a) in order to meet our contractual obligations to you,
b) in accordance with our legitimate interest in processing your personal data (for example for the purposes of internal administrative management, data analysis and comparative analyses (see paragraph 3 below for more information), direct marketing, maintenance of automatic backup systems or detection or prevention of any criminal activity) or
2. HOW DO WE COLLECT INFORMATION?
Subject to applicable laws, we collect information about you or any third party whose information you provide to us when you: • register to use our websites, applications or services (including during free trials); this can include your surname, first name, company name, address, e-mail and telephone number and ERP configuration or when you update these details; and • fill out online forms (including callback requests), participate in our webinars, post messages on our discussion forums, participate in competitions or prize draws, download information, such as white papers or other publications, or participate in any activity offered on the various interactive spaces present on our website or on our application or service; • interact with us by using social networks; • provide us with your contact details when subscribing to our newsletter • contact us offline, for example by telephone, fax, SMS, email or post.
We will also collect your data when you only fill in part of the fields to be filled in on our site and/or on other online forms and/or when you leave this entry incomplete as you go along. We may use this data to contact you to remind you to enter missing information and/or for marketing purposes.
Provide us with information on a third party
3. HOW DO WE USE YOUR DATA?
Subject to applicable laws, we collect and process your data for the following purposes:
• to provide, maintain, protect and improve the applications, products, services and information that you have requested from us;
• to manage and administer your use of the applications, products and services you have asked us to provide;
• to manage our business relationship (for example, customer services and support operations);
• to monitor, measure, improve and protect our content, websites, applications and services and provide you with a personalised and quality user experience; where applicable, we will use a pseudonymised form of any information used for such purposes, and we will ensure that this information is presented as a whole and will not be linked to you or any other person concerned
• to internally, carry out checks on our websites, applications, systems and services in order to test and improve their security, supply and performance. ;
• to provide you with any information that we are required to provide to you in order to comply with our regulatory or legal obligations; • to detect, prevent, investigate or prevent criminal, illegal or prohibited activities, or protect our rights (including liaising with counterfeit deterrence groups);
• to contact you to find out if you would like to participate in our customer surveys (for example, our micro-business/SME e-merchant profile);
• to carry out joint statistical and comparative monitoring and analysis to avoid being able to identify you or any other natural person;
• to pass on advertisements, marketing messages (for example pop-up windows) or targeted information likely to be useful to you, based on your use of our applications and services;
• to deliver content and services jointly with third parties with whom you have a separate relationship (for example, with social network providers); and
• to provide you with different location-based services (for example, advertising or other personalised content), when we collect geolocation data.
To the extent permitted by applicable law, we will retain information about you after the closure of your New Oxatis account, if your request to open a New Oxatis account is refused or you decide not to proceed with it. This information will be held and used for legal, tax, regulatory, fraud prevention and legitimate business purposes as long as legally permitted.
Our website, applications (including mobile applications) and services may contain technologies that allow us to:
• verify specific information from your device or systems necessary for your use of websites, applications or services against our records to ensure that the websites, applications or services are used in accordance with our Terms and Conditions and our end-user agreements and for the purpose of resolving potential problems;
• obtain information relating to technical errors or other problems relating to our websites, applications and services;
• collect information about how you and users make use of the features of our websites, applications and services; and
• retrieve statistical information relating to the operating system and the environment from which you access our applications or services.
You can manage your privacy settings in your browser or on our applications or services (if applicable).
Mobile data (iPhone application – New Oxatis Backoffice)
Mobile applications may provide us with information relating to their use by the user and the use of our applications and services to which the user has access to via said mobile applications. We may use this information for the purpose of providing and improving the mobile application or our own services or applications. For example, you can record an activity performed with a mobile application. You can configure the privacy settings of our mobile application on your device, at the risk of affecting the performance of the mobile application concerned as well as the way it interacts with our applications and services.
