Privacy Policy
At Qotid, we place paramount importance on the protection of your personal data. We ensure compliance with applicable regulations, including the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and the French law “Informatique et Libertés” (law n°78-17 of January 6, 1978, as amended).
This Privacy Policy (hereinafter the “Policy”) aims to transparently explain:
· What data we collect,
· The context in which it is used,
· How it is stored and protected,
· What your rights are and how to exercise them.
The Privacy Policy of QOTID aims to provide all information regarding the conditions under which QOTID collects and processes the Users' Personal Data. The Privacy Policy is part of the CGVU, and each term defined in the CGVU has the same meaning in the Privacy Policy.
By accessing and using Qotid, Users agree to comply with and be bound by this Privacy Policy, which may be amended or updated at any time without prior notice. Any changes will be posted online on the Site.
DEFINITIONS
The terms with capital letters used in this Policy and not defined below are defined in our Terms of Service and Use and Partnership and Use Conditions (the "General Conditions") available on our Website.
Informed Consent means any freely given, specific, and informed indication of the Data Subject's agreement to the processing of their Personal Data.
Sensitive Data or Special Categories of Data includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as the processing of genetic data, biometric data intended to identify a natural person, data related to health, or data related to the sexual life or sexual orientation of a natural person.
Data Subject means an identified or identifiable natural person.
Website refers to the Qotid website / or any other website owned by Qotid.
Processing (“process” or “processing”) means any operation or set of operations performed on Personal Data, whether automated or not, including, without limitation, the collection, recording, organization, storage, access, adaptation, modification, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deletion, erasure, or destruction of such data.
Third Party means a third party or business partner who, in connection with your current or potential use of the Solution, provides us with Personal Data on your behalf or receives or accesses Personal Data on our behalf, such as suppliers, subcontractors, and other service providers.
You, your, yours, or User refers to the natural person whose Personal Data is collected to be processed under these terms, and who has the status of Data Subject under the Applicable Legislation.
ARTICLE 1 – WHO ARE WE?
The solution and the website Qotid are published by the company QOTID, a simplified joint-stock company, registered with the Créteil Trade and Companies Register under number 877614289, with its registered office located at 14, avenue du Général de Gaulle, 94160 Saint-Mandé ("we", "our" or "Qotid").
For any questions regarding your personal data, you can contact our data protection officer at the following address: dpo@qotid.com.
ARTICLE 2 – NATURE OF THE DATA COLLECTED BY QOTID
QOTID collects and processes the data that Users voluntarily provide in order to access or use Qotid, as well as data related to Users' preferences and traffic (such as IP addresses).
The purposes of this data processing are to allow Users to create an Account to access Qotid, to use the Services, to improve the Services by placing cookies on Users' devices, and to send them commercial and marketing offers.
To open an Account, Users must provide QOTID at least the following personal identification information to use the Solution:
• Name
• Company name
• Phone number
Users can complete their profile with other Personal Data (their address, phone number, date of birth, the name of their clients or prospects…).
QOTID will never collect or process sensitive Personal Data as defined by regulations, concerning for example racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, health…
QOTID also collects Data related to the business relationship with its Users: histories, subscribed Modules, billing and payment, participation in promotional offers, requests, and incidents reported to support services…
QOTID automatically collects certain data during visits to the Website https//www.qotid.com: for example, information related to the origin of the connection, the type and version of the User's Internet browser, the duration of the connection…
QOTID uses cookies for the Site and the management platform called Qotid. A cookie is a small text file sent by the website visited by the User in their Internet browser or on the device used. It does not personally identify the User but serves to facilitate navigation (remembering technical choices, past activity) and to offer relevant offers and services. Its maximum lifespan is 13 months. The goal is to facilitate navigation, improve usage, services, and better understand the Client experience.
The Qotid mobile application may, with your explicit consent, access the following features of your smartphone:
Camera: to take a photo of an invoice to import.
Gallery / files: to select an existing invoice (image or PDF).
Imported invoices: files sent to our servers for accounting processing.
These accesses are strictly limited to the import of purchase invoices. No use is made for marketing, advertising, or tracking purposes.
Imported invoices generally contain personal data (contact details, SIRET, financial information…). This data is used only within the framework of accounting and financial management by Qotid or by authorized users of your organization.
The QOTID Cookie Policy is available on the site https//www.qotid.com
ARTICLE 3 – USE OF USERS' PERSONAL DATA
QOTID only uses Personal Data in cases provided for by the applicable regulation for the following purposes:
• The execution of the service contract related to the use of the Qotid Solution: account opening, access to the solution, customer relationship management, and billing
• Continuous improvement: analysis of the use of the solution to optimize the user experience
• Management of invoices and imported documents: secure storage of files, automatic data extraction via OCR to facilitate pre-filling, classification, and electronic archiving
• Security: fraud detection, access management, backups, and security logs
• Communication: sending technical, administrative, or commercial information.
