Last update : 30th of April 2021
Lettria publishes a project management platform and a Natural Language Processing API allowing its Clients to :
- Benefit from pre-registered dictionaries and lexical ontologies ;
- Have a fine syntactic and semantic analysis of their data;
- Structure their data;
- Moderate their data automatically
Respect for privacy and personal data is a priority for Lettria, which is why we are committed to process them in strict compliance with the French Data Protection Act of 6 January 1978 (hereinafter referred to as the "IEL Act"), as amended, and the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter referred to as the "GDPR").
In any event, we are committed to respect the following two (2) essential principles:
- You remain in control of your personal data;
- Data is processed in a transparent, confidential and secured manner.
Article 1. Definitions
- API: refers to the API published by Lettria, which is interoperable with the Client's solutions and enables it to benefit from the Services.
- Applicant: refers to any person applying for Lettria's job offers.
- Client: refers to any natural or legal person using the Services.
- Account: refers to the interface dedicated to the Client or its Users on the Website and from which it is possible to access the Services.
- Username: means the email address (or user name) and password that you choose when you register and which you enter to log into your Account.
- Data subjects or You: refers to the data subjects of the processing operations carried out by Lettria. For the purposes of this policy, the Data Subjects are Applicants, Clients, Prospects and Users.
- Website: refers to the website accessible at the address https://lettria.com/fr published by Lettria as well as all its graphic, sound, visual, software and textual components. The Internet site is the exclusive property of Lettria.
- Prospects: refers to the persons contacted by Lettria in the context of BtoB prospecting campaigns.
- Services: refers to the automatic language processing and reporting services offered by Lettria via its API.
- Users: refers to any person authorised to access the Services by the Client and who has an Account.
Article 2. Identity and contact details of the data controller
Lettria as the data processor
Your personal data is collected and processed by TURFU SAS (hereinafter referred to as "Lettria"), a simplified limited company with a capital of 5,000 euros, having its registered office at 46, Rue du Val, 77160 Provins, registered in the Melun Trade and Companies Registry under number 835 074 857 in its capacity as data processor.
For any question, you can contact Lettria :
- By post to LETTRIA, 46, Rue du Val, 77160 Provins ;
- By e-mail to firstname.lastname@example.org.
Lettria as a subcontractor
Lettria shall have the status of subcontractor with regard to the Client for all operations generated through its API. Thus, the Customer will have the status of data processor for data processing carried out via the API for the purposes of :
- Collection and cleaning of textual datasets;
- Syntactic and semantic analysis of text;
- Data structuring;
It is specified that, as a subcontractor, Lettria only processes the data mentioned in the media analyzed by its APIs according to its Client's instructions and, in this respect, is forbidden from any proprietary reuse of these media or the data they contain.
The data processor is, within the meaning of the Data Protection Act and the GDPR, the person who determines the means and purposes of processing. When two or more data processors jointly determine the purposes and means of the processing, they are the joint data processors (or co-processors).
The processor is a person processing personal data on behalf of the controller and acts under the authority of and on the instructions of the controller.
If you wish to obtain information on the processing operations carried out by Lettria on behalf of its clients, we invite you to contact them.
Article 3. Contact details of our DPO
Our Data Protection Officer (hereinafter referred to as "DPO") is available to respond to all requests, including the exercise of rights, relating to your personal data.
You can contact him/her:
- Either by email at the following address : email@example.com
- Or by post: HAAS AVOCATS - DPO de LETTRIA, 32 rue de la Boétie, 75008 PARIS
The Data Protection Officer's mission is to inform, advise and control Lettria's compliance in the performance of the various processing operations.
In accordance with data protection regulations, the DPO acts as a contact point:
- Towards the persons concerned for all matters relating to the processing of data carried out by Lettria or the exercise of your rights;
- Towards the CNIL in the context of its cooperation mission. The DPO may also contact this authority to request an opinion or prior consultation on all matters concerning the protection of personal data;
- Towards the other DPOs appointed by the participating subcontractors or data processors.
