PRIVACY POLICY
Last update : september 12, 2024
BOZA, a French simplified joint-stock company (société par actions simplifiée) with share capital of €5,000, having its registered office at 2 RUE GUSTAVE EIFFEL 10430 ROSIERES-PRES-TROYES, registered in the Troyes Trade and Companies Register under number 949 200 398.
ARTICLE 1: PREAMBLE
The purpose of this privacy policy (hereinafter the "Privacy Policy") is to inform users (collectively referred to as "Users") of the getboza.io or app.getboza.io websites (hereinafter the "Site"), about the following:
- how their personal data is collected;
- the rights they have concerning this data;
- the person responsible for processing the personal data collected and processed ;
- the recipients of such personal data; and
- the Site's cookie policy.
This Privacy Policy supplements the legal notice and the general conditions of subscription and use of the Site.
ARTICLE 2: PRINCIPLES GOVERNING THE COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with Article 5 of the General Data Protection Regulation 2016/679 (hereinafter "GDPR"), personal data are:
- Processed lawfully, fairly and transparently in relation to the data subject;
- Collected for the purposes determined by article 3.1 of the Privacy Policy (Purposes of data collected), explicit and legitimate, and not further processed in a way incompatible with these purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- Accurate and, if necessary, kept up to date;
- kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed; and
- Processed in such a way as to guarantee appropriate security of the data collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
In accordance with Article 6 of the GDPR, processing is lawful only if, and insofar as, at least one of the following conditions is met:
- The data subject has consented to the processing of his/her personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request;
- The processing is necessary to comply with a legal obligation to which the data controller is subject;
- The processing is necessary to safeguard the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN CONNECTION WITH BROWSING AND USE OF THE SITE
Article 3.1: Purpose of the data collected
This data is collected and processed for the following purposes:
- To deliver, maintain and improve the services provided on the Site, in particular in accordance with the general conditions of subscription and use accepted by the Site's Users;
- To communicate with Users, in particular to respond to questions and requests for support and to inform them of news related to the Site;
- Fighting online fraud;
- To resolve any disputes or settle any problems with Users in connection with the use of the services provided on the Site;
- Improve Users' experience on the Site;
- To present the Site's services and functionalities to Users who request them.
Article 3.2: Data collection method
The following data is collected for the creation of an account on the Site:
- Email address ;
- Full name (first and last) ;
- Profil picture.
The creation of such an account and its configuration are necessary for the delivery of services (hereinafter the "Services"), in particular:
- connection to the Site ;
- subscription ;
- the features of the centralized platform designed to help finance and IT teams monitor, manage and optimize their software and SaaS applications, including:`.some text
- the unique dashboard,
- mapping the company's applications,
- measuring and analyzing application usage,
- cost and budget analysis,
- suggestions for cost optimization,
- storage of contractual application documentation,
- the contract renewal schedule,
- automation of work processes, including the allocation and removal of access to applications.
Setting up a User's account on the Site (i.e. connecting the Site's API to the User's internal software and applications, or providing additional data via import or input) requires the collection of the following data in order to deliver the Services:
- Identification data of users of applications used within the structure in which the User works (including surname, first name, email address, telephone number, identifier, group, job title, profile photos);
- Data relating to connection to applications within the structure in which the User works (date and time of connection to applications, authentication mode).
Other personal data is collected when you carry out the following operations on the Site:
- the contact details (full name and email address) of Users who fill in the contact and/or demonstration request form are collected for this purpose;
- a User's contact details (full name and email address) are collected when downloading any marketing literature or explaining the services offered on the Site.
They are stored by the data controller under reasonable security conditions.
ARTICLE 4: DATA CONTROLLER
The data controller can be contacted as follows:
- By post to: BOZA, 2 RUE GUSTAVE EIFFEL 10430 ROSIERES-PRES-TROYES; or
- By email: dpo@getboza.io.
ARTICLE 5: THE USER'S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
Any User concerned by the processing of their personal data may avail themselves of the following rights, pursuant to the GDPR and Law 78-17 of January 6, 1978, known as the "Loi Informatique et Liberté":
- Right of access, rectification and right to erasure of data (described respectively in Articles 15, 16 and 17 of the GDPR);
- Right to data portability (Article 20 GDPR);
- Right to limit (Article 18 of the GDPR) and object to data processing (Article 21 of the GDPR);
- Right not to be subject to a decision based exclusively on an automated process;
- The right to determine the fate of data after death; and
- Right to refer the matter to the competent supervisory authority (Article 77 of the GDPR).
To exercise your rights, please write to :
- at the BOZA head office, 2 RUE GUSTAVE EIFFEL 10430 ROSIERES-PRES-TROYES
- or by email at dpo@getboza.io.
In order for the data controller to process the User's request, the User may be required to provide certain information, such as first and last names, pseudonym, e-mail address and account, personal space or subscriber number.
Visit cnil.fr for more information on your rights.
ARTICLE 6: COOKIES POLICY
When you use the Site, BOZA may store and/or access information on your device via cookies or similar technologies to process personal data.
This section of the Privacy Policy aims to explain what cookies are, how they are used on the Site and how you can manage them.
Article 6.1: What are cookies?
A cookie is a small file stored by a server on a user's terminal (computer, telephone, etc.) and associated with a web domain.
They may be deposited and/or read, for example, when a website or mobile application is consulted, or when software is installed or used, regardless of the type of terminal used.
