top of page

Privacy

Privacy policy of the Sofware Solution

Last update: December 2022

 

1. Subject

This privacy policy (hereinafter the "Privacy Policy") illustrates the commitment of BUSINESS TAX, a simplified joint stock company with a share capital of €235,000, registered in the Trade and Companies Register of Paris under number 853 267 177, with the following intra-community VAT number : FR 61 853 267 177 and whose registered office is located at 75 boulevard Haussmann in Paris (75008) (hereinafter the "Company") to respect for the privacy and protection of personal data during the use of the BusinessTax Advisor or Enterprise software solution (hereinafter the "Software Solution").

2. Processing of personal data

 

2.1. Description of the processing

 

In accordance with applicable laws and regulations, the Company, acting as data controller, collects some of your personal data.

 

When you connect to the Software Solution, the Company, acting as data controller, collects your e-mail address.

 

During the use of  the Software Solution, you have the possibility to fill the following information in your personal space:

  • Your photo;

  • Your last name ;

  • Your first name;

  • Your mobile phone number;

  • Your phone number;

  • Your position in the company.

 

The Company collects your professional qualifications: accountant or lawyer.

 

When you use / connect to the Software Solution, the Company, acting as data controller, also collects your following personal data:

  • Connection logs;

  • Connection data;

  • IP address.

Purpose

Legal basis

Retention period

 

Access and connection

to the Software Solution

The processing is necessary for the performance of your contract with the Company and is based on your consent

 

Personal data shall be retained for the duration  of the contractual relationship between you and the Company

 

Management of requests

for rights of access, portability,

erasure, restriction of processing, rectification and opposition

 

The processing is necessary for the performance of your contract concluded with you and is based on your consent

 

Personal data shall be retained

for the duration of one year

from the date of your request

to exercise your right(s)

 

Management of requests

for the right to object to

commercial prospecting

 

The processing is necessary to respond to the request to exercise the right to object

 

Personal data shall be retained

for the duration of three years from the time you exercise your right to object

2.2. Recipients / transfers of your personal data

Access to your personal data is restricted to only those persons who need your personal data in order to fulfil the specific purpose of the processing.

 

Your personal data may also be disclosed by the Company to third parties:

  • if the law or a legal procedure requires the Company to share your personal data;

  • in response to a request from a public or judicial authority (in particular in the event of a judicial requisition);

  • when the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.

 

The Software Solution is hosted in "cloud computing" by MICROSOFT (MICROSOFT AZURE) on servers located in France (Paris).

 

Your personal data is also transmitted to the company Sendinblue (7 rue de Madrid, 75008, Paris, France) and to the company Zendesk, (989 Market Street, San Francisco, CA 94103, USA);

 

Your personal data is therefore transferred outside the European Economic Area.

 

The Company undertakes to ensure a level of protection of the Employees personal data identical to the level of protection ensured by the application of the RGPD, and has in particular concluded with the company Zendesk located outside the European Economic Area Standard Contractual Clauses, in their version modified in June 2021 by the European Commission and set up additional security guarantees as specified by the judgment of the Court of Justice of the European Union (CJEU) of July 16, 2020 (known as the "Schrems II" judgment).

 

Zendesk has adapted Binding Corporate Rules (BCR) allowing to transfer your personal data from Zendesk subsidiaries located in the European Economic Area to Zendesk subsidiaries located outside the European Economic Area.

 

2.3. Security of personal data

 

The Company ensures the security of your personal data by implementing appropriate technical and organizational measures in order to guarantee a proper level of security and to implement means to guarantee the confidentiality, integrity, constant availability and resilience of the processing systems and services, restore availability and access to your personal data, as well as a procedure to regularly test, analyze and evaluate the effectiveness of the technical and organizational measures put in place by the Company.

 

2.4. Retention of personal data

Your personal data should be retained  only for the period required to fulfil the purpose for which the Company  stores such data, to meet your needs, to fulfil its legal or regulatory obligations, to enable it to exercise its rights and/or for statistical or historical purposes.

 

At the end of the above-mentioned periods, your personal data will be deleted, or the Company will anonymize it.

 

2.5. Your rights regarding your personal data

You have the following rights regarding your personal data:

Right

of access

 

You may request to access to your personal data.

You may also request to modify the inaccurate personal data or incomplete data to be completed.

Furthermore, you have the right to know the origin of your personal data.

Right to erasure

(Right to be Forgotten)

 

You may request the erasure of your personal data if:

  1. The data is no longer necessary for the purposes it was collected and processed;

  2. They have chosen to withdraw your consent (where consent has been collected as the legal basis for processing); this withdrawal does not impact the lawfulness of the processing before its implementation;

  3. They have objected to the treatment of your personal data;

  4. The data have been processed unlawfully;

  5. The data should be deleted to comply with a legal obligation; or

  6. Such erasure is required to ensure the compliance with current legislation, in particular with regard to the retention periods applicable to the collected personal data.

Right

to object

 

You may object to the processing of your personal data in accordance with the legal obligations imposed on the Company.

Right to

restriction of

processing

 

You may also request a restriction of processing of your Personal Data if:

  1. You contest the accuracy of such data;

  2. The Company no longer needs this data for processing purposes; and

  3. You objected to the treatment of your personal data.

Right not to be

subjected to a decision exclusively based

on the basis of an

automated data processing

You shall not be the subject to the decision based exclusively on automated processing that produces legal effects concerning you or significantly affects you, particularly based on profiling.

