We use cookies to improve the relevance of our website when you interact with it. Cookies help us to understand how you use our website so that we can tailor content to you. For more information about the different cookies we use, read the Privacy Policy.
Cookie preferences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy

Article 1. General

Thank you for your interest in DocLoop's services and for visiting the DocLoop website. Your privacy is important to us, and we want you to feel comfortable visiting our website and using DocLoop's services. Protecting your privacy when processing your personal data is an important concern to which we pay special attention in our business processes. Personal data collected when visiting our website and/or using DocLoop's services are processed by us in accordance with the legal provisions in force in the countries where the websites are maintained, in particular in accordance with Regulation (EC) No. 1073/1999. For the countries in which the websites are maintained, in particular according to Regulation (EU). 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation ("GDPR")).We respect your privacy and your Personal Data and ensure the lawfulness of the processing of such Data.This Privacy Policy describes the types of Personal Data we collect about you and why, how we use your Personal Data, how we may share it, process it, and how long we keep it. We also describe the steps we take to protect Personal Information and how you can exercise your rights with respect to that information. Acceptance of this Privacy Policy is evidenced by a checkbox on the registration form. This acceptance can only be full and complete. Any conditional acceptance is considered null and void. Users who do not agree to be bound by the Privacy Policy should not use the Services. This Privacy Policy may change as we grow and evolve, so please pay attention to any changes and updates that may result. We expressly reserve the right to modify this Privacy Policy at any time and in our sole discretion by including such alteration and/or modification in this Privacy Policy, together with notification of the effective date of such modified policy. Any continued use of the Services after the posting of the amended Privacy Policy will be deemed to indicate your irrevocable agreement to such new Privacy Policy. Accordingly, if at any time you do not agree to be bound by a modified Privacy Policy, please discontinue accessing or using the Services.

1.1 The scope of the privacy policy

This Privacy Policy applies to Personal Data that we obtain through your use of the DocLoop Services and the DocLoop Website via a Device or when you interact with us in any other way. By registering for or using the DocLoop services and the DocLoop website, you consent to the collection, recording, organizing, structuring, storing, adapting or modifying, accessing, using, disclosing by transmission and any other type of processing described in this Privacy Policy.

1.2 Definitions

DocLoop Services or Services: all DocLoop services we offer:
- Website(s) (Controller).
- SaaS (Processor) product(s), i.e. DocLoop software solution(s) hosted in the Cloud.

‍Third Party Services - Third party products or services that you may choose to integrate or interact with DocLoop services. You should always review the policies of third-party services to ensure that you are comfortable with how they collect and process your Personal Data.

‍Controller: a natural or legal person, public authority, department or other body that, alone or jointly with others, determines the purposes and means relating to the processing of Personal Data.

‍Data: all the different forms of content and information we collect as described in this Privacy Policy.

‍Device : any computer used to access the DocLoop Services, including, without limitation, a desktop computer, laptop, cell phone, tablet or other consumer electronic device.

‍Personal Data: any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the person concerned.

‍Subprocessor: a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.

‍User: any person who accesses and browses the Website and/or the DocLoop Services as an ordinary Internet user or customer.

‍Website(s ): including, but not limited to, https://www.docloop.io, https://www.docloop.fr, https://www.docloop.org, and all related websites, subdomains and pages.

The terms "data subject", "processing", "supervisory authority", "data protection officer", "data incident", etc. that are used in this Privacy Policy have the meaning given to them by the GDPR.

Article 2. Categories of data collected and processed

2.1 Personal data

When using our services, we may ask you to provide us with certain personally identifiable information (Personal Data) that may be used to contact or identify you. This Personal Data is processed in accordance with the purposes for which it was collected.

Personal Data that may be collected and processed by us for the purposes described in Section 3 of this Privacy Policy includes, but is not limited to, name, email address, and password.

We also collect Non-Personal Data in connection with the Services, which is information that does not personally identify an individual. The Non-Personal Data we collect includes:
- How you interact with the Services.
- Information typically collected or "logged" by websites or web services when users access or use them.
- Information from your web browser or the Device you use when accessing or using the Services.

2.2 Non-personal data

Examples of non-personal data we collect include: Your Internet Protocol (IP) address; information about your computer or mobile device, such as its manufacturer or operating system version, and HTTP header information; the pages of our website that you viewed during a visit; what type of information or content you view or interact with while using our Services; language preferences; the city and state in which you are located (but not your exact geographic location); and Unique Identifiers that are not linked and cannot, reasonably, be linked to your identity.We will not use Non-Personal Data to try to identify you, and if we link Non-Personal Data to information that personally identifies you, then we will treat it as Personal Data. As described in more detail below, we sometimes use cookies and other automatic information gathering technologies to collect Non-Personal Information.

