Effective date: October 25, 2022
Drovio SAS (”Drovio”, "us", "we", or "our") operates the drovio.com website, its subdomains and the Drovio Online platform (the "Services").
a. Personal Data. Personal Data may be used to identify, directly or indirectly using combination of other data, a specific individual. Examples of such data may include an individual name, email address, mailing address, IP address or phone number.
b. Anonymous Data. Anonymous Data means any data either directly collected anonymously through the Services or Personal Data that may be anonymized upon user deletion request or after the retention period is over, when they are not just deleted, and that can’t be used in any way to allow individual identification.
c. GDPR. The General Data Protection Regulation (EU GDPR) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the Act n°78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties. The European Data Protection Regulation is applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe.
d. Drovio Online platform. A platform part of our Services and accessible at https://app.drovio.com/signin.
e. Children’s Privacy. Our Services do not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that one of your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we'll promptly take steps to remove that information from our Services.
2. Who are we?
Drovio is a French simplified joint-stock company, registered under number 532 327 608 to the Registry of Trade and Companies of Reims.
Drovio is subject to the GDPR. In accordance with these regulations, Drovio must inform you of any Personal Data processing carried out as part of the Services.
3. How do we collect your Personal Data and what do we collect?
We may collect your Personal Data that you or others provide us:
Account Creation. When you register for an account on the Drovio Online platform from our websites or from the Drovio application. Whether you’re a free or paid user of our Services, we collect your email address and a display name. We may collect a password unless you exclusively sign in using any third party identity provider supported by Drovio Online or via SSO.
Billing Information. When you subscribe to a paid plan on Drovio Online (SaaS) for your own benefit or for your team, by providing your first name, last name, your company name, mailing address and European VAT ID (if applicable). We rely on payment processor services for any transactions. We don’t store your payment methods and other payment information in our servers, we only direct that information to our payment processors for processing and query a limited set of payment information from those payment processors for display purposes only when necessary.
Other users. When other users of our Services invite you through the Drovio Online platform to join their team, their session, set you as a billing recipient or add you to their contact lists. In such cases, we collect your email address.
Third party identity providers. When you grant us permission and sign in to the Drovio Online platform using a supported third party identity provider or via SSO, we obtain your email address and your name or your nickname when available.
Access and Usage Logs. When you use our Services, including our websites and the Drovio Online platform, we store access and usage logs. Those logs may contain various information including pages you accessed, connection and disconnection to/of your Drovio Online account, any changes applied to your subscription or to your team. The Personal Data we may collect in such events are your email address, display name, IP address, team name and user id.
Event Data. When you use or other users in connection with you use our Drovio Online platform, we store Event Data reflecting how you interact with the Drovio app and platform. Those Event Data are used for customer support and business intelligence purposes and may contain various data including your email address, display name, user id, team name, operating system and your browser name.
Customer Support. When you contact us through our websites or the Drovio Online platform via our live chat, through the app when you report an issue, when you rate your experience, or when you send us an email, we collect information about you related to your account, the issue you’re reporting or your request. Those data may include your email address, hardware information and any information you would share from your own initiative.
Feedback. When you rate your experience through our Drovio Online platform, when you submit information to our Feedback platform or post reviews on social networks and review sites, we may collect various information including your email address, name and any information you would share with us by your own initiative or publicly.
Email marketing and transactional emails. When you subscribe to our newsletters, opt in to our marketing emails, or use our Services and receive marketing and transactional emails, they may include web beacons and other similar technologies. They automatically send us various information including your email client, device used, whether you received or opened our emails and what links you may have clicked on those emails.
Website Analytics and Ad personalization. When you visit our Services including our websites and the Drovio Online platform and when you give us your consent to do so, we collect various information including the pages you access, your approximate location (city, county, region and/or country), the time you spend and what you do on those pages. We use analytics providers to do so, including Google Analytics. We also use ad services such as Google’s ad services to sponsor our websites on Google and your Personal Data or cookies may be used to personalize ads served by Google, shown on other sites. To learn more about how Google uses your Personal Data when you give us consent on our Services, please visit https://policies.google.com/technologies/partner-sites.
Resellers. When we receive requests from resellers on the behalf of your company to purchase any of our Services, we may collect information that those resellers would provide.
Drovio’s technology is based on a peer-to-peer architecture and we strive to provide our Services using only the necessary and minimal Personal Data to do so. You can learn more about Drovio’s technology and our security practices on our Security and Privacy white paper.
4. How do we use your Personal Data?
Drovio collects and uses your Personal Data for the following purposes:
- To establish, maintain, secure your access to the Services and provide you with the Services you have requested;
- To process any payment for the Services you have purchased;
- To allow other users you may know interact with you on the Services;
- To understand how you interact with our Services and improve our Services;
- To send you administrative information, procedures and transactional emails, such as payment notices or when you forgot your password;
- To send you product updates and marketing emails about our Services when you give us consent and that you can opt out of at any time;
- To assist you to use our Services when you experience any issues or have any questions;
- To gather your feedback in order to improve our Services and your experience;
- To perform fraud detection and abuse in order to protect you, Drovio or our partners;
- To comply with our legal and regulatory obligations;
- To perform an agreement to which you are a party;
- To protect the rights, safety and intellectual property of Drovio, our employees and our partners;
- For our legitimate interest in developing and promoting our business; and
- For any other purposes for which you give us your consent.
