Data protection is important to us. We at eFront are committed to respecting and protecting your privacy in the relationship of common trust we have established with you.
In accordance with the EU General Data Protection Regulation (“GDPR”), this privacy notice (the “Privacy Notice”) describes how and why we collect and process your personal data.
This Privacy Notice applies to you as client or prospect if you are located in the European Economic Area (“EEA”) when eFront SAS and its affiliates (hereafter altogether “eFront”, “we” or “us”) collect and process your personal data (and the personal data of your contacts located in the EEA) in the context of the supply and promotion of our software and services.
If you are a prospect, we collect personal data you have shared with us in the following situations:
If you are a client, we collect personal data you have shared with us in the context of:
Your personal data may also be collected by eFront indirectly from other sources, including social media, your company, or publicly available websites, for the purposes of finding new prospects and completing information on your profile when we are already in touch with you. In such cases, we typically collect the following categories of data: first name, last name, personal or professional email address, personal or professional phone number, name of your employer, job title, country and city of residency.
If you are a prospect, the eFront affiliate with whom you are in contact collects and processes your personal data as the data controller. If no eFront affiliate has been expressly identified as being the data controller, the data controller is deemed to be eFront SAS, a French simplified joint stock company with a share capital of € 477,277.65 €, registered with the Paris Commercial Registry under number 403 913 700, having its registered offices located at 2-4 rue Louis David, 75116 Paris, France.
If you are a client, the eFront affiliate with whom your company has an agreement in place collects and processes your personal data as the data controller.
Notwithstanding the above, eFront SAS is the data controller when your personal data is collected through your use of our website.
Note that your data is not shared with or sold to any third party for marketing or promotional purposes.
If you are a prospect, we collect and process your personal data, in compliance with applicable law, for marketing and promotional purposes and to inform you about our business, products and services. In addition, we do so to further develop our relationship with you, in line with our legitimate business interest as the data controller.
If you are a client, we collect your personal data as necessary to perform our contractual obligations (including but not limited to invoicing, customer relationship management, marketing activities and promotional solicitations) and to grant you access to the eFront software and/or services, in accordance with the agreement executed with your company.
If you are signing up on this website to receive marketing information from us, you have consented to the collection and processing of your personal data by eFront for marketing and promotional purposes.
Your personal data may be transferred to our affiliates and service providers located outside the EEA in order to provide you with maintenance and support services, applications and infrastructures, to provide you professional services, to manage our contractual relationship (CRM) and to send you emails and newsletters.
In accordance with the GDPR, eFront has implemented appropriate safeguards to secure these transfers, such as through the execution of standard contractual clauses or a European Commission adequacy decision. A copy of the documents evidencing the security of the transfers of your personal data is available upon request to our Data Protection Officer.
Only authorized employees at eFront may access your personal data on a need-to-know basis. Our employees are informed of the personal nature of this data, have received appropriate training regarding its processing and protection and have committed to strict confidentiality terms.
Your personal data is also shared with our service providers, such as maintenance and support service providers, consulting services providers, CRM providers or hosting service providers, e.g. AWS or Microsoft. Relevant contractual safeguards, such as data processing agreements, are implemented to secure the confidentiality of your personal data by such third parties.
Your personal data may also be shared with our professional advisors (i.e. our legal and tax advisers, accountants and auditors) and with our Data Protection Officer.
We may also be required to disclose your personal data upon request by administrative or judicial authorities, or to assert our rights.
Depending on whether you are a prospect or a client, the retention period applicable to your personal data may vary pursuant to applicable law.
If you are a prospect, we will keep your personal data in accordance with the applicable law of your country of residency.
If you are a client, eFront will keep your personal data as long as eFront provides your company with eFront software or services.
Information collected through cookies on this website, such as your email address and IP address, will be kept for no longer than thirteen (13) months from collection.
Upon expiry of these retention periods, your personal data will be deleted unless we are legally required or entitled to retain it. In such case, your personal data will be kept in accordance with statutory retention periods.
You can at any time unsubscribe from our emailing and newsletter lists. If you no longer wish to receive communications from eFront and its affiliates, please click here.
You have the right to access your personal data and request for your personal data to be rectified.
You are also entitled to restrict or object to the processing of your personal data and request erasure of your personal data.
If applicable and depending on the type of personal data concerned, you also have a right to obtain a copy of your personal data in a machine-readable format to transmit your personal data to another third-party service provider (“right to portability”).
Finally, when you have consented to receiving marketing information from us, you have the right to withdraw your consent at any time.
You can exercise your rights by writing to firstname.lastname@example.org.
You can directly contact the eFront affiliate which has executed an agreement with your company (if you are a client) or with whom you are in touch (if you are a prospect).
For any information or question relating to the protection of your personal data, you can also contact our Data Protection Officer at email@example.com.
In the event of a dispute with eFront concerning the collection and processing of your personal data, and after having previously asserted your rights internally, you have the option to file a complaint with the French supervisory authority (“Commission Nationale Informatique et Libertés” or CNIL) or with the appropriate supervisory authority in your country of residency.
eFront has developed certain proprietary technologies, including (but not limited to) software as a service (SaaS), mobile applications, software hosted by eFront and related professional services (hereafter the “eFront Technology”), which it makes available for use by its clients (hereafter the “Client(s)”).
