Octobat gathers the following types of information:
We collect the following types of personal information (collectively, “Personal Information” ) that you voluntarily provide through the Site.
We do not collect sensitive information such as information about your race, political views, religious views or health conditions. If you do not provide us with the Personal Information that we request, we may not be able to provide you with the services offered through the Site.
There are a number of different ways that we collect Personal Information from you. These may include:
We (or service providers on our behalf) may automatically collect information from you using “cookies” or “web beacons”. Cookies are small amounts of data that are stored within your computer’s Internet browser or on your mobile device and that are accessed and recorded by the websites that you visit, as well as by the companies that place advertising on websites, so that they can recognize your device and remember if you have visited a website previously. Web beacons are web page elements that can recognize certain types of information on your computer such as cookies and the time and date of a page view.
Information collected by cookies and web beacons may include, without limitation:
We may use data gathered automatically from your computer (i) to help us recognize you as a previous visitor to the Site, (ii) with your prior consent, to serve relevant online advertising to you or (iii) to analyze trends and statistics to improve your experience of the Site.
You can set your browser to reject cookies or to notify you when you are sent a cookie. You can also purchase and download software that will allow you to visit the Site without providing the information gathered by cookies. You are welcome to use the Site if you use such software, but your experience while visiting the Site may not be optimal. When your prior consent is required for the implementation of certain types of cookies, it will be specifically collected.
We can collect tax ID, VAT number, bank account number, invoices, and credit notes, and device-specific data to comply with EU VAT rules, such as the IP Address.
We use the Personal Information described above to:
Generally, Octobat does not share the Personal Information collected - or that you provide to Octobat - with third parties unless Octobat has obtained your prior consent.
However, Octobat may share the Personal Information about you with affiliates, with vendors, agents and contractors that assist Octobat in administering the Site and in providing services to you, with the online marketplaces on which you advertise and sell your products, and in response to legal process or when Octobat believes that the law requires it (for example, in response to a court order) or to protect the rights, property or safety of Octobat, the Site, users of the Site and others.
Octobat may also disclose Personal Information as is necessary to identify, contact or bring legal action against a person or entity who may be violating Octobat’s Terms of Service, or who may be causing harm to, or interfering with, other users of the Site.
Octobat may also disclose Personal Information about you to third parties who provide credit payment, reporting, order fulfillment services, and other services on Octobat’s behalf.
In addition, in the event that assets of Octobat are transferred or sold to another entity, Personal Information may be transferred to the acquiring entity and/or to potential acquiring entities.
The Personal Information that Octobat collects from you and that you provide to Octobat is processed in Ireland and is stored on servers in Ireland.
Your Personal Information may also be transferred to any third parties as described in the previous section. Some of these third parties to whom your Personal information will be shared are located outside of the European Economic Area, in countries whose data protection laws may not be as extensive as those which apply to us.
If we transfer your Personal Information to countries outside of the European Economic Area, we will ensure that we do this in accordance with French data protection regulations (for example, by putting in place an appropriate data transfer agreement). We will do this with a view to ensuring the level of protection which applies to your Personal Information processed in these countries is similar to that which applies within the European Economic Area.
Octobat's data and servers are hosted by Amazon AWS's data center in Ireland (EU). They are protected by firewalls establishing a barrier between our trusted, secure internal network and the Internet, and IP restrictions, limiting access to whitelisted IP addreeses.
Access to this information and servers are restricted to to a limited number of Octobat employees and Third parties who can access the information only in specific circumstances and are bound by confidentiality.
Each Octobat user can only access information pertaining to its Octobat account.
All pages within our checkout process and areas containing Personal Information are secured using SSL (Secure Socket Layer) technology, which encrypts data between our computer and yours. To make sure your Internet browser is using the latest security features, you may want to download the most recent version of it, which should have full SSL support.
You are responsible for maintaining the confidentiality of your user ID and password which relate to your access to certain pages of the Site and/or any Account you set up with us. You agree to accept responsibility for all activities which occur in relation to the same. You should not permit other people to use your user ID or your password. Please contact us promptly if you believe your user ID or password may have been compromised. We will not be responsible to you if there is unauthorized access to your login details or unauthorized activity on this Site as a result of your log-in details becoming known by someone else, unless this was due to our negligence.
Despite our efforts regarding security it is important to bear in mind that the Internet is not a secure means of communication. Personal Information communicated through the Internet may be intercepted by other people. We cannot guarantee the security of Personal Information sent to us through this Site. You accept that you use this Site at your own risk.
If you have created an Account through the Site, we will close your Account upon your request. We may also close or deactivate inactive Accounts or Accounts that are used in violation of our Terms of Service or any applicable law.
We will retain Personal Information from closed or inactive Accounts to the extent and as long as it is necessary and relevant for our operations and to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Service, and take other actions otherwise permitted by law.
In general, Personal Information from closed or inactive Accounts will be deleted or anonymized 5 years after the Account is closed or deactivated unless we have reasonable grounds to believe that the Personal Information should be retained for one of the purposes identified above.
To support Octobat in delivering its Services, we may engage third party service providers to assist Octobat with its data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor of Octobat (“Sub-processor”).
Below, we describe where they are located, and what services they provide to Octobat. Before engaging any Sub-processor, we perform extensive due diligence, including detailed security and legal analysis. We do not engage a Sub-processor unless our quality standards are met. Our Sub-processors are all subject to contract terms that enforce compliance with applicable data protection laws.
Octobat is currently using the following Sub-processors:
|SUB-PROCESSOR||SERVICE PROVIDED||LOCATION OF THE SUB-PROCESSOR|
|Amazon Web Services||Cloud service provider||Ireland|
|Dropbox||File storage||United States of America|
|Email, file storage||United States of America|
|Zendesk||User relationship management||United States of America|
Our business needs may change from time to time. For example, we may deprecate a Sub-processor to consolidate and minimize our use of Sub-processors. Similarly, we may add a Sub-processor if we believe that doing so will enhance our ability to deliver our Services. We will periodically update this page to reflect additions and removals to our list of Sub-processors.
This Data Processing Agreement (“DPA”) supplements your Octobat Terms of Service. This DPA applies to the extent you are using the Services in the context of your data processing activities that are subject to the EU General Data Protection Regulation (“GDPR”).
The Data Processing Agreement sets out your instructions to us and governs how we will process any personal information in connection with Octobat services. You must have an existing Octobat Account to accept this DPA on behalf of the legal entity that corresponds to your Octobat Account. By creating an account with Octobat on behalf of a legal entity, you agree to enter into this DPA with Octobat. Collectively, you and Octobat are referred to in this DPA as the “parties”.
If you wish to access Personal Information collected or stored by us, or if your name, e-mail, postal address, telephone number or other Personal Information changes, you may correct the relevant information by contacting firstname.lastname@example.org. In addition, you have the right to object, at any time, to the processing of your Personal Information on legitimate grounds by contacting email@example.com.