Effective: May 28, 2018
As a result of your use of the FOREST ADMIN SaaS Solution (hereinafter referred to as the "Solution"), we may require you to provide us with your personal data, so that you have the possibility to use the services provided through the Solution.
The word "personal data" means any data that enables a person to be identified, whichincludes your family name, first name, email address, stripe ID used for payment of the pro and custom plans of our Solution, as well as any other information about you that you choose to provide us with.
The purpose of this privacy policy is to inform you of the means that we use to collect and process your personal data, with the strictest respect for your rights.
In this regard, we inform you that we collect and process your personal data in compliance with the French law N° 78-17 dated 6th January 1978 on Information Technology, Data Files and Civil Liberties (hereinafter referred to as the “French Data Protection Act”), as well as the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as from its entry into force, namely 25th May, 2018 (hereinafter referred to as the “GDPR”).
The entity responsible for collecting and processing your personal data is the company Forest Admin Inc., registered with the Registry of Trade and Companies of Delaware (USA) under the number 1726584, whose place of business is located at 490 Post Street, Suite 640, San Francisco, CA 94102 - USA (hereinafter referred to as "us" or "we").
We have appointed a data protection officer, who can be contacted at the following address: dpo@forestadmin.com.
The legal basis of our processing of your personal data is the following:
(i) The legitimate interest resulting from your voluntary provision of your personal data when visiting the Solution, as these data are aimed at enabling us to better answer to your information requests about our services;
(ii) Your consent to our use of technical and analytics cookies, as set forth in article 11;
(iii) Processing is necessary for the performance of the contract to which you are party for purposes of using our Services on our Solution.
Your personal data is processed to meet one or several of the following requirements:
(i) To manage your access to the Services provided through the Solution, their use and their billing;
(ii) To provide customer support for your use of our Solution
(iii) To constitute a file of registered prospects, users and clients;
(iv) To send newsletters, sales proposals and promotional advertisements. In case you do not wish so, you have the possibility to opt-out of receiving such communications when your data are collected;
(v) To provide commercial and service use statistics;
(vi) To manage client opinions on products, services or contents;
(vii) To manage unpaid invoices and possible disputes about the use of our products and services;
(viii) To customize our answers to your information requests;
(ix) To respect our legal and regulatory requirements.
We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are necessary for the provision of the Services. You are free to provide or not optional data. We will also inform you of the possible consequences of failure to reply.
The only persons who have the right to access your personal data are our personnel, the services in charge of control (including external auditor) and our subcontractors. A list of our subcontractors may be viewed at the following link:
https://www.forestadmin.com/legal/sub-processors
We may also give access to your personal data to government agencies, for the sole purposes of meeting legal requirements, or to representatives of the law, ministerial officers and organizations responsible for the collection of debts.
Your personal data will not be exchanged with, transferred or rented to any third party, save for the third-party recipients referred to in article 6 hereabove.
Your personal data shall be stored no longer than the time strictly necessary for the management of our commercial relations with you. However, any data providing the proof of a right or a contract and that must be stored in compliance with a legal obligation shall be so for the period stated by the legislation currently in force.
With regard to possible promotion operations towards clients, their data may be stored for a period of 3 (three) years from the end of the commercial relations with them.
Personal data relating to prospects may be stored for a period of 3 (three) years from their collection or the last contact from the prospect.
Beyond that three-year period, we may contact you again to find out if you still wish to receive commercial solicitations.
When exercising your right of access or correction, data relating to identity documents may be stored for the time limit provided for in article 9 of the French Criminal Procedure Code, namely one year. When exercising your right to object, these data may be archived for the limitation period provided for in article 8 of the French Criminal Procedure Code, namely three years.
Financial transactions regarding payment of fees through the Solution are entrusted to the payment service provider mentioned in the subcontractor list referred to in article 6, who is responsible for ensuring their proper application and their security.
For purposes of the Services, this payment service provider may be recipient of your personal data concerning your bank card numbers, that this provider collects, process and stores on our behalf.
We do not have access to these data.
Pursuant to the French Data Protection Act and the GDPR, you can exercise your rights to access, rectify and delete these data, as well as your other rights under these regulations, by contacting this payment service provider at the address set out in the subcontractor list.
In order for you to be able to regularly pay for the use of the pro or custom plans of the Solution, your Stripe ID is stored for the period you are registered on the Solution and at least until the date of your last transaction.
By signing up as a pro or custom plan user and checking the checkbox whereby you agree to our use of your personal data, you expressly consent to this storage.
Data relating to your card number, name, expiry date, visual cryptogram or CVV2 on the back of your bank card are not stored.
In any event, these data may be stored by the payment service provider as intermediary archives, for evidence purposes in case of possible challenges to the transaction, for the period provided for in article L.133-24 of the French Monetary and Financial Code, namely 13 (thirteen) months from the debit date. This period may be extended to 15 (fifteen) months, in order to take into account possible use of delayed debit card.
All information taking into account your right to object shall be stored for at least 3 (three) years from the exercise of this right.
The term of storage of the cookies set forth in article 11 is 13 (thirteen) months.
We inform you that we take all necessary precautions, as well as all appropriate organizational and technical measures, to maintain the security, the integrity and the confidentiality of your personal data, including to prevent that they be distorted or damaged and that any unauthorized third-party access to them.
