1. Preamble
This Privacy Policy is addressed to Users of the Oodrive website (hereinafter the “Site”) who browse the Site and aims to inform them about how their personal data may be collected and processed by Oodrive during their navigation.
Respect for privacy is a fundamental right and one of the essential values of Oodrive, which strives to provide its clients with secure and sovereign services.
Respect for privacy and personal data is of the utmost importance to Oodrive, and has been since its creation by its founders. This is why we are committed to processing such data in strict compliance with the applicable regulations on the protection of personal data (hereinafter the “Regulation”), in particular the French Data Protection Act of January 6, 1978 (hereinafter the “LIL”) as amended and the General Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”), Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Given the rise in the transfer of personal data and the non-negligible risks to the fundamental rights and freedoms of European citizens, Oodrive ensures:
- To make the respect of the principles of privacy by default and by design (Article 25 of the GDPR) a priority;
- To process personal data in a lawful, fair, and transparent manner for legitimate, explicit, and determined purposes (Article 5 of the GDPR);
- To facilitate, at any time, the exercise of the rights of the Users of the Site, notably via the email address privacy@oodrive.com.
Furthermore, Oodrive commits to:
- Never monetize your personal data: Oodrive prohibits reselling your personal data to third parties for financial gain in any way. Such resale would be contrary to Oodrive’s principles, which aim to provide secure file-sharing services;
- Carefully select its subcontractors and ensure that they have an adequate level of personal data protection through relevant organizational and technical measures and that they have the best certifications on the market (ISO27001, ISO27701, SecNumCloud, etc.) and the most secure authentication methods (SSO, MFA, etc.);
- Host data in the most secure manner possible, in accordance with the recommendations of the data protection authorities and particularly the European Data Protection Board (EDPB). This is why Oodrive has chosen a French provider, Gandi, to host its platform, to avoid any transfer to the United States in light of the invalidation of the Privacy Shield by the “Schrems II” ruling.
2. Some Definitions:
Personal Data: has the same meaning as given by the GDPR and particularly concerning you: your names, first names, positions, telephone number, your IP address, among other data depicted below. These are all data that allow you to be identified directly or indirectly as a natural person.
Services: when referring to our Services, this includes one or more of the following Services: Oodrive Work, Oodrive Meet, Oodrive Sign, and Oodrive Save.
Site: when referring to the Site, it refers to the Oodrive site accessible at https://www.oodrive.com/, secured through the choice of an SSL certificate as indicated by the padlock to the left of your URL. This site is our showcase where you can learn about our various services, download our white papers, request a demo of our Services, or send a spontaneous application.
3. Origin of Personal Data
Oodrive may collect and process personal data:
- When you fill out the contact form to be contacted by the Oodrive sales team; or
- When you subscribe to the Oodrive newsletter to receive our latest news about our offers; or
- When you wish to join our team by sending us your application spontaneously or to apply for one of our latest job offers; or
- When you browse the Site; or
- When you contact us to participate in an event or to schedule an appointment for a future event (e.g., a trade show);
Oodrive may automatically collect Personal Data during navigation on the Oodrive site. This automatic collection can be done, in particular, through the use of cookies and other trackers.
For more information about the cookies we collect, you can review our Cookie Policy at the bottom of the Oodrive site page at any time, as well as during your first visit to the Oodrive site. We use a consent manager to ensure that we collect your consent in compliance with the recommendations of the CNIL.
4. What Processing?
Depending on the processing in question, Oodrive may act as a Subprocessor or as a Data Controller. These qualifications may seem complex at first, but what you need to keep in mind is that it is the Data Controller who defines the means and purposes of the processing, while the Subprocessor acts on behalf of and for the Data Controller. Regardless of the qualification, whether acting as a Data Controller or Subprocessor, Oodrive is committed to keeping the transmitted personal data confidential, as this confidentiality obligation appears crucial to us given our industry.
| Categories of Personal Data | Purposes | Legal Bases | Retention Period |
| For each prospect: name, first name, position, email address, telephone number, IP address | Newsletter subscription: to facilitate the sending of the newsletter; event registration, responding to any questions via the contact form on the Site | Legitimate interest of Oodrive to ensure its external communications | Duration of the newsletter subscription. Deletion upon request from the prospect or customer |
| Identification data: CV, cover letter (name, first name, email address, telephone number, address, diplomas, interests). | Recruitment process: spontaneous reception of applications and responses to job offers. | Necessary for the interview with the candidate, possible references. To examine and evaluate your professional skills in relation to Oodrive’s needs. When we review your application and contact you as part of a recruitment process, the processing of your data is necessary for the performance of pre-contractual measures, namely the examination of your applications contactons dans le cadre d’un processus de recrutement, le traitement de vos données est nécessaire à l’exécution de mesures précontractuelles, à savoir l’examen de votre candidature. | Two years from the last contact with the candidate |
Where Are Your Data Hosted?
