OTEPLACE.COM PRIVACY NOTICE

Last update: 1st september 2022

This Privacy Policy is addressed to all individuals (natural persons) using the Platform operated by OTEGO (hereinafter the “Users”), no matter if they represent Sellers, Buyers or are simple internet users browsing the Products on the Platform.

The respect of privacy and protection of personal data are a priority for OTEGO. Therefore, OTEGO aims to inform Users on how their Personal Data may be collected and processed.

As a French company, OTEGO is subject to French and European data protection rules and undertakes to process Personal Data in strict compliance with Data Protection Laws, especially the French Data Protection Act of 6 January 1978 in its applicable version (hereinafter the "LIL") and the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter the "GDPR") where applicable.

In any case, OTEGO undertakes to respect the following two (2) essential principles:

The User remains in control of his/her Personal Data;
Personal Data are processed in a transparent, confidential and secure manner.

What is « Personal data »?

“Personal data" refers to any information relating to an identified or identifiable natural person (‘data subject’) as the Users such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What does « Processing » mean?

“Processing" refers to any operation or set of operations which relates to Personal Data, whatever the means used (collection, recording, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, etc.).

Otherwise, Users are expressly informed that:

When Personal Data is processed by the Seller in order to answer to and execute/refuse Orders; sell and deliver the Products; process after-sales claims/requests and/or in order to resolve disputes/litigation between the Seller and the Buyer, the Seller will act as an independent Data Controller, acting for its own purposes. The processing at stake will therefore be legally based on performance of the sale contract and/or consent when required.

The PSP may collect and process Personal Data, in particular, for the provision of the payment services; the fight against money laundering and financing of terrorism and the processing of requests for information or complaints.

More information about the processing of Personal Data by the PSP can be found in its T&Cs available its Privacy Policy. Such Processings will be based on performance of a contract and/or consent when required.

Data Protection Officer:

Our Data Protection Officer is available to answer to all requests, including the exercise of rights, relating to the Processing of Personal Data by the Operator.

OTEGO invites its Users to contact the DPO:

  • Either by e-mail at the following address: privacy@oteplace.com;
  • Or by post at the following address: OTEGO – Data Protection - Zone Industrielle les Chartinières – 01120 Dagneux (France)

Collect and origin of the data:

As part of the provision of the Services, OTEGO collects and processes Personal Data relating to Users, either when registering on the Platform, or while using the Services, or communicating with the support services.

In all cases, Users are informed of the purposes for which Personal Data are collected by OTEGO via the various online data collection forms, e-mails sent to them, notifications on the Platform or via the Cookies Management Policy available on the Platform.

  • The User Personal Data collected by the Operator are processed in accordance with the purposes set out at the time of collection, in compliance with the “Guidelines relating to the processing of personal data implemented for the management of commercial activities” published by the CNIL.
  • When necessary, the Operator undertakes, where applicable, to obtain the consent of the Users and/or to allow them to object to the Processing of their Personal Data for certain purposes, such as, for example, to deposit third party cookies on their terminals (mobile phone, computer, tablet) for the purpose of measuring the audience of the Platform and/or to send information (newsletters, news, etc.) relating to the Platform and/or to related themes and/or to transfer Personal Data to partners

CATEGORIES OF PERSONAL DATA PROCESSED

The mandatory or optional nature of the personal data requested and the possible consequences of a lack of response are specified at the time of their collection.

The main categories of Personal Data collected and processed by the Operator are essentially Personal Data relating to the identity of natural persons representing and/or employees of the Seller and/or the Buyer: name and surname, function within the Seller / Buyer, contact information (e-mail, phone), Login Information, information regarding navigation on the Platform (Products consulted, etc.), ID documents of the executive.

Personal Data can also include data relating to financial and invoicing information; payment methods and data.

When the Operator receives a request to exercise rights and has reasonable doubts regarding the identity of the requestor, the Operator might request specific Personal Data to prove identity, such as a copy of an official ID document.

PURPOSES AND LEGAL BASIS OF THE PROCESSING

In order to respect the principles of data protection by design and data protection by default, the Operator ensures that Processing operations have a legal basis as provided under Data Protection Laws.

Especially, it ensures that it obtains the Users’ consent to the Processing where necessary.

The Users’ Personal Data are collected and processed in order to provide:

Access to the Platform and provision of the Services

Processing details :

  • This Processing is carried out for the following purposes:
    • Provision and management of the Platform and the Services;
    • Registration of Clients and Providers on the Platform;
    • If applicable, the deposit of cookies and other tracers, details of which can be found in our Cookies Management Policy.

Legal basis

  • Performance of a contract: the processing is necessary for the performance of the Services provided for in the Terms of Use of the Platform and in the Terms of Services between the Operator and the Seller.
  • Consent where required.
  • In addition, as part of its legal obligations as operator of the Platform, the Operator may be required to process certain information about Users, and in particular Sellers, in order to ensure that they use the Platform and carry out their activity in accordance with the legal and regulatory framework.