We inform you that, by design, we do not have access to your Application Data (as defined in our Terms of Service). Details of the architecture of our Solution can be found at the following link:
https://docs.forestadmin.com/documentation/reference-guide/how-it-works#data-privacy
We inform you that your personal data are stored, for the term set forth above, on the servers of the company Heroku, located in Dublin, Ireland in the European Union.
Your personal data shall not be transferred outside the European Union within the use of our Services, except for data processed by the subcontractors established in the United States, as listed in the subcontractor list referred to in article 6.
These subcontractors:
have entered into a contract with us that contain model clauses that have been approved by the European union Commission or another competent public authority in accordance with applicable data protection regulations.
Cookies are often encrypted small lines of text that are stored in your web browser. They are created when a user’s browser is loading one website: this website sends information to the browser which creates a text file. Each time the user is visiting this website, the browser retrieves this file and sends it to the website’s server.
There are various types of cookies which do not have the same purposes:
Technical cookies are used throughout your browsing, in order to facilitate it and to carry out some of the functions. A technical cookie may be used, for instance, to memorize the answers you provided in a sign-up form or preferences relating to the language or the presentation of an internet site when such options are available.
We use technical cookies.
Social network cookies may be created by social platforms for purposes of enabling web designers to share their website content on said platforms. These cookies may be used by social platforms for purposes of tracking net surfers’ visit on the relevant website, whether they use or not these cookies.
We hereby inform you that we do not use social network cookies. However, should we decide to use them in the future, we will inform you in advance, so that you may have the possibility to consent or not to their placement.
Advertising cookies can be created not only by the website users are visiting, but also by other websites which provide advertisements, announcements, widgets or any other element on the displayed page. In particular, these cookies enable the use of the retargeting technique which is a marketing model whose purpose is to propose advertisements to the internet user that are adapted specifically for them.
We hereby inform you that we do not use advertising cookies. However, should we decide to use them in the future, we will inform you in advance, so that you may have the possibility to consent or not to their placement.
We use analytics cookies, including like Google Analytics and Mixpanel, which are audience analysis statistics tools that generate a cookie that enables us to measure the number of visits to our Solution, the number of page views and visitors' activity on the Solution. Your IP address is also collected to determine the city you are connecting from. These cookies are placed only with your consent. You have the possibility to accept them or to refuse them.
To all intents and purposes, you can refuse the installation of cookies in your browser settings. However, this refusal could prevent you from using the services offered on the Solution.
In compliance with the French Data Protection Act and the GDPR, you have the right to access and rectify any information concerning you. You can exercise this right by contacting us at the:
- Email Address: privacy@forestadmin.com
- Postal Address: 490 Post Street, Suite 640, San Francisco, CA
Persons whose data are processed on the basis of our legitimate interest, as specified in article 5, are reminded that they have the possibility to object to the processing of their personal data at any time. We may however carry on with this processing if there are legitimate reasons for it that should prevail over your rights and freedoms or if it is required in order to establish, exercise or defend our rights before courts.
You have the right to define instructions with regard to the storage, the erasure and the communication of your personal data after your death.
These instructions may be general directions, which are focused on all personal data concerning you. In such case, they must be registered with a digital trusted third party who is certified by the French data protection authority (CNIL).
These instructions may also be specific to the data processed by our company. You are then required to provide these instructions to us at the:
- Email Address: privacy@forestadmin.com
- Postal Address: 490 Post Street, Suite 640, San Francisco, CA
By providing to us these instruction, you hereby expressly consent that they be stored, transmitted and carried out on the terms and conditions set forth herein.
You have the right to appoint in your instructions a person in charge of their execution. After your death, this person shall be entitled to take knowledge of these instructions and to request to us their implementation. Failing to such appointment, your heirs shall be entitled to take knowledge of these instructions and to request to us their implementation.
You may modify or revoke your instructions at any time, by writing to us at the abovementioned contact addresses.
You have a right to portability of the personal data you have entrusted to us, understood as the data you have actively and deliberately declared when accessing to and using our Services. You are reminded that portability right does not apply on data that were processed on another basis than consent or the execution of a contract between us.
This right may be exercised free of charge, at any time, including when closing your account on the Solution, so that you may recover and store your personal data.
In this context, we shall provide your personal data, by any appropriate means, in an open standard, currently used and machine-readable format, in compliance with the state of art.
You are informed that you have a right to submit a complaint before a supervisory authority which is competent in the member State in which your ordinary residence, your place of work or the place in which the infringement of your rights was committed (in France, the French Data Protection Authority – CNIL), if you consider that the personal data processing under this Privacy policy is a violation of the applicable regulations.
This complaint submission may be exercised without prejudice of other legal action before any administrative or judicial court. In fact, you have also a right to effective administrative and judicial redress if you consider that the personal data processing under this Privacy policy is a violation of the applicable regulations.
You have the right to obtain restriction of your personal data’s processing where one of the following applies:
- Within the period of verification that we carry out, if you contest the accuracy of your personal data;
- When the processing of these data is unlawful et you request the restriction of this processing, instead of erasing your data;
- When we no longer need your personal data, but you require their maintenance for the exercise of legal claims;
- Within the period of verification of the legitimate interests, if you have objected to the processing of your personal data.
We reserve the right, at our sole discretion, to modify this Privacy policy, in whole or in part. Any changes will be effective from the time of publication of the new Privacy policy. Your use of the Solution after the changes have been implemented implicitly expresses your acknowledgement and acceptance of the new Privacy policy. Otherwise, and if the new Privacy policy does not suit you, you must no longer use the Services.
This Privacy policy came into force on 25th May, 2018.