Privacy Policy

Last updated October 3, 2022.

Preamble and Purpose

At TakeTurns, the privacy of our users and visitors are very important to us. 

TakeTurns, when acting as a data controller, processes personal data of the following data subjects (the “Data Subjects”, “you”, “your”): (i) Customers’ End User; (ii) prospects’ user who had been invited to collaborate on documents by TakeTurns’ Customers.

TakeTurns undertakes to process the personal data of the Data Subjects in compliance with the applicable regulations, depending your country of residence, such as the Regulation n°2016/679 (EU) of 27 April 2016 known as the General Data Protection Regulation (“GDPR”), the Data Protection Act of 6 January 1978 in its updated version for the French Data Subjects, and the California Consumer Privacy Act of 2018 (“CCPA”) for the US Data Subjects (together, the “Applicable Regulations”). 

The purpose of this privacy policy is to provide you with a description of the types of personal information we collect about you when you use our applications, websites, content, products and services and how we use that information. 

Identity of the Data Controller 

In this document, ““we”, “us” or “our” acting as data controller means TakeTurns, Inc., a Delaware corporation (if you are located in United States, Canada or Mexico (“North America”)) otherwise TakeTurns SAS, a French simplified joint stock company (“société par actions simplifiée”) registered under the number 903 059 913, having a registered office located at at 62 rue de Caumartin 75009 Paris (if you are located outside of North America), and in each case (as the context suggests) its stockholders, members, managers, directors, officers, employees, agents, representatives, affiliates, contractors, service providers, and/or designees.

Definitions 

Terms beginning with a capital letter are either defined herein or have the meaning given to them in the TakeTurns Terms of Services and by the Applicable Regulations, and in particular the GDPR, such as "Personal Data", "Processing", "Data Subjects", "Controller", "Processor", "Recipient" or "Data Breach".

How Do We Collect Information, What Do We Collect And How Do We Use It? 

We collect and store information that you voluntarily provide to us as well as data related to your use of the Services. Below is a more specific list of the personal information we collect and how we use it. 

The Processing implemented by TakeTurns with the Data Subjects' Data are presented in the following tables.

Access dedicated to end users who have been invited to collaborate on documents by TakeTurns’ customers

Customer relationship management

Management of possible disputes, litigation and pre-litigation 

User Communications

Our Services provides the opportunity to interact with other End Users who are not representatives of or employed by us by User Communications (as described in our TOS). Accordingly, any information you provide when through User Communications (including Personal Data) may be publicly posted and otherwise disclosed without effective limitation as to its use such End Users. End Users may include sensitive data (e.g., race, ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, physical or mental health, sexual life or criminal record) in their User Communications. We are not liable for the content, use of information and disclosure  of User Communications by other End Users, and especially for the disclosure of Personal Data communicated through User Communications for which you will hold us harmless as provided in the TOS.

If you have any questions regarding the foregoing, or our privacy practices, you may contact us at privacy@taketurns.global 

Can We Use Pseudonymized Information?

In addition to the uses of Personal Data above, we may remove the identifiable parts of your information to create pseudonymized forms (“Pseudonymized Information”). Pseudonymized Information may be compiled with other data in aggregated forms. We use this Pseudonymized Information in the following ways:

• Services Improvement: We may use Pseudonymized Information for product improvement including to the Services as well as share it with third-parties to evaluate their products or services.

• Research: We may use Pseudonymized Information for research whether scientific, marketing, or business in nature. This research may be made public through publication such as within a scientific journal.

How Do We Share The Information We Collect?