This file is automatically returned when you contact the same domain again.
For more information on cookies, please visit the CNIL website: https://www.cnil.fr/fr/definition/cookie
Article 6.2: Types of cookies used
Security and technical cookies
We place so-called "technical" cookies on your device, which are necessary for BOZA to provide the services on the website.
This type of cookie is essential to ensure the proper functioning of the Site and to guarantee the security of your browsing:
a) On the application available at https://app.getboza.io
jwtToken:
- Contains identification information such as your unique user ID (userId), your administrator status (isAdmin), and the organization to which you belong (org).
- This data is used to ensure the security of your session and to verify your access permissions to the various parts of the application.
authUser :
- Contains personal information such as your name (lastname), firstname (firstname), email address (email), unique user ID (userId), domain (domain) and administrator status (isAdmin).
- This data is used to personalize your user experience and to maintain the security of your session on the application.
These cookies are strictly necessary to provide the basic and secure functionalities of our application. Without them, some parts of the site may not function properly or be accessible.
- Session cookies: Identify your unique session on the site, allowing us to maintain your connection and save your temporary preferences (such as the contents of your shopping cart or partially completed forms).
- Preference cookies: remember your choices (such as language or region) to personalize your experience on the site.
- Security cookies: used to detect and prevent security threats. For example, they can be used to distinguish between human users and bots, and to prevent CSRF (Cross-Site Request Forgery) attacks.
Third-party cookies
These cookies come from BOZA's partners and you can refuse their use. These cookies are subject to our partners' terms of use.
In some cases, these cookies may be placed by a third party on behalf of BOZA, but BOZA is not authorized to use them for purposes other than those mentioned above.
We place cookies on your device, which are used to measure traffic on the Site and to track Users' actions, in particular to start up emailing scenarios linked to the Services.
This type of cookie is important to ensure that the Site functions properly:
a) Analysis and Performance Cookies :
- Google Analytics: Collects anonymous data on how users navigate our site (pages visited, time spent on site, bounce rate, etc.), which helps us improve performance and user experience.
- Hotjar: Enables us to understand user behavior via heatmaps and session recordings, in order to improve site navigation.
b) Advertising cookies :
- Google AdSense: Used to display targeted ads based on your previous visits to our site or other sites. This cookie tracks your browsing habits to deliver more relevant ads.
- Facebook Pixel: User tracking to deliver personalized ads on Facebook based on your interactions with our site.
- Instagram Ads: Allows us to track your interactions with our site to show you personalized ads on Instagram. This cookie helps show ads based on your interests, as detected through your online activities.
Article 6.3: Management of your consents
You can prevent cookies from being deposited on your device, including technical cookies.
However, blocking our technical cookies may prevent you from accessing some of the Site's functionalities.
For more information on how to adjust or modify your browsing settings, please visit www.aboutcookies.org or www.allaboutcookies.org.
You can deactivate the use of certain third-party cookies by going to the deactivation page: http//www.networkadvertising.org/managing/opt_out.asp.
You can always activate/deactivate the use of third-party cookies for advertising personalization purposes. Please see below for further information.
If you access the Site from different devices (e.g. smartphone, tablet, computer, etc.), you will need to ensure that your cookie preferences are set on the browser of each device. If you adjust the cookie settings, the other websites you visit may also be affected.
Article 7: Data Retention and Deletion
Article 7.1: Retention of Google User Data
We retain the personal data of users obtained via Google OAuth, including but not limited to email addresses and profile information, for as long as the user maintains an account with us or as required to deliver our services. Upon account closure, personal data will be retained for a period of up to 2 years to fulfill any remaining obligations or for legal purposes. After this period, the data will be permanently deleted unless further retention is required by law.
Article 7.1: User Data Deletion
Users may request the deletion of their Google-related personal data at any time by contacting us at dpo@getboza.io. Upon receiving such a request, we will delete the user's data within 30 days, except where retention is required for compliance with legal obligations.
Article 8: Data Protection Mechanisms for Sensitive Data
We implement industry-standard security measures to ensure the protection of sensitive data, including Google user data. These measures include:
- Encryption: All sensitive data is encrypted both in transit (using TLS) and at rest (using AES-256).
- Access Control: Access to sensitive data is restricted to authorized personnel only, using multi-factor authentication (MFA) and role-based access control (RBAC).
- Monitoring and Auditing: We regularly monitor and audit access to sensitive data to detect any unauthorized access or activity.
- Data Anonymization: Wherever possible, sensitive data is anonymized to protect user privacy in case of a data breach.
Article 9 : Sharing, Transfer, and Disclosure of Google User Data
We do not sell or rent personal data to third parties. However, we may share Google user data with the following:
- Third-party service providers: We share data with trusted service providers who assist us in operating our platform, such as cloud storage providers, technical support, or data analytics. These providers are bound by strict confidentiality and data protection agreements.
- Legal and regulatory authorities: We may disclose personal data if required by law or in response to valid requests from government authorities.
- Business transfers: In the event of a merger, acquisition, or sale of our assets, user data may be transferred as part of that transaction.
We ensure that any third party with whom we share Google user data follows strict data protection measures as required by law.
ARTICLE 8: CONDITIONS FOR MODIFYING THE PRIVACY POLICY
BOZA reserves the right to modify this Privacy Policy at any time in order to ensure compliance with applicable law.
The User is invited to familiarize himself/herself with this Privacy Policy each time he/she uses our services, without the need for formal notification.