Version updated on August 08, 2022
Sages Informatique is the editor of the online electronic document management solution called Zeendoc.
The head office of Sages Informatique is located at Lieu-dit Cacciariccia, route de Mezzavia, 20167 AFA, France. Sages Informatique is registered in the Trade and Companies Register under the number SIREN 430 044 040.
In what follows, we will often use " Zeendoc " to designate the company Sages Informatique, because it is the name that is known by the users.
Your privacy and your personal data are of paramount importance to us. At Zeendoc we have some fundamental principles:
- We only ask for or process your personal information if it is necessary or if you have given us your consent to do so.
- We do not share your personal data with anyone except to comply with the law, to assist you or to protect our rights.
Below you will find our data use policy which includes these principles.
Zeendoc operates several websites, including www.zeendoc.com, www.sages-informatique.com, www.scancenter.fr/, https://zeenplanet.com, cabinets.zeendoc.com and https://armoires-sante.zeendoc.com. By browsing any of these sites, you will be considered a business and agree that the consumer-specific provisions do not apply. Zeendoc's policy respects the privacy of information that we may collect in the course of operating our websites. Zeendoc is committed, within the framework of its activities and in accordance with the legislation in force in France and in Europe, to ensure the protection, confidentiality and security of the personal data of the users of its services, as well as to respect their private life.
1 Data controller
As the person in charge of processing, which consists of providing its customers with an online computerized document management system (in Saas mode), Sages Informatique, the publisher of Zeendoc, has completed all the necessary administrative formalities with the competent authorities. In general, Zeendoc respects all the laws and regulations relating to the protection of personal data in force in the countries where it carries out its activities, including but not limited to
- as of May 25, 2018, the European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, often referred to as the GDPR) ;
- French law no. 78-17 of January 6, 1978 on data processing, data files and individual liberties, as amended from time to time. Sages has uploaded made several declarations to the CNIL, including one, registered under no. 2186552, concerning the processing of personal data intended to provide the Zeendoc electronic document management service.
Similarly, as a subcontractor for its customers who use the online computerized document management system (in Saas mode), Sages Informatique, the publisher of Zeendoc, has completed all the necessary administrative formalities with the competent authorities, in particular the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, often referred to as the GDR).
It should be noted that the documents deposited within Zeendoc are encrypted with a key unique to each customer, and therefore unique to each virtual cabinet. Thus, neither employees or service providers, nor end users whose accounts have been created by other Zeendoc customers can access the content of the documents deposited in your Zeendoc cabinet. The subscriber of a Zeendoc subscription may explicitly grant temporary access to his or her virtual file cabinet, especially to Zeendoc employees, service providers or partners, and in particular for technical support purposes. In any case, it is the Zeendoc customer who decides to grant access to his or her cabinet and who has complete control over it, including the documents that are deposited there, which can only be consulted by the persons to whom he or she has granted access.
3 Purpose and legal basis
The processing of personal data carried out by Zeendoc as data controller has the following purposes, based on the following legal grounds:
- Implementation of the Zeendoc online document management service: legal basis: contractual relationship and legitimate interest of Sages Informatique in offering an efficient and relevant service to ensure its commercial profitability;
- Management of the commercial relationship with Clients, users and prospects: legal basis: contractual or pre-contractual relationship, legitimate interest of Sages to ensure the commercial profitability of its offers and services;
- Assistance to customers, users and prospects: legal basis: contractual or pre-contractual relationship ;
- Litigation and restraint management: legal basis: legitimate interest of Elders to protect themselves from the unfortunate consequences of possible litigation and restraint;
- Studies and analyses of the use of services, in particular for the purpose of improving the sites and services: legal basis: legitimate interest of Sages to offer an efficient and relevant service allowing to ensure commercial profitability.
Zeendoc, as a subcontractor, cannot determine all the purposes of the processing of personal data that may be contained in the documents filed by its customers. These purposes can be as well the archiving of documents that do not need to be processed in any other way as the management of litigation, the management of accounting including the management of invoices, the management of files of a law firm, management of a syndic, etc.
