- No advertising trackers. No optional analytics cookies.
- We use only strictly necessary cookies/technologies for security and service delivery (e.g., Cloudflare security).
- For institutional workspaces, the institution is usually the Controller and SomePass acts as Processor (see DPA).
1. Who we are
This Privacy Policy describes how SomePass (“we”, “us”) processes personal data when you use Qualigio at https://www.qualig.io and related pages and forms.
SomePass — 58 rue Lycette Darsonval, 50000 Saint-Lô, Normandy (France) — VAT: FR10 837519404 — RCS: RCS COUTANCES 837519404
2. Controller vs Processor (educational workspaces)
Depending on the context, we may act as:
- Controller for website visitors and direct contacts (e.g., when you submit a contact form on our public site).
- Processor for Workspace Data processed on behalf of an institution/organization that operates a workspace (learners/instructors/submissions).
For Processor obligations and procurement details, see our DPA.
3. Data we process
We process data depending on how you use the Services:
| Category | Examples | Typical source |
|---|---|---|
| Account & identity | Name, email, username, role (learner/instructor/admin), workspace affiliation | Provided by you or your institution |
| Workspace content | Courses/projects, submissions, deliverables, attachments, rubrics, feedback | Provided by users within the workspace |
| Support & contact | Form messages, support requests, metadata needed to respond | Provided by you |
| Technical & security | IP address, device/browser info, request logs, timestamps, security signals | Collected automatically (server/CDN/security) |
Sensitive data: We do not intentionally collect special-category data. Please avoid entering sensitive information into free-text fields unless strictly necessary and lawful.
4. Purposes & legal bases
We process personal data for:
- Service delivery (accounts, access control, learning workflows, collaboration).
- Security & abuse prevention (bot protection, fraud prevention, DDoS mitigation, incident investigation).
- Reliability & maintenance (debugging, performance, operational monitoring).
- Support communications (responding to requests, service-related emails).
- Legal compliance (responding to lawful requests, accounting obligations where applicable).
GDPR legal bases (when applicable): contract, legitimate interests (security/reliability), legal obligations, and consent only if we introduce optional features requiring it.
5. Cookies & Cloudflare (strictly necessary only)
We use cookies and similar technologies only when strictly necessary for security and service delivery. We do not use advertising cookies and we do not set optional analytics cookies.
Cloudflare
We use Cloudflare for DNS/CDN and security (WAF, DDoS mitigation, bot protection). Cloudflare processes technical data (e.g., IP address, request headers, security signals) to deliver and protect the Services. As a global provider, some processing may occur outside the EEA; where required, appropriate safeguards apply (e.g., SCCs).
6. Sharing & subprocessors
We share personal data only as necessary to operate the Services:
- Service providers (processors) (e.g., hosting, email delivery, CDN/security, payments).
- Your institution (workspace admins/instructors) for governance and educational operations.
- Legal requirements (lawful requests, enforcement of rights).
We do not sell personal data. For institutional Workspace Data processing, see the DPA and its subprocessor annex.
7. Retention
We retain data only as long as necessary for the purposes above and contractual/legal obligations. Retention depends on data type and configuration (institutional governance).
- Account data: while the account is active and for a limited period after closure, unless legally required longer.
- Workspace content: according to the institution’s lifecycle (courses/projects/archives) and platform configuration.
- Security logs: limited retention for security and incident response.
8. Your rights & how to contact us
Depending on your location, you may have rights such as access, rectification, deletion, restriction, portability, and objection. Where we rely on consent, you may withdraw it.