SOFTYSOFT is committed to complying with all legal obligations regarding the protection of personal data. In particular, SOFTYSOFT has complied with Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), and Law No. 78-17 of January 6, 1978 on information technology, data files, and civil liberties, as amended by the August 6, 2004 law (Data Protection Law).
In preparation for the GDPR's entry into force on May 25, 2018, we have redefined and formalized our privacy policy in this document, known as the "Personal Data Protection Policy." This policy aims to inform about our privacy practices, as well as how your information is collected and used. It complements the contracts signed between SOFTYSOFT and Clients.
Simply put, SOFTYSOFT undertakes to:
- Process only data that has been collected fairly and lawfully,
- Process data only for specific, explicit, and legitimate purposes,
- Process only data that is adequate, relevant, and not excessive for these purposes,
- Take all necessary precautions to ensure data security,
- Not disclose this data to third parties without informing the individuals concerned.
This data protection policy is not set in stone and may evolve in accordance with national and European regulations, as well as with the doctrine and guidelines set by the National Commission on Informatics and Liberties (CNIL), an independent control authority for France.
In its relationships with clients, prospects, candidates, or suppliers, SOFTYSOFT may collect and process personal data necessary for its software publishing activities (client monitoring, support, prospect management, candidate management, supplier management, etc.).
To do this, we refrain from any indirect collection, any misuse of the nominative information you provide us, and in general, any act that could harm your privacy or reputation.
In general, we are only entitled to process your data once you have explicitly given us permission by checking the "I accept..." box (or any similar mention) on consent collection forms. Subsequently, if we have a contractual relationship, the processing will be legitimate and necessary for the management of that relationship, to the extent that you are a party to or involved in the implementation of pre-contractual or contractual measures undertaken with us.
SOFTYSOFT ensures that it only collects data strictly necessary for the declared purpose of the various processing operations carried out by the company. When initializing our contractual relationship, a contact request, a demonstration request, registration for an event, or a newsletter subscription, the following data is collected for the needs of the services provided by the company:
The data we collect serves specific purposes and is not used for other purposes. Our purposes are determined, legitimate, explicit, and compatible with our missions, particularly our software publishing activity.
SOFTYSOFT uses the personal data you provide to:
In addition, SOFTYSOFT also processes your data to meet its legal or regulatory obligations regarding any requests for data disclosure by authorized authorities.
SOFTYSOFT does not disclose the data of its clients, prospects, candidates, or suppliers to third parties and does not engage in any commerce with it. Your personal data may be transmitted to third parties for the sole purpose of the intended purposes.
Internally:
Externally:
The processed data may also be transmitted to competent authorities, as requested, in the context of legal proceedings, judicial research, information requests from authorities, or to comply with other legal obligations.
SOFTYSOFT only retains the personal data of its clients, prospects, candidates, or suppliers for the time necessary for the operations for which they were collected, in compliance with current regulations.
Customer data is kept for a maximum of 10 years from the end of the last contract between SOFTYSOFT and the customer.
Supplier data is kept for a maximum of 10 years from the end of the last contract between SOFTYSOFT and the supplier.
Prospect data is kept for a maximum of 3 years from the last contact between SOFTYSOFT and the prospect.
Candidate data is kept for a maximum of 3 years from the last contact between SOFTYSOFT and the candidate.
SOFTYSOFT determines and implements the necessary measures to protect personal data and prevent risks arising from the destruction, loss, alteration, unauthorized disclosure of transmitted, stored, or otherwise processed personal data, or unauthorized access to such data, whether accidental or unlawful.
These measures consist of appropriate logical, physical, or organizational measures designed to ensure a level of security appropriate to the risk as defined in Article 32 of the GDPR. They include, among other things, as needed:
Thus, the policy on the protection of personal data processed by SOFTYSOFT is organized around logical, physical, or organizational measures to comply with Article 32 of the GDPR.
SOFTYSOFT defines and implements the access and confidentiality rules applicable to the personal data processed. The level of detail accessible is defined according to the authorization/profile of each user from one of the 4 profiles below:
and this is by software for the last 3 profiles.
Only duly authorized persons can access certain data details, as part of a security policy allowing, in particular, access restriction to the information necessary for the activity. Access rights, granted in line with the user's function, are updated in case of evolution or change in function.
SOFTYSOFT does not transfer the personal data of its clients, prospects, candidates, or suppliers from one country or subsidiary to another worldwide. If such a transfer were necessary, particularly to a country outside the European Union, this transfer would be done in the context of the purpose pursued by the processing to which the data are intended.
In this case, data recipients would only be provided with the categories of data necessary to achieve that purpose. Overall, SOFTYSOFT would only transfer data in compliance with the provisions of Articles 44 to 50 of the GDPR.
Individuals concerned can exercise certain rights regarding their Data. In particular, individuals concerned have the right to do the following:
Further details are provided in the corresponding section below.
This provision applies, provided that the Data is processed by automated means and the processing is based on the User's consent, a contract to which the User is a party, or pre-contractual obligations. When personal data is processed in the public interest, in the exercise of official authority vested in SOFTYSOFT, or for the legitimate interests pursued by SOFTYSOFT, Users may object to such processing by providing reasons related to their specific situation justifying such objection.
These rights are described in Articles 15 to 22 of the GDPR. The individual concerned may exercise these rights by submitting their request to dpo@softysoft.com accompanied by supporting documents, particularly evidence of their identity and signature.
With the entry into force of the GDPR on May 25, 2018, SOFTYSOFT appointed a Data Protection Officer (DPO) directly reporting to the management of SOFTYSOFT.
The DPO continually ensures compliance with all personal data processing operations within SOFTYSOFT.
The DPO can be contacted at the following address: dpo@softysoft.com.
This data protection policy complements SOFTYSOFT's T&Cs and/or agreement, the provisions of which remain applicable insofar as they are not contrary.
In the context of its software publishing activities and the use of its software by clients, SOFTYSOFT informs and encourages its clients to inform the individuals from whom personal data is collected in accordance with the GDPR:
In the absence of individualized contact with the individual concerned by the collection and processing, SOFTYSOFT encourages its clients to inform said individual through all possible means (email, display, contract...) and notably the processes and procedures enabling the use of its software.