.png){kind=small}
Privacy
Privacy policy of the Sofware Solution​
​
Last update: December 2022
1. Subject
​
This privacy policy (hereinafter the "Privacy Policy") illustrates the commitment of BUSINESS TAX, a simplified joint stock company with a share capital of €235,000, registered in the Trade and Companies Register of Paris under number 853 267 177, with the following intra-community VAT number : FR 61 853 267 177 and whose registered office is located at 75 boulevard Haussmann in Paris (75008) (hereinafter the "Company") to respect for the privacy and protection of personal data during the use of the BusinessTax Advisor or Enterprise software solution (hereinafter the "Software Solution").
​
2. Processing of personal data
2.1. Description of the processing
In accordance with applicable laws and regulations, the Company, acting as data controller, collects some of your personal data.
When you connect to the Software Solution, the Company, acting as data controller, collects your e-mail address.
During the use of the Software Solution, you have the possibility to fill the following information in your personal space:
​
-
Your photo;
-
Your last name ;
-
Your first name;
-
Your mobile phone number;
-
Your phone number;
-
Your position in the company.
The Company collects your professional qualifications: accountant or lawyer.
When you use / connect to the Software Solution, the Company, acting as data controller, also collects your following personal data:
​
-
Connection logs;
-
Connection data;
-
IP address.
​
​
Purpose
​
​
Legal basis
​
​
Retention period
​
Access and connection
to the Software Solution
​
The processing is necessary for the performance of your contract with the Company and is based on your consent
Personal data shall be retained for the duration of the contractual relationship between you and the Company
Management of requests
for rights of access, portability,
erasure, restriction of processing, rectification and opposition
​
The processing is necessary for the performance of your contract concluded with you and is based on your consent
​
Personal data shall be retained
for the duration of one year
from the date of your request
to exercise your right(s)
​
Management of requests
for the right to object to
commercial prospecting
​
The processing is necessary to respond to the request to exercise the right to object
​
Personal data shall be retained
for the duration of three years from the time you exercise your right to object
​
2.2. Recipients / transfers of your personal data
​
Access to your personal data is restricted to only those persons who need your personal data in order to fulfil the specific purpose of the processing.
Your personal data may also be disclosed by the Company to third parties:
​
-
if the law or a legal procedure requires the Company to share your personal data;
-
in response to a request from a public or judicial authority (in particular in the event of a judicial requisition);
-
when the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.
The Software Solution is hosted in "cloud computing" by MICROSOFT (MICROSOFT AZURE) on servers located in France (Paris).
Your personal data is also transmitted to the company Sendinblue (7 rue de Madrid, 75008, Paris, France) and to the company Zendesk, (989 Market Street, San Francisco, CA 94103, USA);
Your personal data is therefore transferred outside the European Economic Area.
The Company undertakes to ensure a level of protection of the Employees personal data identical to the level of protection ensured by the application of the RGPD, and has in particular concluded with the company Zendesk located outside the European Economic Area Standard Contractual Clauses, in their version modified in June 2021 by the European Commission and set up additional security guarantees as specified by the judgment of the Court of Justice of the European Union (CJEU) of July 16, 2020 (known as the "Schrems II" judgment).
Zendesk has adapted Binding Corporate Rules (BCR) allowing to transfer your personal data from Zendesk subsidiaries located in the European Economic Area to Zendesk subsidiaries located outside the European Economic Area.
2.3. Security of personal data
The Company ensures the security of your personal data by implementing appropriate technical and organizational measures in order to guarantee a proper level of security and to implement means to guarantee the confidentiality, integrity, constant availability and resilience of the processing systems and services, restore availability and access to your personal data, as well as a procedure to regularly test, analyze and evaluate the effectiveness of the technical and organizational measures put in place by the Company.
2.4. Retention of personal data
​
Your personal data should be retained only for the period required to fulfil the purpose for which the Company stores such data, to meet your needs, to fulfil its legal or regulatory obligations, to enable it to exercise its rights and/or for statistical or historical purposes.
At the end of the above-mentioned periods, your personal data will be deleted, or the Company will anonymize it.
2.5. Your rights regarding your personal data
​
You have the following rights regarding your personal data:
​
Right
of access
​
You may request to access to your personal data.
​
You may also request to modify the inaccurate personal data or incomplete data to be completed.
​
Furthermore, you have the right to know the origin of your personal data.
​
​
Right to erasure
(Right to be Forgotten)
​
You may request the erasure of your personal data if:
​
-
The data is no longer necessary for the purposes it was collected and processed;
-
They have chosen to withdraw your consent (where consent has been collected as the legal basis for processing); this withdrawal does not impact the lawfulness of the processing before its implementation;
-
They have objected to the treatment of your personal data;
-
The data have been processed unlawfully;
-
The data should be deleted to comply with a legal obligation; or
-
Such erasure is required to ensure the compliance with current legislation, in particular with regard to the retention periods applicable to the collected personal data.
​
​
Right
to object
You may object to the processing of your personal data in accordance with the legal obligations imposed on the Company.
​
​
Right to
restriction of
processing
​
You may also request a restriction of processing of your Personal Data if:
​
-
You contest the accuracy of such data;
-
The Company no longer needs this data for processing purposes; and
-
You objected to the treatment of your personal data.
​
​
Right not to be
subjected to a decision exclusively based
on the basis of an
automated data processing
​
​
You shall not be the subject to the decision based exclusively on automated processing that produces legal effects concerning you or significantly affects you, particularly based on profiling.
​
Right
to portability
​
You may request that the Company provide you with your personal data in a structured, commonly used, machine-readable format, or request to transmit those data directly to another data controller as long as:
​
-
The processing is based on your consent; and
-
It is carried out by automated means.