Our Clients may provide the eFront Technology (including related services) to their own clients (hereafter the “User(s)”). The Users include all natural persons or individuals authorized by the Client who access and/or use the eFront Technology.
Personal information shall be collected by eFront for the purposes of providing hosting services, access to eFront Technology, any professional services and maintenance and support services for which our Clients use the eFront Technology to provide their own services to the Users.
eFront processes personal information collected through the eFront Technology under the direction of our Clients, and accordingly We have no direct relationship with the Users whose personal information We process on behalf of our Clients. However, We work closely with our Clients to help them provide notices to the Users concerning the purpose for which personal information is collected and processed.
eFront processes the following personal information provided by our Clients and/or the Users:
Our Clients may use the personal information notably to:
Because we have no direct relationship with the Users whose personal information is collected and processed through the eFront Technology, a User who seeks to access, correct, amend or delete their personal information should direct their query to the Client. The queries can be either handled by the Client on its own, or the Client can request assistance from eFront by sending an email at firstname.lastname@example.org. We will respond to the Client’s request within thirty (30) business days.
We may disclose personal information to third party companies (such as the hosting service provider) that help us provide our services to our Clients and make available the eFront Technology to our Clients (the “Sub-processor”). Client has authorized eFront to subcontract the processing of personal information to Sub-processors. eFront is responsible for any breaches of the agreement in place with its Clients caused by its Sub-processors to the extent strictly provided for by mandatory provisions of applicable law.
Whilst We may use Sub-processors for the processing of personal information to the extent necessary to fulfill our contractual obligations under the agreement in place with our Clients, the Sub-processors will use this data solely on behalf of eFront and may not process any personal information for their own purposes. Sub-processors will be bound by the same obligations as eFront with regard to their processing of Client personal data.
Should We change Sub-processors in place at the time of signing the agreement with our Clients, eFront will notify the Clients. If Client has a legitimate reason that relates to the Sub-processors’ processing of its personal data, Client may object to eFront’s use of a Sub-processor by notifying eFront in writing within thirty (30) days after receipt of eFront’s notice. If Client objects to the use of the Sub-processor, the parties will come together in good faith to discuss a resolution.
Where eFront engages another Sub-processor for carrying out specific processing activities on behalf of the Client, eFront undertakes to apply the same data protection obligations as set out in the agreement executed between any entity of eFront and the Client, or as set out in any legislations or regulations.
eFront also reserves the right to disclose the personal information collected as required by law, and when We believe that disclosure is necessary to protect our rights and/or to comply with judicial proceedings, court orders, or other legal proceedings.
The security of the personal information processed through the eFront Technology is a legitimate concern of our Clients and their Users.
While processing is carried out on behalf of the Clients, eFront ensures to implement sufficient guarantees regarding appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Please be advised, however, that although we have endeavored to create a secure and reliable system for the Clients and Users, the confidentiality of any communication or material transmitted to or from the eFront Technology via the Internet or email cannot be guaranteed.
When disclosing any personal information, Clients and Users should remain mindful of the fact that it is potentially accessible to the public, and consequently, can be collected and used by others without their consent. We have no responsibility or liability for the security of information transmitted via the Internet. Any questions about the security measures applicable in relation to the eFront Technology should be addressed to email@example.com.
The eFront Technology will retain the personal information of the Clients and/or Users for as long as our Clients use the eFront Technology and provide their own services to the Users through the eFront Technology.
At the end of the agreement, eFront will delete all the personal information collected through the eFront Technology, including existing copies. The Client may, however, request in writing the return of the personal information, in which case such request must be sent by the Client to eFront within thirty (30) business days of termination of the agreement executed between eFront and the Client. Following such period, the personal information may be deleted by eFront.
We may, however, need to retain and use the personal information as necessary to comply with our legal obligations.
Clients and/or Users have the right to access or correct the personal data being processed by eFront. Should you wish to receive a copy of the data we hold about you, or advise us of corrections to your personal data, please contact us via firstname.lastname@example.org. We may need to verify your identity before we can comply with your request.
eFront may transfer personal information outside EU, subject to the written agreement of the Client.
eFront has implemented appropriate safeguards in this respect, especially the security of the transfer of personal information.
We transfer personal information from the European Union to the United States in compliance with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively.
The eFront group’s entities adhering to the Privacy Shield Principles are the following:
eFront has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
For any questions or complaints regarding our compliance with the EU-U.S. Privacy Shield Framework, please contact us here. If We do not resolve your complaint, you may submit your complaint free of charge to the French data protection authority (CNIL), eFront’s designated independent dispute resolution provider.
eFront undertakes to cooperate with EU data protection authorities. eFront shall comply with the instructions provided by such authorities as regards Client personal information transferred outside the EU.
Under certain conditions specified by the principles of the EU-U.S. Privacy Shield Framework, you may also be able to invoke binding arbitration to resolve your complaint. eFront is subject to the investigatory and enforcement powers of the FTC.