Woleet’s privacy policy

Last updated: The 29th of October, 2020.
Contact us
Your personal information will be treated in a secure and confidential manner in compliance with all applicable laws and regulations. When you use Woleet Websites and Services (as defined below), we receive information that may directly or indirectly identify you (“personal information” or “personal data”). This privacy policy (this “Privacy Policy”) governs and describes how Woleet SAS may collect, use, and disclose personal information that we obtain through or from:

  • all websites within the woleet.io domain,
  • individuals that register to attend our marketing or corporate events or receive our marketing materials (“Marketing Activities”),
  • our subscribers’ personnel who register to use our Services (including through our Services user interface dashboard registration forms on our Websites)

In this Policy we will explain:

  • What types of personal information Woleet collects and how it is used.
  • How Woleet collects your personal information, including whether personal information is collected automatically.
  • How long Woleet retains your personal information.
  • How Woleet protects your personal information.
  • How personal information submitted to our Services or collected through our Services on behalf of or at the direction of our subscribers is treated.
  • How to update your communication preferences.
  • How to exercise your GDPR rights.

Contact Information

Depending on the context of personal information you provide, Woleet may be the data controller (“controller”) or data processor (“processor”) of your personal information under this policy.

 

Woleet is a processor of personal information submitted to the Services or collected through the Services on behalf of or at the direction of subscribers.

 

If you have any questions or concerns regarding this Privacy Policy or our privacy practices, including the processing of your personal information, if you would like to exercise your data rights under applicable laws, or if you believe your privacy rights have been violated, please contact Woleet at privacy@woleet.com, or:

 

Woleet SAS
24 bis Rue Maréchal Joffre
35000 RENNES
France

1. What types of personal information does Woleet collect?

The types of personal information we collect and share depend on which of our Websites or Marketing Activities you use. In general, we may collect information that identifies you, information about how you use our Websites, and the information that you create while you interact with our Websites.

 

Information that we collect from you may include the following:

  • Information that can personally identify you, such as name, email address, telephone number.
  • Information about your Internet connection, the equipment you use to access our Websites, and your use of our Websites.
  • Information that you provide when you fill in forms on our Websites.
  • Information that identifies you in planning and hosting corporate events related to our Marketing Activities (e.g., user conferences).
  • Records and copies of your correspondence (including email addresses and social networks handles), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Details of transactions you carry out through our Websites or related to orders of our Services.

 

You also may provide information as a contributing user that is published or displayed (hereafter, referred to as “posted”) on public areas of our Websites, on the Woleet Community site, or transmitted to other users of our Websites or third-parties. Your user contributions are posted and transmitted to others at your own risk.

2. How does Woleet use my personal information?

Woleet uses personal information that you provide to us to deliver content on our Websites, plan and host Marketing Activities, and to provide our Services, i.e:

  • Woleet timestamping service creates universal proofs of existence of any data in numeric format. The only personal data processed by this service are the user account information.
  • Woleet electronic seal service creates an integrity and authenticity proof of any numeric data. The personal data processed by this service are user information related to accounts and to seal identities.
  • Woleet electronic signature service allows to perform digital signature workflows so as to create evidence of the consent of signatories about a contract, a quotation, a mission statement and many other documents. The personal data processed by this service refer to the signature requester and to the signatories.

 

We may use this information in the following ways:

  • To present our Websites and their contents to you.
  • To allow you to participate in interactive features on our Websites.
  • To enhance the experience of using our Websites, Services, and Marketing Activities.
  • To manage your access to the Services.
  • To carry out our obligations and enforce our rights that arise from any contracts entered into between you and us, including for billing and collection.
  • To create electronic signatures and related proofs, if you use Woleet electronic signature service.
  • To allow the verification of electronic signature proofs made via Woleet services.
  • To provide you with notices about your account and/or subscription, including expiration and renewal notices.
  • To notify you about changes to our Websites or Services.
  • To provide you with information or services that you request from us.
  • To communicate with you about Marketing Activities, which may include promotional information.
  • To send promotional information and other communications regarding our products or Services.
  • To create a list of actual and prospective users and subscribers for our products or Services.
  • To assemble statistics regarding the use of our Websites, product or Services.
  • To prevent fraud or abuse.
  • To comply with any legal or regulatory obligations.
  • For any other purpose we describe at the time we collect information.
  • For any reason you engage us.
  • For any other purpose with your consent.

