Presentation

The Dolibarr Association offers the DoliStore.com platform to help buyers and sellers connect. Only the product visibility service is provided by the foundation. The foundation does not guarantee the quality of the products purchased by the client.

The Dolibarr Association, via DoliStore, collects payments for the authors/publishers of the sold goods and manages the distribution of the funds owed to them. In this capacity, the association acts under the payment institution exemption as provided by Article L521-3 I 2° of the Monetary and Financial Code.

The Dolibarr Association is a French association (Law 1901) created to promote and develop the Open Source ERP and CRM software Dolibarr.

Legal information about the foundation:

• WALDEC: W452006878
• SIRÈNE: 52033993800018
• NAF: 9499Z

More information on the page https://asso.dolibarr.org/index.php/Dolibarr_foundation.

Data Protection Principles

By using the DoliStore.com website, you agree to the processing of your personal data as described in this privacy policy.

Our commitments to data protection principles are as follows:

• Lawful, fair, transparent processing: Our data processing activities have legitimate grounds. We always consider your rights before processing personal data.
• Purpose limitation: Data processing is limited to the purpose for which the personal data was collected.
• Data minimization: We collect and process only the minimal amount of personal data required for any purpose.
• Storage period: Data processing is limited to a specific period. We will not retain your personal data longer than necessary.
• Integrity: We do our best to ensure the accuracy, integrity, and confidentiality of the data.

Definition of Personal Data Rights

• Right to information: You must be informed if your personal data is being processed; what data is collected, where it comes from, and why and by whom it is processed.
• Right of access: You have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your collected personal data.
• Right to rectification: You have the right to request the correction or erasure of your inaccurate or incomplete personal data.
• Right to erasure: In certain circumstances, you can request that your personal data be erased from our records.
• Right to restriction or objection to processing: You have the right to restrict or object to the processing of your personal data under certain conditions.
• Right to data portability: You have the right to obtain your personal data in a machine-readable format.
• Right to withdraw consent: You have the right to withdraw any given consent for the processing of your personal data.

Data We Collect

Information provided by sellers:

• Email address, first and last name, company name, company or tax number (VAT number), billing information.

Information provided by buyers:

• Email address, first and last name, company name, company or tax number (VAT number), billing information, membership status in the association.

Note: Payment information (credit card or payment partner ID) is not collected or known by DoliStore, as it is provided directly to the payment provider.

Automatically collected information:

• Includes information stored automatically by session or analytical cookies (based on Google and Matomo).
• Also includes purchase history.

Information from partners:

• We do not collect information from partners.

Links to other sites:

• Site pages may include embedded content (e.g., videos, images, articles, links). Embedded content from other sites behaves as if the visitor were on that other site. These sites may collect data about you (IP address, use cookies, embed third-party tracking tools) or track your interactions with embedded content if you have an account and are logged in to their site.

Use of Your Personal Data

We use your personal data for the following purposes:

• To identify you (login email and hashed password)
• To communicate with you regarding sold products for sellers or purchased products for buyers (email)
• To improve your seller or customer experience and respond to your inquiries (purchase or sales history)
• To fulfill a legal or contractual obligation (billing data)
• To conduct analysis and research to improve our services (anonymized browsing and consultation statistics on the website).

We process your personal data to fulfill legal obligations and/or use your personal data as provided by law. We reserve the right to anonymize collected personal data and use such anonymized data long-term. We will only use data outside the scope of this policy if it is anonymized.

We may process your personal data for other purposes not mentioned here. In that case, this document will be updated.

Data Retention Periods

For users who register on our site, we store the personal data indicated in their profile. All users can view, modify, or delete their personal information at any time.

We also retain billing information as long as necessary for accounting or other legal obligations, until your request for data deletion, or the legal time for billing data.

Sharing Your Personal Data

Sellers: The following buyer personal data is provided to sellers to facilitate service provision or improve the customer experience: email, first and last name, name of the purchased module, its price, and purchase date.

Buyers: The following seller personal data is provided to buyers to facilitate service provision or improve the customer experience: email or contact URL for module support (if the seller provides support).

Payment entities: To ensure third-party payment, we use the services of Stripe and Paypal. We provide them with the buyer's email and address. Payment method information is not stored by DoliStore but collected and stored directly by Stripe or Paypal, which informs us of the payment success or failure.

Legal entities: We disclose your personal data to third parties or officials when legally required.

Other Third Parties outside the European Economic Area: We do not transmit data to other third parties than those mentioned previously. When transferring personal information to non-EEA countries (cited previously for non-European sellers or payment entities), we ensure these transfers comply with this Notice and applicable data protection laws. We rely on European Commission adequacy decisions or use contracts with standard guarantees published by the European Commission.

Administrators and Moderators: The DoliStore platform is administered and moderated by members of the Dolibarr Association's Board of Directors. Each board member has access and modification rights to seller and buyer profile information and the sales/purchase list.

The Dolibarr Association cannot be held responsible for the use that may be made of this data by sellers or any other third party with authorized access.

How We Secure Your Data

We do our best to protect your personal data.

Hosting: The service is hosted under the OVH SAS Public Cloud offering. RCS Lille: 537 407 926, 2, rue Kellermann, 59100 Roubaix

Communication encryption: We use secure protocols for data communication and transfer (e.g., HTTPS). We use anonymization and pseudonymization where appropriate.

Monitoring: We monitor our systems for potential vulnerabilities and attacks.

Backups: Regular backups are automated.

Although we do our best, we cannot guarantee total information security. However, we commit to informing the competent authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything reasonably possible to prevent security breaches and assist authorities in case of a breach.

Password: Your password is stored in an encrypted, non-reversible form (hash). If you have an account with us, you must keep your username and password confidential.

Cookies and Other Technologies We Use

We use cookies and/or similar technologies to enable user session functionality and obtain anonymous site browsing statistics.

A cookie is a small text file stored on your computer (in memory or on the disk). Cookies store information used to help operate sites. We can only access cookies created by our site. You can control your cookies at the browser level. Disabling cookies may prevent you from using certain features.

We use cookies for the following purposes:

• Necessary cookies: These cookies are required to use essential features on our site, such as login and session persistence. These cookies do not collect any personal information.
• Functionality cookies: These cookies provide functionalities that make our service more convenient and allow for more personalized features. For example, they can remember your name and email address in comment forms, so you don't need to re-enter this information next time.
• Analytical cookies: These cookies are used to track the anonymous usage and performance of our website and services.

You can delete cookies stored on your computer through your browser settings. You can also control some third-party cookies using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.

Contact Information - DPO

The Data Protection Officer (DPO) is the President of the Dolibarr Association. Their name is indicated on this page: https://wiki.dolibarr.org/index.php/Office_and_Board_Members.

Any request regarding your personal data can be made by email to [email protected].

Modifications to This Privacy Policy

We reserve the right to make changes to this privacy policy. Last modification made on 14/05/2024.