Since the invalidation of the Privacy Shield and the “Schrems II” ruling, the transfer of personal data of European citizens must be subject to additional measures to ensure that they are processed in compliance with the GDPR. Oodrive has chosen a French host for its site, Gandi, whose data centers are located in France.
5. Subprocessors and Recipients of Personal Data?
Who Are Our Subprocessors?
Careful to select subprocessors who respect the GDPR, Oodrive scrutinizes them before concluding any contract to ensure that they are mainly located in France or at least in the European Union and respect the state of the art in terms of technical and organizational measures. If not located in the European Union, the subprocessor must be established in a country that has been subject to an adequacy decision or at least be located in a country whose level of personal data protection is at least equivalent to that offered by the European Union through the GDPR.
| Subprocessor Identity | Processing | Category of Data | Data Location | Purposes |
| Brevo | Collection, recording, organization, storage, consultation, use | Identification data | France | Sending transactional and commercial emails |
| Gandi | Collection, recording, storage | Identification data | France | Site hosting |
| Hubspot | Collection, recording, organization, storage, consultation, use | Identification data | France | CRM |
| Salesforce | Collection, recording, organization, storage, consultation, use | Identification data | France | CRM and ticketing |
6. Exercise of Data Subject Rights
Oodrive has appointed a DPO in accordance with Article 37 of the GDPR. If you wish to contact our DPO to assert your rights of access, rectification, or erasure, as well as to assert your right to object, you can send your requests to the following email address: privacy@oodrive.com.
In case of a complaint, the competent supervisory authority is the CNIL, whose website is: https://www.cnil.com
7. Cookies
At Oodrive, we love Cookies, provided you have given your consent and we respect the recommendations of the CNIL. We use cookies to improve your navigation both on our Site and when you are logged into Our Platform as a User. To learn more about cookies and other trackers, we invite you to consult our dedicated page, which can be found at any time during your visit at the bottom of the page next to the legal notices and this Privacy Policy.
8. Security First: Technical and Organizational Measures
In accordance with Article 32 of the GDPR, Oodrive has implemented technical and organizational measures to secure access to its website and solutions https://www.oodrive.com.
Our key measures are as follows:
- Cybersecurity Insurance: Oodrive maintains insurance covering risks related to cybersecurity and data protection.
- Data Encryption: All data is encrypted, both in transit and at rest, to prevent unauthorized access.
- Privacy by Design: The Provider integrates respect for privacy from the design of its services and solutions, in accordance with the principles of data protection by design and by default.
- Regular Intrusion Tests: Intrusion tests (“pentests”) are regularly conducted to identify and subsequently correct potential security vulnerabilities in the Provider’s systems.
- Data Anonymization: The Provider applies data anonymization techniques to minimize the risks of identifying the individuals concerned.
- Video Surveillance: The Provider uses video surveillance devices to protect its premises and critical infrastructure, in compliance with applicable legislation on privacy protection and data confidentiality.
- Awareness: The Provider raises awareness among its employees from their onboarding about the essential principles of the GDPR and regularly tests their knowledge.
- Hosting in France: Oodrive solutions are hosted in France.
- Establishment of a SOC team dedicated to incident management, monitoring security controls, and continuous verification of the effectiveness of security measures.
- Implementation of a captcha to limit attack attempts.
9. Modification
The Privacy Policy is subject to change. We invite you to consult this page regularly.
10. Contact Details of the Data Protection Officer
Oodrive has appointed a DPO with the CNIL in accordance with Article 37 of the GDPR. If you wish to contact our DPO to assert your rights of access, rectification, or erasure, as well as to assert your right to object, you can send your requests to the following email address: privacy@oodrive.com.
Oodrive
Attention of the DPO,
26 rue du Faubourg Poissonnière,
75010, Paris
