Digimind | Privacy Policy

1. You are a Digimind Website’s User

2. You are a Third-Party Website User

3. You are a Customer of Digimind

4. You are a Digimind candidate

Effective starting: 30/03/2023

Find the last version in our archive.

View Onclusive Privacy Policy

View Onclusive Terms of Use

Definitions

“Agreement” means the contract between Digimind and a Customer to which the latter purchases a Digimind’s service.

“CCPA” means the aliformani Consumer Privacy Act, Cal. Civ. Code §1798.100 et seq., and its implementing regulations.

“Customer” means the party (and its personnel) other than Digimind that has entered, or may enter, into an Agreement with Digimind.

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

“Data Controller” means the natural or any legal body which alone or jointly with others, determines the purposes and means of the processing of the personal data.

“Data Processor” means the natural or any legal body processing Personal Data on behalf of the Data Controller under the terms of an agreement.

“Data Subject” means an identifiable natural person who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Digimind” means Digimind France, Digimind Holland, Digimind LATAM, Digimind Morocco, Digimind SG, Digimind Spain, Digimind USA, Digimind.com website, Digimind Social platform and Digimind Intelligence platform.

“Digimind Website” means any of digimind.com websites: digimind.com; digimind.com/fr/; digimind.com/en-sg/; digimind.com/es/; digimind.com/de/; digimind.com/it/.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“PDPA” means the Personal Data Protection Act 2012 of Singapore.

“Services” means the services provided by Digimind which are: to provide competitive intelligence Saas software; analyse campaigns; measure brand reputation; analyse consumer behaviour; monitor trends; identify influencers.

“Supervisory Authority” means an independent public authority which is responsible for monitoring the application of data protection.

“Third-Party Website user” means a person who publicly publishes information on a website from which Digimind collects information.

Who are we?

Digimind is part of Onclusive Group Company, a global leader in Media Intelligence. The Digimind websites are managed by Digimind S.A., incorporated under the Laws of France and with its registered office at 6 place Robert Schuman, 38000 Grenoble, registered with SIRET number 419 346 135.

The Digimind websites are hosted on Hubspot, Inc, in the United States of America.

Contact of the Data Controller

The responsible for the processing of Personal Data (Data Controller), within the meaning of the GDPR and other applicable laws, is Digimind S.A.. Digimind may act as a Data processor within the contractual relationship with its Customers.

If you have any queries, you can contact us at the email address data.privacy@digimind.com or address us with a letter at the following address:

Digimind

6 place Robert Schuman

38000 Grenoble

France

About this Privacy Policy

As a world leader in web intelligence, Digimind pays the most attention to the processing of personal data. Our longstanding experience in this market has allowed us to build an effective personal data management policy, which combines privacy processes and tools to ensure data security.

This privacy policy (“Privacy Policy”) is intended to help you understand what we do with your personal data, how we use it, how we share it, our processing methods, how long we store it for and your individual rights concerning your personal data.

What is Personal Data ?

“Personal Data” means any information that could identify you as a living individual (it can be an email address or I.P. address for example) and including special data as any expression of your opinion.

You have the right to know what is happening with your data and the types of data we hold about you. The information we hold and the time we store it depend upon the relationship with us. Please find below the relevant relationship you have with us and information about the data we collect.

1. You are a Digimind Website’s User

This privacy notice is addressed to Digimind Websites’ visitors (or “You”, “Your”) who are concerned by the collection of Personal Data. Digimind (or “We”, “Us”) collects, or may collect, information about you when you visit a Digimind Website.

Please continue reading to know more about your privacy.

For what purposes do we collect your Personal Data?

When you use a Digimind website, we collect your personal information for the following purposes:

To send your our newsletters when you have subscribed to it;
To contact you when you book a demo;
To produce statistics studies;
To track users on Digimind websites;
To provide a better experience when browsing and using our Digimind website;
To provide our services on a Digimind website.

What Personal Data do we collect?

1/ Information you provide us

You provide us some information including when you subscribe to our newsletters, when you contact us or when you book a demo.

The information we process about you when you provide it to us is:

Your full name (first name and last name);
Your contact details (email address and phone number);
Your job title;
The name of the company you work for;
The country you’re from.