We do not sell, rent, trade or otherwise transfer Personal Data to third parties who are not our affiliates (i.e. any entity, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with us).without your consent to do so. We may, however, disclose Personal Data to authorized recipients subject to an appropriate obligation of confidentiality, which may be internal or external as appropriate: 

• Internal recipients: all TakeTurns End User whose duties, functions and missions justify that they access the personal data of data subjects (e.g. commercial department, marketing department, client relations department and prospect) for the sole purposes set out in this privacy policy and within the framework of the technical and organizational measures implemented by us aiming at ensuring the confidentiality and security of the personal data, and affiliated companies; 

• External recipients: 

  • third party service providers and/or agents, as reasonably necessary to provide you with the Services you have requested, including, but not limited to, third parties that host or operate our Services, analyze data, perform email list management services, provide customer service, or provide public relations and marketing services; and to vendors of products and services that are offered through the Services; 

  • our existing or potential consulting, auditing and financial control firms including outside counsel;

  • courts, tribunals, regulatory authorities, and law enforcement officers, within the scope of their powers, as required by law or legal process; 

  • in response to lawful requests for information by governmental agencies, such as law enforcement authorities, authorized to request such information; 

  • third parties to collect and process data in the event of an acquisition, reorganization, fund raising, of TakeTurns, sell or transfer of TakeTurns’ business or assets by any means whatsoever, including by merger, contribution or sale of TakeTurns, the potential buyers/beneficiary(ies), and their advisors and counsel as part of an audit prior to the transaction and following the buyer / beneficiary following the transaction.

We are not limited in our use of non-personal information that does not permit direct association with any specific individual, or non-identifiable aggregate information about our users (such as the number of users on the Services and the geographic distribution of our users). As such, in no way to limit the foregoing, we may share aggregate (non-personally identifiable) information with certain third parties such as advertisers, industry organizations, and prospective affiliates.

We do not enable third parties, except for certain of our subcontractors, to collect information directly from users while they interact with the Services. Our subcontractors only collect and use information at our direction and only to support the functioning of the Services and to perform analytics. 

Data Transfers Outside The European Union

For the purposes of our activities, we reserve the right to transfer your Personal Data outside of the country where you reside and/or from which you use our Services. 

If the country receiving the personal data does not benefit from an adequacy decision by the European commission and does not present an adequate level of data protection, we make the following commitments:

• adopt appropriate data protection safeguards, including sign and apply the latest version of the European Commission's Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council or any future version;

• assess the data protection legislation of the receiving country and, should this assessment show that the legislation compromises the effectiveness of the standard contractual clauses, adopt additional protection and security measures in order to protect the personal data transferred.

How Long Is Your Personal Information Kept By Us?

We will retain your personal information for the duration indicated in the processing tables herein above. 

How Do We Protect Your Personal Information?

We follow accepted industry standards to protect the Personal Data submitted to or collected by us, both during transmission and once we receive it adapted to the type of personal data we process. While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the internet, or method of electronic storage, is 100% secure and we cannot guarantee its absolute security. In the event of an inadvertent disclosure of your Personal Data, we will take all commercially reasonable steps to limit and remedy the disclosure as required by the applicable law. In light of the foregoing, your use and access of the Services is at your own risk. If you have any questions about security of our Services, please contact us in the manner set forth under the heading “Contact Us” below.

Can Children Use The Services?

The Services is intended for the use of users who are at least 18 years of age. The Services are not directed to persons under the age of 18. We do not knowingly collect or solicit information from, market to or accept services from persons under the age of 18 years old. If we become aware that a person under the age of 18 has provided us with personal information, we will take steps to remove such personal information.

How Far Does Our Responsibility Extend regarding Third Party Sites?

The Services and our communications to you may contain links to other third party sites that may offer products or services that our users might find useful. These third party sites may request information from you. In such instances, the collection and use of your Personal Data will be governed by the privacy policy applicable to that third party site. We do not and cannot control the privacy policies, contents or links that appear on these third party sites. We encourage you to review the privacy policies of any third party sites or services before providing any of them with your Personal Data. We accept no responsibility or liability for other third party sites or services. 

How Can You Access Or Amend Your Personal Information (Right Of Opt-Out, Access And Correction)?