 

Right

to portability

 

You may request that the Company provide you with your personal data in a structured, commonly used, machine-readable format, or request to transmit those data directly to another data controller as long as:

  1. The processing is based on your consent; and

  2. It is carried out by automated means.

 

Right to give directives

on the processing

of your personal data

after your death

 

Pursuant to the Article 85 of French Data Protection Act of 6 January 1978 as amended, you can give directives on the exercise of your rights under this section after your death, (in particular on the duration of the retention of your personal data, its deletion and/or its communication) as well as designate a person responsible for the exercise of these rights.

 

In the absence of such directives, the Company will grant the requests of your heirs, as set out in article 85, II of the Data Protection Act.

Right to make

a complaint to a

supervisory authority

 

If you have any concerns or appeals regarding the protection of your personal data, you have the right to make a complaint to the Commission Nationale de l'Informatique et des Libertés via the following link: www.cnil.fr Plaintes en ligne | CNIL.

The CNIL can also be contacted at the following address: 3 Place de Fontenoy, 75007 Paris - phone: 01 53 73 22 22.

You are invited to inform the DPO of the Company in advance so that the DPO can process the request and attempt to find an amicable solution.

 

You may exercise your above-mentioned rights and/or ask any questions concerning the processing of your personal data by the Company using the following email address: dpo@businesstax.io or by post at the following address: Délégué à la Protection des Données, BUSINESS TAX, 75 boulevard Haussmann, 75008, PARIS.

 

In order to process the request as quickly as possible, you may indicate in your request the purpose and the context in which your personal data was collected by the Company. The Company may ask you to provide a copy of both sides  valid identity document, if there is a reasonable doubt about your identity.

 

2.6. Cookies

 

The Software Solution uses tracers to ensure the access, security and operation of the application (necessary cookies).

 

These cookies do not require your consent.

 

The necessary cookies deposited on the Software Solution are the following :

Name of the cookie

 

Domain

 

Expiration

 

 

Purpose

 

x-ms-cpim-slice

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

Used to route requests to the appropriate production instance

 

x-ms-cpim-trans

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

Used for transaction tracking (number of Azure AD B2C authentication requests) and current transaction

 

x-ms-cpim-sso:{Id}

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

Used to manage the single sign-on session. This cookie is set to persistent, when the persistent option is activated

 

x-ms-cpim-cache:{id}_n

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session, successful authentication

 

Allows to manage the state of the request

 

x-ms-cpim-csrf

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

Cross-site request forgery token used for CRSF protection

 

x-ms-cpim-dc

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

Used for Azure AD B2C network routing

 

x-ms-cpim-ctx

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

 

Context

 

x-ms-cpim-rp

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

Used for storing membership data for the resource provider tenant

 

x-ms-cpim-rc

 

b2clogin.com, login.microsoftonline.com

 

End of

browser session

 

Used for relay

cookie storage

 

x-ms-cpim-admin

 

 

main.b2cadmin.ext.azure.com

 

 

 

End of

browser session

 

Contains user membership data across all tenants. The tenants of which a user is a member and their membership level (Admin or User)

 

x-ms-cpim-geo

 

b2clogin.com, login.microsoftonline.com

 

1 hour

 

Used as an index to determine the geographic location of resource tenants’ homes

 

_hdu

 

 

help.businesstax.io

 

2 hours

 

 

Used for authentication

 

_hds

 

 

help.businesstax.io

 

1 year

 

_hd_team

 

 

help.businesstax.io

 

2 hours

 

 

Used for authentication

 

You are informed that the acceptance of these cookies is mandatory  to access and use the Software Solution.

You can deactivate these cookies at any time.

 

The setting is generally done from your browser.

 

Your browser can be configured to notify you of cookies placed on your device  and to ask you to accept them or not.

The configuration of each browser is different.

It is described in the help menu of your browser, which will allow you to know how to modify options regarding cookies.

2.6.1. If you are using the Mozilla Firefox browser

Cookies - information that Websites store on your computer

  • Click on the menu button and select "Options”

  • Select the "Privacy" panel.

  • Set the "Retention Rules" menu to "Use custom settings for history

  • Uncheck the "Accept Cookies" box.

  • Any changes you have made will be automatically saved.

2.6.2. If you are using Microsoft Internet Explorer

Delete and manage cookies

  • Click on the Tools button and then on "Internet Options".

  • Click on the "Privacy" tab, then under "Settings", move the slider up to block all cookies or down to allow all cookies, then click OK.

2.6.3. If you are using the Google Chrome browser from Google

Delete, allow and manage cookies in Chrome - Android - Google Chrome Help

  • Select the Chrome menu icon.

  • Select "Settings".

  • At the bottom of the page, select "Show advanced settings".

  • In the "Privacy" section, select "Content Settings".

  • Select "Block all sites from storing data.

  • Select OK.

2.6.4. If you are using Apple's Safari browser

Legal - Cookie Usage

  • Click on "Settings" > "Safari" > "Privacy" > "Cookies and Website Data".

  • Delete history and cookies stored in Safari on your iPhone, iPad or iPod touch and Manage cookies and website data in Safari on Mac

2.6.5. If you use Opera Software's Opera browser

 

Opera Web preferences - Opera Help

 

If you disable the deposit of the necessary cookies, you expose yourself to potentially negative effects (not ensuring optimal navigation of the Software Solution and degraded functionality).

2.7. Language

This Privacy Policy is written in English for informational purpose. Only the French version shall be deemed authentic in the event of a dispute.

2.8. Modification of Privacy Policy

 

​The Company reserves the right to make changes to this Privacy Policy at any time.

The Company recommends that you check this page regularly, referring to the date of the last modification.

In the event of a major change to the present Privacy Policy, the Company will notify you of such changes.

bottom of page