2/ Information we collect about you when you use our website

When you use our websites we collect information that is necessary for the use of them and to improve the websites. We collect information from you when you use our websites through cookies to provide functionality and to recognise you across different services and devices.

The information you provide us is:

The way you browse a Digimind Website
Information relating to the equipment and devices used to access a Digimind website, notably the type of unit (computer, laptop), the type of internet browser, the operating system, the identifier of the mobile unit and the mobile operating system, IP or MAC address;
Your IP address
Login information for the website (where applicable);
The frequency with which you generate reports and the type of subject concerned (where applicable).

What is our legal basis to process your Personal Data?

When you provide us with your information, our legal basis to process it is your consent when you decide to agree on this Privacy Policy (article 6(1)(a) GDPR).

The legal basis for collecting your information on the website is our legitimate interest (article 6(1)(f) GDPR) or your consent, when you give it to us for the use of non-essential cookies (article 6(1)(a) GDPR).

If you want to learn more about our use of cookies, please visit our Cookie Policy which includes information on how to control or opt out of these cookies.

For how long your Personal Data is kept for?

Once the data is indexed, it is not kept longer than necessary for the nature and purpose of the processing. To ensure that data is not intentionally or unintentionally retained for longer than necessary, Digimind automatically deletes any indexed data after the last day of a client subscription. This measure is part of the Digimind strategy of Personal Data minimization.

To know the conservation period of the data collected through cookies, please check our Cookie Policy.

To whom is your Personal Data sent?

Your Personal Data data is stored within the Digimind company inside the European Union and outside the European Union. It can also be sent to outsourcers within the framework of their activities. The data can be hosted outside the European Union, in the United States of America by Subcontractors. In that case, Digimind will take all the necessary measures to ensure your privacy and the safety of your Personal Data and will supervise the transfers in accordance with the regulations in force. Notably, all the Subcontractors have signed European Commission Standard Contractual Clauses (SCC) with which they commit to the same level of requirement and to respect the same rules (in particular under Article 28 of the GDPR).

What security measures are taken to protect your Personal Data?

Digimind takes all appropriate measures to ensure the safety and the security of your Personal Data processed by us. Digimind commits to implementing every technical and organisational measure to guarantee a suitable level of security for each typology of indexed data against accidental or unlawful destruction, loss, alteration, deterioration, misuse, harm, unauthorised disclosure of, or access to Your Personal Data.

In order to meet these requirements, Digimind ensures the protection of your Personal Data through different measures. You can find the main measures taken by Digimind below:

We list each processing of Personal Data: Personal Data is indexed by type, sensitivity, and purpose. Each processing is listed in a register (as provided for in Article 30) and is subject to appropriate protection defined after a Privacy Impact Assessment (PIA) (as framed by Article 35 et seq. of the GDPR) which are performed every 18 months.

“Privacy by Design” Policy: Digimind has implemented a “Privacy by Design” policy, which means that from the moment Digimind designs and develops our solutions, We implement the right features so that We index only the data strictly necessary for the use that is pursued (as recommended by the European Regulation Article 25).

Notification of Personal Data Breach: to guarantee stringent security and to prevent any harm, Digimind will notify the concerned person and the Supervisory Authority as soon as necessary after Digimind becomes aware of any Personal Data Breach affecting any user Personal Data (following the Article 33 of the GDPR).

We limit and protect the access of your Personal Data: Digimind limits the access to your Personal Data to the authorised personnel who need to carry out the processing, and, which is trained with GDPR requirements. To ensure the safety of your Personal Data, all persons having access to Personal Data are bound by a non-disclosure agreement. Several measures are taken to protect Personal Data which include, but are not limited to: the servers from our offices use an encrypted connection and we restrict the access to identified IP addresses.

We physically secure the Data Centre: Digimind takes several measures to ensure physical security of Personal Data. They include, but are not limited to: the access to the site is restricted to Digimind users with an access card, the data centre is protected by an anti-intrusion system.

We ensure the safety and security of your Personal Data when processed by Subcontractors: all Digimind’s subcontractors have signed the Standard Contractual Clauses (SCC) of the European Commission so they comply with the GDPR.

What are your rights concerning your Personal Data and how you can exercise them?

Any Personal Data processed by Digimind shall be processed pursuant to the General Data Protection Regulation (GDPR), or any other applicable law, on the protection of individuals with regard to the processing of Personal Data by the Community institutions and bodies and on the free movement of such data.

