ManageX

Preamble

The purpose of this privacy policy (“Privacy Policy“) is to inform future prospects, customers, consultants, partners, service providers and suppliers (including their employees) , and more generally anyone using the ManageX website, available at the following address www.devinov.fr, (the “Website“) about how companies of Devinov Group (“Devinov“) process personal data, in their capacity as data controllers and their rights in this respect. Among other things, the Privacy Policy is available on the Website. This policy may be amended to take into account any newly-implemented developments in regard to processing personal data and the applicable legislation. Please ensure that you read any new versions made available by ManageX.

1. The Data controller and Data subjects concerned by this Privacy Policy

ManageX is responsible for all data processing in its professional capacity and within its business activity. In this capacity, ManageX is subject to the obligations imposed upon it by the regulations in force in France and in the European Union regarding personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “Regulation“). Data subjects are suppliers, service providers, consultants, partners, customers and prospects, as well as their employees and, more generally, anyone using the Website (the ” Users ” or ” You “).

2. Definitions

“Personal Data” or the “Data” means any information that allows either to directly identify an individual, for example their first and last names, or to indirectly identify one , for example their IP address, social security number or personal ID number. A “Processing” of Personal Data refers to any operation or set of operations (automated or manual) applied to Data or to Data sets. This includes the collection, recording, organisation, retention, modification, consulting, use, transfer, distribution or otherwise display, reconciliation, interconnection, limitation, or destruction etc. of said Data.

3. Collected and processed data

Data that You provide us with – ManageX collects Data directly from Users, including via Data collection forms on the Website or otherwise, or during meetings, negotiations, email exchanges or as part of performing a contract. This Data is updated directly by Users. To this end, any update of said Data must be immediately communicated to the relevant ManageX department (marketing department/customer service, accounts, etc.)

Data obtained by third parties – Data can also be provided indirectly from your personal devices (mobile phones or other devices), through a secure connection to our information system or through an application programming interface (API) such as Google, Twitter or Instagram. ManageX also uses YouTube’s API services. The privacy policies for these services offered by YouTube and Google is available at the following link: http://www.google.com/policies/privacy. Additionally, ManageX collects Data using cookies and/or trackers that can analyse the behaviour of Users. We may also receive Data about You via banking or credit institutions. In such cases, we will update your Data in our database.

Data regarding third parties that You provide us with – If You provide us with Data relating to another Data subject (e.g. your employees’ Data for maintenance purposes or for partner recommendations), You guarantee that You are authorized to consent to the processing of Data in their name and, more generally, to send us said Data and that You can receive any correspondence relating to their Data on their behalf.

The type of Data being processed – Data collected as part of a Processing is strictly limited to the purpose for which it has been collected. As such, the Data that we collect from prospects include first and last names, professional email address and phone numbers, employer’s identity and browsing Data (cookies). In addition to the above Data, we process the following Data concerning customers and their employees: IP address, position / job title, login and login details. Data relating to suppliers that we collect include the following: First and last names, email address, contact phone number, banking details, contract documents and qualifications.

4. Legal basis for the Data Processing

The legal basis for ManageX’s Processing of Data are as follows:

(i) compliance with a legal obligation;
(ii) performance of a contract;
(iii) legitimate interest;
(iv) Your consent, particularly with regard to trackers and prospecting activities.

In addition, when the provision of Data is mandatory, it will be clearly indicated (e.g. marked with an asterisk in the forms).

5. The purposes of Data Processing

Depending on the Data subjects (prospects, customers, service providers or suppliers) ManageX conducts various types of processing.
Data relating to prospects is collected to create a database of prospects and conduct commercial actions, as well as to manage and send commercial newsletters (unless the recipient has opted out).
Data relating to Customer’s employees is processed as per the following purposes:

Provision of services: this relates to, in particular, allowing contracts to be drafted, services to be provided and invoices to be issued and sent. As part of our activities, ManageX archives and logs all actions performed on the platform by Customer’s employees.
Litigation management: ManageX collects and processes Data relating to Customer payment delays and defaults in order to prepare, start and manage any recovery or legal action and, where applicable, enforce the decision issued.
Auditing: As part of an audit or potential purchase operation of ManageX, audits by potential investors, buyers or purchasers may be carried out and include an access to the Data. Internal audits may also be carried out to check that our processes are being correctly implemented or to verify Data processing from the Customer database.
Customer relationship management: In order to provide Customers with the best service and improve our solutions, ManageX also processes customer Data when managing the termination of a contract or in order to offer new services, commercial offers and discounts to its customers. As part of its customer relationship management, ManageX must also record all email exchanges with the customer’s employees. Finally, ManageX may conduct surveys on the quality of the services provided in order to improve said services.

Supplier Data is only processed for the purposes of establishing, negotiating and monitoring a contractual relationship (carrying out services, invoicing, payment, etc.) as well as for the purposes of dealing with any disputes that may arise in this relation.