Management and monitoring of the commercial relationship by the Operator

Processing details :

  • This Processing is carried out for the following purposes:
    • Management of the Users database (Accounts management, commercial follow-up and support, monitoring of relationships between the Users and the Operator, etc.);
    • Establishing statistics on traffic (anonymous and aggregated) on the Platform and the results of the different Sellers;
    • If required by the Seller or the Buyer, assistance to resolve complaints and disputes between them.

Legal basis

  • Performance of the Contract: the processing is necessary for the performance of the Services provided for in the Terms of Use / General Terms of Services.

Management of requests for rights arising from the Data Protection Laws

Processing details :

  • All Processing activities necessary to handle requests of the Users regarding their rights as addressed to the Operator (classify the request, investigate, carry out specific technical operations (erasure, rectification, etc.), etc.). It applies only when the Operator is the Data Controller.

Legal basis

  • Legal obligation arising from Articles 15 et seq. of the GDPR.

Commercial communication (sending newsletters and advertisments to Users, informing about Services and Products, etc.)

Processing details :

  • Processing operations in order to send to the Users newsletters and advertisement about the Services and/or OTEGO’s products, etc.

Legal basis

  • Legitimate interest (BtoB solicitation)
  • Consent (when required).

The proper functioning and continuous improvement of the Platform, its features and provided Services

Processing details :

  • The Processing is carried out in order to ensure the proper functioning and continuous improvement of the Platform and its features.
  • The purposes of this Processing also involves market analysis; corrective and evolutive maintenance.

Legal basis

  • Legitimate interest of the Operator to guarantee the best level of operation and quality of the Platform, in particular thanks to the statistics of visits.
  • Consent (when required).

Transmission of information concerning Users to the competent administrative authorities

Processing details :

  • The transmission of information concerning Users, in particular Sellers, with regard to their use of the Platform, to the competent administrative authorities of a legal obligation incumbent on the Operator, in particular, but without limitation, in application of Article 242 bis of the General Tax Code.

Legal basis

  • Legal obligation of the Operator.

CATEGORIES OF PERSONAL DATA PROCESSED

The mandatory or optional nature of the personal data requested and the possible consequences of a lack of response are specified at the time of their collection.

The main categories of Personal Data collected and processed by the Operator are essentially Personal Data relating to the identity of natural persons representing and/or employees of the Seller and/or the Buyer: name and surname, function within the Seller / Buyer, contact information (e-mail, phone), Login Information, information regarding navigation on the Platform (Products consulted, etc.), ID documents of the executive.

Personal Data can also include data relating to financial and invoicing information; payment methods and data.

When the Operator receives a request to exercise rights and has reasonable doubts regarding the identity of the requestor, the Operator might request specific Personal Data to prove identity, such as a copy of an official ID document.

RECIPIENTS OF THE PERSONAL DATA

As part of their respective responsibilities and for the purposes recalled above, the key persons who may have access to the Users’ Personal Data are the following:

  • Authorized employees of the various departments of the Operator’s company (administrative, accounting, marketing, sales, logistics and IT departments);
  • The Payment Service Provider, including its authorized personnel;
  • The provider of the Solution and any providers / subcontractors in charge of management and hosting of the Platform (including hosting providers, etc.), including its authorized personnel;
  • Sellers for management of Orders, performance of sale contracts and/or ensuring follow-up and after-sales service;
  • If applicable, the relevant jurisdictions, mediators, accountants, auditors, attorneys, bailiffs, debt collection companies, police or military authorities in case of theft or judicial requisition, assistance;

Third parties likely to deposit cookies on the Users’ computers or terminals (if necessary, subject to consent). For more details, consult our Cookie Management Policy.

The Users’ Personal Data are not communicated, exchanged, sold or rented without prior information and consent of the User in accordance with the applicable and regulatory provisions.

DATA RETENTION PERIODS

The Operator only retain Personal Data for as long as is necessary for the purposes as described above and duration summarized in the table below:

For access to the Platform and provision of Services

The data collected for processing activities relating to access to the Platform, intermediation and provision of services are kept for the duration of the contractual relationship with the Operator.

They are subsequently retained for five (5) years for evidence purposes.

For the management and monitoring of the commercial transaction

The data collected for processing relating to access to the Platform and the provision of the Services shall be kept for the duration of the contractual relationship with the Operator plus three (3) years.

They are then stored in an intermediate archive for five (5) years for evidential purposes.

Invoices and accounting data are retained for a period of ten (10) years (legal obligation).

For payment of the Products

Please refer to the retention policies of the PSP. In principle, payment data should be deleted once the transaction has been completed and archived for a period of thirteen (13) months after the date of the transaction.

Regarding payments made via credit cards, such data may be retained as evidence if the transaction is disputed, within temporary files, for a period of thirteen (13) months (or fifteen (15) months if payment is deferred) from the date on which the debit is made.

In all cases, the visual cryptogram is not affected by this retention, and the bank details are deleted on expiry of the date.

For enabling the Seller to perform the sale contract

Personal Data associated with an Order are retained on the Platform for the duration necessary to perform the sale contracts.

They are then stored in an intermediate archive for five (5) years for evidential purposes.

All invoices for sales of Products between the Seller and the Buyer which are uploaded on the Platform are kept on the Platform for the legal duration of ten (10) years.