1/ Claims or questions addressed to us:

If you have any queries concerning the processing of your Personal Data, you shall address them to us. You may exercise your rights regarding your situation.

Your rights under the General Data Protection Regulation (GDPR):

You have the right of access to your Personal Data which have been collected by us in order to be aware of, and verify the lawfulness of the processing. You shall have the right to know and obtain communication in particular with regard to the purposes for which your Personal Data is processed, where possible the period for which the Personal Data is processed, information about your rights, the recipients of the Personal Data.

You also have the right to seek from us the rectification or erasure of your Personal Data processed by us; to limit the processing of your Personal Data; to obtain and reuse your Personal Data for your own purposes across different services; to object, on grounds relating to your particular situation, at any time to processing of your Personal Data; not to be subject to a decision based on automated processing of Personal Data (including profiling).

Your rights under the California Consumer Privacy Act (CCPA):

You shall have the right to know and obtain communication in particular with regard to the specific pieces of Personal Data collected, the purposes for which your Personal Data is processed, where possible the period for which the Personal Data is processed and who we share your Personal Data with.

You have the right to seek from us the deletion of your Personal Data.

You have the right to non-discrimination for exercising your rights: any Data Subject shall be able to exercise their rights and we cannot deny them our services, charge them a different price or provide a different level or quality of services when they exercise their rights under the CCPA.

However, please be aware that if you refuse to provide any necessary information to us to provide you with our services, we may not be able to complete the transaction.

Your rights under the Personal Data Protection Act (PDPA)

Under the PDPA, you shall have the right to know and obtain communication in particular with regard to the Personal Data collected by us, the purposes for which your Personal Data is processed and who we share it with.

You have the right to access your Personal Data that we control or possess; to request the correction of your personal information; to limit the purpose of the processing; to seek from us the rectification or erasure of your personal information when the data indexed is no longer necessary for the purposes of the processing.

2/ Claims addressed to the Supervisory Authority:

Digimind aims for the highest standard while using your Personal Data but if you think we got something wrong, you have the right to complain about us at any time to the relevant national data protection authority in regards to the processing of your Personal Data.

2. You are a Third-Party Website User

This privacy notice is addressed to Third-Party Website Users (“you” or “your”) when they publish information, publicly available, on a website from which Digimind (“we” or “us”) collects data (when possible).

Digimind acts as a Data Controller within the meaning of GDPR, and other applicable law, for Personal Data processed in relation with the collection of Third-Party Website Users’ Personal Data from the Internet. However, within the contractual relationship with our Customers, and within the meaning of the GDPR, Digimind becomes the Data Processor, processing data on behalf of the Customers which become the Data Controller. You can find more information about how we process personal information on behalf of a Customer on the privacy notice addressed to Digimind’s Customers.

How is the data collected?

Digimind collects information from the Internet using automated indexing systems, also known as "crawlers". This is possible through some application programming interfaces (API), via agreement with websites or third-party content suppliers.

These crawlers abide by the terms and conditions of each individual site, meaning that we comply with each platform’s privacy requirements and other restrictions, and also, with websites’ protocols. Digimind does not use an ID circumvent system and only collects data when the site has authorised it. The crawlers Digimind uses are identified as belonging to Digimind by website owners so that they can choose to block them or contact us if any questions arise.

Digimind does not use automated processing of Personal Data (including profiling).

For what purposes do we collect your Personal Data?

Digimind, as a provider of social listening services and competitive intelligence Saas software, collects Personal Data from web users, only when authorised by the terms and conditions of each individual website. Digimind collects web users’ personal information in order to provide its services of social listening and in competitive intelligence to its Customers.

Also, indexed data from the Internet enables our software to generate consolidated visual analysis for our clients’ daily usage.

What Personal Data do we collect?

Digimind collects information available on the Internet and specifically from social media networks when we are authorised to crawl. Also, Digimind may infer some information when web users publish on the Internet which can be inferred from their identifier or their posts for example. Digimind does not collect or try to infer sensitive data (within the meaning of the GDPR).

