Last updated on 6 April 2021
NotMe SAS, having its registered office at 18 rue Boissière, 75116 Paris, France, (hereinafter “NotMe” or “we“) attaches great importance to the protection and respect of your privacy.
This privacy policy aims to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR“):
The purpose of this document is to inform you of the categories of personal data that may be collected or held about you, how this data is used, the persons with whom the data is shared, how your data is protected and the rights you have to your personal data.
Personal Data: means any information relating directly or indirectly to a natural person.
Sensitive Data: means any Personal Data that reveals the Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, sexual orientation, genetic or biometric data or elements of the data subject’s sex life.
Data Subject: means the natural person whose Personal Data is processed, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to the person’s physical, physiological, genetic, psychological, economic, cultural or social identity;
Regulation: means the amended French Data Protection Act 78-17 of 6 January 1978, the GDPR and any regulations in force concerning the protection of Personal Data.
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing; where the purposes and means of such Processing are determined by European Union or Member State law, the controller may be appointed or the specific criteria for its appointment may be provided for by European Union law or by the law of a Member State.
Terminal: means the hardware equipment (computer, tablet, smartphone, phone) that you use to visit or see the Website or Application.
Processing: means the collection, recording, organisation, structuring, retention, adaptation, modification, extraction, consultation, use or any other form of provision, reconciliation or interconnection, limitation, erasure and destruction.
User: means the person browsing the Website and/or the Application.
These definitions are capitalised and are used both in singular and plural form.
This Privacy Policy is intended for all Users.
Consequently, accessing and browsing the Website and the Application means that you have accepted all the terms of the Privacy Policy, and therefore the collection and use of your Personal Data.
It is necessary to distinguish the following two situations:
The Data Controller shall take into account the principles of data minimisation, data protection by design and data protection by default. Accordingly, it shall only collect information that is relevant, adequate and limited to what is necessary for the purposes for which it is processed.
Personal Data is collected when you request a demonstration from NotMe and when you contact NotMe via the IT ChatBot.
When completing entry fields on a form, the mandatory nature of a response is indicated by using an asterisk (*) at the end of the question. The lack of response to a question identified by an asterisk prevents the processing of your request.
When you choose to spontaneously send your Personal Data to NotMe, without the latter having requested it, you expressly consent to the collection of Personal Data and you undertake to assume full responsibility for the Personal Data transmitted.
NotMe collects and processes the first name, last name, email, telephone number and name of the User’s company requesting demonstration on the Website or the Application.
The purpose of this Processing is to manage User requests. It allows NotMe to receive demonstration requests and to establish a history of requests and responses.
NotMe retains your Personal Data for the time necessary to accomplish the purposes pursued, subject to legal archiving possibilities, obligations to retain certain Personal Data and/or anonymisation.
The Personal Data collected when requesting a demonstration of the Application is retained for a period of three (3) years from its collection.
NotMe may collect personal data that is sent by the User when using the IT ChatBot. Such data concerns the first name, last name, email and name of the user’s company.
The purpose of such Processing is to receive requests from Users and to manage the answers to be provided.
The Personal Data collected when requesting a demonstration of the IT ChatBot is retained for a period of three (3) years from its collection.
NotMe automatically collects User login data. These data include date, time of login and/or browsing, browser type, hardware used, entry and exit page, URL, number of clicks, pages viewed and their order, time spent on specific pages, browser language, IP address.
The purpose of this Processing is the analytical management of NotMe’s business.
The connection data collected by NotMe is kept for twelve (12) months from collection.
i. Processing 1: When you create an account on the Application, Personal Identification Data is collected and processed, namely your full name, phone number, email address, function and name of the employer.
This Personal Data is necessary for the proper functioning of the Application and the provision of this service.
The purpose of this collection is based on User account management.
The Customer retains your Personal Data for the time you have access to the Application, i.e., for the period you are employees of the Customer.
ii. Processing 2: When you make a report on the Application, in accordance with the Terms and Conditions of Use of the Application, you must ensure that you only communicate the relevant Personal Data necessary for the processing of the report, in accordance with the principle of minimisation imposed by the Regulations.
We invite you to be particularly vigilant regarding the transmission, via the Application, of Sensitive Data.
In processing reports made through the Application, the Customer may be required to process:
The Customer undertakes not to process Personal Data transmitted in a report when it is not relevant and necessary.
The collection of such Personal Data is optional.
The purpose of such Processing is based on the processing of the reports made.
The Customer retains the Personal Data relating to a report as follows:
The Processing carried out by NotMe is based on Article 6.1.a GDPR, namely the consent of the User.
The Processing carried out by the Customer is based on Article 6.1.c of the GDPR, namely compliance with a legal obligation to which the data controller is subject.
In fact, the Application allows the Customer to comply with the obligations imposed on employers under Article 8 of the Law on Transparency, Combating Corruption and Modernization of Economic Life, known as the Sapin Law 2.
