Vizuall Privacy Policy in 10 points

March 2020

  • 1 - This privacy policy aims at being in line with your reasonable expectations.
  • 2 - Vizuall is designed to help you better assess your data and still fully respect the privacy right(s) of any physical person concerned. We will always welcome that you share constructive feedbacks with us (contact@vizuall.fr).
  • 3 - At all times, in case you have a specific legal request, notably based on the General Data Protection Regulation (GDPR), do not hesitate to contact us at any time at dpo@vizuall.fr. We will come back to you as soon as possible (less than 1 month).
  • 4 - You fairly and transparently provide us with data that we will also fairly and transparently process, in due respect of enyones’ rights, and as framed in our Terms of services.
  • 5 - We rely on these terms to process your personal data and, legally speaking, “the necessity to perform a contract to which you are party" (article 6-1-b) of GDPR).
  • 6 - The service we render concerns aggregated data, relevant for accurate Statistics and key to strategic decision-making. By essence, our service does not target the processing of personal data, but we put all technical an organisational measures needed in place so that we are accountable in case we do.
  • 7 - We do not aggregate the information you provide us with data from other places in order to re-identify or to carry out any categorisation, segmentation or profiling of individuals.
  • 8 - We keep your personal information until you delete your Vizuall account. In case you do not use our service for more than 12 months, we will delete it (after checking with you first). No personal data about you will be kept afterwards. Only statistics based on aggregated data including yours will perdure.
  • 9 - In case you exchanged with us and you still want to send a complaint to any competent Data Protection authority in EU, please find here the official list.
  • 10 - We do not store your Google Analytics data but just process it in an aggregated way to help you better visualise.

Vizuall Privacy Policy in full

A Privacy Policy is a written notice which aims at helping people understand how data is collected, used, shared, secured and deleted by the entity drafting it. It helps clarifying what your rights are and how you can enforce them. Therefore, it makes it easier for you to be informed and, if needed, to exchange & share feedbacks.

This fully detailed Privacy Policy aims at helping you understand and navigate the way Vizuall processes your personal data.

Definitions

You will find lots of relevant definitions in article 4 of the GDPR.

Vizuall team thinks that the following ones are particularly relevant for non-experts.

GDPR or General Data Protection Regulation: This is the EU Regulation adopted to strengthen your privacy rights and make those consistent EU-wide (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data). It became binding on 25 May 2018.

Personal data: “any information relating to an identified or identifiable natural person (‘data subject’)”, that is to say that “can be identified, directly or indirectly”, notably using an “identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (art. 4).

DPO or Data Protection Officer: The DPO of an entity processing personal data ensures such processing is carried out in compliance with all applicable data protection rules and facilitates the exercise of your rights.

DPAs or Data Protection Authorities, also called in the GDPR “Supervisory Authorities” (SAs): Those national Authorities are "public authorities” “responsible for monitoring the application of” the GDPR “in order to protect” our “fundamental rights and freedoms” to data protection and to privacy (art. 51).

Consent: “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” (art. 4).

Profiling: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements” (art. 4).

Vizuall acting as a Processor

Vizuall carries out data processing on your behalf and, as such, provides “sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.” (art. 28 of GDPR).

Our Data Protection Officer (DPO) contact point

A DPO is not mandatory for all entities processing personal data. At this stage, it is not for us. However, each member of our team is fully dedicated to handling DPO’s missions, being accountable and fully complying with the General Data Protection regulation (GDPR). In case you think we don’t, just let us know sending your request to dpo@vizuall.eu.

Personal Data we collect from you

Vizuall collects the following personal data about you:

Concerning your personal account data:

Data to provide mandatorily:

  • Name
  • One of your email addresses (and a Vizuall password);
  • Whether you are a physical person or represent a legal one.

We also want to outline that we will attribute an “Vizuall identifier” to you (UID). Such identifier will help us facilitate data management.