1/ The Personal Data collected from the Internet, when authorised to crawl and published publicly by You is:

Your identifier: username, your name, pseudonym or other identifier;
Your profile information: picture, gender, data of birth, interests, description, any other information you make available;
Your interactions on the website (e.g. posts, shares, likes);
Your location (as provided by the third-party website);
Any other information you provide

2/ We may infer information about you:

Your gender;
Your age;
Your marital status;

Your emotions;
Your profession;
Your language;
Where you live;
Any other information that can be inferred from your Personal Data that you publish.

Please check the privacy policy of the third-party websites you use to learn more, you can check some of them below.

What is our legal basis to collect Web Users’ information?

Our legal basis to collect information from third party websites is our legitimate interest (Article 6 (1)(f) GDPR) in providing our services to our Customers.

For how long your Personal Data is kept for?

Web Users’ data collected by Digimind is kept no longer than necessary for the purpose of the processing. To ensure that data is not intentionally or unintentionally retained for longer than necessary, Digimind automatically deletes any indexed data after the last day of a client subscription. This measure is part of the Digimind strategy of Personal Data minimization.

However, you own your Personal Data and you have rights on it so please check below your rights concerning your Personal Data.

To whom is your Personal Data sent?

What security measures are taken to protect your Personal Data?

Digimind takes all appropriate measures to ensure the safety and the security of your Personal Data processed by Us. Digimind commits to implementing every technical and organisational measure to guarantee a suitable level of security for each typology of indexed data against accidental or unlawful destruction, loss, alteration, deterioration, misuse, harm, unauthorised disclosure of, or access to your Personal Data.

In order to meet these requirements, Digimind ensures the protection of your Personal Data through different measures. You can find the main measures taken by Digimind below:

We list each processing of Personal Data: Personal Data is indexed by type, sensitivity, and purpose. Each processing is listed in a register (as provided for in Article 30) and is subject to appropriate protection defined after a Privacy Impact Assessment (PIA) (as framed by Article 35 et seq. of the GDPR) which are performed every 18 months.

“Privacy by Design” Policy: Digimind has implemented a “Privacy by Design” policy, which means that from the moment Digimind designs and develops our solutions, We implement the right features so that we index only the data strictly necessary for the use that is pursued (as recommended by the European Regulation Article 25).

We limit and protect the access of your Personal Data: Digimind limits the access to your Personal Data to the authorised personnel who need to carry out the processing, and, which is trained with GDPR requirements. To ensure the safety of your Personal Data, all persons having access to Personal Data are bound by a non-disclosure agreement. Several measures are taken to protect Personal Data which include, but are not limited to: the servers from our offices use an encrypted connection and we restrict the access to identified IP addresses.

We physically secure the Data Centre: Digimind takes several measures to ensure physical security of Personal Data. They include, but are not limited to: the access to the site is restricted to Digimind users with an access card, the data centre is protected by an anti-intrusion system.

We ensure the safety and security of your Personal Data when processed by Subcontractors: all Digimind’s subcontractors have signed the Standard Contractual Clauses (SCC) of the European Commission so they comply with the GDPR.

What are your rights concerning your Personal Data and how you can exercise them?

Your Choices

As an Author, you control the Personal Data you create and have the ability to decide what information you share publicly online.

You can always check and adjust your privacy settings across the platforms you use to publish content, such as making your profile private.

It’s important to read the privacy policies of the platforms where you share your content.

Your Rights

Depending on the data privacy laws that apply to you, you may have certain rights regarding your data. These may include the ability to:

- Request access to the Personal Data we hold about you.

- Ask us to update, rectify, delete, opt-out of the sale of, or block your Personal Data.

- Request that we cease using your Personal Data.

- File a complaint with the data protection authority in your country if you believe we’ve mishandled your data. However, we encourage you to reach out to us first to give us an opportunity to address your concerns.

- Not face discrimination for exercising your privacy rights.

Please note that we may not always be able to fulfill every request. For example, we may need to retain certain records for financial reporting, compliance, or to continue providing our services.

To exercise your rights, ask questions, or request this statement in another format, you can make a verifiable request by:

- Emailing us at contact-dm@onclusive.com

Only you, or someone authorized to act on your behalf, may make requests regarding your Personal Data. If you're making a request on behalf of a minor or ward, the agent must provide written permission, and we may ask you to independently verify your identity.

To protect your Personal Data, we may ask for additional information to confirm your identity before processing your request. This information will only be used for identity verification purposes. If we cannot verify your identity, we won’t be able to comply with your request.