Data analysis and comparative analyses. We may use the information generated and stored when you have used our services in our legitimate business interest in order to be able to offer you the best service and/or the best solutions and the best experience. These purposes may be to:
• Send you advertising or marketing messages (including product messages via the Intercom solution) or information that may be useful to you, depending on your use of our services;
• Perform research and development to improve our services, products and applications;
• Develop and provide new and existing features (such as, statistical analyses, comparative analyses or forecasting services) and;
• Offer you services adapted to your geographic location (for example, content corresponding to your location) for which we collect geolocation data in order to provide you with a relevant experience.
When we use your information for our legitimate business interest, we ensure that this information is processed in a pseudonymised way and is displayed only as a whole and not in connection with you or any other person concerned.
You have the right to object to your data being processed for our legitimate interest. In such a case, you are asked to fill out the “right to be forgotten” or “right to restrict processing of personal data” form. If you object to said processing of your data for the above-mentioned purpose, this may have consequences on our ability to offer you certain services and/or solutions.
4. SHARING OF YOUR INFORMATION
We may share your personal data with:
• our service providers and agents (including their subcontractors) or third parties processing the information on our behalf (for example, delivery providers, payment processing service providers and companies we use in order to help us send you communications) so that they can help us provide you with the applications, products, services and information that you wished to receive or which, from our point of view, could be of interest to you;
• partners, such as people responsible for setting up systems, resellers, distributors, your banking network, and developers, who help us to provide you with the applications, products, services and information that you have requested or that, from our point of view, are likely to interest you;
• third parties that we have used to carry out payment transactions, such as clearing companies, clearing systems, financial institutions and beneficiaries of transactions
• third parties, when you have a relationship with said third party and have consented to our transmission of information (for example, social networking sites or other e-commerce providers like marketplaces or price comparators);
• third parties, for marketing purposes (for example: our partners and other third parties with whom we work and whose products, from our point of view, may be of interest to you as part of conducting your e-commerce project. For example: payment solution providers, delivery providers, SMS providers);
• leading fraud prevention and counterfeiting agencies;
• regulators, in order to meet the legal and regulatory obligations of the New Oxatis Group;
• police authorities, so that they can detect or prevent crimes or prosecute offenders
• any third party, in the context of existing or imminent legal proceedings, provided that we are legally authorised to do so (for example, in response to a court order);
• any third party, in order to comply with our legal and regulatory obligations, including legal or regulatory reporting as well as the detection or prevention of unlawful acts;
• our own auditors and consultants, as well as those of the New Oxatis Group, in order to fulfil our audit responsibilities;
• another company, if we sell or buy a business or assets (or we negotiate the sale or purchase of a business or assets);
• any other company to which we may assign the contract that binds us; and
• public bodies which the law in force require us to inform.
We may share, publicly or with third parties, information relating to our websites, applications, products or services excluding any information that may identify you.
We may occasionally use your information to contact you in order to pass on information relating to our applications, products and services that may be of interest to you. We may also share your information with companies in our group and carefully selected third parties so that they may (or we may) contact you to pass on information about their products or services that may be of interest to you. For this purpose, you may be contacted by telephone, post, SMS or email. You have the right to ask us to stop contacting you for marketing purposes at any time. You can also, at any time, ask us not to share your information with the third parties mentioned in this paragraph. If you wish, you can exercise these rights by selecting your contact preferences in your customer account or by filling out the “right to be forgotten” or “right to restrict processing of personal data” form or by unsubscribing from email or SMS communications via the link indicated in these.
You can also unsubscribe from any marketing campaign and/or any advertising by email by clicking on the link included in the emails that we send you.
Advertising on a third-party platform
When you respond to communications posted on third-party platforms (for example, Facebook, Google or LinkedIn) we may possibly share your data with these third parties in order to send you targeted advertising content through the third-party platform and according to your profile and your interests. Your data is used by the third-party platform provider to identify your account and display advertisements on your screen. You can control what advertisements you receive in the platform provider’s privacy settings, and you can also visit the third party’s help centre for more information.
