The Axialys Privacy Policy
The Axialys Privacy Policy (the “Privacy Policy”) relates to, and, to the extent necessary, supplements the Axialys Terms of Use which appear at https://www.axialys.com/conditions-generales/.
1. DEFINITION AND NATURE OF PERSONAL DATA
The use of the Axialys services (the “Services”) as ordered through a signed contract with Axialys SAS whose registered office is at 130-190, boulevard de Verdun – Energy Park bâtiment 4 – 92413 Courbevoie Cedex – France registered with the Nanterre Registre du commerce et des sociétés under No. B 353 210 446 (“We”, “Us”, “Our” or “Axialys”) may require that Your organization (“You”, “Your” or the “Subscriber”) provide Us with Personal Data to access and use the Services, or You may need or happen to provide Us with Personal Data for the same purposes. For the purpose of this Privacy Policy, the term “Personal Data” means any data or information that enables the identification of an individual (whether directly or indirectly), such as their family name, first name, photograph, post address, email address, telephone number, data relating to their transactions with You, detail of their orders and subscriptions placed with You, IP address, call recordings, as well as any other information about them that You provide Us with. It also relates to any personal information of Your employees, agents or representatives provided to Us for the purpose of using the Services.
2. PURPOSE OF THIS PRIVACY POLICY
This Privacy Policy applies to any individual accessing and using the Services directly or indirectly, whether You make or receive a call. By using the Services, You, Your employees, agents and representatives shall be deemed to agree to, and be obligated to comply with, the terms of this Privacy Policy. We may amend the terms of this Privacy Policy from time to time and shall give You notice thereof by email or via a pop-up on the Site. If You do not agree with the amended version of the Privacy Policy, You should stop using the Services as any use of the Services following such notice constitutes Your acceptance of the new Privacy Policy. All amended terms automatically become effective on the sooner of: a) the day You use the Services; or b) ten (10) days after the new Privacy Policy is posted on the Site, provided that You did not inform Axialys of Your refusal of the new version of it, which would amount to a termination notice of the Services with immediate effect, with all due consequences as provided in the Terms of Use.
Should We add new consent-based processing of Personal Data, We shall ensure to obtain Your consent therefore prior to processing such Personal Data (e.g. via a box to tick).
You shall remain at all times responsible for complying with all laws and regulations, in particular those regarding Personal Data, and personally liable for any breach thereof.
We may indeed process Personal Data We collect for the limited purposes described in this Privacy Policy, and thereby act as Data Controller for those limited purposes only. However, and outside of the scope of these limited instances, You shall be considered the Data Controller, and we shall act solely as a Data Processor, as regards the processing of Your information for the purpose of providing the Services.
In that capacity and within the scope of the Services, You are exclusively responsible in particular for:
- making any declarations necessary to the relevant data protection authority;
- complying with its obligations as Data Controller under all applicable laws and regulations informing you about their Data Processing practices and, if required, obtaining your explicit consent when collecting your Personal Data;
- ensuring they have the authority to use any Personal Data collected in accordance with the defined purposes and refraining from any unauthorized use.
3. PURPOSES
The table below indicates the different purposes Personal Data may be processed for, as well as their different categories, the legal basis the processing is based on, their recipients* and applicable retention period.
| Purpose | Personal Data collected | Legal basis | External Recipients | Retention |
|---|---|---|---|---|
| Account creation and management Management of Your access and use of the services | – Name, surname – Email address and phone number – ID, username and encrypted password | – Performance of an agreement (To provide You with the service You requested). – Legitimate interest (To ensure Our websites/apps remain secure, to protect them against fraud). | SendInBlue Salesforce Google Suite (Drive, Gmail, Chat) Zammad Axialys intranet Axialys Cloud platform Zingtree Zapier Any other CRM/Helpdesk that we may collaborate with | Duration of use of the Services |
| Management of numbers and processing of calls To be able to perform inbound and outbound calls | – Phone number(s) – Call / user identifier(s) – Call metadata (duration, phone number(s) of Your correspondent(s)) | – Performance of an agreement (To provide You with the service You requested). | – Phone carriers (Orange, SFR, etc.) – Axialys cloud platform – Axialys Data Center providers (SFR, Equinix, OVH) | Duration of use of the Services |
| Storage of recordings To be able to access Your call recordings in a secure way | – Call recording – Call metadata (duration, origin and destination phone numbers) | – Performance of an agreement (To provide You with the service You requested, possibility to deactivate this feature at all time). – Legitimate interest (To ensure Our websites/apps remain secure, to protect them against fraud). | – Axialys Data Centers – Axialys cloud platform – Phone carriers | Duration of use of the Services + up to ONE year |