Once you've submitted a request, expect an initial response from the Digimind Privacy Team within a reasonable timeframe, depending on where you are located. If your request is approved, your information will be provided in an accessible, portable format, and we’ll adhere to the legal response timelines applicable in your region. If necessary, we may request additional time in line with relevant laws.

1/ Claims or questions addressed to us:

If you have any queries concerning the processing of your Personal Data, you shall address them to us.

Your rights under the General Data Protection Regulation (GDPR):

Your rights under the California Consumer Privacy Act (CCPA):

You have the right to seek from us the deletion of your Personal Data.

When a Business sells your Personal information, you have the right to opt-out on the sale of your personal information by them. Digimind does not sell personal information to any third parties. However, our third-party providers may be able to sell your personal information. Please check the privacy policies of Third-Party Websites when you give personal information.

However, please be aware that if you refuse to provide any necessary information to us to provide you with our services, we may not be able to complete the transaction.

Your rights under the Personal Data Protection Act (PDPA)

2/ Claims addressed to the Supervisory Authority:

Third Party Websites’ terms and privacy policies

Please find below some of our providers’ terms and privacy policies:

Twitter

Twitter Privacy Policy

Twitter terms

Facebook

Facebook Privacy Policy

Facebook terms

Instagram

Instagram Privacy Policy

Instagram terms

YouTube

YouTube Privacy Policy

YouTube terms

LinkedIn Privacy Policy

LinkedIn terms

TikTok

TikTok Privacy Policy

TikTok terms

VK Privacy Policy

VK terms

3. You are a Customer of Digimind

This privacy notice is addressed to Digimind’s Customers (or “You”, “Your”). Digimind (or “We”, “Us”) collects information about customers’ personnel or any other person with which an Agreement has been entered into, or in order to be entered into, with us. We ensure the security of your personal information.

Digimind may act as a Data Controller and as a Data Processor on behalf of you.

1° When Digimind is acting as a Data Controller of your Personal Data:

For what purposes do we collect your Personal Data?

Digimind collects information about you in order to enter into an Agreement with your company and for the necessary purposes of the Agreement. When you enter into an Agreement with Digimind we need your information:

To contact you;
To create and send invoices;
To allow you accessing our services;
To provide support for our services.

What Personal Data do we collect?

The information collected by Digimind, when available, are:

Your full name;
Your professional contact details (e-mail address, phone number, address);
Your login information to connect to our platform (username, password);
Your job title;
The name of the company you work for;
The country you’re from;
Traffic data including essential cookies: IP address; device information.

What is our legal basis to process your Personal Data ?

The processing of your personal information is necessary for the performance of the contract to which you are a party or in order to enter into a contract (article 6(1)(b) GDPR) or our commercial interests (article 6 (1)(f) GDPR).

For how long your Personal Data is kept for?

Your personal information collected by Digimind is kept no longer than necessary for the purpose of the processing. To ensure that data is not intentionally or unintentionally retained for longer than necessary, Digimind has implemented a system for automatic deletion (2 years after our last contact). This measure is part of the Digimind strategy of Personal Data minimization.

However, you own your Personal Data and you have the right to address us with a question or a complaint. Please check below your rights concerning your Personal Data.

To whom is your Personal Data sent?

What security measures are taken to protect Your Personal Data?

In order to meet these requirements, Digimind ensures the protection of your Personal Data through different measures. You can find the main measures taken by Digimind below:

We list each processing of Personal Data: Personal Data is indexed by type, sensitivity, and purpose. Each processing is listed in a register (as provided for in Article 30) and is subject to appropriate protection defined after a Privacy Impact Assessment (PIA) (as framed by Article 35 et seq. of the GDPR) which are performed every 18 months.

“Privacy by Design” Policy: Digimind has implemented a “Privacy by Design” policy, which means that from the moment Digimind designs and develops our solutions, We implement the right features so that We index only the data strictly necessary for the use that is pursued (as recommended by the European Regulation Article 25).

Digimind offers a full data anonymization option: full data anonymization is part of our “Privacy by Design” program and it applies specifically to Digimind Social. It allows our clients to ensure the maximum level of security you expect, and is beyond what the GDPR requires.

