Find information about security and trust here

What is this charter for?

The purpose of this privacy policy is to let you know how we handle your personal data. Our goal is to provide clear and concise information about the way we process your information.

Rest assured, we adhere to the 1978 "Informatique et Libertés" law and the European regulation of April 27, 2016 (the "GDPR") when collecting and managing your data.

Who is the data controller?

Capsule SAS

Address : 9 rue des colonnes - 75002 PARIS

Topo.io

What data do we collect?

A personal data is information that can directly or indirectly identify an individual. We may collect personal data that falls into the following categories:

Operational data

  • Identification data (e.g. surname, first name, professional email address and professional address, etc.);

  • Data relating to your orders;

  • Internet data and cookies (information on how you use the Website);

  • Data related to recordings from calls with our customer care service (e.g. content of the calls, dates of the calls);

  • Any information you are willing to communicate

Product data

  • Economic and financial data (e.g. bank account number, verification code, etc.);

  • Login data (e.g. logs, IP address);

  • Email data (e.g logs, content);

Who will receive your data?

The following persons may have access to your personal data:

Our team (staff, trainees, employees)
Our subcontractors (Communication tools - email or telephone, hosting service providers, marketing automation service providers, emailing service providers, audience measurement service providers, outbound marketing and digital marketing service providers)

Third party services related to our software features : Google (Workspace API)

About your Google User Data

  • Google Users' data will not be used develop, improve, or train generalized AI and/or ML models

  • Google Users' data will be shared with third-parties when necessary (Nylas, Supabase)

For what purposes do we keep your personal data?

  • To provide you with our services available on our Website

  • To perform operations related to contracts, invoices and customer relationship management

  • To create a database of customers and prospects

  • To send newsletters, requests and direct marketing mailings

  • To improve our services

  • To answer to your information request and other inquiries, to schedule a demonstration

  • To comply with our legal and regulatory obligations

  • To elaborate analytics to measure our audience

  • To process data subjects’ requests to exercise their rights

  • To perform operations related to our software features

Data retention periods

Your personal data is kept for the periods set out below : Personal data collected in order to perform the service and information on how and when you use the services: The period for which we collect or obtained to provide you with our services, not exceeding 3 years since closing your account (unless otherwise required by law). Personal data collected in order to send newsletters, requests and direct marketing: 3 years from data collection or last active contact with the prospect. Personal data collected for evidentiary purposes : Duration of the statutory limitation period (generally 5 years). Personal data collected as part of your data subject’s rights: If we ask you for proof of identity, we only retain it for the time necessary to verify your identity. Once the verification has been carried out, the proof is deleted. If you choose to exercise your right to object to direct marketing, we will retain this information for a period of three years. Additionally, the data necessary for the administration of your requests related to GDPR rights will also be stored for three years, starting from the date of your request

How is the security of your data assured?

We implement all the technical and organizational measures required to guarantee the security of your data on a daily basis and, in particular, to struggle against risks of destruction, loss, alteration or unauthorized disclosure of your data.‍

In particular, our computer passwords require a high level of security, and all our devices are obviously protected by the latest antivirus and firewall software.

You can also find additional information about our security guidelines at : https://trust.topo.io/

Are your personal data likely to be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your personal data outside the European Union and your personal data are always hosted on European territory. In addition, we do all that we can to use only service providers who host your personal data within the European Union.In case our service providers transfer your personal data outside the European Union, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your personal data with the use of following safeguards:

  • Either personal data are transferred to a country that has been recognized as ensuring an adequate level of protection by a decision of the European Commission, in accordance with article 45 of the GDPR : in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR; or

  • The personal data are transferred to a country whose level of data protection has not been recognized as adequate to the GDPR : in this case these transfers are based on appropriate safeguards indicated in article 46 of the GDPR, adapted to each provider, including but not limited to the execution of Standard Contractual Clauses approved by the European Commission, the application of Binding Corporate Rules or under an approved certification mechanism; or

  • The personal data are transferred under any appropriate safeguards described in Chapter V of the GDPR.

Your data protection rights:

In accordance with the French Data Protection Laws and the European General Data Protection Regulation 2016/679 (GDPR) you haveseveral rights related to the collection of your personal data:

  • Right to be informed: This is precisely why we have drafted this privacy policy.

  • Right of access: You have the right to access all your personal data at any time.

  • Right to rectification: You have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.

  • Right to restriction of processing: You have the right to restrict the processing of your personal data in certain cases stated in art.18 of the GDPR.

  • Right to erasure (‘right to be forgotten’): You have the right to demand that your personal data be deleted and to prohibit any future collection.

  • Right to file a complaint to a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of applicable regulations.

  • Right to define instructions related to the retention, deletion and communication of your personal data after your death.

  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.

  • Right to data portability: You have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.

  • Right to object: You have the right to object to the processing of your personal data. Please note however that we may continue to process your personal data despite this opposition for legitimate reasons or for the defence of legal claims.

How to exercice your rights:

We can use those rights by submitting aticket to us through the support chat (either on the website or on theapp) or, by sending an email at security@topo.io mail. All your requests will be solved within 30 days. We may ask your request to be accompanied by aplastic card, driver license, or passport photocopy.


Right to refer to the supervisory authority:

If you think, after having got in touch with us, thatyour rights on your data are not respected, you can send a claim to thecompetent Supervisory authority of your country of residence.In France, where our head office is located, the control authority is the CNIL.

Modifications

We may modify this privacy policy at any time, in particular in order to comply with any regulatory, jurisprudential, editorial or technical change. These modifications will apply on the date of entry into force of the modified version. Please regularly consult the latest version of this privacy policy. You will be kept posted on any significant change of the privacy policy.

Last modified : April 3, 2024