Privacy Policy
- Data Controller
Personal data processing is carried out under the responsibility of BOLDO SAS. Boldo is committed to processing Users' personal data in compliance with applicable regulations relating to the protection of personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation – GDPR) and French Law No. 78-17 of 6 January 1978, as amended ("Informatique et Libertés" Act), as well as any applicable national and European provisions supplementing them (hereinafter the "Regulations"). Where terms are capitalised, they are defined in Boldo's General Terms and Conditions of Sale.
- Legal Basis and Purposes
Data processing is carried out for the following purposes:
- Management of User accounts and security of the Service;
- User support and maintenance of the Service;
- Audience and usage measurement and statistics for the purpose of improving the Service;
- Management of the business relationship with the Client, including administrative matters, billing, and communication about the Service's offerings (sending information, particularly commercial information, by Boldo, such as service updates, newsletters, new offers, quotes, and news).
These processing activities are based on (i) the performance of a contract or the implementation of pre-contractual measures with the Client, (ii) Boldo's legitimate interest in fulfilling its contractual commitments to the Client, contacting the Client for commercial and prospecting purposes, and protecting its information systems, and (iii) legal obligations.
- Categories of Data and Sources
To achieve these purposes, the following data is processed:
- Identification data, professional information and contact details of Users (last name, first name, email address, job title, company, phone number for Clients);
- Billing data and payment method information depending on the payment method chosen by the Client;
- Data relating to support requests;
- Technical data (login identifiers, IP address, device technical data, pages viewed, date and time of access, information relating to use of the Service).
This data comes from information provided by the Client, Users, or indirectly through cookies or other trackers on the Service, or is inferred from the Users' use of the Service. Data collection is limited to the information necessary to fulfil the purposes described above.
- Cookies and Trackers
The boldo.io website uses cookies and similar technologies. A consent banner allows you to manage your preferences at any time.
Strictly necessary cookies (always active):
| Name | Domain | Description | Duration |
|---|---|---|---|
| cc_cookie | boldo.io | Stores your cookie consent preferences | 6 months |
| NEXT_LOCALE | boldo.io | Remembers your chosen language | 1 year |
Functional cookies (subject to consent):
| Name | Domain | Description | Duration |
|---|---|---|---|
| boldo_visitor_id | boldo.io | Unique visitor identifier to remember your preferences | 13 months |
Advertising & analytics cookies (subject to consent):
| Service | Domain | Description | Duration |
|---|---|---|---|
| Google Analytics | google.com | Traffic analysis and user behavior tracking | 2 years |
| Google Ads | google.com | Conversion tracking to measure the effectiveness of advertising campaigns | 90 days |
- Data Subjects and Recipients
The data subjects concerned by the processing are the Client, purchaser of the Boldo Service, whether or not they hold a user account, and the individuals under the Client's responsibility who hold a user account and are granted access to the Service through the subscription taken out by the Client, or who have access to the Service through a free trial.
To fulfil the purposes described above, Boldo may share personal data, in compliance with the Regulations, with the following recipients:
- Boldo's internal sales, marketing, finance, and IT departments are recipients of all such data;
- Subcontractors or partners providing IT services (hosting);
- Subcontractors or partners providing online payment and billing services;
- Subcontractors or partners providing mailing services.
Finally, to comply with legal and regulatory obligations, Boldo may also be required to share personal data with public organisations, judicial or administrative authorities, and supervisory bodies.
Some of Boldo's partners may also collect information about Users in order to provide Boldo's services (for example, our online payment service providers may collect your payment information and credit card number). For more information, you can consult their privacy or data protection policy when using these options.
- Retention Periods
- Data of Users who are not Clients is retained for the duration of the contract with the Client.
- Client data is retained for the duration of the business relationship, then for a period of three years from the end of the business relationship.
- Transfers Outside the European Union
The recipients of your data are primarily located within the European Union but may also be located outside the EU. In the latter case, if the country does not benefit from an adequacy decision by the European Commission ensuring an adequate level of protection, we take the necessary security measures and legal precautions to ensure the security and integrity of the personal data transferred and to provide a sufficient and appropriate level of data protection in accordance with Chapter V of the GDPR, in particular through the execution of standard contractual clauses.
- Exercising Your Rights
If you are concerned by the processing of personal data, you may exercise your rights of access, rectification, erasure, and portability of your personal data, as well as your rights to restrict and object to processing.
For any information or to exercise your rights, you can contact the data controller at the following address:
contact@boldo.io 20 B RUE LOUIS-PHILIPPE, 92200 NEUILLY-SUR-SEINE, France
If you do not receive a response within one month, or if you are not satisfied with the response provided, you may also file a complaint with the CNIL (French Data Protection Authority).