Notification of Personal Data Breach: to guarantee stringent security and to prevent any harm, Digimind will notify the concerned person and the Supervisory Authority as soon as necessary after Digimind becomes aware of any Personal Data Breach affecting any user Personal Data (following the Article 33 of the GDPR).

We limit and protect the access of your Personal Data: Digimind limits the access to your Personal Data to the authorised personnel who need to carry out the processing, and, which is trained with GDPR requirements. To ensure the safety of your Personal Data, all persons having access to Personal Data are bound by a non-disclosure agreement. Several measures are taken to protect Personal Data which include, but are not limited to: the servers from our offices use an encrypted connection and we restrict the access to identified IP addresses.

We physically secure the Data Centre: Digimind takes several measures to ensure physical security of Personal Data. They include, but are not limited to: the access to the site is restricted to Digimind users with an access card, the data centre is protected by an anti-intrusion system.

Possibility for Customers to ensure a higher level of security to Personal Data indexed: to access Third Party Website, Customers can limit the access to Digimind platforms with an IP address restriction. Only IP addresses with authorisation will be able to use Digimind platforms and have access to the Personal Data indexed.

Confidential client data is strongly isolated: each client has a dedicated database containing its requests, validated information, user accounts and any component that could be modified by the Customer and is thus confidential. Each Customer’s database has its own password and only gives access to its own database.

We ensure the safety and security of your Personal Data when processed by Subcontractors: all Digimind’s subcontractors have signed the Standard Contractual Clauses (SCC) of the European Commission so they comply with the GDPR.

What are your rights concerning your Personal Data and how you can exercise them?

1/ Claims or questions addressed to us:

If you have any queries concerning the processing of your Personal Data, you shall address them to us.

Your rights under the General Data Protection Regulation (GDPR):

Your rights under the California Consumer Privacy Act (CCPA):

You have the right to seek from us the deletion of your Personal Data.

However, please be aware that if you refuse to provide any necessary information to us to provide you with our services, we may not be able to complete the transaction.

Your rights under the Personal Data Protection Act (PDPA)

2/ Claims addressed to the Supervisory Authority:

2° Digimind acting as a Data Processor on behalf of you

Within the contractual relationship between you and Digimind, the latter may act as a Data Processor on behalf of you. The Customer, as the Data Controller determines the purposes and the means of the processing of Personal Data.

Which Personal Data is concerned by the processing?

Digimind acts as a Data processor concerning the processing of the primary data made available by Digimind’s platform. Neither the Customer nor Digimind is the owner of the primary data collected.

Who is concerned by the collection of their Personal Data when Digimind processes personal information on your behalf?

Persons who are concerned by the collection of their Personal Data are Third-Party Website Users.

For what purposes do we process Personal Data on behalf of you?

The Personal Data processed is necessary for the provision of Digimind services.

What Personal Data do we process on your behalf?

The Personal Data we process on your behalf are Third-Party Website Users’ Personal Data when Digimind is authorised to crawl.

The types of personal data that may be processed are:

The web user’s identifier: username, your name, pseudonym or other identifier;
The web user’s profile information: picture, gender, data of birth, interests, description, any other information you make available;
The web user’s interactions on the website (e.g. posts, shares, likes);
The web user’s location (as provided by the third-party website);
Any other information the web user provides;
Any other information that may be inferred from publications.

To learn more about the Personal Data of Third-Party website users please check the Privacy Notice for Third-Party Website Users.

For how long the Personal Data is kept for?

The Personal Data is kept for the duration necessary to the provision of Digimind services. Customers’ Personal Data is immediately destroyed from the platform at the end of the contractual relationship. All Personal Data in databases, backup files and settings are permanently destroyed after a maximum period of 6 months.

Obligations of the Data Controller (Customer) and the Data Processor (Digimind)

General obligations

Both the Data Controller (the Customer) and the Data Processor (Digimind) are aware to respect the privacy of all Data Subjects’ personal information in accordance with the requirements of data protection laws and comply at all times with obligations applicable to Data Controllers and Data Processors.

Instructions given by the Data Controller

The Data Controller shall give instructions to the Data Processor on the processing of Personal Data. The latter shall process Personal Data in compliance with documented instructions from the Data Controller, unless required to do so by Union or Member State law to which the Data processor is subject.