6. Who can access your Data at ManageX?

Access to Data is limited to the individuals and departments who require an access to such information in order to fulfil their duties within ManageX. Data collected can thereby be accessed within ManageX by the appropriate departments in order to manage the different Processing concerned (sales department for contractual relationships, legal department for disputes, IT department for maintenance, etc.). Customer’s employee Data may also be accessed to by the Customer itself.

7. Third party recipients and Data transfer

For certain purposes, ManageX may sometimes use the services of subcontractors or service providers (e.g. those in charge of maintaining ManageX’s information system or providing administrative services such as accounting and payroll) such as IT service providers (e.g. hosting website) offering SaaS solutions who require an access to the Data to perform their service, including some which may be located outside of France. In this case, ManageX imposes strict obligations on these co-contracting parties in particular regarding the Processing of such Data, confidentiality and security commitments in compliance with Regulation. This is particularly important if these transfers take place outside of the EU.
In the following specific cases, ManageX may also communicate Data to third parties:

As part of the Processing for auditing purposes as provided for above, Data may be communicated to a purchaser, prospective purchasers and their counsels.
As part of the Processing for auditing purposes as provided for above, Data may be communicated to a purchaser, prospective purchasers and their counsels.
If ManageX is obliged to disclose or provide access to Data in order to comply with any legal obligation or a court decision, or in order to enforce or perform the service agreement or circumstances other than those accepted, or to protect the rights, property or safety of ManageX, its customers or its employees;
If this transfer of Data by ManageX is permitted by law.

ManageX does not sell any Data to third parties.

8. Data retention

Data (especially Data that relates to agreements concluded with ManageX) is stored as long as is strictly necessary in order to allow us to perform our services, until (i) the termination of the agreement, (ii) the duration required by law or (iii) for a duration proportionate to the purpose followed to be secured. In any case, this Data must be stored in accordance with CNIL recommendations.
For example:

Data relating to prospects or Customers is deleted within 3 years of its collection or within 3 years of the last contact with the prospect or Customer,
Pre-litigation: Data is kept until a settlement agreement has been concluded or, failing this, until the corresponding legal action has been prescribed; Judicial litigation: Data is kept until the decision is final and binding.

Furthermore, anonymous data and data relating to Users may be kept for an unlimited period of time when it does not contain or no longer contains any Personal Data.

9. Actions carried out on Data

The following actions are conducted on Data:

Collection and recording
Organisation and structuring
Hosting or retention using third-party software,
Consultation,
Selection(using a solution published by a third party),
External archiving
Transmission, distribution or otherwise in any form making available of the concerned services
Modification/consultation by customer service, marketing, accounts or IT department
Deleting or destroying

10. Data localisation and security measures

All Data is hosted by providers located in the European Union, in compliance with the Regulations applicable for this type of Data transfer. Unless if the User is located overseas, no Data is transferred to a third party located outside of the European Union, except in cases where ManageX must submit and/or enforce judicial acts (summons, rulings, conservatory measures, etc.) overseas due to the User residing outside the European Union or when ManageX uses the service of a provider located overseas. In any case, ManageX ensures that all transferred Data is adequately protected in order to guarantee the Data’s security, integrity and confidentiality in accordance with the applicable Regulation.
ManageX shall take all suitable precautions to guarantee the confidentiality and security of the Data and to prevent it from being tampered with, corrupted or accessed by unauthorised persons. A security policy for the information system has been implemented. For example, access to your Data is solely limited to persons/services who require such access. This Data is stored on secured servers and banking details are encrypted. A login and password is required to access Data.
However, transferring Data via Internet is not without risk. Therefore, ManageX does not guarantee the security of any Data transferred online even when ManageX has complied with its security commitments.

11. User rights

Users have the following rights on their Data as processed by ManageX:

Access to or obtain a copy of their Data
Rectification of their Data
Have all or part of their Data deleted when the Data, (i) is no longer needed for the purposes for which it was collected, (ii) is exclusively based on User’s consent, (iii) and their Processing undergoes an objection proceeding
Limit the processing of their Data temporarily, when the accuracy of said Data is challenged, when the User has objected to its Processing and when the Data is no longer needed by ManageX but is still necessary for the enforcement, exercise or defense of their rights in court
Unsubscribe or opt out of receiving marketing and commercial documents (emails) at any time by clicking on the “unsubscribe” link in any emails or communication sent by ManageX
Object to the Processing or withdraw their consent at any time when Data Processing is based on consent
Portability of their Data when Data Processing is based on consent and when the Processing is carried out using automated processes
Decide how their Data will be used after their death
File a complaint before the CNIL.

To exercise any of these rights or for any questions relating to this Privacy Policy, Users may contact ManageX at the following addresses: Devinov, 12, Rue Paul Langevin, Sevran, Île-de-France 93270, FR, or at contact@devinov.fr and attach a copy of their ID card. Last updated on 13/12/2021