Paris 15:20
New York 09:20
London 14:20

Privacy Policy

Last update: February 2024

1. Who are we?

  • Name: Dotfile SAS, a company registered under the laws of France
  • Company ID number: 910 892 777
  • Seat: 229 Rue Saint Honoré 75001 Paris, France
  • Website: dotfile.com
  • Data Protection Contact: hello@dotfile.com

2. Who are the data subjects?

We process personal data from:

  • Our users
  • Our suppliers' representatives
  • Candidates for employment with us
  • Visitors to our Website and work premises
  • Other data subjects

This policy applies to any processing of your personal data by us.

3. What is our commitment regarding data protection?

We undertake to bring personal data processing activities into compliance with applicable data protection law including the GDPR and the Belgian Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

4. For which purposes do we process your personal data?

For users: First and last name, email, analytics data including cookies and usage data, and communication with staff.

For supplier representatives: Personal identification data, professional identification data, and contact data for commercial relationship management.

For employment candidates: Personal identification data, professional identification data, contact data, professional skills, qualifications, experience, and curriculum vitae information.

For Website visitors: Electronic identification data in aggregate form to measure frequency, improve browsing experience, and detect fraud.

For workplace security: Access to surveillance camera images when necessary to detect offenses or incivilities.

Additional purposes: Restructuring operations, internal and external audits, dispute management, and legal claims.

We do not subject data subjects to decisions based exclusively on automated processing with legal effects or similar significant impact.

5. In what capacity do we process your personal data?

We process personal data as the controller, determining the purposes and means of processing.

6. On which basis do we process your personal data?

Processing is based on:

  • Performance of a contract or pre-contractual steps
  • Compliance with legal obligations
  • Pursuit of our legitimate interests (when they prevail over your rights)
  • Your prior, free, and informed consent when required

Some personal data provision is necessary to provide services or perform activities. Non-provision may result in our inability to serve you or breach legal obligations.

7. Where do we source your personal data from?

Personal data comes from:

  • Directly from you during initial contact
  • Applications connected to our service (Google Connect, Zapier, Slack)
  • Publicly available information (Internet research, candidate profiles)

8. Who has access to your personal data?

Recipients with access include:

  • Staff tasked with technical, commercial, and administrative follow-up
  • Staff monitoring suppliers (for supplier representative data)
  • Legal advisors and lawyers (for restructuring or litigation)

We entrust processing to processors only when necessary, with written instructions and in accordance with data protection law.

For restructuring operations, we may transfer personal data to third parties (e.g., banks) involved in the transaction, in compliance with applicable law.

9. How do we manage our processors?

We take appropriate measures to ensure processors comply with applicable data protection law. Processors must:

  • Process data only on our instructions
  • Not hire subprocessors without authorization
  • Take appropriate technical and organizational measures
  • Ensure confidentiality obligations for authorized personnel
  • Return or delete data at service end
  • Comply with audits
  • Assist with data subject rights requests

10. Where do we process your personal data?

Some recipients may be located outside the European Economic Area or process data from outside the EEA.

For transfers outside the EEA, we ensure:

  • The destination country has an European Commission adequacy decision under GDPR Article 45, or
  • We have concluded a contract with standard data protection clauses adopted by the European Commission under GDPR Article 47

11. What are the applicable retention periods?

We keep personal data only as long as necessary for processing purposes.

Invoices and accounting documents (which may include personal data) are retained for seven years from the end date of the accounting year issued, per accounting laws.

Retention period criteria include:

  • Date of last contact
  • Security reasons
  • Current or potential disputes or litigation
  • Legal obligations to retain or delete data

12. What are your rights?

You have the following rights under applicable data protection law:

Right to be informed: Obtain clear, transparent information about personal data processing and how to exercise your rights.

Right of access: Obtain confirmation of data processing and access to your personal data, with copies provided unless exercising this right infringes on others' rights and freedoms.

Right to rectification: Have inaccurate personal data corrected and incomplete data completed.

Right to erasure ("right to be forgotten"): Have personal data erased, though this right is not absolute and subject to conditions. We may retain data when required by law or for legal claims.

Right to object to marketing: Object at any time to personal data processing for marketing purposes.

Right to restriction of processing: Obtain processing restriction in certain circumstances (e.g., when data is no longer needed but remains necessary for legal claims).

Right to data portability: In certain circumstances, receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to withdraw consent: If you provided consent for personal data processing, you may withdraw it at any time.

To exercise these rights, contact our data protection contact person using details in this policy. We respond as soon as practicable and within timeframes set by applicable law. We may request identity proof to prevent unauthorized access and may retain data when required or permitted by law.

13. What level of security do we ensure?

We take appropriate technical and organizational measures to ensure security levels appropriate to personal data processing risks.

We follow industry best practices to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data.

14. Do you have any questions or complaints?

For questions or complaints about personal data processing, contact our data protection contact person.

You have the right to lodge a complaint with the competent supervisory authority.

15. Anything else?

We reserve the right to update this policy periodically and will inform you of changes.

In case of conflict between a policy provision and another policy or document relating to personal data processing, the Policy provision prevails.