Last updated: The 29th of October, 2020.
- all websites within the woleet.io domain,
- individuals that register to attend our marketing or corporate events or receive our marketing materials (“Marketing Activities”),
- our subscribers’ personnel who register to use our Services (including through our Services user interface dashboard registration forms on our Websites)
In this Policy we will explain:
- What types of personal information Woleet collects and how it is used.
- How Woleet collects your personal information, including whether personal information is collected automatically.
- How long Woleet retains your personal information.
- How Woleet protects your personal information.
- How personal information submitted to our Services or collected through our Services on behalf of or at the direction of our subscribers is treated.
- How to update your communication preferences.
- How to exercise your GDPR rights.
Depending on the context of personal information you provide, Woleet may be the data controller (“controller”) or data processor (“processor”) of your personal information under this policy.
Woleet is a processor of personal information submitted to the Services or collected through the Services on behalf of or at the direction of subscribers.
24 bis Rue Maréchal Joffre
1. What types of personal information does Woleet collect?
The types of personal information we collect and share depend on which of our Websites or Marketing Activities you use. In general, we may collect information that identifies you, information about how you use our Websites, and the information that you create while you interact with our Websites.
Information that we collect from you may include the following:
- Information that can personally identify you, such as name, email address, telephone number.
- Information about your Internet connection, the equipment you use to access our Websites, and your use of our Websites.
- Information that you provide when you fill in forms on our Websites.
- Information that identifies you in planning and hosting corporate events related to our Marketing Activities (e.g., user conferences).
- Records and copies of your correspondence (including email addresses and social networks handles), if you contact us.
- Your responses to surveys that we might ask you to complete for research purposes.
- Details of transactions you carry out through our Websites or related to orders of our Services.
You also may provide information as a contributing user that is published or displayed (hereafter, referred to as “posted”) on public areas of our Websites, on the Woleet Community site, or transmitted to other users of our Websites or third-parties. Your user contributions are posted and transmitted to others at your own risk.
2. How does Woleet use my personal information?
Woleet uses personal information that you provide to us to deliver content on our Websites, plan and host Marketing Activities, and to provide our Services, i.e:
- Woleet timestamping service creates universal proofs of existence of any data in numeric format. The only personal data processed by this service are the user account information.
- Woleet electronic seal service creates an integrity and authenticity proof of any numeric data. The personal data processed by this service are user information related to accounts and to seal identities.
- Woleet electronic signature service allows to perform digital signature workflows so as to create evidence of the consent of signatories about a contract, a quotation, a mission statement and many other documents. The personal data processed by this service refer to the signature requester and to the signatories.
We may use this information in the following ways:
- To present our Websites and their contents to you.
- To allow you to participate in interactive features on our Websites.
- To enhance the experience of using our Websites, Services, and Marketing Activities.
- To manage your access to the Services.
- To carry out our obligations and enforce our rights that arise from any contracts entered into between you and us, including for billing and collection.
- To create electronic signatures and related proofs, if you use Woleet electronic signature service.
- To allow the verification of electronic signature proofs made via Woleet services.
- To provide you with notices about your account and/or subscription, including expiration and renewal notices.
- To notify you about changes to our Websites or Services.
- To provide you with information or services that you request from us.
- To communicate with you about Marketing Activities, which may include promotional information.
- To send promotional information and other communications regarding our products or Services.
- To create a list of actual and prospective users and subscribers for our products or Services.
- To assemble statistics regarding the use of our Websites, product or Services.
- To prevent fraud or abuse.
- To comply with any legal or regulatory obligations.
- For any other purpose we describe at the time we collect information.
- For any reason you engage us.
- For any other purpose with your consent.
3. How does Woleet collect my personal information?
Woleet may directly collect personal information you provide us in the following ways:
- When you complete forms on our Websites, such as registering an account,
subscribing to a Service, or posting a comment.
- When you create an account to use our Services or create a new user for that account.
- When you complete transactions through our Websites, such as fulfilling an order for our Services.
- When you post messages on our Websites, either in public areas or directly to other users or third-parties.
- When you use our publicly accessible blogs.
- When you contact us outside of our Websites, such via email or Twitter.
- When you request assistance from our Support team.
- When you respond to surveys we ask you to complete for research purposes.
- When you provide information that will be posted on public areas of our Websites.
- When you transmit information to other users of our Websites or third-parties as a user contribution.
- When you register for or attend our Marketing Activities.
When Woleet e-signature service is used, the signatory’s personal data may be first registered by the signature requester. The signatory is then notified by email and is asked within the signature process for accuracy confirmation and consent about the storage of his/her personal data.