4 Processed data
4.1 Data contained in the documents filed in Zeendoc
4.1.1 Processing methods and obligations of the parties when Sages Informatique acts as a processor with regard to personal data processed on behalf of the controller
The purpose of this clause is to define the conditions under which SAGES, the Subcontractor, undertakes to carry out on behalf of the Customer, the Data Controller, who has created Your access to the Service, the personal data processing operations defined hereinafter.
In the context of their contractual relationship, the parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as of 25 May 2018 (hereinafter, " the european data protection regulation " or the RGPD).
For the performance of the Service, SAGES INFORMATIQUE (hereinafter "the Subcontractor") provides You, as an End User acting under the authority of the Data Controller (the Customer who created your access to the Service), with the following information:
22.214.171.124.1 Purpose of the processing carried out by the Subcontractor
SAGES INFORMATIQUE, the Subcontractor is authorized to process on behalf of the Customer, the Data Controller, the personal data potentially included in the documents that the Data Controller deposits within Zeendoc.
The nature of the operations carried out on the data is defined in the General Conditions of Use and the documentation relating to Zeendoc.
The purpose of the processing carried out by SAGES INFORMATIQUE is the computerised management of the documents of the Customer responsible for the Processing, online (in a cloud computing infrastructure).
The potential subsequent purposes for which the Customer in charge of processing processes the personal data potentially contained in the documents that it deposits within Zeendoc are determined by the said Customer in charge of processing. These purposes may be, for example and without limitation, the management of orders, the administration of local authority services, the management of litigation files, the management of personnel or human resources, etc.
126.96.36.199.2 Personal Data processed under the subcontracting agreement
The categories of personal data processed as part of the service are not determined by SAGES INFORMATIQUE but by the Customer responsible for processing. In fact, it concerns data present in documents deposited in Zeendoc by the Customer, and SAGES INFORMATIQUE has no control over the Customer's decision to upload documents in Zeendoc nor any means of determining or predicting what data these documents contain or will contain.
The Data Controller is the only Party able to determine and document the said categories of personal data.
188.8.131.52.3 Categories of persons concerned by FCDs in the context of subcontracting
In the same way, the categories of persons concerned by the DCP present in the documents deposited in Zeendoc by the Customer Data Processor are not determined by SAGES INFORMATIQUE but by the Customer, Data Processor.
Customer is the only Party able to determine and document such categories of persons.
184.108.40.206.4 Retention period for FADs under the subcontract
In the same way, the duration of conservation of the DCP potentially contained in the documents deposited in Zeendoc and/or indexed by Zeendoc is not the responsibility of SAGES INFORMATIQUE but that of the Customer, the Data Controller.
The Customer is the only Party able to determine and document such retention period.
220.127.116.11.5 Obligations of SAGES INFORMATIQUE, the Subcontractor, towards the Customer, the Data Controller
Subcontractor agrees to:
To process the personal data that may be contained in the documents filed by the Customer in Zeendoc only for the sole purpose(s) that is/are the subject of the subcontracting (Purpose of the Service, see above).
Process the data in accordance with the provisions of these terms and conditions and/or any contract binding the Parties, or, where applicable, the documented instructions of the Controller accepted by both Parties. If the Subcontractor considers that an instruction given to it by the Controller constitutes a violation of the GDPR or any other provision of Union law or the law of the Member States relating to data protection, it shall promptly and spontaneously inform the Controller. In addition, if the Processor is required to transfer data to a third country or to an international organization under Union law or the law of the Member State to which it is subject, it must inform the Processor of this legal obligation prior to the processing, unless the relevant law prohibits such information on important grounds of public interest
Guarantee the confidentiality of personal data processed under this contract and in particular ensure that persons authorized to process personal data under this contract:
- are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality
- receive the necessary training on the protection of personal data.
- Privacy by Design
Consider the principles of data protection by design and data protection by default for its tools, products, applications or services.
The Subcontractor is authorized to use any supplier to make the Service operational (hereinafter, the " Suppliers "), in particular to conduct the following processing activities: Server hosting, data center operators, cloud computing solution providers, backup solution providers, Internet data network access or similar, document personalization service etc.