6. YOUR DATA AND YOUR RIGHTS
If you reside within the EEA or in another region governed by comparable data protection laws, in some cases you will have the following rights:
• the right to know how we use your data and the right to access your data;
• the right to request the modification or deletion of your data as well as to restrict the processing of your data;
• the right to object to the processing of your data, for example for marketing purposes or when its use is based on our legitimate interest;
• the right to receive data concerning you that you have provided automatically in a structured, commonly used and machine-readable format, or to have it sent directly to another company, if this is technically feasible (“data portability”);
• the right to withdraw your consent in accordance with legal or contractual limitations, when you have yourself consented to the processing of your data;
• the right to refuse any decision based on the automated processing of your personal data, especially profiling; and
• the right to lodge a complaint with the supervisory authority responsible for data protection matters (for example, the French Data Protection Authority [Commission Nationale de L’Informatique et des Libertés]).
If we hold incorrect information about you or if your contact details have changed, please let us know so that we can correct them and update our files.
We will keep your personal data for the duration of our business relationship and after its expiration, for the duration necessary for legitimate business purposes, in accordance with applicable European laws and regulations. In cases where we no longer need your personal data, we will destroy it in a secure manner (without sending you any further notice).
• Either by email, to the address: [email protected];
• Or by post, to NEW OXATIS, Immeuble Acropolis, 171 Bis, Chemin de Madrague Ville, 13002 Marseille, France
• Or by filling in the following form: https://www.oxatis.com/contact_us.htm
8. SECURITY AND STORING PERSONAL DATA
We ensure the security of your data by taking the technical and structural measures necessary to prevent its unlawful or unauthorised processing or its accidental loss, destruction and/or damage. We strive to protect your personal data as best we can. However, we cannot guarantee the security of your data transmitted to our websites, applications or services or to other websites, applications and services via an internet connection or any other connection. If we have given you (or if you have chosen) a password which allows you to access certain areas of our websites, applications or services, please keep this confidential; we will not share this password with anyone.
If you think your account has been hacked, please contact our customer service on +33486262626 or via your usual customer interface.
9. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA
The New Oxatis infrastructure is hosted in a datacentre designed and operated in France. We can use the services of call centre providers located outside the EEA to help us contact you as part of your e-commerce project.
We take care to ensure that when our data hosting providers and service providers transfer your data outside the EEA, appropriate measures and controls are established in compliance with applicable laws and regulations to protect them.
10. OTHER SITES AND SOCIAL NETWORKS
Our websites, applications or services may allow you to share data with social networking sites or to use social networking sites in order to create your account or to login to your social networking accounts. These social networking sites may automatically provide us with access to certain personal data about you that is held by these sites (for example, any content that you have viewed). It is your responsibility to manage your privacy settings from your own third-party social media accounts so you can choose which personal data you allow us to access from those third-party accounts.
11. COOKIES, STATISTICS AND TRAFFIC DATA
During your first visit to our website we are required to install cookies on your computer, tablet or mobile. These cookies can be installed by us or by the service providers who operate on our behalf and the information collected is only used for our benefit. Cookies allow us:
• to optimise your browsing and the functioning of our services
• to carry out studies and statistics about the number of visits to our site
• to process your requests via contact forms
You can configure your computer, tablet or mobile so that it informs you every time a cookie is placed on your device. You can also choose to disable all cookies. You can do this in your browser settings. If you disable cookies, you will no longer have access to many features which make your customer experience easier and some of our websites, applications and services will not work properly.
• Chrome browser: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
• Firefox browser: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Internet Explorer browser: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
• Safari browser: https://support.apple.com/en-il/guide/safari/sfri11471/mac
We use the following types of cookies:
• Strictly necessary cookies: Oxatis platform cookies
These are cookies that are necessary for the correct functioning of our websites, applications or services. For example, these cookies allow you to access secure areas of our website, to buy apps or templates on our Marketplace as part of your e-commerce business.
