Last updated: July 11th, 2024
Tadaweb provides software as a service and related services (the “Platform”) to help public, private, and non-governmental organizations by empowering the human mind with the right information at the right time.
As a globally operating company with affiliates located in various jurisdictions that may be processing various Personal Data (as defined below) about you (hereafter, “you”, “yours”, or the “User”) in the course of conducting our business we provide you with this Privacy Policy governing the collection, use and further processing of your Personal Data.
TaDaweb S.A. is the parent company of the group, but the controller of your information may be one of its affiliates depending on how you interact with us (i.e., as a website visitor or Platform User).
In this Privacy Policy, where we refer to “Tadaweb,” “we,” “our,” or “us,” we are referring to the relevant Tadaweb group entity that decides how and why your information is used.
When a Tadaweb entity processes your Personal Data as controller (meaning that we determine why and how your personal data is used), this Privacy Policy sets out how we process that data in compliance with the applicable data protection and privacy laws. This Privacy Policy also explains what rights you have relating to that Personal Data. If are a resident of certain jurisdictions, you may find additional information relevant to your situation at the end of this Privacy Policy.
When we process Personal Data on behalf of our clients we act as a processor and strictly follow their instructions, as controllers, relating to that processing. We do it always in line with applicable laws, regulations and policies, and based on a data processing agreement. This Privacy Policy also applies to certain Personal Data of the Platform Users, as described in “Categories of Personal Data We Collect” section.
Please note, that access and use of the Platform is at all times subject to our Terms of Service, the EULA and/or any separate agreement you’ve entered with us, as applicable. Any terms we use in this Privacy Policy without defining them, have the definitions given to them in the Terms of Service.
By using or accessing our website, www.tadaweb.com, or accessing and using our Platform and related services (the “Services”) in any manner, you acknowledge that you have read the practices and policies outlined below, and you understand that we will collect, use and share your information as described in this Privacy Policy.
If you apply for a job with Tadaweb you will find more information on how we handle your Personal Data in our dedicated Candidate Privacy Policy.
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. When we do so, we will post those changes here, so please check back periodically for any updates. Where we make changes to our processing that may affect the rights of individuals affected by those changes, we will inform those individuals where possible.
This Privacy Policy covers how we treat personal data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations, in particular as defined in the General Data Protection Regulation (“GDPR”) and the California Consumer Protection Act (“CCPA”).
This Privacy Policy does not cover the practices of companies we don’t own or control (such as social media providers).
This chart details the categories of Personal Data that we may collect and and/or may have collected over the past 12 months:
|
Through Your Visit on our Website |
||
|
Category of Personal Data Collected |
Purpose & Retention Period |
|
|
Cookies |
Please refer to our Cookie Policy |
|
|
Through Your Connection to Third Party Products |
||
|
Category of Personal Data Collected |
Purpose & Retention Period |
|
|
Personal Account Information |
In cases where users connect to an API using their personal account, the Platform only records what is necessary to execute required API calls, i.e.: token entered manually or returned by an external authentication process. This data is deleted when you disconnect or delete the corresponding API connection. |
|
|
Business Contact Information |
||
|
Category of Personal Data Collected |
Purpose & Retention Period |
|
|
Contact Business Information |
Business development including, clients’ and suppliers’ management, billing, etc. Generally, we store your Personal Data for the duration of our business relationship. Extended statutory retention periods may apply in certain cases. |
|
Providing, Customizing and Improving the Services:
Meeting Legal Requirements and Enforcing Legal Terms:
Service Providers
We disclose the minimum amount possible of your Personal Data to selected service providers. Service providers are third parties acting on our behalf that help us provide our Services, hosting and other technology and communications providers, data storage and analytics providers.
Legal Obligations
We may share Personal Data that we collect with relevant third parties in conjunction with any of the activities set forth under “How We Use Your Personal Data” section above.
Business Transfers
All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should any of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
We may collect Personal Data about you from the following categories of sources:
We have relationships with third parties to receive data that you make publicly available online or collect other publicly available information from other sources. We may also have access to information that you post on other social media platforms. Social media users who do not want their data processed by us can make their account or posts private or, to the extent applicable, remove us and/or other third parties from their followers. This Privacy Policy does not cover the use of Personal Data by any third parties that you submit to such third parties, and we aren’t responsible for their privacy policies and practices. To learn more about how these third-party data sources treat your Personal Data, you should reference the privacy terms of those sources, in particular the information may be found in the Google Privacy Policy, available at http://www.google.com/policies/privacy.
We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate technical and organizational security measures based on the type of Personal Data and how we are storing and processing that data. We take reasonable steps to protect your Personal Data from misuse, interference and loss, and from unauthorized access, modification or disclosure. We maintain physical security electronic data storage, such as locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems. The Services use industry standard Transport Layer Security (TLS) technology to allow for the encryption of Personal Data you provide to us.
You should also help protect your Personal Data by appropriately selecting and protecting your password and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the Internet or storing data is completely secure.
We retain certain Personal Data (defined above) about you for as long as you have an open Account with us or as otherwise necessary to provide you with our Services or to fulfil the purposes outlined in this Privacy Policy. In some instances, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information could not be used by us or a third party to identify you personally.