Any Supplier is required to comply with the obligations of this contract on behalf of and according to the instructions of the Controller. It is the responsibility of the initial Subcontractor to ensure that the Supplier presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Data Protection Regulation. If the Supplier fails to fulfill its data protection obligations, the Subcontractor shall remain responsible to the Controller for the Supplier's performance of its obligations.
- Right to information for data subjects
It is the responsibility of the Data Controller to provide information to the data subjects at the time of data collection.
The Subcontractor may provide the Client with standard notices and provisions to assist it in conveying information to data subjects that their personal data may be processed by the Subcontractor.
- Exercising the rights of individuals
To the extent possible, the Subcontractor shall assist the Controller in fulfilling its obligation to comply with requests to exercise the rights of data subjects: right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling). The Controller has full control over the personal data in relation to the Data Subjects and the Subcontractor makes its best efforts to implement the technical and organizational measures enabling the Controller to fulfill its obligations to comply with the requests to exercise the Data Subjects' rights.
- Notification of personal data breaches
The Subcontractor shall notify the Controller of any personal data breach within a maximum of 72 hours of becoming aware of it and by any appropriate means, in particular one of the following: e-mail, telephone call, written letter, fax, SMS etc. This notification shall be accompanied by any useful documentation to enable the Data Controller, if necessary, to notify this breach to the competent supervisory authority and to the persons concerned.
The notification shall contain, to the extent possible:
- A description of the nature of the personal data breach including, if possible, the categories and approximate number of individuals affected by the breach and the categories and approximate number of personal data records affected;
- The name and contact details of the Data Protection Officer or other point of contact from whom further information can be obtained;
- A description of the likely consequences of the personal data breach;
- A description of the steps taken or proposed to be taken by the Subcontractor to remedy the personal data breach, including, if applicable, measures to mitigate any adverse consequences.
If and to the extent that it is not possible to provide all of this information at the same time, the information may be provided in a staggered manner without undue delay.
- Helping the Processor to comply with the Data Processor's obligations
The Sub-Contractor assists and advises the Controller in carrying out data protection impact assessments. The Sub-Contractor may also assist and advise the Controller in carrying out the prior consultation with the supervisory authority.
- Security measures
With respect to documents filed in Zeendoc, the Subcontractor agrees to implement the following security measures:
- Document encryption ;
- The means to ensure the continued confidentiality, integrity, availability, and resiliency of processing systems and services;
- The means to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
- A procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of the processing
- Data Fate
Upon completion of the services relating to the processing of such data, the Subcontractor agrees to:
At the option of the Data Controller:
- Destroy all Customer data, including personal data or
- To return all data, including personal data, to the Data Controller or
- To return the personal data to the Sub-processor designated by the Data Controller
The return must be accompanied by the destruction of all existing copies in the Subcontractor's information systems. Once destroyed, Subcontractor must provide written justification for the destruction.
- Data Protection Officer
The Subcontractor shall provide the Controller with the name and contact details of its Data Protection Officer, if it has appointed one in accordance with Article 37 of the EU Data Protection Regulation, or of any other person in a department performing similar functions on behalf of the Subcontractor. Such person or department shall be contactable by email at firstname.lastname@example.org.
- Register of categories of processing activities
The Subcontractor declares that it has the capacity to produce a record of all categories of processing activities performed on behalf of the Processor including:
- The categories of processing carried out on behalf of the Data Controller;
- Recipients of personal data, including service providers, suppliers and subcontractors;
- Where applicable, transfers of personal data to a third country or international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the European Data Protection Regulation, documentation attesting to the existence of appropriate safeguards;
- To the extent possible, a general description of technical and organizational security measures, including but not limited to, as appropriate:
- The encryption of documents deposited in Zeendoc ;
- means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;
- the means to restore the availability of data, including personal data, and access to them in a timely manner in the event of a physical or technical incident;
- a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of the processing.
- Documentation and information
The Processor shall make available to the Controller such information or documentation as is necessary to demonstrate compliance with all of its obligations and to enable and assist in audits, including inspections, by the Controller or another auditor appointed by the Controller.
18.104.22.168.6 Obligations of the Data Controller towards the Subcontractor
22.214.171.124.6.1 Informing the persons concerned
The Data Controller undertakes to inform the persons concerned that their personal data contained in documents may be stored in a Zeendoc Electronic Document Management solution and that indexing and optical reading and storage of this data may be carried out within the Zeendoc Electronic Document Management solution.