Concerning your Google account:

  • Google ID
  • Refresh token
  • Fullname
  • E-mail
  • Image

Concerning Google Analytics:

  • Profil ID
  • Account property
  • Web property

Concerning your activity on Vizuall:

  • Your Language preference;
  • The information you share with us when using our contact form online;
  • The information you share with us when contacting our DPO at dpo@idside.eu; Your searches on Vizuall;
  • Your browsing data on Vizuall & metadata going along with it;
  • When you load Dashboards (datavisualisation);

Personal Data we do not collect from you

Vizuall gathers some information that you do not consciously and willingly provide us with, those being metadata such as connection information (i.e. IP address) or other information (i.e. session cookie).

Legal grounds for processing your personal data

There are 6 legal grounds identified in the GDPR (art. 6. 1) that are eligible to process personal data (contract, consent, legal obligation, public interest, vital interest or legitimate interest).

Depending on the purposes aimed at for each specific processing, controllers have to identify which legal ground applies. This is what we do here-below.

Purpose 1: To provide you with our services

Most entities processing our personal data for commercial purposes, or to provide services online rely on:

  • a contract, terms of use or Terms of services that you agree to when requiring the service or buying the product at stake, particularly when those are drafted in such way that they are fully in line with your reasonable expectations;
  • your specific consent(s), notably when the data processing at stake do not completely meet, or could potentially not be in line with your reasonable expectations;
  • or their legitimate interest to do so (that they assess through a dedicated documentation in order to check & demonstrate that such interest overrides your “interests or fundamental rights and freedoms”, particularly those requiring protection of personal data, such as children).

After Vizuall team carefully assessed each option, we concluded that the data processing we carry out remains in line with the services we propose, and that you sign-in for, because there are no specific provisions in our Terms of services that are likely to breach your reasonable expectations and because our “processing is necessary for the performance of a contract to which {you are} party” (article 6 1- b) of GDPR). This is why, we retain the contractual legal ground.

Purpose 2: To carry out statistics

We process your data in order to provide reliable, updated and relevant statistics’ monitoring and render a better service to you..

This is why we also framed it in our Terms of services. Therefore, here again, we rely on the same contractual grounds (article 6 1- b) of GDPR).

Other Purposes: To monitor HR, administrative, security, technical, logistical & any other tasks

There are lots of reasons for which any entity providing a service or a product has to process additional personal data, on a regular basis and for perfectly legitimate interests.

Vizuall counts among those purposes HR, administrative, security, technical, logistical & any other tasks, for which we rely on the legitimate interest ground (article 6. 1- f) of GDPR). It encompasses notably processing carried out:

  • to monitor administrative & HR purposes within Vizuall;
  • to de-identify & aggregate information to fine-tune our service (comments & feedbacks you share with us);
  • to make our network secure. 

Any additional processing that we might envisage will either be added in this Privacy Policy and based on one of the 6 legal grounds identified here-above, or processed in a compatible way with “the purpose for which the personal data are initially collected” (article 6. 4- of the GDPR). In order to do so, we will take into account your reasonable expectations, what we would further use such data for, the nature of the data at stake, any possible consequences of such further processing and the existence of appropriate safeguards.

Which controls do you have on personal data we process about you?

Concretely, you provide us only the personal data you want to. Only your name and email address, are strictly necessary to provide you with the service.

What we use your personal data for

On the long run, Vizuall processes your personal data in order to provide you with our free and paid services.

On the short run (actually today!), we use your personal data to provide on-time reliable statistic, provide our service to you in a secured way, detect, prevent and mitigate risks related to the overall security of our website or better the technical performance of our services, send you notifications you decided upon through emails, fine-tune the design of our services so that they best suit your reasonable expectations, identify new services to design so that you better monitor your privacy online, enforce any potential legal claim -which could be based on violations of our Terms of services.

In case we plan to further use the personal data that you already provided us with, and we reasonably doubt it remains in line with your expectations, we will come back to you and ask you to clearly consent to certain processing of your personal data.

Finally, it is important for us to stress few principles that we commit to respect:

  • 1 - We value privacy rights, whether you are a member of our team, a supporter or, would it make sense tomorrow, a potential customer.
  • 2 - We gather our personal data fairly and only use it when needed and in line with what we understand as being our/your reasonable expectations.
  • 3 - We do not process our/your personal data for reasons that are incompatible with the original purpose of collection (article 6. 4- of GDPR).
  • 4 - We protect our personal data by implementing appropriate technical and organisational measures that we regularly check with our developers.
  • 5 - Our legal documentation (Privacy Policy, Legal Mentions, Terms of services aims at complying with applicable laws but “most of all” to be transparent, help you enforce your rights & get your feedbacks.
  • 6 - We hold ourselves accountable for helping you understand & enforce your rights.