Qotid only uses your data in the case of a legitimate interest in using the data: thus, QOTID processes personal data of individuals receiving marketing information and commercial offers, based on its legitimate commercial interest. Of course, QOTID never uses personal data for marketing and commercial purposes without respecting the wishes of the individuals concerned by the processing, who can always unsubscribe from these communications.
ARTICLE 4 – PROCESSING OF PERSONAL DATA
QOTID collects and processes Users' Personal Data fairly and lawfully, and in compliance with the principles of the European Regulation 2016/679 of April 27, 2016 (GDPR).
QOTID is responsible for the processing of Users' Personal Data within the meaning of the GDPR.
ARTICLE 5 – CONSERVATION OF PERSONAL DATA OF USERS
5.1 Security
QOTID makes every effort to prevent the loss, diversion, intrusion, unauthorized disclosure, alteration, or destruction of Personal Data communicated by Users.
Thus:
• The hosting of Client Data and Services is provided by Google Cloud Platform in Brussels, Belgium. The security control of the servers and the updating of our operating software is performed in real time.
• All information sent to QOTID is encrypted.
• QOTID employees are subject to a confidentiality and non-disclosure obligation and have all signed a specific commitment regarding the protection of Personal Data.
• Access to the Data is governed by a strict access control policy, restricted to authorized persons, under defined conditions.
• When QOTID engages providers to process Personal Data, QOTID ensures that these providers guarantee an equivalent level of protection regarding security.
5.2. Duration
We retain Personal Data for as long as necessary for the purposes for which it was collected and processed. You will find the durations of the processes applied by QOTID in the table in Annex 1. At the end of these processing periods, we archive some of your data for the following purposes and retention periods:
• compliance with our legal, accounting, and tax retention obligations, which is 10 years from the end of the financial year;
• retention of evidence during the applicable statute of limitations, which is 5 years from the end of the processing periods described in the table in Annex 1.
Any third party processing Personal Data on behalf of QOTID will only retain it for the time necessary for the purposes for which it was collected and processed and for other compatible purposes, which may include:
• participation in the purpose of QOTID's processing applicable as outlined above;
• the need to comply with a legal or regulatory requirement and applicable laws regarding limitations;
• defense against legal or contractual actions (in this case, Personal Data may be retained until the end of the corresponding statute of limitations or in accordance with applicable retention policies for litigation purposes).
All reasonable measures are taken to ensure that Personal Data is maintained in a sufficiently accurate and up-to-date form at every stage of its processing.
We encourage Data Subjects to help us keep your Personal Data up to date by exercising your rights, including access and rectification.
5.3. Account Cancellation
Users may also request that their Account be deleted in accordance with the Terms of Use. Their Data will be deleted by QOTID without prejudice to section 5.2 above.
ARTICLE 6 – ACCESS TO PERSONAL DATA OF USERS
6.1. Internal use
Your Personal Data may be processed by our employees within the limits of their respective duties and exclusively for the purposes outlined in this Policy. In this case, our employees undertake to respect the strict confidentiality of your Personal Data.
Personal Data is disclosed to Third Parties only to the extent that there is a legal justification for this sharing (e.g., the data subject has given their consent, the disclosure is necessary to fulfill a contract, QOTID pursues a legitimate purpose that does not infringe on the fundamental rights of the data subject, including the right to privacy). Disclosure is performed on a strictly limited “need to know” basis regarding the legal basis. If disclosure is necessary to comply with a legal obligation (e.g., to a government agency or law enforcement/security service) or in the context of legal proceedings, Personal Data may generally be provided as long as the disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation.
6.2. Subcontractors
We rely on leading service providers for server management, hosting, and infrastructure. The servers used by these providers are located in Brussels, Belgium. These hosting services offer industry-leading scalability, data availability, security, and performance, along with a documented business continuity plan. In line with the purposes stated in this Policy, we also utilize services provided by several companies specializing in customer relationship management, email campaigns, database management, communication tools and internal documentation, product improvement tools, and application performance monitoring and analysis tools (non-exhaustive list).
In accordance with Article 28 of the GDPR, access to data by QOTID's subcontractors is governed by a contract signed between QOTID and the subcontractor, which outlines their obligations regarding the protection of Personal Data entrusted to them.