The Data Controller undertakes, when filing a document in Zeendoc that contains personal data, to do so only in a lawful manner, i.e. when:
- the document is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject (sale, service, order, estimate...)
- the data subject has consented to the processing of his or her personal data for one or more specific purposes, and this consent has been obtained in accordance with the terms and obligations of the GDPR, in particular after having received clear information on the purposes and in a positive way (no pre-ticked consent box for example)
- the processing or the document is necessary to comply with a legal obligation to which the data controller is subject, in particular the drawing up and keeping of invoices or pay slips;
- the processing or document is necessary to safeguard the vital interests of the data subject or another natural person;
- the processing or document is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the Data Controller;
- the processing or document is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
126.96.36.199.6.3 Sensitive Data
When the documents it deposits in Zeendoc potentially contain sensitive data within the meaning of the RGPD, the Data Controller undertakes to do so lawfully, i.e. in one of the cases provided for by the RGPD and which are recalled below. In this case, the Data Controller undertakes either to upload these documents in a digital safe optionally offered within Zeendoc or to carry out, if it deems necessary, a possible impact analysis and to take responsibility for any corrective measures that may need to be put in place following said impact analysis.
More generally, the Processor undertakes to assume full responsibility relating to the fact of upload in Zeendoc documents containing sensitive data within the meaning of the RGPD.
The GDPR considers personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person to be sensitive data. National identification numbers (NIR or INSEE numbers in France) are also considered sensitive data, as well as data relating to criminal convictions and offences.
The processing of such data is only possible in the following cases:
- The data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes, except where Union law or the law of the Member State provides that such consent may not be given by the data subject;
- The processing is necessary for the purposes of carrying out the obligations and exercising the rights of the controller or the data subject in the field of employment law, social security and social protection insofar as such processing is authorised by Union law, by the law of a Member State or by a collective agreement concluded under the law of a Member State which provides appropriate safeguards for the fundamental rights and interests of the data subject;
- The processing is necessary to protect the vital interests of the data subject or of another natural person, if the data subject is physically or legally incapable of giving consent;
- The processing shall be carried out, in the context of their legitimate activities and subject to appropriate safeguards, by a foundation, association or any other non-profit-making body pursuing a political, philosophical, religious or trade union aim, provided that the said processing relates exclusively to the members or former members of the said body or to persons who have regular contacts with it in connection with its purposes and that the personal data are not communicated outside the said body without the consent of the data subjects;
- The processing relates to personal data which are manifestly made public by the data subject ;
- The processing is necessary for the establishment, exercise or defense of a legal claim or whenever the courts act in their judicial capacity;
- The processing is necessary for important public interest reasons, on the basis of Union law or the law of a Member State, which must be proportionate to the objective pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;
- The processing is necessary for the purposes of preventive or occupational medicine, assessment of the worker's capacity to work, medical diagnosis, health or social care, or the management of health care or social protection systems and services on the basis of Union law, the law of a Member State, or by virtue of a contract concluded with a health professional and subject to the conditions and safeguards set out below;
- The processing is necessary for reasons of public interest in the field of public health, such as protection against serious cross-border threats to health, or for the purpose of ensuring high standards of quality and safety of health care and medicinal products or medical devices, on the basis of Union law or the law of the Member State which provides for appropriate and specific measures to safeguard the rights and freedoms of the data subject, including professional secrecy;
- The processing is necessary for archival purposes in the public interest, for scientific or historical research or for statistical purposes, on the basis of Union law or the law of a Member State, which must be proportionate to the objective pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject.
Furthermore, sensitive data may be processed for the purposes set out in point 8 above if those data are processed by or under the responsibility of a health professional who is subject to an obligation of professional secrecy in accordance with Union law, the law of a Member State or rules laid down by competent national bodies, or by another person who is also subject to an obligation of secrecy in accordance with Union law or the law of a Member State or rules laid down by competent national bodies.