Article 4. Data collection
In the course of its activities, Lettria collects and processes personal data about you. This data may come directly from You, or may have been collected from third parties in the processing operations.
In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms or emails sent to you.
Customer and prospect data collected by Lettria is processed in accordance with the purposes set out at the time of collection and in compliance with the CNIL's guidelines on the processing of personal data for the purposes of managing commercial activities.
Where necessary, we are committed, depending on the case, to obtaining your consent and/or allowing you to oppose the use of your data for certain purposes, such as, for example, the possibility of sending you commercial prospecting or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purpose of measuring the audience of our site and our application.
Article 5. Prospecting
In the context of its marketing operations addressed exclusively to professionals, Lettria ensures that :
- Prospects have been provided with sufficient information on the prospecting operations conducted;
- Prospects are able to oppose prospecting operations in a simple and free manner (Opt-Out); and
- The solicitation is related to the profession of the person solicited.
When aimed at professionals, commercial prospection can be conducted without obtaining the prior consent of the person concerned as long as the latter has been informed in advance and is in a position to oppose, in accordance with the recommendations made by the CNIL.
Article 6. Purposes and legal bases of processing
When the legal basis used for the processing operations carried out by Lettria is based on the pursuit of a legitimate interest, you have the possibility, upon simple request, of obtaining information on the balancing of interests.
Your various data are collected by Lettria to ensure :
The administration, proper functioning and continuous improvement of the Website and Services
The processing relating to the administration, proper functioning and permanent improvement of the Website and Services includes the following purposes:
- The management of the security of the Website and the Services;
- The provision and management of Accounts;
- Communication on the status of the Services to Users;
- The management of Users' requests for assistance made via our contact forms;
- The deposit of cookies and tracers, details of which can be found in our cookies policy.
Our legitimate interest in providing you with quality and secure Services to meet your needs.
Your consent for the deposit of cookies and tracers.
Management of our relations with our Clients
Customer relationship management covers the following purposes:
- Contract management;
- Commercial follow-up of the relationship with our Customers;
- Assistance to our Customers in the use of our services;
- The elaboration of commercial statistics.
Our legitimate interest in providing our Customers with the best possible commercial relationship and ensuring the best quality of our Services.
Management of BtoB marketing operations
The execution of BtoB marketing operations includes the following purposes:
- Carrying out BtoB prospecting campaigns by e-mail;
- The sending of newsletters;
- The elaboration of statistics on the marketing plan;
- Management of the chatbot;
- Management of contact forms dedicated to making appointments with our "NLP" and "ethics" experts.
Our legitimate interest in proposing commercial offers to our BtoB prospects.
Our processing relating to recruitment includes the operations necessary for the management and follow-up of your applications (organisation of interviews, technical tests, etc.).
The execution of pre-contractual measures.
Our processing relating to the management of accounting operations includes :
- Invoice editing;
- Invoice follow-up and dunning;
- Management of unpaid invoices;
- General accounting for the company.
Our legal obligation arising from articles L102 B and following of the Book of Tax Procedures. Our legitimate interest in ensuring that the accounting operations carried out are carried out correctly.
The management of requests for rights arising from the GPDR and the amended Data Protection Act
This processing covers all the operations necessary for the follow-up of requests for rights sent to Lettria (qualification of the request, investigations, carrying out specific technical operations, etc.). It only concerns cases where Lettria is acting as a data controller.
Our legal obligation arising from Articles 15 et seq. of the GDPR and Articles 48 et seq. of the Data Protection Act.
Article 7. Collected data
The compulsory or optional nature of the personal data collected and the possible consequences of a failure to reply are indicated at the time of their collection on the associated forms. You can consult the details of the personal data that we are likely to have on you below.
Details of the data collected
NB: the details provided below are not intended to be exhaustive and are intended above all to inform Users of the categories of data that Lettria may process.