6.3. Cross-border transfer
In order to ensure the processing purposes described in this Policy, QOTID may use service providers located outside the European Union. If the transfer takes place to a third country where the legislation has not been recognized as offering an adequate level of protection for Personal Data, QOTID ensures that appropriate measures are implemented in accordance with the Applicable Legislation, and in particular, where necessary, that standard contractual clauses or equivalent ad hoc clauses are included in the contract concluded between QOTID and the subsequent subcontractor.
Finally, QOTID may be required to communicate Personal Data in the context of judicial requisitions to the competent administrative and judicial authorities.
6.4 Hyperlinks
The Solution and the Website may contain hypertext links to third-party websites (including social networks and partner merchants). Please note that if you follow these links, the websites and services provided will be governed by their own terms of use and privacy policies. We cannot be held responsible for the non-compliance of their terms of use and privacy policies with the Applicable Legislation. We recommend that you review the privacy policies and terms of use applicable to these websites before providing your Personal Data and using these websites.
ARTICLE 7 – TRANSFER OF PERSONAL DATA Transfer of Personal Data
QOTID retains Personal Data within the European Union.
If the Data collected by QOTID in the context of the Services were to be transferred, albeit marginally, to subcontractors located in other countries, QOTID ensures that appropriate safeguards are in place to frame any transfer of Personal Data.
QOTID may provide Users' Personal Data only if required by law or ordered by a French jurisdiction.
ARTICLE 8 – ACCESS AND DATA COLLECTED THROUGH THE MOBILE APPLICATION
In addition to the collected data mentioned above, when using the QOTID mobile application, certain features require access to native elements of your phone :
• Camera : to photograph an invoice to import
• Files / Gallery : to select an existing invoice in image or PDF format
The imported files are sent to our servers hosted in the European Union for processing and accounting archiving.
These data are :
• Used only for the functional needs of the application
• Retained for a legal duration for accounting compliance purposes (see appendix 1)
• Never transmitted to unauthorized third parties
• Deletable in case of closure or upon request in accordance with applicable law
You can withdraw at any time via your device settings (camera, files)
ARTICLE 9 – DAILY COMMUNICATION
QOTID may send emails to Users at the email address associated with their Account for technical or administrative reasons or to inform Users about the evolution of the Services.
QOTID may also send Users emails containing commercial and marketing offers. An unsubscribe link allows Users to opt-out at any time.
ARTICLE 10 – EXERCISE OF USERS' RIGHTS
We are receptive to requests regarding your Personal Data and, in accordance with the Applicable Legislation, we provide you with the opportunity to access, correct, restrict, and delete your Personal Data. We also allow you to object to the processing of your Personal Data and to exercise your right:
• Right of access : we will provide access to all Personal Data relating to a Data Subject in accordance with the Applicable Legislation, the purposes of processing, the categories of Personal Data processed, the categories of recipients, the data retention period, the rights to rectification, deletion or restriction of the Personal Data consulted as applicable, etc.
• Right to data portability : we may also provide a copy of all the Personal Data we hold in a compatible and structured format to enable the exercise of the right to data portability to the extent that it is relevant under the applicable law.
• Right of rectification : Data Subjects may request us to correct, modify, or delete any incomplete, outdated, or inaccurate Personal Data.
• Right to erasure : Data Subjects may request the deletion of their Personal Data (i) if that Personal Data is no longer necessary for the purposes of processing, (ii) the Data Subject has withdrawn their consent to processing based solely on that consent, (iii) the Data Subject has objected to processing, (iv) the processing of Personal Data is unlawful, or (v) the Personal Data must be deleted to comply with a legal obligation applicable to QOTID. Deleting a user’s Personal Data may cause major malfunctions in the Solution.
• Right to restriction : Data Subjects may request the restriction of their Personal Data (i) in case of contesting the accuracy of the Personal Data in order to allow QOTID to verify this accuracy, (ii) if the Data Subject wishes to restrict the Personal Data instead of deleting it despite the fact that the processing is unlawful, (iii) if the Data Subject wishes QOTID to retain the Personal Data as they need it for defense in the context of claims (iv) the Data Subject has objected to the processing, but QOTID is conducting a verification to examine the legitimate grounds for such processing, which may override the rights of the Data Subject.
• Right to withdraw consent : when the processing of Personal Data is based on the consent of the Data Subject, they can withdraw their consent at any time, without affecting the legality of the processing based on consent before its withdrawal.
• Right to object : the Data Subject may also express their opposition to the processing of their Personal Data at any time when their data is used for marketing purposes to send targeted advertising, or oppose the sharing of their Personal Data with third parties, or when the processing is based on the legitimate interest of QOTID, unless QOTID demonstrates legitimate grounds that override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims.
• Digital legacy : Data Subjects have the right to set directives (general or specific) regarding the use of their Personal Data after their death.