Documentation and compliance with the obligations

The Data Controller and the Data Processor shall be able to demonstrate compliance with the requirements of the data protection laws and the obligations arising therefrom and their compliance with it. The Data Controller shall ensure that Digimind complies with its duties.

Audits

The Customer, at its own costs, can carry out audits of the processing activities covered and Digimind shall make all information available necessary for this purpose.

Assistance to the Data controller

The Data Processor shall reasonably assist the Customer insofar as it is possible in fulfilling its obligations under applicable data protection laws such as any disclosure request, or request for information, or to respond to Data Subjects’ requests to exercise their rights (right to be informed, right of access to its data, right to object, right to erasure, right to rectification, right of data portability, right to restriction of processing) that have been made to the Customer directly or to Digimind.

Notification of a Data Breach

In the event of a Personal Data breach concerning the Data processed by Digimind, the latter shall notify the Customer in a timely manner after having become aware of it.

Security of Personal Data

Digimind puts in place appropriate technical and organisational measures to ensure the protection of Personal Data and shall warn the Customer of any security incident of Personal Data.

Sub-processors

The Customer authorises Digimind to outsource a subcontractor for carrying out specific Personal Data processing activities on behalf of the Customer. Digimind shall inform the Customer of any planned changes regarding the addition or replacement of a Data Processor subcontractor.

When Digimind engages a sub-processor, it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on Digimind. All subcontractors have signed European Commission Standard Clauses (SCC) with which they commit to the same level of requirement as Digimind, and to respect the same rules.

You will find below the list of Digimind’s sub-processors.

Confidentiality

Digimind ensures that all persons authorised to process Personal Data undertakes respect of confidentiality and are bound by a non-disclosure agreement.

International Data transfers

Digimind is authorised to transfer Personal Data to a third party country located outside the EEA and Digimind ensures the protection of Personal Data by the SCC.

Subprocessors list

Subcontractors list for Digimind Social

Name of sub-processor	Purpose	Out of EU Transfer	Location of servers	Link to Sub-processors’ Privacy Policy
OVH	Cloud hosting provider	No	France	https://www.ovhcloud.com/en/terms-and-conditions/privacy-policy/
Zendesk	Customer support	Yes	United States	https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/
Uservoice	Collect Customers feedbacks	Yes	United States	https://www.uservoice.com/privacy
Okta / Auth0	Login Management	Yes	United States	https://www.okta.com/privacy-policy/
Google Analytics	User session analytics	Yes	United States	https://business.safety.google/adsprocessorterms/
Salesforce	Customer Relationship Management (CRM) tool	Yes	United States	https://www.salesforce.com/company/privacy/
Hubspot	Customer Relationship Management (CRM) tool	Yes	United States	https://legal.hubspot.com/privacy-policy

Subcontractors list for Digimind Intelligence

Name of sub-processor	Purpose	Out of EU Transfer	Location of servers	Link to Sub-processors’ Privacy Policy
Salesforce	Customer Relationship Management (CRM) tool	Yes	United States	https://www.salesforce.com/company/privacy/
Eolas Business & Décision	Cloud hosting provider	No	France	https://www.eolas.fr/112-protection-donnees.htm
Zendesk	Customer support	Yes	United States	https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/
Uservoice	Collect Customers feedbacks	Yes	United States	https://www.uservoice.com/privacy
Intercom	Communications provider	Yes	United States	https://www.intercom.com/legal/privacy
Hubspot	Customer Relationship Management (CRM) tool	Yes	United States	https://legal.hubspot.com/privacy-policy

Acceptance of Third-Party Social Platform Privacy Policies

Digimind warrants that it complies with all the Third-Party Social Platforms Privacy Policies when the social media is part of Digimind Social’s Services. As a customer of Digimind, you commit to obey to these policies including but not limited to: X (accessible at this URL: https://x.com/en/privacy), Meta / Facebook (accessible at this URL: https://www.facebook.com/privacy/policy/), Google (accessible at this URL: https://policies.google.com/privacy ), and YouTube (accessible at this URL: https://developers.google.com/youtube/terms/developer-policies#d.-accessing-youtube-api-services).

4. You are a Digimind candidate

This privacy notice is addressed to Digimind candidates (“you” or “your”) who are concerned by the collection of their personal information. Digimind (or “We”, “Us”) collects information about you in the context of a recruitment process.

