Last updated: November 12, 2020
- Antidote 10 and prior editions for installation on a computer, Antidote Web for access through a browser on antidote.app, as well as Antidote Mobile for iPhone and iPad (the “Applications”);
- the websites www.antidote.info and www.druide.com as well as the services which they allow you to access, such as your Client Portal from services.druide.com and the Help Center from assistance.druide.com (the “Websites”).
This document uses clear and simple terms to describe the practices and procedures adopted by our company, Druide informatique inc. (“Druide”), to protect your personal information.
2. What Information Do We Collect and Why?
2.1. Information Provided by Users
2.1.1. Primary User
Contact information — Account creation by primary users (over 16 years of age) requires their full name, email address and the language selected for the interface of the chosen Applications and correspondence from Druide. Other information, such as their telephone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use the information provided by the primary user for service-related communication and technical support requests or announcements.
Credit card information — Anyone who creates an account to pay for Applications must provide their credit card details (card number, expiration date, security code) and billing address. The transaction is secured by Stripe, a platform with PCI/DSS level 1 certification (the highest level of security for online payments). Information relating to your credit card is encrypted and is never transmitted over the Internet in unencrypted form. Additionally, it is processed exclusively by Stripe and never comes into our possession.
Username and password — When creating an account, the primary user chooses a personal password. The username is the same as their email address. The username and password are required for signing into the Applications and certain services offered by the Websites, as well as for submitting a request for technical support online.
2.1.2. Invited Users Aged 16 and Over
Contact information — When creating an account for an invited user aged 16 years and older as part of a family subscription to the Applications, only the invited user’s email address is required. When an invited user receives an invitation from the primary user, the invited user will then be required to provide their full name. Other information, such as their phone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use this information for service-related communication and technical support requests or announcements.
Username and password — When signing in for the first time, the invited user aged 16 years and older chooses their personal password. The username is the same as their email address. The username and password are required for signing into the Applications and certain services offered by the Websites, as well as for submitting a request for technical support online.
2.1.3. Invited User Under 16 Years of Age
Contact information — When an account is created for an invited user under 16 years of age as part of a family subscription to the Applications, only the invited user’s full name is required. No email address is linked to the account. Unlike with other users, we never communicate with invited users under 16 years of age, not even for service-related communications or technical support. You can provide the date of birth of an invited user under 16 years of age. This way, the status of the invited user’s account will change on their 16th birthday.
Username and password — The primary user also chooses a username and password when creating the account. Users under 16 years of age cannot change their username or password; only the primary user can make these changes.
2.1.4 Personal Dictionaries, Word Lists and Favourites Lists
When using one of the Applications, it is possible to add a word that is not recognized by Antidote to a personal dictionary, to create personalized word lists, or to create lists of favourites for quick access to dictionary entries or guide articles. The interface of the Applications allows you to edit or remove the entries added to one of these lists. You can export their content in a structured, commonly used, machine-readable and interoperable format. If your subscription grants you the right to use the Applications on more than one device, a service allows you to synchronize this data across all your devices.
Support requests — The Assistance section of our Websites contains a form allowing you to describe a problem, leave a comment or share a suggestion. You must then provide any information that will help us process your request.
Comments and suggestions — You may send us comments and suggestions regarding the Applications or Websites. You acknowledge that Druide may use them in the development, improvement and marketing of its products or services without any restriction or obligation to provide remuneration.
Newsletters — Your Client Portal allows you to manage your subscription to our newsletters. We strongly recommend that you remain subscribed to our newsletters, as we use them to transmit important information concerning the use of our products and services. In general, we will only write to you personally regarding matters related to your account (to remind you that a subscription is about to expire, for example).
2.2. Information Collected Automatically
2.2.1. Usage Data
As a provider of web-based services, Druide automatically collects certain information for its web server logs. The information collected may be related to the device used (operating system, type of hardware, browser name, etc.) or the nature of the use of the Websites and Applications (session frequency and length, activated options, display settings, word searches, etc.). We only use this information in aggregate for the users as a whole, without the possibility of identifying users individually. This information helps us in making decisions for the improvement of our products and services. For example, we may decide to improve the integration of Antidote Web in the most popular browsers or to add certain words to the dictionaries that are frequently searched for by users.
2.2.2 Anonymized Data
For the sole purpose of improving the performance of its analyzers, we store an anonymized version of texts submitted to Antidote Web’s corrector. In the anonymized texts, the following elements will be replaced with completely different words: the names of any natural or legal persons, place names, demonyms, dates and times, numbers, addresses, postal codes, telephone numbers, email addresses, URLs, brand names, acronyms, etc. The original text submitted to Antidote Web will be destroyed in the 24 hours following its correction and no link will be saved between an anonymized text and the person who submitted it.
Following this process, and after the destruction of the original text, the anonymized data no longer allows for the direct or indirect identification of a particular person. This process cannot be reversed.
2.2.3. Single Sign-On
When an account is linked to a single sign-on service, such as Google Single Sign-On (SSO), we only collect the login information required by that service: the username, email address and avatar URL. The password, however, is not collected.
Like most web-based services, we may use both session and persistent cookies, a standard technology embedded in browser software. A session cookie disappears after the browser is closed, while a persistent cookie may remain in the browser indefinitely. Cookies can be removed, but if they are disabled or blocked, it may prevent the Applications and Websites from functioning correctly.
To learn more about cookies, visit All About Cookies.
2.2.5. IP Address
We may collect and analyze IP addresses, especially because they can help us find the cause of a technical problem. We do not collect precise geolocation data from users, nor do we store or track any device locations.
2.2.6. Web Analytics
To understand the context of a technical issue or to improve the Applications and Websites, we may use third-party web analytics providers such as TrackJS or Google Analytics. While these services do not collect any personally identifying information, Google may use the data collected to contextualize and customize the advertisements of its own advertising network.