• Functional cookies:
These cookies allow our websites, applications and services to remember your choices (such as your username, your language or the region where you are located) and to offer improved, more personal features. These cookies can also be used to remember the changes you have made to the font or the font size as well as other customisable parts of webpages. They can also be used to provide you with services that you have requested. The information collected by these cookies can be made anonymous; furthermore, these cookies do not allow your browsing activity to be tracked on other internet sites.
• Performance and statistics cookies
These cookies collect information about how visitors and users use our websites, applications and services, such as, for example, which feature do visitors use the most and whether they receive error messages from different areas of websites, applications or services. These cookies do not collect information that could identify a visitor or user. All the information collected by these cookies is grouped together and, therefore, anonymous. We only use these cookies to improve the functionality of our websites, applications and services.
Google Analytics Cookies
New Oxatis uses the Hotjar solution to anonymously record customer experiences on our websites. The IP address, browsing data, device and browser used are used to analyse and improve the real customer experience on Oxatis group sites in all the encountered technical configurations.
AB Tasty Cookies
New Oxatis uses the AB Tasty solution to conduct marketing and statistical tests (known as A/B tests) on its websites. This solution allows us to collect statistical data about visitor numbers which is then aggregated and anonymised in a web interface to which the New Oxatis Marketing department, as customers of AB Tasty, has sole access. With the data collected, New Oxatis is able to improve the ergonomics of its site and the customer experience it offers. For more information, see https://www.abtasty.com/gdpr-compliance/
• Targeting or advertising cookies
These cookies are used to deliver advertisements that are more suited to your interests. They also help to limit the number of times you see an advertisement and also help to measure the effectiveness of an advertising campaign. They are usually placed by ad networks, with the permission of website operators. They remember that you have visited a website and this information is shared with other companies, such as advertisers. Very often, targeting or advertising cookies are linked to a site functionality provided by another company. Facebook Cookies: are used to be able to subsequently offer you differentiated advertising messages on the Facebook social network depending on whether you have already visited our site or not. For more information on these cookies, see https://www.facebook.com/policies/cookies/
– LeadsTheWay Cookies: are used to identify site visitors and the pages visited in order to contact them. For more information on these cookies, see https://www.lead-the-way.fr/donnees-personnelles.html (in French)
– Criteo Cookies: are used to create an audience base and target visitors with targeted advertisements when they browse other sites. More information on https://www.criteo.com/privacy/
– Bing Ads Cookies: are used to get to know our visitors from advertising campaigns on the Bing text ad network when they subscribe to the Oxatis e-commerce solution. More information on https://privacy.microsoft.com/en-us/privacystatement
– Google AdWords Cookies: are used to get to know our visitors from advertising campaigns on the AdWords text ad network when they subscribe to the Oxatis e-commerce solution. More information on https://cloud.google.com/security/gdpr/
Capterra affiliated partner cookies: are used to get to know our visitors from sponsored blog posts or partner e-commerce solution comparators (e.g. Capterra) when they subscribe to the Oxatis e-commerce solution. More information on https://www.capterra.com/legal/privacy-policy
Web beacons and other traceability technologies
• IP address and traffic data
We keep a track of traffic data, which is saved automatically by our servers, such as your IP address, information about your device, the website you visited before ours and the website you visit after leaving ours. We also collect certain statistics from sites, applications and services, such as frequency of access, pages accessed and pages viewed. We are not able to identify any individual from traffic data or site statistics.
12. JOB VACANCIES
By completing the form on this site, you consent to the processing of your personal information and authorise New Oxatis, as data controller, to collect and process personal information about you in its database, namely, your name, first names, home address, telephone number, training, professional experience, diplomas, distinctions, interview records etc., and more generally all information and personal data that you spontaneously provide as part of your application.
