DocLoop Services or Services: all DocLoop services we offer:
- Website(s) (Controller).
- SaaS (Processor) product(s), i.e. DocLoop software solution(s) hosted in the Cloud.
Third Party Services - Third party products or services that you may choose to integrate or interact with DocLoop services. You should always review the policies of third-party services to ensure that you are comfortable with how they collect and process your Personal Data.
Controller: a natural or legal person, public authority, department or other body that, alone or jointly with others, determines the purposes and means relating to the processing of Personal Data.
Device : any computer used to access the DocLoop Services, including, without limitation, a desktop computer, laptop, cell phone, tablet or other consumer electronic device.
Personal Data: any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the person concerned.
Subprocessor: a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.
User: any person who accesses and browses the Website and/or the DocLoop Services as an ordinary Internet user or customer.
Website(s ): including, but not limited to, https://www.docloop.io, https://www.docloop.fr, https://www.docloop.org, and all related websites, subdomains and pages.
When using our services, we may ask you to provide us with certain personally identifiable information (Personal Data) that may be used to contact or identify you. This Personal Data is processed in accordance with the purposes for which it was collected.
We also collect Non-Personal Data in connection with the Services, which is information that does not personally identify an individual. The Non-Personal Data we collect includes:
- How you interact with the Services.
- Information typically collected or "logged" by websites or web services when users access or use them.
- Information from your web browser or the Device you use when accessing or using the Services.
Cookies may be "persistent" cookies or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you log out, while session cookies are deleted as soon as you close your web browser.
We use both session cookies and persistent cookies for the purposes set out below:
- Necessary / Essential Cookies
Type: Session cookies
Administered by us
Purpose: These cookies are essential to provide you with the services available through the website and to allow you to use certain of its features. They are used to authenticate Users and prevent fraudulent use of User accounts. Without these cookies, the services you have requested cannot be provided and we use these Cookies only to provide you with those Services.
Type: persistent cookies
Administered by us
- Functionality Cookies
Type: persistent cookies
Administered by us
Purpose: These cookies allow us to remember choices you make when using the Website, such as remembering your login details or language preferences. The purpose of these cookies is to provide you with a more personal experience and to avoid having to re-enter your preferences each time you use the website.
Most Internet browsers are set by default to allow cookies. Your browser allows you to change these default settings so that all cookies are automatically blocked or only certain cookies are enabled or blocked depending on who is setting them.
You can block cookies by configuring your browser as follows:
- On your computer, open Chrome.
- At the top right, click More.
- Click "More Tools" and then click "Clear Browsing Data".
- At the top of the page, select a time range. ...
- Check the "Cookies and other site data" and "Cached images and files" boxes.
- Click "Clear Data."
For Mozilla Firefox:
- Choose "Menu" and then "Options."
- Select the "Privacy and Security" panel.Go to the "Cookies and Site Data" menu and select your preferred options.
For Microsoft Internet Explorer:
- Choose the "Tools" menu and then "Internet Options."
- Click on the "Privacy" tab.
- Use the slider to select the privacy level.
- Go to "Settings".
- Under "Erase browsing data", select "Choose what to erase".
- Check the box according to each type of data you want to delete, then select "Delete."
- Choose the "Settings" menu, then "Preferences".
- "Privacy and Security"
Please be aware that blocking cookies may alter your user experience and access to certain services or features of the DocLoop website(s).
Your Personal Data is collected and processed for explicit, legitimate, specific and well-defined purposes. The primary purpose of collecting Personal Data is to provide a safe, optimized, efficient and personalized experience of using the Services and the Website(s). You may therefore allow us to use your Personal Data so that we can*:
- Provide and manage our Services and ensure their proper functioning.
- Provide access to our Services.
- Analyze when and how often you use our Services.
- Communicate with you and improve the quality of the Services, i.e., respond to your questions and provide you with news.
- Help us provide, maintain and protect the Services.
- Create, maintain and protect accounts to use the Services.
- Process transactions.
- Provide customer service.
- Communicate with you, such as by providing you with communications related to your account or transactions, or other newsletters.
- RSS feeds, and/or other communications relating to the Services.
- Send or display our offers and other content customized to your interests or preferences.
- Conduct research and analysis to improve our products and services and to develop new ones.
- Operate and maintain the systems that provide the Services.
- To improve our online operations
*Any use of Personal Data for purposes other than those mentioned above requires your express consent.
In any case, and for each defined purpose, we will do our best to ensure the security and confidentiality of the personal data entrusted to us in compliance with applicable laws and regulations.
All of your Personal Information is collected directly from you, when you register, when you place an order, when you log in and when we communicate with you (online requests, e-mails, phone calls...).