You have the right to:

• ask us for confirmation that data concerning them is being processed, to obtain you retain the right to request details of any Personal Data we hold about you.on the characteristics of such processing, to access such data and to request a copy;

• correct, complete your Personal Data. 

• withdraw their consent at any time provided that the processing is exclusively based on this legal basis; 

• object to the processing of their personal data for reasons relating to their particular situation and to obtain their deletion, in which case we will grant this request unless the processing is justified by legitimate and compelling reasons; 

• obtain the limitation of the processing temporarily in case of a request for rectification or opposition on legitimate grounds while we analyze the request, which in practice means that the personal data is kept, but we cannot process it; 

• data portability, i.e. a right to obtain from us the restitution of the personal data they have communicated in a format of common use when the processing is automated and based on consent or on the execution of a contract;

• formulate instructions relating to the processing of their data after their death and to ask us to retain, delete or communicate their data to an expressly designated third party, it being specified that once we have knowledge of the death of a data subject and in the absence of instructions from him or her, it undertakes to destroy his or her personal data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

Upon and subjection to verification of your identity, we will respond to your requests within a reasonable time, between one and three months depending on its level of complexity. 

You can help us maintain the accuracy of your information by notifying us of any changes to your personal information as soon as possible. We may deny you such rights when required by law, if it is manifestly unfounded or excessive, and in particular if it formulates repetitive requests or requests that are too complex to process, or if the request would likely reveal Personal Data about a third party.

If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us or otherwise authorized through an appropriate legal basis to provide this personal data as the case may be under the Applicable Regulations. If you have previously agreed that we can use your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.

To exercise your rights, please submit a written request to us at: privacy@taketurns.global   

Your California Privacy Rights

Under the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights relating to collection, use, and sharing of their personal information for companies that do a minimum amount of business in or with California residents.

We do not meet the minimum necessary requirements to be subject to the CCPA. However, we also do not sell your personal information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale if required by law. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your personal information.

If you are a resident of California, you have the right to request to know what personal information has been collected about you, and to access that information. You also have the right to request deletion of your personal information, though exceptions under the CCPA may allow us to retain and use certain personal information notwithstanding your deletion request. You may also send your request to us by contacting us at the address below under “How can you contact us?“. 

Separate from the CCPA, California’s Shine the Light law gives California residents the right to ask companies what personal information they share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the purpose of directly marketing their goods or services to you unless you request such disclosure. If you have any questions regarding this policy, or would like to change your preferences, you may contact us at the address listed below.

Also, California Civil Code Section 1798.83 permits customers who are California residents and who have provided us with “personal information” (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes. If you are a California resident with questions regarding this, please contact us in the manner set forth under the heading “How can you contact us?”.

California Do Not Track Disclosures

California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how a website operator responds to “Do Not Track” (DNT) browser settings. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. We do not currently take actions to respond to DNT signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a DNT standard once one is created. For information about DNT, please visit: www.allaboutdnt.org.

Can This Privacy Policy Be Modified? 

Each time you use or access the Services, the current version of the Privacy Policy will apply. Accordingly, when you use the Services, you should check the date of this Privacy Policy (which appears at the top of the Privacy Policy) and review any changes since the last version. We will occasionally update this Privacy Policy to reflect changes in our Services and/or business practices. You are encouraged to check regularly for any changes to this Privacy Policy. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of user information collected in the past without the consent of affected users. You agree that your continued use of the Services shall constitute your acceptance of the Privacy Policy as revised. 

What Law Applies To This Privacy Policy?

This Privacy Policy is governed by the laws of the Commonwealth of Massachusetts if you are located in North America, without giving effect to any principles of conflict of law, otherwise the laws of France (if you are located outside of North America). 

How Can You Contact Us?

To contact us with your questions or comments regarding this Privacy Policy or our information collection and dissemination practices, please contact us at: privacy@taketurns.global