3. How does Woleet collect my personal information?

Woleet may directly collect personal information you provide us in the following ways:
  • When you complete forms on our Websites, such as registering an account,
    subscribing to a Service, or posting a comment.
  • When you create an account to use our Services or create a new user for that account.
  • When you complete transactions through our Websites, such as fulfilling an order for our Services.
  • When you post messages on our Websites, either in public areas or directly to other users or third-parties.
  • When you use our publicly accessible blogs.
  • When you contact us outside of our Websites, such via email or Twitter.
  • When you request assistance from our Support team.
  • When you respond to surveys we ask you to complete for research purposes.
  • When you provide information that will be posted on public areas of our Websites.
  • When you transmit information to other users of our Websites or third-parties as a user contribution.
  • When you register for or attend our Marketing Activities.

 

Whenever you enter personal data on any of our websites or services, you are asked to approve Woleet Terms and Conditions of Use which implies consent to the privacy policy.

 

When Woleet e-signature service is used, the signatory’s personal data may be first registered by the signature requester. The signatory is then notified by email and is asked within the signature process for accuracy confirmation and consent about the storage of his/her personal data.

Third-Parties and Data Supplementation

We are not responsible for the accuracy of any information provided by third-parties or third-party policies or practices.
  • contact information about you from third-party sources to verify your address so we can properly prevent fraud or communicate with you.

 

Examples of the types of personal information that may be obtained from public sources or purchased from third-parties and combined with information we already have about you, may include:
  • Social networks when you reference our Services or grant permission to Woleet to access your data on one or more of these services.
  • Publicly-available sources or data in the public domain.

 

Third-party sources we may use vary over time, but have included or may include:

To the extent allowed by law, Woleet may collect personal information about you from other third-party sources. We may maintain this information or associate it with personal information we already have about you (“data supplementation”). This information helps us to improve our Websites, to deliver better and more personalized Services, to update, expand, and analyze our records, identify new customers, and provide products and services that may be of interest to you. To the extent we combine such third-party sourced information with information we already have about you, we will treat the combined information in accordance with the practices described under this Privacy Policy and any additional restrictions imposed by the source of the data.

Financial Information

We use third-party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors. Our third-party processors currently include Stripe, and Stripe’s privacy policy can be viewed at https://stripe.com/us/privacy.

4. How does Woleet collect my personal information?

As is true of most websites, Woleet gathers certain information automatically as you navigate through and interact with our Websites. This information helps us to improve and personalize our Websites, Marketing Activities, and Services, as well as prevent fraud or abuse. This information may be gathered and stored in log files.

 

Information that we collect from you automatically may include the following:

  • Internet Protocol (IP) addresses,
  • Internet Service Provider (ISP),
  • browser type,
  • referring/exit pages,
  • operating system,
  • date/time stamp, and/or
  • browsing actions and browsing patterns.

Cookies

Woleet and our partners use cookies or similar technologies to analyze trends, administer our Websites and Services, track users’ movements around our Websites and Services, and to gather demographic information about our user base as a whole. A cookie is a small piece of information that is placed on your device when you visit certain websites. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Websites or Services.

 

For more information on how Woleet uses cookies, refer to https://doc.woleet.io/docs/cookies-policy.

 

For more information on third-party cookies, refer to Section 6 of this Privacy Policy.

5. How long does Woleet keep my personal information?

Woleet retains your personal information for a period of time consistent with the original purpose of collection, and allowing us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.

 

We retain your personal information during the time you have an account to use our Websites or Services, or as agreed in our subscription agreements, and up to one year after the end of the contract.

 

Signer data are stored for a maximum of one year after the end of the contractual relationship between Woleet and the applicant who created the Signer data.

 

The personal data we collected for commercial purposes are retained during a maximum period of 3 years after inactivity of the relationship between Woleet and the person.