When you subscribe to the Services, you fill in various forms and communicate various Personal Information to benefit from the Services we offer.
In accordance with data protection legislation, we undertake, as the case may be, to obtain your consent and/or to allow you to object to the processing of your Personal Data for certain purposes.
You can choose not to receive any more marketing emails from us by clicking on the "unsubscribe" link included in the emails. Please note that it may take up to ten (10) business days to process your unsubscribe request. Also, even if you unsubscribe from marketing emails, we may continue to send you certain emails related to your account, such as notices about your account and confirmations of transactions you have requested.
Access to personal data is strictly limited to authorized persons who need access to process them. These persons are subject to strict confidentiality obligations.
Only the authorized persons specified below may have access to Users' Personal Data:
- Our authorized personnel in the various departments (authorized personnel in the communication, administrative, logistics and IT departments, in charge of customer relations and in charge of control).
- Our subcontractors who act in our name and on our behalf, and in particular the host of the Website(s) and the Services.
- Third parties who may place Cookies on your terminals (computers, tablets, cell phones...) when you consent to them doing so.
- Your authorized personnel.
Please refer to the privacy policies of third parties to learn more about their Data practices.
Your Data is not shared, traded, sold or rented to anyone other than those mentioned above. No personal data is sold to third parties for marketing or other purposes without your permission.
We may disclose your personal data to third parties as described below. We may disclose personal and non-personal data to provide the Services, or when you authorize or direct us to do so through your setup or use of the Services, for example when you use the Services to share shipping and logistics information with your service providers and other users of the Services and their service providers.
We may also disclose personal and non-personal data to companies, agents, contractors, service providers or other persons engaged to perform functions on our behalf (such as processing payments, storing data, hosting our website, marketing our Services, conducting audits and performing web analytics).
We may license third party software for inclusion in or use with the Services, in which case we may disclose personal data and/or non-personal data to the licensor.
We may also disclose your Personal Data to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including the investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property, or safety of us, our users, or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent, or otherwise address fraud, security, or technical issues.
In addition, we reserve the right to transfer data (including your personal data) to a third party in the event of a sale, merger, or transfer of all or substantially all of our company's assets related to the Services, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such a transfer, for example, by e-mail or by posting a notice on our website.
Finally, we may also disclose, with your consent, Non-Personal Data, aggregated with information about our other users, to our customers, business partners, merchants, advertisers, investors, potential buyers, and other third parties if we believe that such disclosure has good business reasons or justification.
We undertake to keep the Personal Data collected in a form that allows the identification of the persons concerned for no longer than is necessary for the purposes for which the Personal Data is processed. Personal Data may be kept for longer periods insofar as the Personal Data will be processed solely for archiving purposes for a mission of public interest, for scientific or historical research purposes or for statistical purposes in accordance with applicable laws and regulations.
However, Data may be processed for the proof of a right or contract. The Data may also be retained due to legal obligations or kept in files in accordance with applicable laws and regulations.
As an exception, the User's Personal Data is kept by us for a period of three (3) years from the last contact with the User.
For the management of our commercial relationship with you and for customer follow-up, your Data is kept for three (3) years from the end of the commercial relationship if you are a customer.
With regard to Cookies, it is specified that the information stored in your terminal (e.g. Cookies) or any other element allowing you to be identified for the purposes of audience statistics is not kept beyond a period of six (6) months. After this period, the raw traffic data associated with an identifier is either deleted or anonymized.
Finally, to ensure the proper functioning and continuous improvement of the Services and its features, the raw traffic data associated with an identifier is kept for a period of thirteen (13) months. After this period, it is deleted or anonymized.
In any event, we regularly review the information we store. We securely delete your Personal Data and Non-Personal Data when we no longer have a reason to retain it for legal or business purposes or to manage your account, or if you exercise your right to change or delete it.
If you exercise your right to object to the processing of your Personal Data, we will securely delete your Personal Data that we process for purposes to which you object as soon as possible, unless there is another legal basis for processing and retaining your Personal Data or we are required by law to retain it.
We will not transfer Personal Data outside the European Union.
Personal Data is hosted by Clever Cloud, and the servers are in France.
If this is not the case, we will inform you, indicating the measures taken to control this transfer, and ensure that the confidentiality of your Personal Data is respected.
We implement the following appropriate technical and organizational measures to protect the integrity, confidentiality and security of personal data from accidental or unlawful alteration, destruction or loss, or unauthorized use, disclosure or access; and to ensure and be able to demonstrate that such processing is carried out in accordance with applicable legislation:
- Appoint a Data Protection Officer.