Processing of personal data relating to criminal convictions and offences or related security measures may be carried out only under the supervision of the public authority, or if the processing is authorised by Union law or by the law of a Member State which provides appropriate safeguards for the rights and freedoms of data subjects. Any complete register of criminal convictions may be kept only under the control of the public authority.
188.8.131.52.6.4 Compliance with RGPD obligations
The Processor undertakes to comply with the obligations of the GDPR and to ensure, in advance and throughout the processing, that the obligations provided for in the European Data Protection Regulation are complied with by the Subcontractor.
In particular, the Data Controller undertakes, if he is obliged to do so or if it is strongly recommended, to keep a register of processing operations mentioning in particular, with regard to the processing operations he carries out or which are carried out on his behalf on personal data: the purposes of the processing operations, the categories of personal data, the categories of data subjects and the length of time the personal data is kept.
The Controller undertakes to supervise the processing, including, if appropriate, carrying out audits and inspections of the Processor. In the event that such audits and inspections are carried out, the Controller undertakes to make the results of such audits and inspections available to the Subcontractor and to allow the Subcontractor to pass them on to its customers and prospects or to make them public.
184.108.40.206.6.6 Instructions to the Subcontractor
The Controller undertakes to document in writing any instructions regarding the processing of data by the Subcontractor.
220.127.116.11.7 Common obligations
The Contractor and the Data Processor individually and mutually undertake to comply with the text of the RGPD available on the website of the European Commission, and with any applicable national regulations that relate to the processing of personal data. These regulations shall be authoritative in this Agreement and shall supplement or supersede any provisions of this Agreement as appropriate.
4.2 Data processed for the implementation of the Zeendoc service
In order to use the Zeendoc service, the customer who has subscribed creates accesses to the service. The data processed to create and manage these accesses includes a username and password. The username is an email address, as this is necessary for the use of the service, which requires notifications or links, including activation, to be sent by email.
Connection data is also collected and processed, in particular the IP address used for the connection: this is necessary to be able to assist you and to satisfy our legal constraints, in particular with regard to the traceability of access and use.
When you use the email document sharing feature, Zeendoc collects the email address of the recipient with whom the document is shared. This is required in order to send the sharing link to the recipient.
All actions you perform on documents are logged: upload indexing, automatic indexing, sharing (including recipient address), etc. This is necessary for the smooth running of the service, one of whose functions is to enable you to trace and retrieve actions carried out on documents, in particular virtual signatures or stamps.
The information collected about You, in particular from the forms and documents allowing You to create Your access to the service is necessary to provide the service provided by Zeendoc. This information is processed by SAGES INFORMATIQUE to ensure the proper functioning of the Zeendoc service and has been declared to the CNIL under the numbers 1975333, 2172369 and 2186552. SAGES INFORMATIQUE is the recipient of the data collected. It is stored on servers located in France. SAGES INFORMATIQUE shall refrain from communicating the data that You communicate to it, in particular via the forms, to any third party whatsoever, except to its subcontractors, to persons who, by virtue of their function, are responsible for processing Your data and in the event of a request from the legally authorized authorities. In accordance with the regulations in force, You have rights concerning Your data.
4.3 Data retention periods
Your Zeendoc access data is retained for the duration of your Zeendoc subscription plus 3 years.
Zeendoc access logs are kept for one year.
4.4 Location of processing and data transfers
The processing that Zeendoc is likely to carry out on personal data is carried out in data centers hosted in France (Iguane Solutions, Vitry sur Seine, 94 and OVH, Roubaix, 59 and AZNetwork, 40 Rue André Ampère, 61000 Alençon for health data) or in Switzerland (AGENTIL, Rue du Pré-de-la Fontaine 19, 1242 Satigny, CH), in its premises (Ajaccio, France), and at its service providers, operating from France. The treatments directly under the control of Zeendoc are therefore all carried out in France or in Switzerland.
If a service provider, supplier or subcontractor of Zeendoc carries out processing in a country that is not in the European Union or in a country on the list of countries recognized as adequate, while having given the necessary guarantees (for example, by having put in place Binding Corporate Rules (BCR), etc.), the contractual relationship between Zeendoc and this third party imposes the implementation of appropriate guarantees to ensure that the processing carried out on personal data is carried out in compliance with the terms and spirit of the regulations in force. This contractual relationship may take the form of a Data Protection Agreement (DPA), which itself is based on the standard contractual clauses (SCC) approved by the European Commission as an adequate protection mechanism.