How do we share your Personal Data?

We do not plan on sharing any of your personal information with third parties without such sharing being directly required by you, in line with your reasonable expectations or without getting any specific consent from you.

Service providers, developers or domain administrators, processors or potential partners we work with will basically work with aggregated and de-identified data (i.e. stats) instead of identified data unless this proves impossible (such will not be the case when, for instance, our developers will have to access our customers’ database).

Even if we do not plan for it, in case of modification of our legal status, your data will be further used for the exact same purposes identified by Vizuall in our Privacy Policy. No additional purpose (that could diverge from your reasonable expectations) will be served without your specific additional consent.

How long do we keep your personal data for?

Vizuall processes and stores all personal data you provide us with for the duration you have a Vizuall account. Therefore, if you are likely to use our services for a number of years, we will store your data accordingly, implementing all technical and organisational measures that we can to protect such data from any risk.

Concerning Cookies, log data or metadata, we will not store it for more than 13 months.

Finally, any Crash reporting or “crashlytics” data will be retained for 180 days maximum.

As a rule of thumbs, we will regularly check the requirements set by the French Data Protection Authority (CNIL), notably for additional processing serving HR, administrative, security, technical , logistical or any other tasks. Would you want to call our attention on any specific point, do not hesitate to contact us (contact@vizuall.fr).

Would there be any additional legal requirements we should comply with, we could retain your information to comply with such legal purposes. Additionally, retention periods may be extended if such data is necessary to assert, exercise or defend a legal claim.

In accordance with the principle of storage limitation, if you did not use your Vizuall account for more than 12 months, we will send you a notification before deleting your registration and any associated information or data the following month.

Specifics on Children’s Privacy

What Vizuall services propose can be summarised as follows:

  • We do not intend to collect information from children who are under legal age to consent online (i.e. 15 in France) without their parents being at their side.
  • If you are under 15, there is no problem in using www.vizuall.fr, as far as your parents (or legal guardians) assist you to use our website/app.
  • Despite previous specifications, should we learn that we have collected the personal information of a child under 15 (or equivalent minimum age to lawfully consent online in a given country) without legal guardian’s assistance, we will take steps to ask for regularisation or, after a reasonable time and in case of reasonable doubts, to delete all data concerned.
  • We welcome any suggestion that you might have on framing this process in a proportionate and efficient way at contact@vizuall.fr or dpo@vizuall.fr.

Specifics on Cookies, Log data & Metadata

Today, Vizuall collects a session cookie. This cookie allows you to sign-in and stay logged from one page to another on the concerned website, before you decide to log-off, which is a by-default Cookie because it is essential in order to enable you to move around our website and use it. For instance, sticking to the language you actually speak might depend on such Cookies. Or, without session Cookies, you can't log in and be provided with a secured website.

Vizuall also offers the possibility to use another functional Cookie: a persistent “connection" Cookie -also called" log-in “ Cookie, which allows you to stay connected from one session to another to avoid logging-in each time you come back to our web app.

For those who do not wish to activate such Cookie, you will have to insert your username and password for each of your connections on ID side or you will have to use the log-in solutions provided by your browsers.

Additionally, we use Third parties services, such as YouTube, Google Analytics, to play VIZU ALL Motion Design video summarising our mission, to better your browsing experience on VIZU ALL based on analytics. Therefore, we invite you to go and check their respective Privacy policies.

Specifically, regarding the Performance & Analytics Cookies set by Google Analytics, we would like to stress that all information these Cookies collect is aggregated and therefore processed in a de-identified way.

As you are well aware of, such Cookies collect information about how visitors use our website, notably which pages visitors go to most/least often. It allows to test the intelligibility of such website, better its design and reshape Content provided accordingly.

Moreover, Vizuall offers some mainstream social networks’ functionalities in order to give you the opportunity to share your Privacy Choices and recommend our web app in social networks.