For the proper functioning and continuous improvement of our Website and Services, the data likely to be processed are as follows :
- Data relating to your identity: surname, first name, professional email address;
- Data relating to the use of our Services**, including data communicated to our teams when you make requests;
- Your logs and connection data;
- To find out more about the data processed in the context of the deposit of cookies, we invite you to consult our cookies charter.
For the management of our Clients:
- Data relating to your identity: surname, first name, professional details (email address and telephone number), position, company;
- Data relating to the use of our Services: details of the offer subscribed to, requests for assistance in using our services, account manager;
- Data relating to the payment of invoices: terms of payment, discounts granted, receipts, balances, unpaid invoices, information necessary for invoicing.
For the management of BtoB marketing operations:
- Data relating to your identity: surname, first name, business details (email and telephone), company, position;
- If you are a customer, the offer to which you have subscribed;
- Data relating to our prospecting actions: date of first contact, date of last contact.
For the management of applications:
- Data relating to your identity: surname, first name, age, date and place of birth, personal email address, personal telephone number, photo;
- Data relating to your personal life: hobbies, motivation to apply;
- Data relating to your educational background: diplomas, distinctions, skills;
- Data relating to your professional background: position, company, professional references;
- Any other personal data provided in the context of recruitment operations.
For the management of accounting and related operations:
- Data relating to your identity: surname, first name, professional contact details (email and telephone), company, position;
- Data relating to the transaction: transaction number, details of the corresponding offer.
- Data relating to payment: direct debit, information on the nature of the operations carried out, details of the offer subscribed to by the Customer,
- Data relating to the payment of invoices: payment methods, discounts granted, receipts, balances and unpaid bills.
For the management of your requests to exercise your rights:
- Data relating to your identity: title, surname, first names, address, telephone number, email addresses, customer code, date of birth. A copy of an identity document or equivalent may be kept as proof of the exercise of a right of access, rectification or opposition or to meet a legal obligation. In this respect, we are obliged to verify your age when you place an order and we must therefore collect a copy of an identity document
- Data relating to your request to exercise your rights
In any event, Lettria is committed to process all data collected in accordance with the GDPR and the French Data Protection Act.
Article 8. Recipients
Within the limits of their respective attributions and for the purposes recalled in article 6, the main persons who are likely to have access to your data are the following
- Authorized staff of our technical, commercial and administrative departments responsible for the permanent improvement of our services, customer relations and prospecting;
- Authorized staff of our subcontractors;
- Financial organisations (banks, etc.) and supervisory entities;
- If necessary, the courts concerned, mediators, chartered accountants, auditors, lawyers, bailiffs, debt collection companies;
- Third parties likely to place cookies on your terminals (computers, tablets, mobile phones, etc.) when you give your consent (for more details, please consult our Cookie Management Charter).
Your personal data is not communicated, exchanged, sold or rented without your prior express consent in accordance with the applicable legal and regulatory provisions. Certain categories of subcontractors have access to data:
- Hosting providers / Storage location: European Union
- SaaS CRM solution providers / Storage location: USA
- Cloud storage providers in the context of managing relations with our Clients and applications (contracts, CVs, etc.) / Storage location: USA
- Mailing solution providers / Storage location: USA
- Email solution providers / Storage location: USA
To obtain more information on our subcontractors, you can send a request to our DPO by e-mail to firstname.lastname@example.org or by post to HAAS AVOCATS - DPO de Lettria, 32 rue de la Boétie, 75008 PARIS.
Article 9. Data transfers outside the European Union
In some cases, your personal information will be stored on servers located outside the European Union.
This is particularly the case when we transfer information to some of our Partners or subcontractors located in the United States.
We have taken appropriate measures to ensure that your data is kept secure by contracting standard contractual clauses approved by the European Commission (art. 46 GDPR).
You may request access to the documents ensuring appropriate contractual guarantees by making a request to our Data Protection Officer by email to email@example.com or by post to HAAS AVOCATS - DPO de Lettria 32 rue de la Boétie, 75008 PARIS.