2.3 Tracers and cookies

We use cookies and similar tracking technologies to track activity on our services and store certain information. The tracking technologies used are tags, markers and scripts to collect and track information to improve and analyze our services. The technologies we use may include:

- Cookies or browser cookies. A cookie is a small file placed on your device. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Services. Unless you have set your browser to refuse cookies, our Services may use cookies.

Cookies may be "persistent" cookies or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you log out, while session cookies are deleted as soon as you close your web browser.

We use both session cookies and persistent cookies for the purposes set out below:

- Necessary / Essential Cookies
Type: Session cookies
Administered by us
Purpose: These cookies are essential to provide you with the services available through the website and to allow you to use certain of its features. They are used to authenticate Users and prevent fraudulent use of User accounts. Without these cookies, the services you have requested cannot be provided and we use these Cookies only to provide you with those Services.

- Cookie Policy / Cookie Acceptance Notice
Type: persistent cookies
Administered by us
Purpose: These Cookies identify whether Users have accepted the use of Cookies on the Website.

- Functionality Cookies
Type: persistent cookies
Administered by us
Purpose: These cookies allow us to remember choices you make when using the Website, such as remembering your login details or language preferences. The purpose of these cookies is to provide you with a more personal experience and to avoid having to re-enter your preferences each time you use the website.

2.4 The various cookie configuration tools

Most Internet browsers are set by default to allow cookies. Your browser allows you to change these default settings so that all cookies are automatically blocked or only certain cookies are enabled or blocked depending on who is setting them.

You can block cookies by configuring your browser as follows:

For Chrome:
- On your computer, open Chrome.
- At the top right, click More.
- Click "More Tools" and then click "Clear Browsing Data".
- At the top of the page, select a time range. ...
- Check the "Cookies and other site data" and "Cached images and files" boxes.
- Click "Clear Data."

For Mozilla Firefox:
- Choose "Menu" and then "Options."
- Select the "Privacy and Security" panel.Go to the "Cookies and Site Data" menu and select your preferred options.

For Microsoft Internet Explorer:
- Choose the "Tools" menu and then "Internet Options."
- Click on the "Privacy" tab.
- Use the slider to select the privacy level.

For Edge:
- Go to "Settings".
- Under "Erase browsing data", select "Choose what to erase".
- Check the box according to each type of data you want to delete, then select "Delete."

For Opera:
- Choose the "Settings" menu, then "Preferences".
- "Privacy and Security"

Please be aware that blocking cookies may alter your user experience and access to certain services or features of the DocLoop website(s).

Article 3. The purposes of the collection and processing of personal data

Your Personal Data is collected and processed for explicit, legitimate, specific and well-defined purposes. The primary purpose of collecting Personal Data is to provide a safe, optimized, efficient and personalized experience of using the Services and the Website(s). You may therefore allow us to use your Personal Data so that we can*:

- Provide and manage our Services and ensure their proper functioning.
- Provide access to our Services.
- Analyze when and how often you use our Services.
- Communicate with you and improve the quality of the Services, i.e., respond to your questions and provide you with news.
- Help us provide, maintain and protect the Services.
- Create, maintain and protect accounts to use the Services.
- Process transactions.
- Provide customer service.
- Communicate with you, such as by providing you with communications related to your account or transactions, or other newsletters.
- RSS feeds, and/or other communications relating to the Services.
- Send or display our offers and other content customized to your interests or preferences.
- Conduct research and analysis to improve our products and services and to develop new ones.
- Operate and maintain the systems that provide the Services.
- To improve our online operations

Anonymous information (such as data collected by cookies) will be used only for statistical purposes, to improve our Services and/or our Website(s). This Data will then be deleted. We will also use non-personal Data to simplify the use of our Services and/or Website(s). We may use cookies to remember the country of residence selected during sessions so that you do not need to select it again.

*Any use of Personal Data for purposes other than those mentioned above requires your express consent.

In any case, and for each defined purpose, we will do our best to ensure the security and confidentiality of the personal data entrusted to us in compliance with applicable laws and regulations.

Article 4 Consent

All of your Personal Information is collected directly from you, when you register, when you place an order, when you log in and when we communicate with you (online requests, e-mails, phone calls...).

When you subscribe to the Services, you fill in various forms and communicate various Personal Information to benefit from the Services we offer.

In accordance with data protection legislation, we undertake, as the case may be, to obtain your consent and/or to allow you to object to the processing of your Personal Data for certain purposes.

You can choose not to receive any more marketing emails from us by clicking on the "unsubscribe" link included in the emails. Please note that it may take up to ten (10) business days to process your unsubscribe request. Also, even if you unsubscribe from marketing emails, we may continue to send you certain emails related to your account, such as notices about your account and confirmations of transactions you have requested.