To exercise these rights, please use the contact details of our DPO provided above. You also have the right to lodge a complaint with the competent Data Protection authority, the National Commission for Information Technology and Civil Liberties (https://www.cnil.fr/fr/plaintes).
Any request must be substantiated and accompanied by a copy of a valid identity document. Users can also modify their Personal Data directly from their Account.
ARTICLE 11 – HANDLING COMPLAINTS
QOTID is committed to addressing legitimate privacy issues of the Data Subjects. We review all claims related to a breach of this Policy or applicable Legislation, whether potential or real, brought to our attention and will take all reasonable measures to limit their impact.
If a Data Subject files a complaint regarding the processing of their Personal Data or that of another individual and the complaint is not resolved satisfactorily, QOTID will cooperate with the appropriate data protection supervisory authorities and comply with their advice to resolve any pending complaint. If QOTID or the data protection supervisory authorities determine that QOTID or one or more of its employees has not complied with this Policy, QOTID will take appropriate measures to remedy the effects of this non-compliance and promote future compliance.
ARTICLE 12 – APPLICATION AND MODIFICATION OF THIS POLICY
QOTID may modify, supplement, or update this Policy to take into account any legal, regulatory, case law, and/or technical developments. In the event of significant changes to the terms of this Policy (i.e., regarding legal bases, purposes of processing, or the exercise of rights), QOTID commits to inform its Clients by any written means at least thirty (30) days before the effective date of such changes. Any access and use of the Solution after this period will be subject to the terms of the new Policy. Any Data Subject whose Personal Data are subject to this Policy acknowledges that the only version of the Policy that is authoritative is the one available online.
By visiting the website, contacting QOTID, creating a client account or a user account, and more generally by using the solution, you agree to the terms and conditions stated in this Policy.
Appendix 1
Purpose | Legal Basis | Duration of Processing |
Opening access and navigation of Users on the Solution
| Execution of the general conditions | The duration of the general conditions |
Opening of the Pro Account (KYC elements to verify if a business relationship can be established)
| Execution of the general conditions | The duration of the general conditions |
Managing the relationship with our prospects
| Execution of the general conditions | The duration of the general conditions |
Informing you about our company and our Solution (newsletter, answering your questions via email, phone, video conference or instant messaging, support, referral offers, improving our sales process by conducting statistics, allowing you to download content or our white papers or fill out self-assessment forms on our Sites)
| Pre-contractual measures Legitimate interest
| 3 years from your last contact with QOTID.
Regarding the sending of newsletters, until you unsubscribe from our mailing list. |
Informing you about our company and our Solution, for example by sending you our newsletter, informing you by phone about modifications to the General Conditions, responding to your support and assistance requests; or allowing you to fill out self-assessment forms | Execution of the General Conditions
| The duration of the General Conditions.
|
Managing the commercial relationship with our Clients and Partners | Consent | 3 years from your consent.
|
Managing registrations for our events | Execution of the General Conditions
| The duration of the General Conditions.
|
Managing orders and invoicing | Execution of the General Conditions | The duration of the General Conditions. |
Managing our administrative and accounting needs | Compliance with a legal obligation | The duration of the General Conditions.
|
Managing and animating the Website (forum, careers site, training site, customer/user testimonials) | Legitimate interest
| The duration of the General Conditions if you are a Client.
3 years from your last contact with us if you are a prospect.
|
Analyzing your navigation on the Website (cookies) | Consent
| Maximum 24 months. For more information, please read our Cookie Policy. |
Analyzing your navigation on the Solution to improve our services | Execution of the General Conditions
| The duration of the General Conditions. |
Securing our Solution | Execution of the General Conditions
| The duration of the General Conditions. |
Conducting statistics, surveys, and studies regarding the use of the Solution, the improvement of the Solution and Related Services, and suggesting such improvements to clients as part of Subsequent Processing | Execution of the General Conditions
| The duration of the General Conditions.
|
Invoice archiving functionality (submitted via mobile or desktop) | Legitimate interest
| 10 years from the end of the fiscal period of the concerned invoice.
|
Personalized advertising based on your navigation, profile, and information you have provided | Legitimate interest
| The duration of the General Conditions if you are a Client.
3 years from your last contact with us if you are a prospect.
|
Responding to our legal and regulatory requirements, for example in case of disputes or requests from competent authorities | Compliance with a legal obligation
| Your data is retained only for the duration necessary to process the request from the authority, the competent court, or to process the litigation. |
Managing requests for access rights, erasure, portability, limitation, rectification, and objection | Compliance with a legal obligation
| Your data is retained until the complete processing of your request.
|
Managing the relationship with our suppliers | Pre-contractual measures Execution of a supplier contract
| The duration of the contract that binds us to the supplier.
|