6. How does Woleet keep my information secure?

Woleet will maintain appropriate technical and organizational security measures designed to protect your personal information from accidental loss, unauthorized use, alteration, or disclosure. Although we implement and maintain security measures that are appropriate for our business activities, please be aware that no security measures are perfect or impenetrable and any transmission of personal information is at your own risk. You must also make sure that your information is safe and secure. We are not responsible if you circumvent any privacy settings or security measures on our Websites. Even if we give you (or you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. Do not share your password with anyone. Please be careful about giving out information in public areas of our Websites, for example, community message boards or forums. The information you share in public areas may be viewed by any user of our Websites. We cannot control the actions of other users of our Websites with whom you choose to share your information; as such we cannot guarantee your contributed information cannot be viewed by unauthorized parties.

7. What choices and rights are available to me regarding the use of my personal information?

Please contact us at privacy@woleet.com for any request about your rights regarding your personal information.

 

If you choose to exercise your rights of access / modification / deletion, we will ask you to prove your identity, possibly by means of an official identity document.

 

Your request will be processed within a maximum of one month, in accordance with the GDPR. A record of this request will be kept by Woleet for tracking purposes for up to one year after your request.

 

If the personal data relate to a signatory involved in a draft or ongoing signature request, the signature requester will be notified about the modification or deletion of the personal data.

 

The modification or deletion of a signatory’s personal data has impacts on the related signature requests and signature proofs. In order not to disturb the signature nominal mode of operation, the following limitations are defined by Woleet:

 

  • Modifying the signatory’s data in an ongoing signature request will be submitted to the signature requester’s approval so as to avoid any identity fraud leading to the signature process invalidation.
  • Modifying the signatory’s data in closed signature requests and in the related signature proofs is not allowed as it would invalidate the signature a posteriori, which contradicts the purpose of our electronic signature service.
  • The deletion of the signer’s identity will automatically close the related ongoing signature request(s) and send a notification to the signature requester and to the other signers.
  • Verifying the validity of the signature after the signatory’s deletion (implying the signature request and proof receipt deletion) will only be possible if the signed document and the signature proof (archived by the concerned users) are provided to Woleet verification service.

8. Notifications in case of personal data breach

  • In the event of a data breach, Woleet will trigger an internal incident management procedure.
  • In the event of a strong impact on the privacy of the persons concerned, Woleet will notify the persons concerned and the French Supervisory Authority (CNIL) within the 72-hour time limit set by the GDPR.

9. Modifications

Woleet reserves the right to modify this Privacy Policy at any time. It is our policy to post any changes we make to this Privacy Policy on this page and the changes will be effective upon Woleet’s publication of the updated Privacy Policy except as described below. If Woleet makes material changes to how we treat your personal information, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this page thirty (30) days prior to the change becoming effective. However, changes made to comply with applicable laws will be effective immediately. You are responsible for ensuring we have an up-to-date email address for you and periodically visiting this page to check for any changes to our Privacy Policy. Your continued use of the Websites and the Services expressly indicates your acceptance of Woleet’s then-current Privacy Policy and your consent to Woleet’s collection of personal information in accordance with the then-current Privacy Policy.

 

If you have questions or concerns about this Privacy Policy, please contact Woleet using the information in the “Contact Information” section above. The date this Privacy Policy was last revised is identified at the top of the page.

10. Google account and user data

Accessing user data

Google user data are always accessed through an OAuth consent screen.

Using user data

When using OAuth to login using Google, Google’s data are acceded to either create a new user from its Google account or validate its credentials when used as a login.
The only other time user data is accessed is when a user chooses to select a file from its Google Drive account to create its digital fingerprint (SHA256), in that case the file is always kept in the user’s browser and never transferred to our servers.

Storing user data

Woleet saves some data on its servers:
Email and basic profile information, used to create an account after an OAuth login. The use of this information is covered in the previous chapters of this Privacy Policy.

Scopes

email / profile / openid: Used to enable OAuth sign-up / login.
drive.readonly: Used to be able to calculate a hash of one of your files stored on your
Google Drive account, this file will stay in your browser and will never be transferred to our servers.