Article 5 Recipients and disclosure of personal data

5.1 Recipients of personal data

Access to personal data is strictly limited to authorized persons who need access to process them. These persons are subject to strict confidentiality obligations.

Only the authorized persons specified below may have access to Users' Personal Data:
- Our authorized personnel in the various departments (authorized personnel in the communication, administrative, logistics and IT departments, in charge of customer relations and in charge of control).
- Our subcontractors who act in our name and on our behalf, and in particular the host of the Website(s) and the Services.
- Third parties who may place Cookies on your terminals (computers, tablets, cell phones...) when you consent to them doing so.
- Your authorized personnel.

Please refer to the privacy policies of third parties to learn more about their Data practices.

Your Data is not shared, traded, sold or rented to anyone other than those mentioned above. No personal data is sold to third parties for marketing or other purposes without your permission.

5.2 Disclosure of personal data

We may disclose your personal data to third parties as described below. We may disclose personal and non-personal data to provide the Services, or when you authorize or direct us to do so through your setup or use of the Services, for example when you use the Services to share shipping and logistics information with your service providers and other users of the Services and their service providers.

We may also disclose personal and non-personal data to companies, agents, contractors, service providers or other persons engaged to perform functions on our behalf (such as processing payments, storing data, hosting our website, marketing our Services, conducting audits and performing web analytics).

We may license third party software for inclusion in or use with the Services, in which case we may disclose personal data and/or non-personal data to the licensor.

We may also disclose your Personal Data to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including the investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property, or safety of us, our users, or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent, or otherwise address fraud, security, or technical issues.

In addition, we reserve the right to transfer data (including your personal data) to a third party in the event of a sale, merger, or transfer of all or substantially all of our company's assets related to the Services, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such a transfer, for example, by e-mail or by posting a notice on our website.

Finally, we may also disclose, with your consent, Non-Personal Data, aggregated with information about our other users, to our customers, business partners, merchants, advertisers, investors, potential buyers, and other third parties if we believe that such disclosure has good business reasons or justification.

Article 6 Retention period of personal data

We undertake to keep the Personal Data collected in a form that allows the identification of the persons concerned for no longer than is necessary for the purposes for which the Personal Data is processed. Personal Data may be kept for longer periods insofar as the Personal Data will be processed solely for archiving purposes for a mission of public interest, for scientific or historical research purposes or for statistical purposes in accordance with applicable laws and regulations.

However, Data may be processed for the proof of a right or contract. The Data may also be retained due to legal obligations or kept in files in accordance with applicable laws and regulations.

As an exception, the User's Personal Data is kept by us for a period of three (3) years from the last contact with the User.

For the management of our commercial relationship with you and for customer follow-up, your Data is kept for three (3) years from the end of the commercial relationship if you are a customer.

With regard to Cookies, it is specified that the information stored in your terminal (e.g. Cookies) or any other element allowing you to be identified for the purposes of audience statistics is not kept beyond a period of six (6) months. After this period, the raw traffic data associated with an identifier is either deleted or anonymized.

Finally, to ensure the proper functioning and continuous improvement of the Services and its features, the raw traffic data associated with an identifier is kept for a period of thirteen (13) months. After this period, it is deleted or anonymized.

In any event, we regularly review the information we store. We securely delete your Personal Data and Non-Personal Data when we no longer have a reason to retain it for legal or business purposes or to manage your account, or if you exercise your right to change or delete it.

If you exercise your right to object to the processing of your Personal Data, we will securely delete your Personal Data that we process for purposes to which you object as soon as possible, unless there is another legal basis for processing and retaining your Personal Data or we are required by law to retain it.

Article 7 Transfer of personal data to a third country or an international organization

We will not transfer Personal Data outside the European Union.

Personal Data is hosted by Clever Cloud, and the servers are in France.

If this is not the case, we will inform you, indicating the measures taken to control this transfer, and ensure that the confidentiality of your Personal Data is respected.

In any event, if the processing of Personal Data involves transfers of Personal Data outside the European Union, we will ensure that your Personal Data is processed and transferred in accordance with this Privacy Policy and the GDPR. We will apply contractual clauses ensuring appropriate Data protection safeguards as a basis for transfers of Data outside the European Union to third countries or international organizations. This includes standard contractual clauses - called standard contractual clauses ("SCCs") - that have been approved by the European Commission.

Article 8 Security of personal data

8.1 General information

We implement the following appropriate technical and organizational measures to protect the integrity, confidentiality and security of personal data from accidental or unlawful alteration, destruction or loss, or unauthorized use, disclosure or access; and to ensure and be able to demonstrate that such processing is carried out in accordance with applicable legislation:
- Appoint a Data Protection Officer.
- Create a special committee for information systems security.
- Inform employees who have access to personal data of the confidentiality requirements.
- Secure access to our offices and IT platforms.
- Use data encryption. Implement a security policy.
- Implement appropriate electronic, physical and managerial procedures to safeguard and protect personal and non-personal data collected.
- Secure the access, sharing and transfer of personal data.
- The high level of security standards that we require for the protection of Personal Data when selecting our subcontractors and partners.
- Audit of our contractors.
- Secure data networks protected by a firewall and password-protected systems that meet applicable standards.

