GroupCamp Privacy Policy

Last update: May 22, 2018

The Privacy Policy (« PP ») is part of GroupCamp’s general Terms of Service (« ToS ») available at www.groupcamp.com/tos

All definitions located in the GroupCamp Terms of Service (« ToS ») apply.

Principles

All data or information, personal or otherwise, manually submitted or transferred to the GroupCamp Service are strictly confidential

Information received or collected by GroupCamp

Customer Account and Payment Information

During the Account creation process, the Customer provides the following personal information which are known to GroupCamp :

1. The name of your company together with the first and last name of the person having subscribed to the service.

2. The address of the company together with the country of residence (this information is mandatory to determine whether customers are subject to VAT or not)

3. A valid email address for communications regarding billing information (issued invoices, modification of service or changes to the GroupCamp Terms of Service)

4. Your credit card number for the short lapse of time during which we transfer it to our certified Payment Gateway partner (YOUR CREDIT CARD NUMBER IS NOT STORED ON ANY SERVER BELONGING TO GROUPCAMP). Only our trusted PCI-certified payment partner has your credit card details. We only keep an ID including the last 4 digits of your credit card (format: XXXX-XXXX-XXXX-1234) together with the holder’s name and expiry date. We may use this ID for authentication purposes by our customer support team.

5. Your account access URL(Web address). This web address is public.

6. Your payment and invoicing history.

All account and payment information can be viewed and/or edited in the Account application, accessible in the Owner section  of the Admin Panel. The email address of the Account Owner can be updated by the Owner in the Owner’s Preferences app.

Client Admin Panel access by GroupCamp support team members

Support team members can connect to the Client Admin Panel and can have access to the following:

1. First name and last name of account Administrators

2. Names of Management teams

3; Technical counters, used/unused features, account configuration.

All other data is strictly confidential: this information may include name, address and telephone number, other credit card information, service confirmations or your application data. We may use this information for usage statistics, anonymously, and only with a view to improving our services.

If the company is based in one of the member states of the European Union, we collect its intra-community VAT number.

Cookies

When Users access GroupCamp web servers, Cookies are generated by GroupCamp and stored on the User's hard drive when you visit any website on the Internet. Cookies enable us to remember users, to store user preferences and to track user trends in general. We use cookies to improve the quality of the Services we offer and to better understand how users interact with the Website. In some secured areas of the Website, cookies are required to associate you with your personal information stored in our systems.

The Customer and its End-users may change the security settings of its browser to reject cookies or send a warning to the User, indicating that a cookie has been received from GroupCamp. If the Customer and its End-users decides to reject cookies coming from GroupCamp, they will not be able to use the Service.

To improve our Services, GroupCamp might use a third-party service for statistical analysis of the usage of GroupCamp services. No personal information received or collected by GroupCamp will be provided to these third-party services.

Email addresses

GroupCamp can use the services of third party email service providers to send bulk emails (News, blogposts, notifications, etc).

Connection data

When a User connects to the GroupCamp Service, GroupCamp will be able to use connection information to provide a better Service. Connection information include the IP address, the preferred language setting of the browser, the name and the version of the browser ; the operating system, the requested URL.

Security and access to personal information

GroupCamp will ensure that the appropriate security measures be taken to protect against unauthorized access to, or unauthorized alteration, disclosure or destruction of users’ information. Such measures include password encryption and security updates on GroupCamp servers, and securing physical access to our hosting facility.

1. Ensuring that GroupCamp operations team do not access customer private information except with their authorization in general for service troubleshooting reasons.
2. Never use, transfer or resell user email information to third parties.
3. Never saving any data, which a user decides to delete. In other words, if you decide to delete data from your account we will not keep saved copies of this data.
4. Notifying the owner of the service of changes to the current Privacy Policy by the following means: email, information banners, blog. You should check the Website regularly for information about revisions to this Privacy Policy.

Information covered by such measures include servers and data centers located in France and in other countries.

GroupCamp will take the necessary measures to ensure that its operations team does not access Customer private information except with the authorization of the Customer and generally for service troubleshooting reasons. Failure to comply with such measures may lead to employment termination and legal action.

Using Google services: Gmail, G Suite and Android

Granting GroupCamp access to G Suite data

It applies to all Customers who have a GroupCamp account linked to a G Suite account.

When installing a GroupCamp product in the Google Marketplace, the Customer accepts that GroupCamp applications get access to the list of users and organizations in the attached G Suite domain. GroupCamp maintains a replicated database of the data collected from G Suite to improve overall service performance.This database is manually synchronized by G Suite domain's administrators connected to the GroupCamp Service.

Data stored are: firstname and lastname, email address, user organization unit and the photo of the profile.

When G Suite Users are added to GroupCamp by the Customer or by one of the Users authorized by the Customer, the following services are automatically added to the End-User:

• Access to files in Google Drive,
• Access to calendars in Google Calendar,
• Access to contacts in Google Contacts,
• Access to GroupCamp Gmail Gadget 

GroupCamp Gmail Gadget (for G Suite users only)

The Gmail Gadget allows GroupCamp applications to read the content of the emails in order to save them in GroupCamp. This operation occurs online when the User requests it. Outside this operation, GroupCamp does not have access to End-Users' emails Content.

