Privacy Policy
Here is the translation with numbering for better clarity:
---
**1. Data Controller**
The processing of personal data is carried out under the responsibility of BOLDO SAS. Boldo is committed to processing the personal data of Users in compliance with applicable regulations regarding the protection of personal data, including the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended Law No. 78-17 of January 6, 1978 "Data Protection Act," as well as any applicable national and European provisions supplementing them (hereinafter the "Regulation").
When terms are written in capital letters, they are defined in Boldo's general terms and conditions of sale.
**2. Legal Basis and Purposes**
The processing is carried out for the following purposes:
- Management of User accounts and securing the Service;
- User support and maintenance of the Service;
- Audience and usage metrics and statistics for the purpose of improving the Service;
- Management of the commercial relationship with the Client, including administrative matters, billing, and communication about the Service's offers (sending of information, including commercial information by Boldo, such as service updates, newsletters, new offers, quotes, news).
These processes are based on:
(i) the performance of the contract or the implementation of pre-contractual measures with the Client,
(ii) the legitimate interest of Boldo to fulfill its contractual commitments to the Client, to contact the Client for commercial and prospecting purposes, and to protect its information systems, and
(iii) legal obligation.
**3. Categories of Data and Sources**
To achieve these purposes, the following data are processed:
- Identification data, professional information, and contact details of Users (first name, last name, email address, position, company, telephone number for Clients);
- Data relating to billing and payment methods depending on the payment method chosen by the Client;
- Data relating to support requests;
- Computer data (login identifiers, IP address, technical data about the device, pages viewed, date and time of viewing, information relating to the use of the Service).
This data comes from information provided by the Client, the Users, or indirectly through cookies or other trackers on the Service, or is inferred from the Users' use of the Service. The collection of data is limited to the information necessary to achieve the purposes described above.
**4. Data Subjects and Recipients**
The persons concerned by the processing are:
- The Client, the purchaser of the Boldo Service, whether or not they have a user account, and
- The natural persons under the responsibility of the Client who have a user account and benefit from access to the Service through the subscription taken out by the Client or who benefit from free trial access to the Service.
To achieve the purposes described above, Boldo may need to communicate personal data, in compliance with the Regulation, to the following recipients:
- The commercial, marketing, finance, and IT departments of Boldo are recipients of all this data;
- Subcontractors or partners providing IT services (hosting);
- Subcontractors or partners providing online payment and billing services;
- Subcontractors or partners providing mailing services.
Finally, to satisfy legal and regulatory obligations, Boldo may also need to share this personal data with public organizations, judicial or administrative authorities, and regulatory bodies.
Some of Boldo's partners may also need to collect information about Users to provide Boldo's services (for example: our online payment service providers may collect your payment information and credit card number). For more information, you can consult their privacy or data protection policy when using these options.
**5. Retention Periods**
- The data of Users who are not Clients are kept for the duration of the contract with the Client.
- The Client's data are kept for the duration of the commercial relationship, then for a period of three years from the end of the commercial relationship.
**6. Transfer(s) Outside the European Union**
The recipients of your data are essentially located within the European Union but may also be located outside the EU. In the latter case, if the country does not benefit from an adequacy decision by the European Commission ensuring an adequate level of protection, we take the necessary security measures and legal precautions to ensure the security and integrity of the personal data transferred and to ensure a sufficient and appropriate level of data protection in accordance with Chapter V of the GDPR, including through the conclusion of standard contractual clauses.
**7. Exercise of Rights**
If you are concerned by the processing of personal data, you can exercise the rights of access, rectification, erasure, and portability of your personal data, as well as the rights to limit and object to the processing.
For any information or to exercise your rights, you can contact the data controller at the following address:
20 B RUE LOUIS-PHILIPPE, 92200 NEUILLY-SUR-SEINE, France
If you do not receive a response within one month or if you are not satisfied with the response provided, you can also file a complaint with the CNIL.
---