Update: January 20, 2023
DATA PRIVACY POLICY APPLICABLE FOR US CUSTOMERS
You can access the entire US Privacy Policy by clicking on the following link: https://not-me.com/privacy-policy/
A. Privacy
A.1. We respect your privacy whether you are an employer, Organization or an employee (former or current, or a witness to unwanted behavior) and share your concerns about privacy protection. Our Privacy Policy constitutes a part of these Terms and explains how we collect, use and protect information that we learn about you, your current and former employees, any witness(es), your device(s), your location and other specifics, because of your interaction with us through the App. How we collect that information and use and protect it is explained in our Privacy Policy (for US Customers). By clicking on the switch button and accepting these Terms of Use, you agree to our collection and use of your personal information if you are an employee or witness. If you are an employer or an Organization, you agree to our collection and use of the personal information of your authorized Users and that of your current and former employees as described herein and in our Privacy Policy (for US Customers).
A.2. By using our services, you understand, agree and authorize us to share information about any reports made to us with (i) your current or former employer or employee or by any individuals, depending on the identity of the User; and/or (ii) any of our licensees or subcontractors.
A.3. We reserve the right to use any information we have about any User in accord with the Terms of Use and our Privacy Policy. We also reserve the right to reveal the identity or any personally identifiable or other information we know about any User in the event of a complaint or legal action arising from any message from any User to us, any breach of our Terms of Use and/or Privacy Policy, or where such information is otherwise relevant or legally required to be disclosed. We may log all internet protocol addresses accessing the Application and other information about any User account, User access and may maintain back-up copies of content indefinitely.
A.4. We will do our best to keep the personally identifiable information (including any of the following: (1) a first and last name; (2) a physical address, including without limitation a street name and name of a city or town; (3) an e-mail address; (4) a telephone or fax number; (5) name of Employer; (6) date of birth; or (7) any information that directly or indirectly identifies, describes, relates to, is capable of being associated with, or can reasonably link to a particular consumer or household such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person any other identifier that permits the physical or online contacting of a specific individual; hereinafter “PII”) we maintain secure. However, no program is totally secure. Therefore, we cannot guarantee that our safeguards will prevent every attempt at unauthorized access or use, or the disclosure of any PII. If you become aware of a security breach, please notify us immediately at account@not-me.com.
What is the nature of the Personal Data processed by the Customer via the Application, what are the Purposes of Processing and the retention period of Personal Data?
i. Processing 1: When you create an account on the Application, Personal Identification Data is collected and processed, namely your full name, phone number, email address, function and name of the employer.
This Personal Data is necessary for the proper functioning of the Application and the provision of this service.
The purpose of this collection is based on User account management.
The Customer retains your Personal Data for the time you have access to the Application, i.e., for the period you are employees of the Customer.
ii. Processing 2: When you make a report on the Application, in accordance with the Terms and Conditions of Use of the Application, you must ensure that you only communicate the relevant Personal Data necessary for the processing of the report.
We invite you to be particularly vigilant regarding the transmission, via the Application, of Sensitive Data.
In processing reports made through the Application, the Customer may be required to process:
The Customer undertakes not to process Personal Data transmitted in a report when it is not relevant and necessary.
The collection of such Personal Data is optional.
The purpose of such Processing is based on the processing of the reports made.
B. Where Are You?
B.1. In order for the Application to be able to maximize its benefits and features, it needs to know where you are located. Therefore, you agree to allow NotMe to utilize GPS and other available signals to identify your detailed device and location information. Additionally, in order to keep the Application updated and accurate, and to provide you with maximum features, NotMe will keep a history of your locations and preferences while using the Application. You explicitly agree and consent to all such activities.
C. Disclosure
C.1. Certain state laws permit our Users, e.g., those who are Illinois or California residents, to request certain information regarding disclosure by us of personally identifiable information to third parties. If you qualify, you may make your request to compliance@not-me.com.
Depending on where you are located and/or live, you may exercise certain data privacy rights, and NotMe will facilitate the exercise of those rights.
California Privacy Rights
If you are a resident of California, this section provides additional details about the personal information we collect about you, and your rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”).
