Home
Legal
Privacy Policy

Privacy policy

Updated on March 24, 2025

Table of contents

CompanyChallengeSolutionImpact

Purpose of this policy

Ditto, formerly known as BEAVR, is operated by Beavr SAS. Privacy is a fundamental right and one of Ditto's core values. For this reason, Ditto attaches the utmost importance to the security and protection of the personal data of its customers, partners, and employees, and is uncompromising in its compliance with the relevant legal provisions.

When you use the www.trustditto.com website, the certif.trustditto.com app, or the services offered by BEAVR, we collect personal data about you.

The European Directive 95/46/EC on the protection of personal data states that personal data must be processed lawfully, fairly, and transparently.

This data privacy policy (hereinafter referred to as the “Policy”) aims to inform Ditto's customers, partners, and employees in a transparent manner about how their personal data is processed.

Definitions

All terms relating to the protection of personal data used in this document and identified by capital letters, whether used in the singular or plural, shall be interpreted in accordance with the General Data Protection Regulation 2016/679 of April 27, 2016, repealing Directive 95/46/EC (hereinafter “the European Regulation”).

  • “Data,” used in singular or plural, refers to Personal Data processed by Ditto in its capacity as Data Controller and Data Processor;
  • “Site” refers to this website accessible at www.trustditto.com;
  • “Application” refers to the software platform accessible at certif.trustditto.com - unlike the Website, access to the Application requires the creation of an account;
  • “User,” who is the Data Subject within the meaning of the European Regulation, refers to the natural person who browses or consults the Website or uses the Application in order to access the Services provided by Ditto;
  • “Service” means all services provided by Ditto to Users via the Application, in particular the collection of ESG data and preparation for EcoVadis certification;
  • “Login details” means the login details and passwords used by the User to access the application certif.beavr.tech;
  • “User Data” refers to data collected, disseminated, posted on the Application or shared with Ditto on any medium whatsoever by the User and processed by Ditto for the purpose of providing the Service - this data may relate to the user or the Company for which they work and may include Personal Data.

Data controller

Whether in the context of browsing the website www.trustditto.com or using the Application, the Ditto Service is provided by Beavr SAS, a simplified joint stock company with a capital of 24,868.60, registered in the Paris Trade and Companies Register under number 909 074 593, whose registered office is located at 16 rue de Lancry, 75010 Paris.

Ditto acts as data controller for part of the processing and as data processor for another part.

  • For processing related to consultation, browsing the Site or the User journey, Ditto acts as data controller.
  • For processing related to the creation, configuration, updating, and use of an account on the Application in order to benefit from the Services offered by Ditto, Ditto acts as a processor for the User's employer (the “Client”), meaning that we process your data on its behalf, for its account, and according to its instructions. In the event of any conflict between this policy and the data protection document provided by the Client, the provisions of the Client's information document shall prevail over this privacy policy.

Description of services

Ditto provides its Clients with a software platform and expertise to ensure their compliance with non-financial performance management.

Through this platform, we offer several services, including

  • ESG data collection and consolidation
  • ESG reporting and CSR report writing
  • Preparation for certification (EcoVadis, B Corp, etc.)

Description of processing and nature of data collected

When Ditto acts as a processor, we collect the following data in order to provide the Client with the contractually agreed Services.

When Ditto is the data controller, we collect the following data

  • Identification data: Last name, first names, professional email address, company
  • Connection data: Username, password, IP address, logs

Why and for how long do we collect your data?

We collect your personal data for specific purposes based on various legal grounds.

Recipients of the data

For certain processing purposes, we may share our Users' data with

  • Our employees
  • The service providers and subcontractors we use to carry out a range of operations and tasks, including: our hosting providers (Webflow, AWS), our CRM provider (Hubspot)
  • The CSR and sustainable development consultants in our community who support and advise you
  • The services responsible for control (auditors in particular), public bodies, exclusively to meet our legal obligations, court officers, ministerial officers and bodies responsible for debt collection

Only information that is strictly necessary is shared with third parties outside Ditto. In particular, we ensure that our service providers and subcontractors refrain from using the data for purposes other than those initially intended, and we make every effort to ensure that they preserve the confidentiality and security of your data.

