Personal Data Protection Policy
1. Preamble
Dydu places the utmost importance on protecting the privacy of individuals. We believe that a privacy policy should be simple, easy to understand, and meet two specific objectives: to inform and protect you.
In accordance with EU Regulation n°2016/679 on the Protection of Personal Data [hereinafter “the Regulation” or “GDPR”], Dydu (1 place Lainé, 33 000 Bordeaux), is responsible for the processing of your personal data, collected on the www.dydu.ai website [hereinafter “the Website”].
2. Reminder of key concepts
- “Personal data”: any information relating to an identified or identifiable natural person (hereinafter the “data subject”).
- “Processing”: any operation applied to personal data, such as collection, recording, storage, alteration, consultation, use, disclosure by transmission, combination, or destruction.
- “Controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- “Processor”: the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
- “Consent” of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his/her personal data.
- “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, disclosure, or unauthorised access to personal data which is transmitted, stored, or otherwise processed.
3. Data processing purposes and methods
The Website User [hereinafter referred to as “the User”] is hereby informed that any information he/she agrees to disclose on the Website can be used for accessing, using, and customising the Website’s Services (hereinafter referred to as the “Services”).
The data collected is mainly intended for Dydu’s internal departments. Service providers duly appointed by Dydu are also authorised to access the Website and databases insofar as strictly necessary for the provision of Services (cf. article 6 “Subcontracting and Data Transfer”). The User’s contact details will never be shared with third parties, whether free of charge or in return for payment, without the User’s express knowledge and consent.
Dydu also undertakes not to use data collected from the Website for commercial purposes, except with the consent of the Data Subject.
The data processing methods used on the Website are as follows:
3.1 The purposes for processing are:
| Goals | Treatment category |
|---|---|
| Respond to requests for demonstrations of Dydu products | Provision of a registration form for a demonstration module (collect and management of information to respond to the specific request) |
| Improve the user experience of the Services | Provision of a contact form (collect and management of information to respond to the specific request) |
| Integration of navigation cookies (functional and analytical) | |
| Communicate on services | Sending of a Dydu newsletter (if registration by the user) |
| Sending of commercial information emails (if registered by the user) | |
| Enable the maintenance and safe and stable operation of the website | Hosting of the website and its databases |
| Application monitoring and security operations |
3.2 – The following personal data is processed on the Website:
| Data category | Data that could be collected | Mandatory data (*) |
|---|---|---|
| Identification data | Civility, name, first name |
Civility, name, first name (if using the contact or demo form) |
| Professional data | Company, business sector | Société, secteur d’activité (si usage du formulaire de contact ou de démo) |
| Contact data | E-mail address (pro), phone number (pro) | E-mail address (if using the contact or demo form or if subscribing to the newsletter) |
| Connection data | IP address, browser cookies | IP address, browser cookies (only those essential to the proper functioning of the website) |
Dydu cannot anticipate any other data that the User may freely share when using our Services (in particular via the comments fields). Nonetheless, this data will be subject to a similar level of protection as the data requested by default on the Website. Dydu advises against providing any unnecessary, intimate, or sensitive personal data (e.g., health, sexual orientation, political opinions) on the Website.
3.3 – The categories of individuals whose personal data is processed are the Website Users.
The Website is specifically targeted at any person, natural or legal, acting in a professional capacity and wishing to benefit from information about Dydu’s products and services.
3.4 – The amount of time the data is stored varies, depending on the purpose for which it was collected:
| Data concerned | Shelf life | Deleting mode |
|---|---|---|
| Identification data |
|
Automatic deleting |
| Professional data | ||
| Contact data | ||
| Connection data | Maximum 13 months for analytics/statistics cookies | Automatic deleting |
4. Rights of the data subject
In accordance with the provisions of Chapter 3 of the GDPR, “Rights of the data subject”, the User has the right to access, rectify, restrict, and erase personal data. This right can be exercised as follows:
- by post to: DO YOU DREAM UP – Dydu – 1 place Lainé, 33 000 Bordeaux – FRANCE
- by email to: dpo@Dydu.ai
In accordance with the provisions of the same chapter, the User may also object to his/her data being processed. Except in the case of a contractual relationship, the data subject may withdraw consent for the processing of his/her data at any time. This right can be exercised via the contact details (postal and email addresses) mentioned above.
Dydu also informs the User that if he/she considers his/her rights have not been respected, he/she may file a complaint at any time with the Commission Nationale Informatique et Libertés (CNIL) via www.cnil.fr/en/home or at the following address:
3 place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – www.cnil.fr
5. Security
Dydu undertakes to implement all the organisational, technical, and structural measures to ensure the physical and logical security of personal data and to keep them in place until the said data has been deleted. In particular, Dydu will actively oppose any unauthorised alteration, destruction, or access to the data.