These measures are reviewed and updated regularly as necessary.

8.2 Data incidents

If we become aware of a Data Incident, we will: (a) notify the Data Subject, the Controller/Controller and the Supervisory Authority of the Data Incident promptly and without undue delay, and no later than 72 hours after becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimize the damage and secure the Personal Data.

Notifications made pursuant to this section shall, to the extent practicable:

(a) describe the nature of the Personal Data breach, including, if possible, the categories and approximate number of individuals affected, and the categories and approximate number of Personal Data affected;

(b) provide the name and contact information of the Data Protection Officer or other point of contact where further information may be obtained;

(c) describe the likely consequences of the Personal Data breach;

(d) describe the measures taken or envisaged by the data controller to remedy the Personal Data breach including, where appropriate, measures to mitigate any adverse effects that may arise.

Notification of any data breach will be sent to the notification email address or, at our discretion, by direct communication (e.g., by telephone call or in-person meeting). Another party is solely responsible for ensuring that the notification email address is current and valid.

Our notification of or response to a data incident will not be construed as an admission by us of any fault or liability with respect to the data incident.

Any User or hacker who discovers and exploits a security breach may be punished by law and we will take all steps, including filing a complaint and/or taking legal action, to protect their Data and rights and those of their Users, and to limit the impacts of the security breach.

8.3 data hosting and storage

We host the data with a hosting service provider (Clever Cloud). The servers on which personal data is stored are kept in a controlled environment in Europe. While we make reasonable efforts to protect your Personal Data, no security system is impenetrable and, due to the inherent nature of the Internet as an open global medium, we cannot guarantee that the Data, while in transmission over the Internet or while stored on our systems or in our care, will be secure from intrusion by others, such as hackers.

Article 9 SSL and TLS protocols on the website(s)

The https://www.docloop.io, https://www.docloop.fr, https://www.docloop.org websites and the Services use SSL or TLS for added security and to protect the transfer of confidential data. An encrypted connection can be identified by:
- changing the browser address from "http://" to "https://";
- the padlock symbol in your browser's address bar.

When SSL or TLS encryption is enabled, the Data you transmit to us cannot be read by others.

Article 10 Data protection and associated rights

Under the GDPR, you have the following rights with respect to your Personal Data:
- Right of access to your Data.

You have the right to access your Personal Data. However, due to our obligation to protect the security and confidentiality of Personal Data, we inform you that we can only process your request if you provide proof of your identity.
- Right to rectify your data.

Under this right, the law allows you to request the rectification, updating, restriction or deletion of your Personal Data if it is inaccurate, erroneous, incomplete or obsolete.
- Right to erase your Data ("right to be forgotten").
- Right to withdraw your consent at any time.
- Right to restrict the processing of your Data.
- Right to object to the processing of your Data.
- Right to data portability.
- Right to file a complaint with a supervisory authority.

These rights can be exercised by simple request by e-mail, or by mail to the address stipulated in Article 13, indicating your contact details (name, first name, address and a copy of a signed identity document) and a legitimate reason when required by law (in particular in the case of opposition to processing).

If you provide us with a copy of your identity card to prove your identity, we will keep it for one (1) year or three (3) years when you exercise your right to object.

Article 11. Children's privacy

Our Services are not intended for and are not marketed to persons under the age of eighteen (18) or any other age designated by applicable law ("minors"). We do not knowingly collect or solicit Personal Data from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your Personal Data. We delete Personal Data that we learn has been collected from a minor without verified parental consent.

Article 12. The deadline for response

We will respond to your request for access, rectification or opposition or to any other request for information within a period that will not exceed thirty (30) days from the receipt of your request.

Article 13. Contact details and data protection officer

Your Personal Data are collected and processed by Marseille Gyptis International (MGI), a French company with a capital of 1.275.280 euros, registered in the Marseille Trade and Companies Register under number B 333 186 732, having its registered office at Immeuble le Murano, 22 avenue Robert Schuman, 13235 Marseille, France, represented by Mr. Rémi JULIEN in his capacity as Chairman of the Executive Board, the Controller of the Data collected on the Website(s) and the Processor for the Data collected from and for the use of the Services.

If you have any questions about this Privacy Policy or the processing of your Personal Data or if you wish to exercise any of your rights under the GDPR, you can contact us:
- by mail: MGI, Immeuble le Murano, 22 avenue Robert Schuman, 13235 Marseille, France.
- by e-mail : contact@docloop.io