Odoo In-App Purchase Privacy Policy

Last updated: June 3, 2019

This policy is an extension of the Odoo Privacy Policy to explain what information is collected, why, and how we use it for our IAP services.

SMS

Information we collect: The information we collect is directly provided by our users when they use the service. This information includes the identifier of the Odoo IAP account making the request, as well as the destination mobile phone number and the text of the SMS to send.

How we use this information: This SMS text and the destination mobile phone number is transferred to our service provider in order to execute the request. The contents of the SMS is not stored on the Odoo IAP server, however our server logs keep a temporary record of the IAP account and the destination mobile number for security and abuse prevention purposes.

Accessing, Updating or Deleting Your Personal Information: You have the right to access and update personal data you have previously provided to us. You can do so at any time by connecting to your personal account on iap.odoo.com. If you wish to permanently delete your account or personal information for a legitimate purpose, please contact our Helpdesk to request so. We will take all reasonable steps to permanently delete your personal information on our servers and on the third-party service providers you have used, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons).

Third Party Service Providers:
Service Provider Purpose Share Data
Clicksend
Legal Page
Privacy & Security
SMS processing through IAP services Shared with Clicksend: Text of the message and destination mobile phone number.


Data Retention: The Odoo IAP server logs contain a one-way hash of the IAP account, and the destination mobile phone number, and are kept on our servers for security and abuse prevention purposes, for up to 12 months.

Transfer of Data: The Odoo IAP servers are located in Belgium. For service providers, please see the relevant entry in the table above.

Partner Autocomplete

Information we collect: When Odoo users enter customer or supplier data in their database, an auto-completion request is sent to our service with the company name or VAT number that have been entered. This data is processed anonymously - we do not store any information to identify the origin of the requests.
No auto-completion request is made for individuals, only for contacts of type "Company", as we cannot and do not retrieve information for individuals. As a result, the processed data should generally not include any personal data.

How we use this information: The requested company name or VAT number is transferred to our third-party service provided listed below, in order to retrieve company information such as the company address, email, logo and website.
The company info retrieved in this fashion is stored temporarily on our servers in order to speed up retrieval of frequently accessed data, and we take every step to make sure we only store business data, and no personally identifiable information.

Accessing, Updating or Deleting Your Personal Information: Access to user requests cannot be requested as the data is anonymized.

Third Party Service Providers:
Service Provider Purpose Share Data
Clearbit
Legal Page
Privacy & Security
Auto complete partner informations through IAP services Shared with Clearbit: We send the company name entered by the user to get more info and autocomplete. Only name entered for partner of type 'Company' are sent to clearbit, not for individuals.
VIES
Privacy & Security
Auto complete partner informations through IAP services Shared with VIES: We provide the VAT number to get the address that will autocomplete.


Data Retention: We only store aggregated metrics on anonymized requests of information on company domains on our server. We keep this indefinitely.

Transfer of Data: Data is hosted on our server which is located in Belgium.

Reveal

Information we collect: We collect the IP addresses submitted to our service for contact information. This data is anonymized, meaning that we do not store who submitted which IP address.

How we use this information: IP addresses submissions are aggregated, made anonymous, and kept to improve our service. This information can no longer be associated with a specific person.

Accessing, Updating or Deleting Your Personal Information: Access to submitted IP addresses cannot be requested as the data is anonymized.

Third Party Service Providers: Whenever the user submits an IP address to identify its company domain, this request is sent to our server and to our service provider, Clearbit. We make sure that Clearbit uses this information in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract. More information can be found on Clearbit's GDPR Compliance and Privacy Policy.
Service Provider Purpose Share Data
Clearbit
Legal Page
Privacy & Security
Retrieval of business info for prospection through IAP services Shared with Clearbit: We send the website visitors IP address entered by the user to get more info and autocomplete. Only name entered for partner of type 'Company' are sent to clearbit, not for individuals.
Retrieved from Clearbit for visitors coming from EU companies: name, sector, est. size, est. revenue, website, social media and general contact info
Retrieved from Clearbit for visitors coming from non-EU companies: same as for EU companies, plus contact info for company executives, if known


Data Retention: We only store aggregated metrics on anonymized submissions of IP addresses on our server. We keep this indefinitely.

Transfer of Data: Data is hosted on our server which is located in Belgium.

Snailmail

Information we collect: The information we collect is directly provided by our users when they use the service. This information consists in the PDF document the user is sending by post, along with the address to which it is being shipped.

How we use this information: This information is sent to our server then transfered to our service provider in order to deliver the submitted document to the shipping address provided. This information is not stored on our server.

Accessing, Updating or Deleting Your Personal Information: This information is not stored on our server. Upon user request, we can provide access/control to the data stored on our service provider's servers.

Third Party Service Providers: Whenever we share this information with our service provider, Pingen, we make sure it is used in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract. More information can be found in Pingen's Privacy Policy.
Service Provider Purpose Share Data
Pingen
Privacy & Security
Mail processing through IAP services Shared with Pingen: PDF Document to send by post, they are kept by pingen during 1 month for debugging purpose.


Data Retention: Document and destinator's shipping address are not stored on our server.

Transfer of Data: Data is hosted on our server which is located in Belgium.

OCR Invoice

Information we collect: The information we collect is directly provided by our users when they use the service. This information consists in the invoice file the user is sending to OCR Invoice, and some information to help to discern the user in the invoice: the company name, the company VAT number, the language of the user and his email.

How we use this information: Invoice files (PDF/image) are parsed and analyzed to return structured invoice data to the user. Files are stored, along with their structured information, to be used in the continual improvement of our service. Other information like company name, company VAT number, user language and user email are only used to identify vendor and customer in invoice detection.

Accessing, Updating or Deleting Your Personal Information: Invoice files stored, along with their structured information, can be accessed and deleted upon user request.

Third Party Service Providers: Whenever a user submits an invoice file to our OCR service, it can be sent to Google Vision to be parsed and converted to text. We make sure that Google uses this information in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract. More information can be found on Google's Data Processing Amendment and Privacy Framework.

Data Retention: Submitted files, along with their structured data, are stored on our server for a duration of 6 months. After this period, submitted files will be deleted and structured data anonymized.

Transfer of Data: Data is hosted on our server which is located in France.