| Integration with CRMs and Helpdesks To be able to synchronize data about Your calls in Your CRMs/Helpdesk | – User name – Call metadata (origin and destination phone numbers, duration) – User notes | – Performance of an agreement(To provide You with the service You requested, only for the integration that You have activated). – Legal obligation (Code des Postes et Télécommunications Electroniques) | – Axialys Cloud platform – Salesforce – CRM and Helpdesk You synchronize with | Duration of use of the Services |
| Management of commercial agreements and billing | – Name, surname – Email address and phone number – Billing history | – Performance of an agreement (To provide You with the service You requested) – Legitimate interest (To be able to claim payment of outstanding invoices). | – Salesforce | 5 Years |
| Creation of a client / prospect data base Newsletter and commercial communications subscription | – Consent: To send You direct marketing communications. – Legal grounds: To keep Your details on a suppression list if You have asked Us not to send You any direct marketing anymore. | – Performance of an agreement (To provide You with the service You requested). – Legitimate interest (To ensure Our websites/apps remain secure, to protect them against fraud). | – Salesforce – SendInBlue | 3 years from the last contact / exchange with the data subject / the end of the relationship |
| To generate statistics on Your experience of the Services and collect Your opinion on the Service (to improve the Services) | – Name – Phone conversation – Browsing | – Legitimate interest (To understand how You use the Services and to improve them). | No external recipient | 6 months |
| Storage of Your client’s / end users’ Personal Data During and for the purpose of Your use of the Services, You may have to keep record of Your client’s / end users’ personal Data on our servers. Conversely, We may have to keep such records for the purpose of providing our Services to You. | – Name – Post address – Email address – Bank details – Any other relevant Personal Data You may need to store for the purpose of providing Your services | Performance of an agreement (To provide You with the service You requested) | – Salesforce – SendInBlue – Any other CRMs/Helpdesks that we may collaborate with | Duration of the use of the Services |
*You may contact Us to obtain the list of Our sub-processors.
We will inform You, upon request, whether it is compulsory or optional to provide certain Personal Data. Failure to comply with a compulsory request for Personal Data shall result in Your access to the Services being denied or suspended, it being understood however that it shall not affect any of Your financial obligations towards Axialys
4. RECIPIENTS OF THE COLLECTED PERSONAL DATA
Only Our personnel, the services in charge of control (especially: external auditor) and Our recipient subcontractors listed in the above table may have access to any Personal Data. Personal Data may also be disclosed in response to lawful requests made by government agencies or public authorities, including public officers or debt collection organizations, to meet national security, law enforcement or any other legal requirements. In any event, Axialys shall remain liable in cases of onward transfers to third parties.
Depending on where You are located, we might have to enforce local regulations and requirements where the use of a local phone number requires to keep user details (in particular, first/last name and address) in the event we should receive an official request from a competent local authority.
5. TRANSFER / SALE OF PERSONAL DATABASES
We shall not, without Your agreement, sell or let Personal Data to third parties. We shall only transfer Personal Data to another location, whether physical or numerical, if strictly necessary to provide the Services, or if You specifically agree with it.
6. RETENTION OF PERSONAL DATA
6.1 General provisions
Where Axialys is the Data Controller of Personal Data (for example, Personal Data relating to the Site visitors, or individuals who register to use our Services), then we retain the Personal Data we collect where we have an ongoing legitimate business need to do so (for example, to provide them with our Services, to enable their participation in an event, and to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process Personal Data, we will either delete or aggregate it or, if this is not possible (for example, because Personal Data has been stored in backup archives), then we will securely store it and isolate it from any further processing until deletion is possible.
If Personal Data is processed for, on behalf of, or for the purpose of the Services taken out by, any Subscriber, we will process Personal Data for as long as we are instructed to do so by the relevant Subscriber that is the Data Controller of such Personal Data.
Personal Data shall be stored for the duration of Your use of the Services as well as for the different renewal periods, and for the purposes listed above.
We may retain Personal Data to comply with Our legal or regulatory obligations. In any case, upon ceasing or lifting of such obligations, Personal Data shall be removed from our systems and records, as well as that of our subcontractors, if any, or otherwise archived or anonymized so that they can no longer be identified.
6.2 Notice to end-users
Our Services are intended for use by enterprises. Where our Services are made available to you through a Subscriber of ours, that enterprise is the Data Controller of your personal information. Your data privacy questions and request should initially be submitted to said Subscriber in its capacity as your Data Controller. Axialys is not responsible for our Subscribers’ privacy or security practices which may be different than this Privacy Policy.
Axialys Subscribers are able to:
- restrict, suspend or terminate your access to the Services;
- access and describe your personal information that you provided to them;
- access and export your personal information processed by them; and
- amend your personal information, including your end-user profile.