5. With whom do we share your Personal Data?
Drovio does not sell any Personal Data collected in any way. We may share your Personal Data with the following parties and for the following business purposes:
Other users of our Services. We may share some of your Personal Data with other users of our Services, including the Drovio Online platform when they are in the same team, in your contact list when you approved it or when they send you invites to use the Services together.
Our staff. Your Personal Data may be shared with our staff in order to enter into a commercial relationship with Drovio, to provide you support when you encounter any issue or have any questions, for business, business intelligence purposes and legitimate business interests.
Your company. While you use our Services, we may share your Personal Data with your company if they enter into a commercial relationship with Drovio, as to perform any agreement or when we detect issues or a fraudulent behavior.
Our sub-processors. We share your Personal Data with our sub-processors, to host our Services, process payments on our behalf, or for commercial, business, marketing, advertising, analytics, customer support, security and other similar purposes. We have standard contractual clauses in place with our sub-processors that govern the security and confidentiality of your Personal Data. We have published a list of sub-processors on our help center and commit to update it whenever we’re adding any new sub-processors.
Resellers. We may share your Personal Data with resellers that reach out to us on the behalf of your company to purchase any of our Services and for the purpose of easing procurement processes, after verifying their identity and obtaining your consent, if required.
Our affiliated companies. Drovio may share your Personal Data with our affiliated companies, parents and/or subsidiaries.
Our lawyers. To enter into a commercial relationship with Drovio and before we consent to any custom agreement with your company for any business reasons, we may share your Personal Data with our lawyers to seek advice, redline, edit or add comments to the documents you provide us.
Law enforcement. We may disclose your Personal Data to comply with the law or when we receive a valid and binding order of a governmental body such as a subpoena or court order or when we believe in good faith that disclosure is necessary to comply with our legal obligations. When we receive a request for information, we try to redirect that request to you by providing the governmental body with basic contact information such as your email address. If compelled to disclose all your Personal Data, Drovio will give you reasonable notice to allow you to seek a protective order or appropriate remedy unless we are legally prohibited from doing so.
Merger or Acquisition. We may share your Personal Data if we are involved in a merger, sale or acquisition of our assets. In such case, we would make sure to protect the confidentiality of your Personal Data and we would notify you over email and/or via our website before any transfer of your Personal Data.
Aggregated Data. We might disclose aggregated data, that only include Anonymous Data, for any purpose such as marketing, business or research.
6. What is the retention period of your Personal Data?
Drovio retains Personal Data for as long as necessary to provide our Services to you, pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes or enforce our agreements.
Drovio Online platform. You can delete your account at any time, on the platform or by reaching out to us using the contact details in the “Who Are We” section. In such case, we answer requests within 30 business days. Upon receiving any user deletion request from you, when you delete your account by yourself or after a period of 1 year, we either automatically remove or transform your Personal Data stored as Event Data into Anonymized Data for aggregation purposes, at our sole discretion. Access and Usage Logs are kept for 1 year.
Invoices. We keep invoices for 10 years.
Feedback platform. We have a feedback platform available at feedback.drovio.com on which you can submit feature requests and report issues, upvote and comment them. To do so, you need to create a specific account on our Feedback platform that is different from the Drovio Online platform. Upon receiving a user deletion request, we remove your Personal Data within 30 business days.
Right requests. When we ask you for a proof of identity, we only retain it for the time necessary to verify your identity. Once the verification has been carried out, the proof is deleted.
Other data. The retention period for other data can vary significantly based on many criteria such as user consent and expectations, whether we need to comply to legal or contractual obligations, sensitivity of the data or for security purposes.
7. How do we transfer your data?
Your Personal Data may be transferred outside your home country, including the United States, while managing our tools and our relationships with our sub-processors. For instance and when using our Services including our websites and the Drovio Online platform, your Personal Data are stored on Amazon Web Services in the Oregon, United States region. Our employees, sub-contractors, sub-processors that process your Personal Data may be located in France, in the United States or any other countries different than your home country.
This transfer is secured by the following safeguards:
- Either those Personal Data are transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission; or
- We have entered into a specific agreement with our processors related to the transfer of your personal data outside the European Union, based on standard contractual clauses between a data controller and a data processor approved by the European Commission.
8. What rights do you have over your Personal Data?
You have the following rights with regard to your Personal Data:
- Right to access. You have the right to access all your Personal Data at any time.
- Right to rectification. You have the right to rectify your inaccurate, incomplete or obsolete Personal Data at any time.
- Right to restrict processing. You have the right to restrict the processing of your Personal Data in certain cases stated in article 18 of the GDPR.
- Right to erase (”right to be forgotten”). You have the right to request that your Personal Data be deleted and to prohibit any future collection.
- Right to file a complaint to a competent supervisory authority, if you consider that the processing of your Personal Data constitutes a breach of applicable regulations.
- Right to define instructions related to the retention, deletion and communication of your Personal Data after your death.
- Right to data portability. You have the right to request a copy of the Personal Data you have provided us in a standard machine-readable format and to require transfer to the recipient of your choice.
- Right to object. You have the right to object to the processing of your Personal Data. Please note however that we may continue to process your Personal Data despite this opposition for legitimate reasons or for the defence of legal claims.