Third-Parties and Data Supplementation
We are not responsible for the accuracy of any information provided by third-parties or third-party policies or practices.
- contact information about you from third-party sources to verify your address so we can properly prevent fraud or communicate with you.
Examples of the types of personal information that may be obtained from public sources or purchased from third-parties and combined with information we already have about you, may include:
- Social networks when you reference our Services or grant permission to Woleet to access your data on one or more of these services.
- Publicly-available sources or data in the public domain.
Third-party sources we may use vary over time, but have included or may include:
4. How does Woleet collect my personal information?
As is true of most websites, Woleet gathers certain information automatically as you navigate through and interact with our Websites. This information helps us to improve and personalize our Websites, Marketing Activities, and Services, as well as prevent fraud or abuse. This information may be gathered and stored in log files.
Information that we collect from you automatically may include the following:
- Internet Protocol (IP) addresses,
- Internet Service Provider (ISP),
- browser type,
- referring/exit pages,
- operating system,
- date/time stamp, and/or
- browsing actions and browsing patterns.
5. How long does Woleet keep my personal information?
Woleet retains your personal information for a period of time consistent with the original purpose of collection, and allowing us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
We retain your personal information during the time you have an account to use our Websites or Services, or as agreed in our subscription agreements, and up to one year after the end of the contract.
Signer data are stored for a maximum of one year after the end of the contractual relationship between Woleet and the applicant who created the Signer data.
The personal data we collected for commercial purposes are retained during a maximum period of 3 years after inactivity of the relationship between Woleet and the person.
6. How does Woleet keep my information secure?
Woleet will maintain appropriate technical and organizational security measures designed to protect your personal information from accidental loss, unauthorized use, alteration, or disclosure. Although we implement and maintain security measures that are appropriate for our business activities, please be aware that no security measures are perfect or impenetrable and any transmission of personal information is at your own risk. You must also make sure that your information is safe and secure. We are not responsible if you circumvent any privacy settings or security measures on our Websites. Even if we give you (or you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. Do not share your password with anyone. Please be careful about giving out information in public areas of our Websites, for example, community message boards or forums. The information you share in public areas may be viewed by any user of our Websites. We cannot control the actions of other users of our Websites with whom you choose to share your information; as such we cannot guarantee your contributed information cannot be viewed by unauthorized parties.
7. What choices and rights are available to me regarding the use of my personal information?
Please contact us at firstname.lastname@example.org for any request about your rights regarding your personal information.
If you choose to exercise your rights of access / modification / deletion, we will ask you to prove your identity, possibly by means of an official identity document.
Your request will be processed within a maximum of one month, in accordance with the GDPR. A record of this request will be kept by Woleet for tracking purposes for up to one year after your request.
If the personal data relate to a signatory involved in a draft or ongoing signature request, the signature requester will be notified about the modification or deletion of the personal data.
The modification or deletion of a signatory’s personal data has impacts on the related signature requests and signature proofs. In order not to disturb the signature nominal mode of operation, the following limitations are defined by Woleet:
- Modifying the signatory’s data in an ongoing signature request will be submitted to the signature requester’s approval so as to avoid any identity fraud leading to the signature process invalidation.
- Modifying the signatory’s data in closed signature requests and in the related signature proofs is not allowed as it would invalidate the signature a posteriori, which contradicts the purpose of our electronic signature service.
- The deletion of the signer’s identity will automatically close the related ongoing signature request(s) and send a notification to the signature requester and to the other signers.
- Verifying the validity of the signature after the signatory’s deletion (implying the signature request and proof receipt deletion) will only be possible if the signed document and the signature proof (archived by the concerned users) are provided to Woleet verification service.
8. Notifications in case of personal data breach
- In the event of a data breach, Woleet will trigger an internal incident management procedure.
- In the event of a strong impact on the privacy of the persons concerned, Woleet will notify the persons concerned and the French Supervisory Authority (CNIL) within the 72-hour time limit set by the GDPR.
10. Google account and user data
Accessing user data
Google user data are always accessed through an OAuth consent screen.
Using user data
When using OAuth to login using Google, Google’s data are acceded to either create a new user from its Google account or validate its credentials when used as a login.
The only other time user data is accessed is when a user chooses to select a file from its Google Drive account to create its digital fingerprint (SHA256), in that case the file is always kept in the user’s browser and never transferred to our servers.
Storing user data
Woleet saves some data on its servers:
email / profile / openid: Used to enable OAuth sign-up / login.
drive.readonly: Used to be able to calculate a hash of one of your files stored on your
Google Drive account, this file will stay in your browser and will never be transferred to our servers.