For sending commercial offers for the Services and/or the newsletters The data collected for processing relating to access to the Platform and the provision of the Services shall be kept for the duration of the contractual relationship with the Operator (or last contact if the User is not a Seller or a Buyer) plus three (3) years.
For management of requests to exercise rights Data relating to the management of requests for rights are kept for as long as necessary to process the request. They are then archived for the duration of the applicable criminal statute of limitations in intermediate storage.
Management of the proper functioning of the Platform (technical and statistical cookies)

Cookies and other tracers may be deposited on the User's terminal for a maximum period of thirteen (13) months. After this period, the raw traffic data associated with an identifier is either deleted or made anonymous.

The information collected through cookies and tracers is kept for a period of twenty-five (25) months. After this period, this data is deleted or made anonymous.

USERS’ RIGHTS

Pursuant to the Data Protection Laws, Users have the following rights:

  • A right to access (article 15 GDPR), rectify, update and complete their Personal Data (article 16 GDPR);
  • A right to lock or erase Personal Data (article 17 GDPR), if it is inaccurate, incomplete, dubious, obsolete or is prohibited from being collected, used, shared or retained;
  • A right to withdraw consent at any time (article 13-2c RGPD);
  • A right to restrict the Processing of Personal Data (article 18 GDPR);
  • A right to object to the Processing of Personal Data (article 21 GDPR);
  • A right of portability of the Personal Data provided to the Operator when Personal Data has undergone automated processing based on consent or a contract (article 20 GDPR);
  • A right to determine what happens to Personal Data after the User’s death and to choose whether OTEGO should send Personal Data to a third party designated by the User.

In the event of death, and in the absence of any instructions, OTEGO undertakes to destroy Personal Data unless it proves necessary to retain it for evidentiary purposes or to comply with a legal requirement.

For more information, please refer to the CNIL’s website at: https://www.cnil.fr/fr/respecter-les-droits-des-personnes.

Users may exercise their rights by emailing the following address to privacy@oteplace.com or by sending a letter to: OTEGO – Data Protection - Zone Industrielle les Chartinières – 01120 Dagneux (France).

Finally, all Users can also file a claim with the supervisory authorities, specifically the CNIL or any other competent authority (https://www.cnil.fr/fr/plaintes).

INFORMATION REGARDING SOCIAL NETWORKS

While browsing the website, Users can click on the icons dedicated to the social networks available on the Platform (LinkedIn…).

Social networks enhance the user-friendliness of the Platform and help promote it through sharing posts about the Products and/or the Services.

When Users use these buttons, the Operator may have access to personal information that Users would have indicated as public and accessible from their profiles.

However, the Operator does not create or use any social network database and does not exploit any User's privacy data in this way.

In order to limit the access of third parties to personal information on social networks, the Operator invites Users to configure their profiles and/or the nature of their publications via the dedicated spaces on social media in order to limit the audience.

LOGIN DATA AND COOKIES

For the proper functioning of the Platform, OTEGO use login data (date, time, IP address, protocol of the visitor’s computer, consulted pages) and cookies(small files saved on the User’s computer) in order to identify Users, log their visits and gather visitor traffic analytics and statistics for the Platform, particularly with respect to the pages consulted.

Users can give their consent, refuse or choose the type of cookies that the User accepts to be deposited on their terminals, especially if the Operator uses advertisement cookies, except for cookies necessary for the functionning of the Platform or strictly limited to the measure of the audience of the Platform, as long as they are used only to produce anonymous statistical data.

To learn more about cookies (how to manage them, delete them, identify them), the User can also refer to the CNIL’s website by cliking on the following link : http://www.cnil.fr/Vos-droits/Vos-traces/les-cookies/#c5554

DATA TRANSFERS

As a matter of principle, Personal Data are processed by OTEGO within the European Union.

However, due to the nature of the Services, and in particular, in the case of sale contracts concluded with Sellers established outside the European Union, OTEGO might transfer Personal Data outside of the European Union.

Moreover, the Operator might also use non-European providers to perform the Services.

In either case, the Operator will take all appropriate measures to guarantee an adequate protection of Personal Data, especially to ensure its security and confidentiality.

Especially, the Operator guarantees that it has entered into standard contractual clauses (as provided by the European Commission here) with its providers and the Sellers based outside the European Union and not benefitting from an adequacy decision, or any equivalent document.

The User can, at any time, requests the Operator to provide him/her with a copy of the documents establishing such appropriate or suitable safeguards.

SECURITY MEASURES

OTEGO and any Processor shall implement appropriate technical and organizational measures to ensure the security of the processing and confidentiality of the personal data, according to current technical means and in accordance with the Data Protection Laws.

OTEGO takes all necessary precautions, with regards to the nature of Personal Data collected and the risks of the Processing operations it carried out, to ensure the security, integrity, and confidentiality of Personal Data, and especially to prevent it from being altered, damaged, or that unauthorized third parties have access to it such as:

Physical protection of its premises;

Authentication process with personal and protected access (Login Information; passwords policies; etc.);

Logging and tracking login sessions; etc.