Subject to certain limitations, the CCPA and CPRA provide you the right to request:
If you would like to submit a request to exercise your California privacy rights, you may do so either by submitting a request through our privacy rights form, on the App directly or by emailing compliance@not-me.com with your request. We will verify your request using information associated with your account, including your email. Further identification may be required. You may also designate an authorized agent to act on your behalf.
Please note that NotMe may retain a record of your request to delete your personal information.
Nevada Privacy Rights
Under Nevada law (SB 220), Nevada residents are permitted to opt-out of the sale of certain kinds of personal information. The term “sale” as used in the foregoing sentence means the transfer of your personal information to third parties for monetary consideration so the third parties can then resell or license the sold personal information. If you are a Nevada resident and wish to obtain information about our compliance with Nevada law, or opt out of the sale of your personal information, please contact us at compliance@not-me.com.
Virginia Privacy Rights
If you are a resident of Virginia, this section provides information about your privacy rights under the Virginia Consumer Data Protection Act (“VCDPA”).
Subject to certain limitations, the VCDPA affords you the following rights:
You may exercise these rights by visiting our privacy rights form, our opt-out form, and by updating your cookie preferences. You can also email compliance@not-me.com for assistance with exercising your rights.
If NotMe declines your request for any reason, we will notify you. You can appeal this decision by contacting compliance@not-me.com.
DATA PRIVACY POLICY APPLICABLE FOR EU CUSTOMERS
You can access the entire EU Privacy Policy by clicking on the following link: https://not-me.com/privacy-policy/
NotMe SAS, having its registered office at 18 rue Boissière, 75116 Paris, France, (hereinafter “NotMe” or “we“) attaches great importance to the protection and respect of your privacy.
This privacy policy aims to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR“):
The purpose of this document is to inform you of the categories of personal data that may be collected or held about you, how this data is used, the persons with whom the data is shared, how your data is protected and the rights you have to your personal data.
1. Glossary
Personal Data: means any information relating directly or indirectly to a natural person.
Sensitive Data: means any Personal Data that reveals the Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, sexual orientation, genetic or biometric data or elements of the data subject’s sex life.
Data Subject: means the natural person whose Personal Data is processed, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to the person’s physical, physiological, genetic, psychological, economic, cultural or social identity;
Regulation: means the amended French Data Protection Act 78-17 of 6 January 1978, the GDPR and any regulations in force concerning the protection of Personal Data.
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing; where the purposes and means of such Processing are determined by European Union or Member State law, the controller may be appointed or the specific criteria for its appointment may be provided for by European Union law or by the law of a Member State.
Terminal: means the hardware equipment (computer, tablet, smartphone, phone) that you use to visit or see the Website or Application.
Processing: means the collection, recording, organization, structuring, retention, adaptation, modification, extraction, consultation, use or any other form of provision, reconciliation or interconnection, limitation, erasure and destruction.
User: means the person browsing the Website and/or the Application.
These definitions are capitalized and are used both in singular and plural form.
2. What is the scope of the Privacy Policy?
This Privacy Policy is intended for all Users.
Consequently, accessing and browsing the Website and the Application means that you have accepted all the terms of the Privacy Policy, and therefore the collection and use of your Personal Data.
3. Who are the parties involved in the protection of Personal Data within the Website and the Application?
It is necessary to distinguish the following two situations:
You can contact NotMe by writing to the following address NotMe – 18 rue Boissière, 75116 Paris, France or by sending an e-mail to compliance@not-me.com.
It is recalled that, as the Customer is your employer, you will find the identity and contact details of the Customer in your employment contract.
4. What is the nature of the Personal Data processed, what are the Purposes of Processing and the retention period of Personal Data?
The Data Controller shall take into account the principles of data minimisation, data protection by design and data protection by default. Accordingly, it shall only collect information that is relevant, adequate and limited to what is necessary for the purposes for which it is processed.
4.1. What is the nature of the Personal Data processed by NotMe via the Website, what are the Purposes of Processing and the retention period of Personal Data?
Personal Data is collected when you request a demonstration from NotMe and when you contact NotMe via the IT ChatBot.
When completing entry fields on a form, the mandatory nature of a response is indicated by using an asterisk (*) at the end of the question. The lack of response to a question identified by an asterisk prevents the processing of your request.