4.5 Recipients of the data processed for the implementation of the service
Zeendoc may disclose the personal information you have provided or that has been provided by the subscriber to the service to its employees, contractors, partners or affiliates who
- need to know this information in order to process it on behalf of Zeendoc or to provide services available on Zeendoc's websites, and
- who have agreed not to disclose them to third parties.
Other than the transfers mentioned above, Zeendoc will not rent, sell or otherwise transfer your personal data (including your login email address) to third parties. Other than to its employees, contractors, distributors, partners and affiliates, as noted above, Zeendoc will only disclose personal data in response to a subpoena, court order or other governmental order, or when Zeendoc believes that disclosure is necessary to protect the property or rights of Zeendoc, a third party or the public.
If you are a registered user of a Zeendoc site and have provided your e-mail address, Zeendoc may occasionally send you an e-mail to announce new features, ask for your feedback, or simply keep you informed about Zeendoc and its products. Zeendoc takes all reasonable and necessary steps to protect your data from unauthorized access, use, alteration or destruction of personal (or potentially personal) data.
4.6 Transfer to third parties of the data contained in your documents
The data that you enter or that are contained in the documents that you deposit in Zeendoc are not transmitted to third parties by Zeendoc except with your express consent. In fact, in order for such data to be transmitted to third parties, it is necessary that you have decided to do so and that such a transfer has been set up by yourself and the teams of Zeendoc or its partners. This can notably consist of transfers to accounting services, to banking organizations, to teleprinting or teleposting operators, to an electronic safe, to document certification providers, etc. These transfers are optional and always explicit, and you decide on them. When such transfers exist, your processing records and your information notices to data subjects must mention them. The third parties that may be presented to you by Zeendoc as part of its optional offers and additional services will be selected in particular on the basis of the guarantees that they offer in terms of personal data protection.
4.6.1 Using Microsoft Office 365 or Microsoft Office for the Web
Zeendoc allows the treatment by the online Microsoft Office applications of the documents deposited in your cupboard when these documents are in Microsoft Office format (.docx formats for Word, .xlsx for Excel, .pptx for PowerPoint, etc.). This allows you to modify these documents on the condition that you have access to online Microsoft Office applications. When you use this functionality, the documents deposited in Zeendoc are automatically transmitted to the online Microsoft applications to which you have access and, when the processing of these documents by these applications is completed, the documents thus modified are automatically transmitted to Zeendoc in a new version. When using this functionality, for all the treatments carried out by the Microsoft Office online applications, the conditions which govern your use of these applications apply, Zeendoc being only a facilitator allowing the automation of treatments which can also be carried out manually: downloading from Zeendoc, on your terminal, of a document in the Microsoft Office format, modification of this document via a Microsoft Office online application to which you have access, then payment of the modified document in Zeendoc.
4.7 Business Development
If you are a registered end user of a Zeendoc site and have provided your email address or it has been provided by the subscription subscriber, Zeendoc may occasionally send you an email to announce new features, ask for your feedback, or simply keep you informed about Zeendoc and its products.
We may also send you marketing emails, including to your business address, if you have provided your contact information to a Zeendoc business partner and have expressly consented to receive communications from its partners.
You always have the possibility to object to any such prospecting by sending us an e-mail to email@example.com.
4.7.1 Partnership with e-Futura
SAGES INFORMATIQUE is a partner of the eFutura association, whose objective is to support and bring together all the professionals in the sectors involved in the dematerialization of content, its security, preservation, storage and hosting. The association's website is available at https://www.efutura.fr/.
In particular, this partnership is focused on the production and promotion of white papers and other types of resources, including information resources. When you provide your data to download (or access) one of our resources, we may transmit that data to eFutura in order to provide you with the association's resources and to notify you of events it is organizing. Solicitations issued by the association in this manner are sent by email, generally at a frequency not exceeding one per quarter. You may object to the transfer of your data to eFutura as described in Section 5 below. You also have the opportunity to opt-out of receiving such emails from eFutura directly with eFutura, on its own terms, and in each email received, which contains a link to exercise this right (unsubscribe link or equivalent). If you exercise your right to be forgotten with us and we have transferred your data to eFutura, we will forward your request to the association to be taken into account as soon as possible.