- Create a special committee for information systems security.
- Inform employees who have access to personal data of the confidentiality requirements.
- Secure access to our offices and IT platforms.
- Use data encryption. Implement a security policy.
- Implement appropriate electronic, physical and managerial procedures to safeguard and protect personal and non-personal data collected.
- Secure the access, sharing and transfer of personal data.
- The high level of security standards that we require for the protection of Personal Data when selecting our subcontractors and partners.
- Audit of our contractors.
- Secure data networks protected by a firewall and password-protected systems that meet applicable standards.
These measures are reviewed and updated regularly as necessary.
If we become aware of a Data Incident, we will: (a) notify the Data Subject, the Controller/Controller and the Supervisory Authority of the Data Incident promptly and without undue delay, and no later than 72 hours after becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimize the damage and secure the Personal Data.
Notifications made pursuant to this section shall, to the extent practicable:
(a) describe the nature of the Personal Data breach, including, if possible, the categories and approximate number of individuals affected, and the categories and approximate number of Personal Data affected;
(b) provide the name and contact information of the Data Protection Officer or other point of contact where further information may be obtained;
(c) describe the likely consequences of the Personal Data breach;
(d) describe the measures taken or envisaged by the data controller to remedy the Personal Data breach including, where appropriate, measures to mitigate any adverse effects that may arise.
Notification of any data breach will be sent to the notification email address or, at our discretion, by direct communication (e.g., by telephone call or in-person meeting). Another party is solely responsible for ensuring that the notification email address is current and valid.
Our notification of or response to a data incident will not be construed as an admission by us of any fault or liability with respect to the data incident.
Any User or hacker who discovers and exploits a security breach may be punished by law and we will take all steps, including filing a complaint and/or taking legal action, to protect their Data and rights and those of their Users, and to limit the impacts of the security breach.
We host the data with a hosting service provider (Clever Cloud). The servers on which personal data is stored are kept in a controlled environment in Europe. While we make reasonable efforts to protect your Personal Data, no security system is impenetrable and, due to the inherent nature of the Internet as an open global medium, we cannot guarantee that the Data, while in transmission over the Internet or while stored on our systems or in our care, will be secure from intrusion by others, such as hackers.
The https://www.docloop.io, https://www.docloop.fr, https://www.docloop.org websites and the Services use SSL or TLS for added security and to protect the transfer of confidential data. An encrypted connection can be identified by:
- changing the browser address from "http://" to "https://";
- the padlock symbol in your browser's address bar.
When SSL or TLS encryption is enabled, the Data you transmit to us cannot be read by others.
Under the GDPR, you have the following rights with respect to your Personal Data:
- Right of access to your Data.
You have the right to access your Personal Data. However, due to our obligation to protect the security and confidentiality of Personal Data, we inform you that we can only process your request if you provide proof of your identity.
- Right to rectify your data.
Under this right, the law allows you to request the rectification, updating, restriction or deletion of your Personal Data if it is inaccurate, erroneous, incomplete or obsolete.
- Right to erase your Data ("right to be forgotten").
- Right to withdraw your consent at any time.
- Right to restrict the processing of your Data.
- Right to object to the processing of your Data.
- Right to data portability.
- Right to file a complaint with a supervisory authority.
These rights can be exercised by simple request by e-mail, or by mail to the address stipulated in Article 13, indicating your contact details (name, first name, address and a copy of a signed identity document) and a legitimate reason when required by law (in particular in the case of opposition to processing).
If you provide us with a copy of your identity card to prove your identity, we will keep it for one (1) year or three (3) years when you exercise your right to object.
Our Services are not intended for and are not marketed to persons under the age of eighteen (18) or any other age designated by applicable law ("minors"). We do not knowingly collect or solicit Personal Data from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your Personal Data. We delete Personal Data that we learn has been collected from a minor without verified parental consent.
We will respond to your request for access, rectification or opposition or to any other request for information within a period that will not exceed thirty (30) days from the receipt of your request.
Your Personal Data are collected and processed by Marseille Gyptis International (MGI), a French company with a capital of 1.275.280 euros, registered in the Marseille Trade and Companies Register under number B 333 186 732, having its registered office at Immeuble le Murano, 22 avenue Robert Schuman, 13235 Marseille, France, represented by Mr. Rémi JULIEN in his capacity as Chairman of the Executive Board, the Controller of the Data collected on the Website(s) and the Processor for the Data collected from and for the use of the Services.
- by mail: MGI, Immeuble le Murano, 22 avenue Robert Schuman, 13235 Marseille, France.
- by e-mail : email@example.com