Using the GroupCamp Gmail Gadget allows Google's softwares to get access to the data contained in the Gadget.

Google Profile

Data stored are: firstname and lastname, email address and the photo of the profile.

Google Drive

End-Users can access their Google Drive through the GroupCamp Service only when they request it. Outside this operation, GroupCamp does not access the User's Google Drive files.

Google Contacts

End-Users can use Google Contacts through the GroupCamp Service only when they request it. Outside this operation, GroupCamp does not access the Users' Google Contacts.

Google Calendar

End-Users indicate which Google Agenda should get synced with GroupCamp's data. During this synchronization, GroupCamp does not collect nor stock any data on its servers that is not directly related to GroupCamp service data .

GroupCamp gets access to a End-User Google agendas when a GroupCamp data update is necessary.

Enable/ Disable feature

G Suite User needs to contact his/her G Suite administrator if he/she wishes to disable GroupCamp's access to his/her G Suite account.

The Gmail user can enable or disable access to his/her Gmail account data by going in the GroupCamp's preferences menu.

Android apps

GroupCamp does not access to device personal local data.

Using Microsoft Services

This paragrah concerns only Online Services from Microsoft such as: outlook.com, hotmail, etc.

Microsoft  Profile

Data stored are: firstname and lastname, email address and the photo of the profile.

Microsoft OneDrive

End-Users can access their Microsoft OneDrive through the GroupCamp Service only when they request it. Outside this operation, GroupCamp does not access the User's OneDrive files.

Outlook Calendar

End-Users indicate which Outlook Calendar should get synced with GroupCamp's data. During this synchronization, GroupCamp does not collect nor stock any data on its servers that is not directly related to GroupCamp service data .

GroupCamp gets access to a End-User Outlook calendars when a GroupCamp data update is necessary.

Enable/ Disable feature

The End-User can enable or disable access to his/her Microsoft account data by going in the GroupCamp's preferences menu.

Using Box and Dropbox services

End-Users can use these services through the GroupCamp Service when they request it. Outside this operation, GroupCamp does not have access to the User's files.

iOS apps

GroupCamp does not access to device personal local data.

Using the services of a GroupCamp partner

In this case, the GroupCamp partner gets access to data related to the Customer's GroupCamp Service Account application. The partner also gets access to data related to Customer's support requests.

The GroupCamp Billing and Payment Policy does not apply to Customers dealing with a GroupCamp partner.

Support access

Upon contacting the GroupCamp Support team, GroupCamp will collect, for the Customer and its End-Users, first and last name, email address and connection data including useful Account information such as user role, Offering and Plans which are subscribed to.

For troubleshooting reasons, GroupCamp will request the Customer’s authorization to enable application logs which allows the GroupCamp team to detect and solve problems or bugs based on  Account events described in the application logs.

GDPR

The General Data Protection Regulation (GDPR) is a European privacy regulation that aims to strengthen the security and protection of personal data in the European Union (EU).

The Customer is the Data controller and bears the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law.

The Customer, as a Data controller under GDPR, must meet the following obligations for Users that are EU citizens.

Meeting the objection obligation

Each EU citizen has a right of objection, or the right to object to direct marketing. On request, the Customer must stop processing personal data for direct marketing purposes when the Customer receive an objection from a data subject.

GroupCamp as Data Processor under GDPR, added a Report Spam link in email sent by its Platform. This link allows End-User to block emails sent by the GroupCamp Customer Account. Only the User or the GroupCamp Support team can change this parameter. The Customer cannot do it.

Meeting the access obligation

Each User has a right of access. On request, the Customer must inform the User where their personal data is being held and for what purposes.

Meeting the correction obligation

Each User has a right to rectification, or the right to have inaccuracies in their personal data corrected. On request, the Customer must provide the data subject with their personal data and fix inaccuracies or add missing information.

Meeting the erasure obligation

Each User has a right to erasure, or the right to be forgotten or deleted. On request, the Customer must delete the personal data of a data subject. In the Service, the Customer can delete permanently a User. This action will delete User personal data.

Meeting the data portability obligation

Each User has a right to data portability. On request, the Customer must provide a data subject with their personal data or to transmit the data to another organization.

Exceptions to GroupCamp commitment regarding privacy

GroupCamp may need to transmit user confidential information to third parties in the following cases :

1. to satisfy any applicable law, regulation, court order, legal process or enforceable government request,
2. to ensure compliance with applicable terms of service or agreements including investigation of any potential violations.

Merger or Acquisition by another Company

In the event of a merger or an acquisition or any other form of transfer of all or part of its assets, GroupCamp  will guarantee the privacy of personal information and will use reasonable efforts to inform the Customer prior to the transfer of personal information to a new privacy Policy.

Declaration of the GroupCamp Service to the CNIL

The GroupCamp service has been the subject of a declaration submitted to the French National Commission for Computers and Liberties (CNIL): http://www.cnil.fr/en.
The CNIL was created by law n° 78-17 on the 6th January 1978. Its mission consists in ensuring that the development of information technology remains at the service of citizens and does not breach human identity, human rights, privacy or personal or public liberties.

Questions and complaints

If you have any questions or complaints about our privacy policy, please send us an email at privacy [at] groupcamp.com