Dydu recalls that the Internet is not a completely secure environment, and that the Website cannot guarantee the total security of data transmission and storage on this network. Nonetheless, Dydu undertakes to improve security measures on a daily basis. Connections, flows, and databases are fully encrypted using advanced technological processes, thus ensuring the utmost security of any data contained on the Website.
Dydu also undertakes to comply with the rules for managing and notifying data breaches, as set out in Articles 33 and 34 of the GDPR (notifications to CNIL and/or Users).
Dydu’s subcontractors also apply these rules. This commitment is an essential part of all our subcontracting agreements.
6. Subcontracting and data transfer
6.1 – Subcontractors
Dydu informs the User that several subcontractors [hereinafter referred to as the “Subcontractor(s)“] are required to ensure the proper functioning of the Website for the following processing operations:
| Treatment concerned | Subcontractor | Rank | Coordinates (and location of servers if different addresses) |
|||
|---|---|---|---|---|---|---|
🇫🇷 |
Edit and maintenance of the website | Thibaut Soufflet, web developer & designer | 1 | 63 B rue Adrien Allard 33520 Bruges, FRANCE |
||
🇫🇷 |
Hosting and backup of the website | OVH | 1 |
|
||
🇺🇸 |
Mailing / Newsletter | HUBSPOT | 1 |
|
||
🇺🇸 |
Statistics / Analytics | 1 | Registered office: 1600 Amph, Parkway, Mountain View, CA 94043, USA |
Dydu certifies that all Subcontractors have been assessed and chosen for their level of protection of personal data, in accordance with the requirements of the GDPR and French “Informatiques et Libertés” law of 6th January 1978. Our Subcontractors have undertaken, in the same way as Dydu, to comply with the provisions relating to data protection and to allow Dydu to meet its legal obligations by any means, particularly with regards to the rights of the data subjects mentioned above.
Our Subcontractors have also undertaken to never subcontract the data entrusted to them without informing and obtaining Dydu’s approval, which Dydu does not intend to grant, unless it is absolutely necessary and essential to the Services.
6.2 – Data transfers outside the EU
Dydu and the Subcontractors jointly undertake to ensure that personal data collected on the Website is always processed and hosted within the European Union or in a country or organisation with an adequate level of data protection.
The User is hereby informed that his/her professional email address, if used to subscribe to Dydu’s newsletter or for Dydu’s mailing campaigns, may be transferred to HUBSPOT, a company headquartered in the United States (Cambridge, Massachusetts). The transfer of this data is subject to a process of prior analysis of the transfer risks and guarantees presented by the subcontractor, as well as compliance with standard contractual clauses adopted by the European Commission.
7. Cookies
As mentioned above, some data is collected by means of cookies (small text files placed on the visitor’s browser that store information about the visitor, that can then be accessed by the Website). Dydu uses cookies for the sole purpose of personalising the Website Users’ experience and analysing User visit indicators.
The following cookies and trackers are used on the Website:
| Tracer type | Functions | Tracer name | Editing company | Lifetime |
|---|---|---|---|---|
| Essential cookies | These cookies are essential to the proper functioning of the website and cannot be disabled in our systems. | _GreCAPTCHA | 24h | |
| _cfduid | Cloudflare | 13 months | ||
| Functional cookies | These cookies are useful for the proper functioning of the website. They are generally only set in response to configurations or information provided to the website. They are necessary to personalize the website and to optimize the User experience. | _hssrc | Hubspot | 13 months |
| _hssc | Hubspot | 13 months | ||
| pll_language | Polylang | 13 months | ||
| bcookie | 13 months | |||
| lidc | 24h | |||
| lang | Session | |||
| Analytical cookies | These cookies help us understand how visitors interact with the website. They collect information and generate statistical reports on the use of the website. | _ga | 13 months | |
| _gat | 24h | |||
| _gid | 24h | |||
| _hstc | Hubspot | 13 months | ||
| _hubspotuk | Hubspot | 13 months | ||
| Advertising or social cookies | These cookies are third-party advertising or social media cookies. They are used to select ads based on the user or to share on social media. | UserMatchHistory | 30 days | |
| AnalyticsSyncHistory | 30 days | |||
| bscookie | 13 months |
Dydu then informs the User that he/she can reject the use of cookies by adjusting the cookie manager settings that are displayed during his/her first connection to the Website and, at any time, via the “Cookie settings” button in the Website footer.
Only “essential cookies”, which are required to ensure the Website functions correctly, cannot be opposed by the User. Similarly, if the User refuses the so-called “functional” cookies, he/she acknowledges that the Website may not function correctly, and that his/her user experience may be greatly disrupted.
Furthermore, Dydu informs the User that if, in general, he/she wishes to oppose the collection of cookies, he/she can do so by adjusting the browser settings (cf. CNIL advice).
8. Updates to the personal data processing policy
This policy may be modified or amended at any time by Dydu. Any new version will be published on the Website immediately.
Users are invited to regularly consult this personal data privacy policy.