Similarly, we only provide the necessary data to legal or regulatory authorities in order to comply with our legal obligations. We make every effort to maintain their confidentiality and security.

We do not sell your data.

Transfer of data to third countries

Your data is stored on the servers of Webflow and AWS in Europe.

They may be transferred outside the European Union in connection with the tools we use and our relationships with our subcontractors (see section “Who are the recipients of the data?”).

In the event of such a transfer, we guarantee that the transfer is carried out:

  • Either to a country that ensures an adequate level of protection, i.e., a level of protection equivalent to that required by European regulations;
  • Or that it is governed by standard contractual clauses.

Data retention

We only keep your personal data for as long as necessary to fulfill the purpose for which we hold the data, to meet your needs, or to comply with our legal obligations.

Retention periods vary depending on several factors, such as:

  • Ditto's operational needs
  • Contractual requirements
  • Legal obligations
  • Recommendations from supervisory authorities

→ Please refer to the table in Article 6 for more details on retention periods by type of data.

Rights over your data

You have the following rights with regard to your personal data:

  • Right to information: This policy is intended to provide you with transparent information about how your personal data is managed.
  • Right of access: You have the right to access all of your personal data at any time.
  • Right of rectification: You have the right to rectify your personal data that is inaccurate, incomplete or obsolete at any time.
  • Right to restriction: You have the right to obtain the restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to be forgotten: You have the right to request that your personal data be deleted and to prohibit any future collection of such data.
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of applicable laws.
  • Right to define guidelines for the storage, erasure and communication of your personal data after your death.
  • Right to object: You have the right to object to the processing of your personal data. Please note, however, that we may continue to process your data despite your objection for legitimate reasons or to defend our rights in court.

You can exercise these rights by writing to us at the contact details below. We may ask you to provide additional information or documents to verify your identity.

Contact point for any questions regarding the processing of personal data at Ditto

For any questions regarding the processing of personal data in general or the processing of your personal data, you can contact us in the following ways

  • Email: contact@trustditto.com
  • Post: Beavr SAS, 24 rue de Clichy, 75009 Paris

12. Changes

We may modify this policy at any time, in particular to comply with any regulatory, legal, editorial or technical changes. These modifications will apply on the date of entry into force of the modified version. You are therefore invited to consult the latest version of this policy regularly. Nevertheless, we will keep you informed of any significant changes to this privacy policy.

Appendix - Cookie management

A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit that website again, the cookie enables the website to recognize your browser. This allows the information you previously provided to be retrieved, so that you can easily use the customized features. Cookies can store user preferences and other information to improve your experience on the website.

Some cookies are necessary for technical reasons in order for the site to function, and we refer to these as “strictly necessary.” Other cookies allow us to track and target the interests of visitors to enhance their experience on the site.

The cookies we issue allow us to:

  • ensure the functioning of the services available on our website (“strictly necessary” cookies)
  • compile anonymous statistics and traffic volumes and measure the use of the various elements that make up our Site (sections and content visited, paths taken), enabling us to improve the relevance and usability of our services;
  • adapt the presentation of our Site to the display preferences of your device (language used, display resolution, operating system used, etc.) during your visits to our Site, depending on the hardware and viewing or reading software that your device has;
  • to store information relating to a form you have filled out on our Site (registration or access to your account) or to products, services or information you have chosen on our Site;
  • to allow you to access reserved and personal areas of our Site, such as your account on the certif.beavr.tech Application, using identifiers or data that you may have previously provided to us, and to implement security measures, for example when you are asked to log in again to access content or a service after a certain period of time.

You can configure and block these cookies directly via your Internet browser. For more information on how to do this, please visit the dedicated page on the CNIL website (https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).

Please note that blocking “strictly necessary” cookies may significantly limit or even prevent your browsing on the website and access to the Service.

Table of contents

Understanding the basics of ESRS standards and the CSRD directive
This is some text inside of a div block.