THE DOLIST PRIVACY POLICY

Definitions

In this document, "Dolist" or "we" refers to the company Dolist EMAIL MARKETING SAS whose head office is located at 6 rue Henry Le Chatelier in Merignac, France (33700). The "products" are all the sites, features, services and systems that we make available to our customers to send messages and collect data from their users and customers. Our "customers" or "users" are individuals or organisations that may interact with our products and services online. The word "you" refers more directly to those of our users who interact directly with the interfaces of our products and web services. "Subscribers" are all the individuals and organisations that interact with you, our customers, through our products. "Personal information" is data that you or your subscribers have supplied to our products. More specifically, this data is comprised of surnames, first names, addresses, identification numbers, telephone numbers and, without restriction, any distinct piece of information specific to an individual and his or her equipment.

Our products are available on the websites:

• www.dolist.com
• client.dolist.net
• auth.dolist.net
• extranet.dolist.net
• campaign.dolist.net

This description of our Privacy Policy applies to these sites and all sites and applications operated by Dolist. By website, we mean the domains of each site and all pages, widgets, interactive objects, links to pages and social networking services. Using our services may give rise, as described below, to the sharing of personal information with the visitor of a website, a subscriber or a contact who is part of a list of contacts.

Changes

Our privacy policy may change at any time we deem appropriate and without notice. This document is effective as of the date of its update (November 28, 2017). We urge our users to check regularly that its content corresponds to their own policy for the use of third-party services.

Scope

Our privacy policy covers the dataset we have accumulated about you within the framework defined by the Terms of Use that we have submitted for your approval.

Questions

If you wish to obtain information or make corrections to the data that we hold about you, please send us a message at marketing@dolist.com or by letter to Dolist, 6 Avenue Henry Le Chatelier 33700 Mérignac - France.

The information we keep

(a) The information you provide voluntarily

From the moment you accept the Terms of Use of our products and services, whether you contact our employees, send us messages by e-mail or via our websites or upload data that you have collected by various means to our platforms, you explicitly consent to its storage and technical processing by us. Dolist invites you to take note of the simplified standard no. 48 resulting from the deliberation no. 2012-209 of 21 June 2012 creating a simplified standard regarding the automated processing of personal data relating to the customers and prospects management at the following address http://www.cnil.fr/documentation/deliberations/deliberation/delib/184/, which constitutes the base of Dolist's declaration to the CNIL.

(b) The information we automatically save.

When you use our products - websites, platforms, etc. - we record information describing your particular use. We record information about your computer, your connection method, the type and version of your internet browser, your operating system, the OS of your mobile or tablet, as well as the unique device identifier ("UDID ") and other technical identifiers such as the URL of your connections, including the date and time, and the content you access and the way you interact with our products or third-party sites. This information is collected via cookies and trackers as well as in time-stamped monitoring log files. We may use and disclose this data for the purposes identified by this privacy policy and within the limits of applicable law. We inform you that we may combine this data with your personal data; the said combined information will then be processed by Dolist as personal data within the meaning of Law No. 78-17 of 6 January 1978 relating to computers, files and data rights. We may also use the collected data automatically in aggregate for various purposes as long as such data does not personally identify you: this aggregated data will not be considered as personal data.

(c) Databases of contacts and address lists

The files you use in conjunction with our products and on our platforms allow recipients to share the messages you send. We store this information but do not make any corrections or enhancements to your contact databases.

Dolist has performed all the formalities with the CNIL, the French data protection authority, for all its processing of personal data that concerns both the data of its prospects and customers as well as the management of data on the usage of products and services by their subscribers.

Use and sharing of personal information

We may use personal data in our possession in the following cases:

(a) To promote our products and services to you or others.

For example, if you browse our websites without accessing our products and services, we may send you an e-mail asking you to discover the potential of our platforms. You will be able to stop receiving these messages by clicking the unsubscribe link at the bottom of each e-mail we send. We may also send you messages to draw your attention to services or features that are not part of your current usage.

(b) In order to send you information content for which you can then express your desire to opt-in.

You will be able to stop receiving these messages by clicking the unsubscribe link at the bottom of each e-mail we send.

(c) To send you technical warning messages.

