personal data breach; and (iv) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

We undertake to notify the competent supervisory authority (the CNIL) of the personal data breaches without undue delay and, where feasible, not later than 72 hours after having become aware of them, unless the breach in question is unlikely to result in a risk to the rights and freedoms of natural persons.

Should you suffer any loss by reason of the exploitation by a third party of a security breach, Cobbaï undertakes to provide you with every assistance necessary so you are able to assert your rights. Moreover if, by some exceptional case, the direct loss incurred arose due to fault or gross negligence by Cobbaï, you will be able to seek compensation within the limit of liability referred to in our Terms of Use.

You should keep in mind that any user, customer or hacker who discovers and takes advantage of a breach in security renders him or herself liable to criminal prosecution and that Cobbaï will take all measures, including filing a complaint and/or bringing court action, to preserve the data and the rights of its users and of itself and to limit the impacts.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

PRIVACY POLICY CHANGES

Cobbaï reserves the right to update this Privacy Policy at any time, in particular pursuant to any changes made to the laws and regulations in force. Any modifications made will be notified to you via our Website or by email, to the extent possible, thirty (30) days at least before any changes come into force. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the site. We would recommend that you check these rules from time to time to stay informed of our procedures and rules relating to your personal information.

CONTACT US

If you have questions, you can email us and our Data Protection Officer directly at: [email protected] or by mail to: Cobbaï SAS, Attn: Guillaume Burgaud, 4 rue Troyon, 75017 Paris, France

Contact

Copyright 2019 - 2021 Cobbaï. All rights reserved