New Oxatis informs you that it may also expand your profile with information concerning you, namely information collected during its interactions with you, whether written, or on the telephone or whether it is physical interviews and from professional social networks or from any source of public information, when this information is useful for managing your application.
This information is subject to data processing intended for the management of your application. Your data may also be included in a CV library, which will allow New Oxatis to offer you other job vacancies, where relevant. To make external and internal recruitment easier, Oxatis uses the “DigitalRecruiters” software produced by the company BANKESS, allowing them to post job vacancies, collect applications and manage them.
New Oxatis acts as data controller for the submitted personal data and BANKESS acts as subcontractor.
Given its purpose, consisting in processing the personal data of candidates responding to job vacancies and the inclusion of candidate data within the New Oxatis CV library, the processing of your personal data is necessary for the pursuit of New Oxatis’ legitimate interests, namely the management of its recruitment processes, as well as the fulfilment of pre-contractual measures that may exist between New Oxatis and the candidates responding to its job vacancies.
This data is hosted in France, and it will be sent to the people in charge of recruitment within New Oxatis to allow them to consider your application.
Responses corresponding to fields marked with an asterisk are mandatory and any lack of response is likely to compromise following up your application. In other cases, these are optional and have no consequence on the review of your file
By accepting the conditions of this charter, you authorise New Oxatis to communicate, where relevant, your personal details to other companies in the Oxatis group, including those potentially located outside of the European Union, for the purpose of managing your application and improving its CV library. New Oxatis declares to have taken the necessary measures to control transfers outside the European Union and to protect your personal data. You can, by simple request to New Oxatis, ask for comprehensive information on the data transferred, the exact recipients of the information and the means implemented to supervise this transfer.
The personal data of candidates external to the company will be kept for a maximum period of 2 years after the last contact with our recruitment service, the concept of last contact being understood as the date on which you consented to the collection of your data. For internal applications, it is kept during the employee’s time at the company.
We inform you that your data is computerised and treated confidentially, security and confidentiality guarantees having been taken to protect the personal data available online.
As a subcontractor of New Oxatis, BANKESS is authorised to access your personal information if required, as part of their administrative and maintenance duties of the company’s “Careers sites” and of the application management tool, but cannot communicate this data to its own subcontractors without first obtaining the company’s permission. BANKESS may be required to send your personal data to a judicial authority, upon request thereof.
You can at any time exercise your right to opposition for legitimate reasons, as well as your rights to access, rectification and deletion of personal data concerning you by filling out the following form:
For any information relating to your rights on the processing of personal data, you can contact the Data Protection Officer (DPO) By Post: FAO DPO NEW OXATIS Immeuble Acropolis171 bis chemin de la Madrague Ville 13002 Marseille – France The request must be accompanied by a copy of an identity document. You also have the right to request Oxatis to send all personal data concerning you in a structured format.
In any event and as necessary, you have the right to lodge a complaint with the CNIL, Commission Nationale Informatique et Libertés [French Data Protection Authority] (www.cnil.fr).
13. ADDITIONAL INFORMATION: DATA PROTECTION OFFICER (DPO)
NEW OXATIS appoints Laurent Bizot, Technical Director, to the role of Data Protection Officer.
If you have any questions about the processing of your data, the content hereof, your rights under applicable law, how to update your information or the steps to be taken to obtain a copy of the information concerning you in our possession, we ask you to send an e-mail to [email protected]
APPLICABLE LAW The European Regulation 2016/679 of the European Parliament and of the Council. Act n° 2004-575 of 21 June 2004 for confidence in the digital economy and in particular Article 6. Act n° 78-17 of 6 January 1978 relating to Data Processing, Data Files and Individual Liberties amended by Act n° 2018-493 of 20 June 2018 relating to the protection of personal data for the processing of personal data.