Please continue reading to know more about your privacy.

For what purposes do we collect your Personal Data?

Digimind collects your Personal Data to identify potential future employees ; to contact candidates for selecting and recruiting new employees and for the recruitment process.

What Personal Data do we collect?

The information collected by Digimind when you apply to a position at Digimind:

Full name;
All personal information provided by the applicants: (work company; diplomas; distinctions; formation; education; job title; date and place of birth);
Contact Information (email address; phone number; all other contact information provided by the applicant).

The information collected by Digimind in the recruitment process:

Information provided by the candidate to verify whether or not they meet the eligibility criteria fixed in a call for applications (such as citizenship, language certificates, etc).
Financial information (bank account details);
Social Security Number;
All personal information provided in the application process;
Contact information (email address; phone number; all other contact information provided by the applicant).

What is our legal basis to process your Personal Data?

Our legal basis to process your personal information when you provide it to us is your consent (Article 6(1)(a) GDPR). When we need additional information, we collect them in order to take steps prior to entering into a contract (Article 6 (1)(b) GDPR).

For how long your Personal Data is kept for?

The spontaneous applications and non-recruited candidates’ personal information are erased at latest, 2 years after the day of receipt of application. For the candidates recruited, the personal information is kept until the end of the contract.

To whom is your Personal Data sent?

What security measures are taken to protect your Personal Data?

Digimind takes all appropriate measures to ensure the safety and the security of your Personal Data processed by Us. Digimind commits to implementing every technical and organisational measure to guarantee a suitable level of security for each typology of data against accidental or unlawful destruction, loss, alteration, deterioration, misuse, harm, unauthorised disclosure of, or access to your Personal Data.

In order to meet these requirements, Digimind ensures the protection of your Personal Data through different measures. You can find the main measures taken by Digimind below:

We list each processing of Personal Data: Personal Data is indexed by type, sensitivity, and purpose. Each processing is listed in a register (as provided for in Article 30) and is subject to appropriate protection defined after a Privacy Impact Assessment (PIA) (as framed by Article 35 et seq. of the GDPR) which are performed every 18 months.

We limit and protect the access of your Personal Data: Digimind limits the access to your Personal Data to the authorised personnel who need to carry out the processing, and, which is trained with GDPR requirements. To ensure the safety of your Personal Data, all persons having access to Personal Data are bound by a non-disclosure agreement. Several measures are taken to protect Personal Data which include, but are not limited to: the servers from our offices use an encrypted connection and we restrict the access to identified IP addresses.

We physically secure the Data Centre: Digimind takes several measures to ensure physical security of Personal Data. They include, but are not limited to: the access to the site is restricted to Digimind users with an access card, the data centre is protected by an anti-intrusion system.

We ensure the safety and security of your Personal Data when processed by Subcontractors: all Digimind’s subcontractors have signed the Standard Contractual Clauses (SCC) of the European Commission so they comply with the GDPR.

What are your rights concerning your Personal Data and how you can exercise them?

1/ Claims or questions addressed to us:

If you have any queries concerning the processing of your Personal Data, you shall address them to us. You may exercise your rights regarding your situation.

Your rights under the General Data Protection Regulation (GDPR):

Your rights under the California Consumer Privacy Act (CCPA):

You have the right to seek from us the deletion of your Personal Data.

However, please be aware that if you refuse to provide any necessary information to us to provide you with our services, we may not be able to complete the transaction.

Your rights under the Personal Data Protection Act (PDPA)

2/ Claims addressed to the Supervisory Authority:

Amendments to this Privacy Policy

This Privacy Policy may be revised from time to time in accordance with our legal requirements. We encourage you to review this Privacy Policy to stay informed about our methods and use of information.

Key changes:

This Privacy Policy has been updated and reorganised by Data Subjects (Digimind website users; Third-Party website users and Digimind’s Customers) to clear up each Data subjects’ rights, security measures taken to secure and protect Personal Data, the nature of Data collected, the purposes of the processing of Personal Data, our legal basis to process Personal Data, the storage period of Personal Data and the recipients.

The obligations and the role of Data controller and Data Processor are now described.

Creation of: a Cookie Policy describing all cookies used on the website and Digimind platforms; a sub-processors list and Third Party Websites’ terms and privacy policies.

Effective Date: 30/03/2023