Article 10. Data retention policy
We keep your data only as long as necessary for the purposes described in Article 6.
As an indication, click below for more details on the legal retention periods.
For the administration, proper functioning and continuous improvement of the Website and Services
Data allowing the identification of Clients and Users are kept for the duration of their registration, then for a period of five years in intermediate storage (Art. 2224 of the Civil Code).
The log of your actions on the Website is kept for a period of six months, except for operations considered sensitive by Lettria for the purposes of combating fraud, in which case the retention period will be extended to a maximum of six years (Art. 8 of the Code of Criminal Procedure).
To find out more about how long cookies and the information collected through them are kept, we invite you to consult our cookies charter.
For the management of commercial relations with our Clients
The data used in the management of the commercial relationship with our Customers is kept for the entire period necessary for the execution of the contract.
This data is then archived for a period of 5 years for evidential purposes (Art. 2204 of the Civil Code).
For the management of BtoB marketing operations
Data used in the context of BtoB marketing operations is kept for a period of 3 years from the end of the commercial relationship if you are a Client or from your last contact if you are not yet a Client.
For the management of accounting and related operations
Invoices and accounting data issued are kept for 10 years from the date of issue.
The accounting trace of payments is kept for a period of 10 years in intermediate archiving as from the effective realisation of the payment (Art. L123-22 of the Commercial Code).
As part of the management of a pre-litigation, the data is deleted as soon as the dispute is settled out of court or, failing that, as soon as the corresponding legal action is time-barred. The data collected and processed in the context of a dispute must be deleted when the ordinary and extraordinary means of appeal are no longer possible against the decision taken.
For the management of your applications
Your data is kept for a period of two years from the date of your last contact. They may be kept for a longer period with your consent.
For the management of your requests to exercise your rights
Data relating to the management of requests for rights are kept for the time necessary to process the request. It is then archived for the applicable criminal statute of limitations, i.e. six years, in intermediate storage (Art. 8 of the Code of Criminal Procedure).
Article 11. Your rights
In accordance with the French Data Protection Act and the GDPR, you have the following rights :
- right of access (article 15 GDPR), rectification (article 16 GDPR), update, completeness of your data ;
- right to erasure (or "right to be forgotten") of your personal data (Article 17 GDPR), when they are inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited;
- the right to withdraw your consent at any time (Article 7 GDPR);
- the right to limit the processing of your data (Article 18 GDPR);
- right to object to the processing of your data (Article 21 GDPR);
- the right to portability of the data you have provided to us, where your data is subject to automated processing based on your consent or on a contract (Article 20 GDPR);
- the right not to be subject to a decision based solely on automated processing (Article 22 GDPR); no such decision making is currently applied by Lettria;
- the right to define the fate of your data after your death and to choose whether or not we communicate your data to a third party that you have previously designated (article 85 LIL). In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless it is necessary to keep it for evidential purposes or to comply with a legal obligation.
You may exercise your rights:
- by e-mail to firstname.lastname@example.org;
- by post to HAAS AVOCATS - DPO de Lettria, 32 rue de la Boétie, 75008 PARIS.
Finally, you may also lodge a complaint with the supervisory authorities, in particular the CNIL or any other competent authority.
Article 12 - Security
LETTRIA and its subcontractors undertake to implement all technical and organisational measures necessary to ensure the security of the processing of personal data and the confidentiality of your Data.
In this respect, we comply with the GDPR and the French Data Protection Act and take all necessary precautions, taking into account the nature of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent the data from being distorted, damaged or accessed by unauthorized third parties.
To this end, the following measures have been taken: physical protection of our premises, protection of information systems by anti-virus software and firewalls, authentication procedures for persons accessing data with personal and secure access via confidential identifiers and passwords, an Internet site protected by an SSL certificate, web clients using a TSL certificate, logging and traceability of connections, as well as the encryption of certain data.