7. PERSONAL DATA TRANSFER OUTSIDE OF THE EUROPEAN UNION
Personal Data may be transferred, accessed to and stored in a country located outside the EEA. Personal Data can also be processed by individuals working outside the European Economic Area (“EEA”) who work for Us or for one of Our trusted service providers, such as Our hosting providers. In any case, Personal Data are only transferred in a secure manner and in compliance with the applicable regulations. As some countries may not have laws governing the use and transfer of Personal Data, we undertake to take all necessary steps to ensure that third parties comply with the terms and conditions set out in this Privacy Policy. These measures may include controlling the standards applied by such third parties with respect to Personal Data protection and security, and/or the execution of appropriate agreements to deal with such transfers (e.g. the standard contractual clauses adopted by the Commission of the European Union).
Axialys commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities.
8. SAFETY / SECURITY
We undertake to implement all necessary precautions, as well as the appropriate organizational and technical measures, to maintain the security, integrity and confidentiality of Personal Data, and in particular to prevent them from being modified or damaged and stop any unauthorized third party from accessing them. In particular, our employees’ accounts are secured by strong passwords, and they are all bound by confidentiality obligations. However, You agree that no data transmission over the Internet, or information storage technology, can be guaranteed to be 100% secure.
9. COOKIES
Cookies are alphanumeric identifiers / trackers that are transferred to the device You use to access the Services via Your browser. We may implement two types of cookies: technical cookies and advertising cookies.
We use technical cookies to enable our Service’s usage (such as session cookies so that we can manage user logins for example). Disabling cookies support in Your web browser may prevent You from using Axialys Services. While Our public website will explicitly request consent from unauthenticated users, using any of Our authenticated services implies that you accept our use of cookies for that purpose.
In addition, we may also implement advertising cookies which result in the display of targeted advertising on websites that matches Your previous/current browsing activity on the Site. Advertising cookies enable the use of the retargeting technique which is a marketing model purporting to propose tailored advertisements to the end user. As You browse on the Site, advertising cookies may be placed in Your computer so that we can understand what You are interested in. Our display advertising partners enable Us to present You with retargeting advertising on other websites based on Your previous interaction with the Site. The techniques Our partners do not collect personal information such as Your name, email address, post address or telephone number but only Your IP address.
The cookies used by the Site are the following:
| Identification of the cookie | Purpose | Nature |
|---|---|---|
| Google Ad Service | Retargeting ads | Advertising |
| Google Analytics | Use of the Site | Performance |
| Google Tag Manager | Use of the Site | Performance |
| SendInBlue | Use of the Site | Performance |
If You click on the “Accept / Agree” button on the cookies banner upon Your first visit on the Site, You will be deemed to have agreed to the use of cookies by Axialys on Your devices.
In addition, the use of the Site may result in the installation of certain cookies issued by third parties (communication agencies, audience measurement companies, social networks, YouTube, etc.) that are not controlled by Axialys. These cookies are subject to such third parties’ privacy policies.
The default settings for Internet browsers are usually set to accept cookies, but You can easily change Your browser’s settings.
For more information please visit: http://www.aboutcookies.org/.
Please note that if You refuse the installation or use of a cookie, a “refusal cookie” will be installed on Your device to track Your refusal. You need to ensure that You do not delete this cookie so that Your choice is taken into account.
You may also use a cookie management software, such as the TarteAuCitron or TagCommander software. A list of additional software is also available on the French data protection authority website.
10. THIRD PARTIES LINKS ON THE SITE
Our Site and Services may include links to and from the websites of Our partners, advertisers and affiliates. If You follow a link to any of these websites, please note that these companies have their own privacy policies and that Axialys is not responsible or liable for any use of Personal Data by such third parties. We recommend that You check their policies before You visit these websites.
11. YOUR RIGHTS AND CHOICES
When You choose to provide Personal Data, You expressly consent to the collection and use thereof, in accordance with the provisions of this Privacy Policy and applicable laws and regulations.
Any data subject shall have the following rights:
- To access and obtain a copy of Personal Data that we process;
- To rectify the Personal Data if inaccurate or outdated and/or supplement them if incomplete;
- To object to the processing of Personal Data that is based on legitimate interests;
- To erase Personal Data and to be forgotten;
- To withdraw their consent, at any time, to any processing of their Personal Data that is solely based on their consent (for they may object to receiving Our marketing emails at any time by clicking on the “unsubscribe” link in any email or communication we send them);
- To file a complaint before a supervisory data protection authority (CNIL);
- To portability: they have the right to move, copy or transmit Personal Data relating to them;
- To restrict or limit the processing of Personal Data;
- To set guidelines to organize the use of Personal Data after their death.
To exercise any of the above rights of if You have questions regarding this Privacy Policy or about the security measures we implement, please contact Us by email at [email protected]
In the event of any dispute, claim, question or disagreement arising from or relating to this Privacy Policy or breach thereof (the “Dispute”), and without prejudice to the claimant’s right to seize the CNIL, the French data protection authority (https://www.cnil.fr/en/home), in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the claimant should first seek an amicable resolution thereof by contacting Axialys in writing, stating its grounds and providing any supporting evidence.