​
Right to give directives
on the processing
of your personal data
after your death
​
Pursuant to the Article 85 of French Data Protection Act of 6 January 1978 as amended, you can give directives on the exercise of your rights under this section after your death, (in particular on the duration of the retention of your personal data, its deletion and/or its communication) as well as designate a person responsible for the exercise of these rights.
In the absence of such directives, the Company will grant the requests of your heirs, as set out in article 85, II of the Data Protection Act.
​
​
Right to make
a complaint to a
supervisory authority
​
If you have any concerns or appeals regarding the protection of your personal data, you have the right to make a complaint to the Commission Nationale de l'Informatique et des Libertés via the following link: www.cnil.fr Plaintes en ligne | CNIL.
​
The CNIL can also be contacted at the following address: 3 Place de Fontenoy, 75007 Paris - phone: 01 53 73 22 22.
​
You are invited to inform the DPO of the Company in advance so that the DPO can process the request and attempt to find an amicable solution.
​
You may exercise your above-mentioned rights and/or ask any questions concerning the processing of your personal data by the Company using the following email address: dpo@businesstax.io or by post at the following address: Délégué à la Protection des Données, BUSINESS TAX, 75 boulevard Haussmann, 75008, PARIS.
In order to process the request as quickly as possible, you may indicate in your request the purpose and the context in which your personal data was collected by the Company. The Company may ask you to provide a copy of both sides valid identity document, if there is a reasonable doubt about your identity.
2.6. Cookies
The Software Solution uses tracers to ensure the access, security and operation of the application (necessary cookies).
These cookies do not require your consent.
The necessary cookies deposited on the Software Solution are the following :
​
​
Name of the cookie
​
Domain
​
Expiration
Purpose
​
​
x-ms-cpim-slice
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used to route requests to the appropriate production instance
​
​
x-ms-cpim-trans
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used for transaction tracking (number of Azure AD B2C authentication requests) and current transaction
​
​
x-ms-cpim-sso:{Id}
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used to manage the single sign-on session. This cookie is set to persistent, when the persistent option is activated
​
​
x-ms-cpim-cache:{id}_n
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session, successful authentication
​
Allows to manage the state of the request
​
​
​
x-ms-cpim-csrf
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Cross-site request forgery token used for CRSF protection
​
​
x-ms-cpim-dc
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used for Azure AD B2C network routing
​
​
​
x-ms-cpim-ctx
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Context
​
​
​
x-ms-cpim-rp
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used for storing membership data for the resource provider tenant
​
​
x-ms-cpim-rc
​
​
b2clogin.com, login.microsoftonline.com
​
​
End of
browser session
​
​
Used for relay
cookie storage
​
​
​
​
x-ms-cpim-admin
​
​
​
main.b2cadmin.ext.azure.com
End of
browser session
Contains user membership data across all tenants. The tenants of which a user is a member and their membership level (Admin or User)
​
x-ms-cpim-geo
​
​
b2clogin.com, login.microsoftonline.com
​
​
​
1 hour
​
​
Used as an index to determine the geographic location of resource tenants’ homes
​
​
_hdu
​
​
help.businesstax.io
​
​
​
2 hours
​
​
Used for authentication
​
​
​
_hds
​
​
help.businesstax.io
​
​
​
1 year
​
​
​
_hd_team
​
​
help.businesstax.io
​
​
​
2 hours
​
​
Used for authentication
​
​
You are informed that the acceptance of these cookies is mandatory to access and use the Software Solution.
You can deactivate these cookies at any time.
The setting is generally done from your browser.
Your browser can be configured to notify you of cookies placed on your device and to ask you to accept them or not.
The configuration of each browser is different.
It is described in the help menu of your browser, which will allow you to know how to modify options regarding cookies.
​
2.6.1. If you are using the Mozilla Firefox browser
​
Cookies - information that Websites store on your computer
​
-
Click on the menu button and select "Options”
-
Select the "Privacy" panel.
-
Set the "Retention Rules" menu to "Use custom settings for history
-
Uncheck the "Accept Cookies" box.
-
Any changes you have made will be automatically saved.
​
2.6.2. If you are using Microsoft Internet Explorer
​
Delete and manage cookies
​
-
Click on the Tools button and then on "Internet Options".
-
Click on the "Privacy" tab, then under "Settings", move the slider up to block all cookies or down to allow all cookies, then click OK.
​
2.6.3. If you are using the Google Chrome browser from Google
​
Delete, allow and manage cookies in Chrome - Android - Google Chrome Help
​
-
Select the Chrome menu icon.
-
Select "Settings".
-
At the bottom of the page, select "Show advanced settings".
-
In the "Privacy" section, select "Content Settings".
-
Select "Block all sites from storing data.
-
Select OK.
​
2.6.4. If you are using Apple's Safari browser
​
Legal - Cookie Usage
​
-
Click on "Settings" > "Safari" > "Privacy" > "Cookies and Website Data".
-
Delete history and cookies stored in Safari on your iPhone, iPad or iPod touch and Manage cookies and website data in Safari on Mac
​
2.6.5. If you use Opera Software's Opera browser
Opera Web preferences - Opera Help
If you disable the deposit of the necessary cookies, you expose yourself to potentially negative effects (not ensuring optimal navigation of the Software Solution and degraded functionality).
​
2.7. Language
​
This Privacy Policy is written in English for informational purpose. Only the French version shall be deemed authentic in the event of a dispute.
​
2.8. Modification of Privacy Policy
​The Company reserves the right to make changes to this Privacy Policy at any time.
The Company recommends that you check this page regularly, referring to the date of the last modification.
In the event of a major change to the present Privacy Policy, the Company will notify you of such changes.
​