When the Customer processes Sensitive Data, the Processing of Sensitive Data is based on Article 9.2.f of GDPR, namely the establishment, exercise or defence of a legal claim.
Only the persons who need to access Personal Data are recipients of such data.
More specifically, only the persons authorised under their duties and functions may access the Personal Data. With regard to the Customer, these are persons specifically entrusted by the Customer with managing alerts, who have undertaken to respect the confidentiality of the data.
In addition, Personal Data may be communicated within the company group to which the Customer belongs only if such communication is necessary solely for the purposes of checking or processing the alert.
The Data Controller’s subcontractors and technical service providers may have access to the Personal Data. With regard to the Personal Data collected during the report (Processing 2) by the Customer, only the hosting company collects Personal Data.
These third parties shall be sent only the Personal Data they need in order to perform their services, and it is required that they do not use your Personal Data for any other purpose.
These third parties only act in accordance with our instructions and are contractually obliged to ensure a level of security and confidentiality of your Personal Data that is the same as that we guarantee you, in accordance with the GDPR.
In some cases and in accordance with the Regulations, Personal Data may be transmitted to the competent authorities on request and in particular to public bodies, judicial officers, ministerial officers, bodies responsible for debt collection, exclusively to meet legal obligations, as well as in the case of the search for perpetrators of offences committed on the Internet.
In addition, in the event of a reorganisation, merger, sale, joint venture or other transfer or assignment of all or part of our business, NotMe may disclose or transfer your Personal Data to the transferee.
The Data Controller undertakes, in the context of its activities and in accordance with the Regulations, to ensure the protection, confidentiality and security of Personal Data.
The Data Controller shall take the necessary precautions taking into account the state of knowledge, implementation costs and the nature, scope, context and purposes of the Processing and the likelihood of each risk to protect the security and confidentiality of the Personal Data you provide it with and in particular to prevent it from being distorted, damaged or disclosed to third parties (unless you agree).
Consequently, the Data Controller shall implement all technical, logical, physical and organisational measures to ensure a level of security appropriate to the risk and to prevent any loss, alteration, disclosure of Personal Data or access to unauthorised third parties.
In the event of a Personal Data breach and in accordance with the Regulations, the Data Controller undertakes to notify the CNIL (French Data Protection Authority).
For the purposes mentioned above, Personal Data is not transferred to a country outside the European Union.
The Data Controller informs you that you benefit, under the terms and conditions set out in the Regulations, from:
The right of rectification that you have in respect of the Customer must not, in particular, allow the information contained in the alert or collected during investigation to be amended retroactively. Its exercise, when admitted, shall not make impossible the reconstruction of the timeline of any changes to important elements of the report.
Therefore, this right can only be exercised to rectify factual data, the material accuracy of which can be verified by the Customer, on the basis of evidence, without the replacement or deletion of the initially collected data, even when it is incorrect.
Where technically feasible, you may request that such Personal Data be transmitted directly by the Data Controller to another data controller.
You may exercise your rights with NotMe (at one of the following addresses: compliance@not-me.com or NotMe 18, rue Boissiere, 75116 Paris, France) or with the Customer, whose contact details can be found in your employment contract, depending on the entity that holds the capacity of Data Controller.
If, despite the Data Controller’s efforts to protect the confidentiality of your Personal Data, you consider yourself a victim of a breach of the Regulations, you may submit a complaint to the National Data Protection Authority: Commission Nationale de l’Informatique et des Libertés (CNIL), 3, place de Fontenoy – TSA 80715 -75334 Paris CEDEX 07 (01 53 73 22 22 – www.cnil.fr). You also have the right to seek redress from the competent courts if you consider that we have not respected your rights.
The Data Controller reserves the right to change its Privacy Policy. Any changes to the Privacy Policy will be posted on the Website and the Application. We invite you to review the Privacy Policy on a regular basis.
Last updated on 6 April 2021
A cookie is a tracker likely to be stored on your device (computer, tablet, or smartphone) when using the Website. It makes it possible to recognise the terminal in question whenever the latter accesses digital content containing cookies of the same issuer, and according to the cookie, to collect additional information, not directly identifying information, about your behaviour on the Website.
NotMe, a simplified joint-stock company with its registered office at 18, rue Boissière – 75116 Paris is likely to place cookies via the Website.
Only the person on whose behalf the cookie is issued is responsible for its use and for the data it collects through it.
The following Cookies are used:
You can express your choices regarding the placement or not of cookies on the Website through the banner that appears on your first visit, you will need to restate it at each connection if you are in private browsing or at the next connection if you have deleted your pre-existing cookies. You can choose whether or not to consent to cookies by purpose. This choice can be changed at any time by stating it again by clicking here https://not-me.com/en/?banner=true.
The cookie is stored for a maximum period of thirteen (13) months.
If you do not consent to the storage of cookies or have deleted them, your browsing and experience on the Website may be limited.
No liability is accepted for the consequences related to the reduced functionality resulting from the absence of consent to cookies and the inability to save or view the cookies necessary for the operation of the website due to your choice.