For more information on Google’s practices in terms of the protection of personal information, please view the page describing its privacy rules.
2.2.7. Facebook Advertisement Tracking
We sometimes use Facebook’s “Visitor Action Pixels”. This allows us to follow the interactions of visitors with the Websites when they are directed to them by a Facebook advertisement. The information collected in this way is anonymous for us: we cannot see the personal information of users. However, it is stored and processed by Facebook, which can link it to your Facebook account and use it for its own advertising purposes.
For more information on Facebook’s practices in terms of the protection of personal information, please view its Data Use Policy.
3. What We Do with the Information Collected
We do not collect personal information that is not necessary for the delivery of the products and services that we offer. This means we use your personal information to:
- provide you with services through the Applications and Sites
- provide you with technical assistance
- maintain our commercial relationship with you
- ensure the proper functioning and improvement of the Applications and Websites
- respond to your questions and, if applicable, your job applications.
4. What we Do Not Do with the Information Collected
- We do not sell, trade, rent or provide the personal information of users of the Applications and Websites to third parties.
- As our Applications are fee-based, we do not expose users to advertisements.
- We do not provide any messaging system for users to communicate privately with each other.
5. How Do We Protect Information?
5.1. Security Measures
When it comes to protecting user information, security is our highest concern. Here’s what we do to keep the Applications and Websites secure:
- We use SSL (Secure Sockets Layer) to establish an encrypted link between our web server and a browser. This link ensures that all data transferred remains private and secure.
- We use firewall-protected servers stored in a secured location to prevent any unauthorized access.
- We store and transfer passwords using encryption technologies deemed to be safe.
- We control and limit our employees’ access to our user database.
- We periodically review all the above security measures and practices.
5.2. General Measures
We are deeply committed to a global and methodical approach in respecting the principles laid out in numerous laws and regulations, notably the Children’s Online Privacy Protection Act (COPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR). Here is what we do to comply with them.
5.2.1. Information for Children Under 16 Years of Age
We are committed to protecting the information of all users—notably children under the age of 16. We will not require them to disclose more personal information than necessary.
Should you become aware that we have inadvertently collected personal information from a child—for example, a child has created an Antidote subscription—we will take action to promptly delete such information. To report to us that a child’s personal information has been inadvertently collected or provided without the consent of a parent or legal guardian, please contact us at firstname.lastname@example.org.
5.2.2. Deletion and the Right to Be Forgotten
In your Client Portal, you can remove the account of any invited users aged 16 or older from a family subscription. You can also delete the account of any invited users under 16 years of age, along with all their details. In addition, all accounts are automatically deleted one year after the account’s expiry, or at any time at the user’s request. Upon deletion, personal details are permanently erased and cannot be restored. You can also exercise your right to be forgotten by submitting a request to us to this effect at email@example.com.
5.2.3. Right to Rectification
Personal information can be found in your Client Portal; you can view and edit it at any time. However, users under 16 years of age cannot edit their personal information, only the primary user can do so. You can also submit a request to amend the incorrect information at firstname.lastname@example.org.
5.2.4. Property, Control and Data Portability
Depending on the applications, users can add a word to a personal dictionary along with any relevant lexicographic information, create personalized word lists, or create lists of favourites for quick access to dictionary entries and guide articles. The content of personal dictionaries, word lists, and favourites lists belongs to users. We do not claim any right of ownership or control over the content added. The interface of our Applications allows users to edit or remove entries added to one of these types of lists. They can also export their content in a structured, commonly used, machine-readable and interoperable format.
5.2.5. Parental Consent
COPPA mandates obtaining parents’ verifiable consent before collecting information from their children, and describes different accepted ways to do so. By inviting a child under the age of 16 to join your subscription, you certify that you are the child’s parent or legal guardian and consent to the collection of information described in this policy.
5.2.6. Transfer of Your Personal Information
In order to comply with the GDPR, we must inform you that your personal information will be transferred outside the European Union (EU) to Canada. The GDPR allows for the transfer of data to certain countries whose legal system affords a level of protection deemed “adequate” with regard to personal information. Under an adequacy decision rendered by the European Commission, Canada is one of the countries to which the transfer of personal information from the EU is authorized.
5.2.7. Legal Requirements
We may disclose personal information in good faith in the following circumstances: when required to do so by law or by a court; to investigate or defend against third-party claims or allegations; to protect the security and integrity of our services; and to protect our rights and those of our users.
5.3. In Case of Failure
We strive to protect our users against unauthorized use, disclosure, or access to their personal information. Although we adhere to the best industry standards, we cannot claim that our security system is 100% immune to failure. In the event that we discover a security breach affecting our users’ accounts, we will send an email within 24 hours to all users (over 16 years of age).
This document will occasionally be updated to keep pace with improvements to the Applications and Websites, security technology and changes to privacy legislation. We expect that such updates will be minor amendments. However, if any modification significantly reduces the protections outlined in this policy, we will seek consent by email from all users of the Applications who have a Druide account, provided that they are aged 16 or older.
6.2. General Consent
Druide informatique inc.
Data Protection Officer
1435 Saint-Alexandre Street, Suite 1040
Montreal (Quebec) H3A 2G4
If you are not satisfied with the way in which we use your personal information, you can appeal to the supervisory authority with jurisdiction over such matters in your country. For example, the Office of the Privacy Commissioner of Canada is authorized to supervise matters relating to the management of personal information in Canada, while the Commission nationale de l’informatique et des libertés (CNIL) has jurisdiction in France. If you reside in a European Union country, please visit the site of the European Data Protection Supervisor to find the competent authority in your country.