5 Your rights regarding the processing of your personal data
5.1 The right to information
When personal data concerning You is collected directly from You, SAGES INFORMATIQUE provides You, at the time the data in question is obtained or before it is obtained, with a whole series of information. This information is notably contained in the present policy, and in particular:
- The purpose of the processing is to provide you with a Computerized Document Management service in SaaS mode
- The categories of Personal Data concerned are: the email address used to connect to the Service, and data relating to your connection (IP address of your terminal, technical details of your browser, in particular for the purpose of adapting visual interfaces)
- The retention periods of Your Personal Data as stated above
- The existence of Your rights
5.2 The right of access
You have the right to obtain from SAGES INFORMATIQUE confirmation as to whether or not Your personal data are being processed and, when they are, You have the right to obtain access to said data as well as to a certain amount of additional information. This right also includes the right to obtain a copy of the data being processed.
5.3 The right of rectification
You have the right to request that Your data be corrected or completed as soon as possible.
5.4 The right to erasure or "right to be forgotten
You have the right to request the deletion of Your data, as soon as possible. You are informed that in case of exercise of this right, You will not be able to connect to the Service and, subsequently, You will not be able to use it.
5.5 The right to limit processing
You have the right, in certain cases provided for by law, to obtain from SAGES INFORMATIQUE the limitation of Your data. When such limitation is requested, SAGES INFORMATIQUE may only store the data. No other operation may, in principle, take place on Your personal data. You may therefore no longer use the Service if You request the exercise of this right.
5.6 The right to object to processing
You have the right, in the cases provided for by law, to object to certain processing of Your personal data by us when such processing is not necessary or not required by the regulations. This includes processing based on our legitimate interests and in particular those relating to optional communications and commercial prospecting. In most cases, this right is exercised by using a link or a form to unsubscribe.
5.7 The right to data portability
You have the right to retrieve the data You have provided to the data controller in a structured, commonly used and machine-readable format, and You have the right to transfer this data to another data controller, for example to be able to change the service provider.
5.8 The right to lodge a complaint with a supervisory authority
You may file a complaint with the CNIL in France, if You believe that Your rights have not been respected or that a processing operation carried out within the framework of the Service is likely to harm You.
5.9 The right to disclosure of a personal data breach
The data controller is obliged to notify You of data breaches that may expose You to a high risk to Your rights and freedoms.
Your rights may be exercised by sending an e-mail to the address firstname.lastname@example.org or by contacting us using the contact details available on our website www.zeendoc.com. You may also exercise these rights by contacting SAGES INFORMATIQUE by post at SAGES INFORMATIQUE, LIEU-DIT CACCIARICCIA, ROUTE DE MEZZAVIA, RN 194 - 20167 AFA, FRANCE
6 Data security
Zeendoc takes all reasonable and necessary measures to protect the processed data from unauthorized access, use, alteration or destruction of personal (or potentially personal) data.
In addition, we inform you that information relating to the security, protection and confidentiality of data, in particular contained in the documents that you upload to Zeendoc, is available on our websites and within the resources made available to Zeendoc users
Zeendoc only uses subcontractors who provide sufficient guarantees that appropriate technical and organizational measures have been implemented so that the processing meets the requirements of the European regulations and guarantees the protection of the data subject's rights.
8 Disposal of assets
If Zeendoc, or substantially all of its assets, are sold, or in the unlikely event that Zeendoc goes out of business or enters bankruptcy, user information would be one of the assets transferred to or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of Zeendoc may continue to use your personal information in accordance with this policy.
9 Trackers and cookies
We do not advertise on our sites!
However, some of the technologies we use to make it easy for you to share content from our site www.zeendoc.com on social networks may also track some of your browsing and sharing history in order to build a list of interests that can then be used to provide you with personalized advertising and content.
For more information and to know how to disable these functions, please refer to the document "Trackers and Cookies".
11 Changes to this Policy