We may inform you of temporary or permanent changes to our Products and Services such as downtime, version changes or new features, reporting fraudulent use or changes to our Privacy Policy.

(d) To communicate with our subscribers about their accounts or to provide them with assistance.

(e) To enforce compliance with our Terms of Use.

This provision includes the use of tools or algorithms allowing us to anticipate behaviour contrary to these provisions.

(f) To ensure the security and rights of our subscribers, third-party users and ours.

(g) To respond to legal requests for information that may be required.

(h) To provide information to legal representatives and tax authorities.

Including legal and accounting firms in order to fulfil our statutory management, publication and information requirements.

(i) To bring about legal proceedings or respond to them.

(j) To ensure the legality of our activities, including with regard to emergency provisions made by the authorities for national security.

Your data collection

Your use of our products and services may include the importation of personal data that you have collected from your subscribers or other sources of information. We do not have a direct relationship with your subscribers. That is why it is your sole responsibility to make sure that you get permission from them to process their information. This permission must be understood as the right to use their e-mail addresses in connection with e-mail service providers.

Public information and third-party websites

Some of our websites include quote functions on major social media. These functions may collect information such as your IP address or the page addresses of our sites you are browsing. They are also likely to implement a cookie to ensure their proper functioning. Dolist is present on Twitter, LinkedIn, Facebook, Viadeo and YouTube. Any transmission of information on your part by one of these communication channels is governed by the provisions of their editors and engages only your own responsibility.

Third-party service providers

We may provide information to third-party service providers to ensure our products and services work correctly. We may use additional sharing or message tracking services and IT service providers. Whenever possible, we will keep you informed of the types of partners who, in any case, are contractually committed to respecting the terms of our privacy policy.

The content of your e-mail messaging campaigns

Sending an e-mail messaging campaign generates the transfer of messages from server to server. The confidentiality of their content is subject to the best practices of each recipient's service provider. Dolist cannot be held responsible for the accidental sharing of content resulting from a message sent through our products and services.

We sometimes perform tests to confirm the technical validity of the messages that we send. These tests are performed by software, but their results may be evaluated by members of our team to determine if they breach our Terms of Use or are likely to cause harm to all of our users by changing our deliverability performance.

Your contact lists

A list of contacts can be created in several ways. In particular, you can import a pre-existing list in ".csv" format. These lists are stored on our backup infrastructure and are not subject to any third-party use outside the reading and sorting operations that we perform at your request. In the event of a complaint expressed by one of the contacts of your list, we reserve the right to enter into contact with him or her. Similarly, upon referral to public authorities, we reserve the right to give access to your lists and how you use them. You remain fully the owner of the data that comprises your contact lists and can download it without prior agreement.

Information on endangering security

In the event of a security incident such as an intrusion or a failure, we undertake to keep you informed as soon as possible and until the normal operation of our products and services has been fully re-established.

Securing your information

The European General Data Protection Regulation (GDPR) precisely defines the nature of the precautions we implement to ensure the protection and absolute integrity of the data you entrust to us. Dolist has always made sure to have the technical methods and infrastructures needed to ensure complete control of its users' security.

We take all possible steps and precautions in using data regarding our contractual business commitments. Make sure that the access codes and passwords used to access our products and services are not shared or used outside the scope of our Terms and Conditions. Because of their encryption, we are not able to provide them to third parties. On the other hand, in case of a problem, we can allow you to set new ones.

We are located in France

Our head office, our premises, and our technological infrastructure are located in France. Your data does not leave this territorial scope. By using our services and products, you explicitly consent to your data being transmitted and stored in France.

Quality of information and transparency

We do our best to keep your data accurate and up to date as long as you follow our advice and best practices. In case of changes to your contact data, it is your responsibility to inform us and send us your new contact information. On request, we can also keep you informed of how we use your data.

We keep this information as long as your account is active or you use our products and services. We will also retain it so that we can meet our legal obligations or in case of arbitration, litigation, or in order to meet our obligations.

Access to data

On simple request (marketing@dolist.com), we will give access within 30 days to the personal data that we hold about you or a User whose identifiers you have. You may request any modification, rectification or cancellation from us within the limits of the scope set out by law.