We do not knowingly collect or solicit Personal Data about children under 16 years of age. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at dataprotection@tadaweb.com.
EEA and UK Residents
If you are a resident of the European Union (“EU”), United Kingdom, or member of the European Economic Area (“EEA”, Lichtenstein, Norway or Iceland), you may have additional rights under the General Data Protection Regulation or equivalent applicable legislation in your jurisdiction (the “GDPR”) with respect to your Personal Data, as outlined below.
If there are any conflicts between this section and any other provision of this Privacy Policy, the Privacy Policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at dataprotection@Tadaweb.com.
Personal Data We Collect
The “Categories of Personal Data We Collect” section above identifies the Personal Data that we collect from you.
Personal Data Use and Processing Grounds
The “How We Use Your Personal Data” section above explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing primarily include consent (e.g., for setting up cookies), contractual necessity (e.g., for managing your Account Data) and our legitimate interests (e.g., protection from fraud or security threats) or the legitimate interest of others (e.g., compliance with legal obligations). From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects or if it is necessary for a task carried out in the public interest.
Sharing Personal Data
The “How We Share Your Personal Data” section above identifies how we share your Personal Data with third parties.
EEA and UK Data Subject Rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at dataprotection@Tadaweb.com.
Please note that in some circumstances, we may not be able to fully comply with your request, such as if a request is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Access
You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification
If you believe that any Personal Data, we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
Erasure
You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent
If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Portability
You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection
You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of Processing
You can ask us to restrict further processing of your Personal Data.
Right to File Complaint
You have the right to lodge a complaint about Tadaweb’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en. For more information about our lead supervisory authority please refer to “Supervisory Authority” section below.
As part of our activities, a number of our third-party providers may receive your Personal Data and be located outside the EU or the EEA under special security conditions.
We may use third-party service providers to provide our services, which may involve transfers of your Personal Data to countries outside the EU/EEA. In the case of international transfers from the EU/EEA to a country outside the EU/EEA, the transfer of your Personal Data may occur when the European Commission has decided that the country outside the EU/EEA guarantees an adequate level of data protection.
For transfers to countries outside the EU/EEA for which the level of protection has not been recognized as adequate by the European Commission, we will implement the appropriate safeguards provided by applicable data protection law (e.g., the signing of standard contractual clauses related to data protection or any other equivalent mechanism that provides you with enforceable rights and effective remedies) or rely on an exemption applicable to specific situations (such as your explicit consent).
You can obtain more information on the relevant guarantees we rely on by contacting us at dataprotection@tadaweb.com.
Data collected and further processed on our Platform is hosted as indicated in the respective agreement you may have executed with us. As a general rule, the Platform and all data processed on behalf of our clients located in the United States, are hosted and operated in the United States through Tadaweb and, as it may be, its third-party service providers. Otherwise, your data is stored on servers located in the EEA.
Supervisory Authority
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner (e.g., after 30 calendar days without being informed about the reason of the delay), you have the possibility to lodge a complaint with the competent authority such as our competent supervisory authority.
Our lead supervisory authority, as we are in Luxembourg, is the Commission Nationale pour la Protection des Données (“CNPD”). The CNPD can be contacted directly: https://cnpd.public.lu/fr/support/contact.html, or by letter to: Commission nationale pour la protection des données - Service des plaintes, 15, boulevard du Jazz, 4370 Belvaux, Grand Duchy of Luxembourg.
Contact Information
If you have any questions about this Privacy Policy, the Personal Data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us:
By email: dataprotection@tadaweb.com
By letter: Data Protection Officer TaDaweb S.A., 3, avenue du Swing, 4367 Belvaux, Grand Duchy of Luxembourg
If you are a California resident, you have the rights set forth in this section, as granted by the California Consumer Privacy Act. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of the Platform Users or Clients’ employees in connection with our provision of certain services. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at dataprotection@tadaweb.com.
Access
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient.
Deletion
You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of the exceptions under the CCPA, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (e.g., send the request from your e-mail address you think we may have), and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it (e.g., to correct or delete your records). Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request.
We will work to respond to your Valid Request within 45 calendar days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods by e-mailing us at dataprotection@tadaweb.com.
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Additionally, under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at dataprotection@tadaweb.com.
When Tadaweb operates a system of records subject to the Privacy Act of 1974 or comparable US government agency regulations, including any use of information contained in such a system of records, our use and disclosure of that information (“Privacy Act Information”) is subject to the applicable systems of records notice and applicable agency regulations, which control to whatever extent they may conflict with this Privacy Policy. Tadaweb employees who create, receive or otherwise handle Privacy Act Information are required to undergo initial and annual Privacy Act training as a condition of their access to the information. Tadaweb prohibits any unauthorized use of a system of records or unauthorized disclosure, access, handling, or use of Privacy Act Information. Any person can report a suspected or confirmed breach of Privacy Act Information or the unauthorized disclosure, access, handling, or use of Privacy Act Information to Tadaweb by e-mailing us at dataprotection@tadaweb.com.