If you visit our web app and plan to use our social plug-ins, we pass on the URL to the social network you enabled.

In case you want to be put in capacity to use any embedded service provided on Vizuall, and do not deactivate any Cookies a priori and by-default, we recommend that you read the privacy information of the respective social networks carefully

Specific cookies are stored either temporarily for one session only (such is the case of our session Cookie) or permanently on the hard disk (such is the case for “log-in” Cookies).

Otherwise, we will not store Vizuall cookies for more than 13 months.

Vizuall uses Youtube services to allow the playback of audio and video files. When you access such content, the embedded Youtube player will establish a connection to Youtube so that the video or audio file can be transmitted and played. Your logging data will then be transmitted to Youtube, acting from then on as a data controller. Therefore, further information concerning any further processing of your data by Youtube is available on the related Google privacy policy.

Data Transfers

Our website host is landen.co, vizuall platform is hosted by Amazon Web Services

Concerning paid services, our data and your personal data are stored in France and we do not transfer data outside of EU

What are your Privacy rights?

We are fully committed to processing your personal data fairly and in a transparent & accountable way. It is important to us that you exercise your rights and we help you to do so, inasmuch as we can.

Regarding your right to object, you have the right to do so on grounds relating to your particular situation, at any time, to any processing of personal data concerning you (article 6(1) -e) or -f) of GDPR). In case you do validly exercise such right, we will no longer process the personal data concerning you, unless we demonstrate it is necessary for the establishment, exercise or defence of legal claims.

How to exercise your rights?

In case you think that Vizuall is likely to breach one of the EU privacy rights listed above in any way, thanks for exercising your right, sending us an email at dpo@vizuall.fr so that we try to fix things together. We will come back to you as soon as possible (of course, in less than 1 month).

Would it be necessary to exercise your rights (i.e. right of access), we might ask you:

  • Your name
  • Your email address
  • Your Postal address
  • and optionally your ID (if you send us a copy of your ID, please black out all other information apart from your first and last name and address).

In case you exchanged with us and you still want to send a complaint to any competent Data Protection authority in EU, please find the official list here.

Security

In practice, providing sufficient security to all personal data that we process entails that we guarantee:

  • their confidentiality (no disclosure to third parties);
  • their integrity (no modification of your personal data by unauthorised third parties);
  • their availability (authorised parties access your personal data whenever needed).

Our website uses HyperText Transfer Protocol Secure (HTTPS), a communication protocol that is encrypted using Transport Layer Security (TLS),  allowing authentication of the accessed website and protection of the confidentiality and integrity of your data while in transit.

Internally, we only allow restricted access to your personal data to those authorised to do so because they need it to help us fulfil our mission and they comply with this Privacy Policy.

Your personal data will be processed by third parties (i.e. Data Sub-Processors) only if they do agree to comply with this Privacy Policy and all required technical and organisational security measures.

In order to help us keep your data secured, you can take basic steps:

  • Use strong passwords as defined by CNIL or IDPC and keep your passwords strictly confidential (i.e. avoiding any obvious combinations such as birthday date or 1234).
  • Install firewalls, anti-virus and anti-spyware software and be sure that those are fully updated.
  • Log off from Vizuall when you are not using it.
  • Flag any unusual activity (i.e. phishing emails requesting personal information).

Still have a question for us?

In case you have no specific & individual Privacy concern(s), but you just want to share comments, you are more than welcome to speak with us. So, feel free to send us an email at contact@vizuall.fr.

Need some help, a concern to flag or a right to enforce on Vizuall? Tell us!

If you want to flag any other Privacy Concern, just send us an email at dpo@vizuall.fr.

Updates of Vizuall Privacy Policy

We may regularly update this Privacy Policy. If such updates are not substantial ones (meaning they are not likely to breach your reasonable expectations or infringe any of your privacy rights), we will not send any specific notice to you. But we will systematically share the date of any last update on our policy and identify what where last changes carried out in a dedicated section.

In case certain changes are substantial and are likely to breach some of your reasonable expectations (or, if we provide no specific information to you, to infringe some of your privacy rights), we will share a specific notification for those activating the feature here-below.