When you choose to spontaneously send your Personal Data to NotMe, without the latter having requested it, you expressly consent to the collection of Personal Data and you undertake to assume full responsibility for the Personal Data transmitted.
i. The data necessary to request a demonstration of the Application
NotMe collects and processes the first name, last name, email, telephone number and name of the User’s company requesting demonstration on the Website or the Application.
The purpose of this Processing is to manage User requests. It allows NotMe to receive demonstration requests and to establish a history of requests and responses.
NotMe retains your Personal Data for the time necessary to accomplish the purposes pursued, subject to legal archiving possibilities, obligations to retain certain Personal Data and/or anonymization.
The Personal Data collected when requesting a demonstration of the Application is retained for a period of three (3) years from its collection.
ii. Data relating to the IT ChatBot
NotMe may collect personal data that is sent by the User when using the IT ChatBot. Such data concerns the first name, last name, email and name of the user’s company.
The purpose of such Processing is to receive requests from Users and to manage the answers to be provided.
The Personal Data collected when requesting a demonstration of the IT ChatBot is retained for a period of three (3) years from its collection.
iii. Connection data
NotMe automatically collects User login data. These data include date, time of login and/or browsing, browser type, hardware used, entry and exit page, URL, number of clicks, pages viewed and their order, time spent on specific pages, browser language, IP address.
The purpose of this Processing is the analytical management of NotMe’s business.
The connection data collected by NotMe is kept for twelve (12) months from collection.
4.2. What is the nature of the Personal Data processed by the Customer via the Application, what are the Purposes of Processing and the retention period of Personal Data?
i. Processing 1: When you create an account on the Application, Personal Identification Data is collected and processed, namely your full name, phone number, email address, function and name of the employer.
This Personal Data is necessary for the proper functioning of the Application and the provision of this service.
The purpose of this collection is based on User account management.
The Customer retains your Personal Data for the time you have access to the Application, i.e., for the period you are employees of the Customer.
ii. Processing 2: When you make a report on the Application, in accordance with the Terms and Conditions of Use of the Application, you must ensure that you only communicate the relevant Personal Data necessary for the processing of the report, in accordance with the principle of minimisation imposed by the Regulations.
We invite you to be particularly vigilant regarding the transmission, via the Application, of Sensitive Data.
In processing reports made through the Application, the Customer may be required to process:
The Customer undertakes not to process Personal Data transmitted in a report when it is not relevant and necessary.
The collection of such Personal Data is optional.
The purpose of such Processing is based on the processing of the reports made.
The Customer retains the Personal Data relating to a report as follows:
5. What is the legal basis for the Processing?
5.1. What is the legal basis for NotMe’s Processing?
The Processing carried out by NotMe is based on Article 6.1.a GDPR, namely the consent of the User.
5.2. What is the legal basis for the Customer’s Processing?
The Processing carried out by the Customer is based on Article 6.1.c of the GDPR, namely compliance with a legal obligation to which the data controller is subject.
In fact, the Application allows the Customer to comply with the obligations imposed on employers under Article 8 of the Law on Transparency, Combating Corruption and Modernization of Economic Life, known as the Sapin Law 2.
When the Customer processes Sensitive Data, the Processing of Sensitive Data is based on Article 9.2.f of GDPR, namely the establishment, exercise or defense of a legal claim.
6. Who are the recipients of your Personal Data?
Only the persons who need to access Personal Data are recipients of such data.
More specifically, only the persons authorized under their duties and functions may access the Personal Data. With regard to the Customer, these are persons specifically entrusted by the Customer with managing alerts, who have undertaken to respect the confidentiality of the data.
In addition, Personal Data may be communicated within the company group to which the Customer belongs only if such communication is necessary solely for the purposes of checking or processing the alert.
The Data Controller’s subcontractors and technical service providers may have access to the Personal Data. With regard to the Personal Data collected during the report (Processing 2) by the Customer, only the hosting company collects Personal Data.
These third parties shall be sent only the Personal Data they need in order to perform their services, and it is required that they do not use your Personal Data for any other purpose.
These third parties only act in accordance with our instructions and are contractually obliged to ensure a level of security and confidentiality of your Personal Data that is the same as that we guarantee you, in accordance with the GDPR.
In some cases and in accordance with the Regulations, Personal Data may be transmitted to the competent authorities on request and in particular to public bodies, judicial officers, ministerial officers, bodies responsible for debt collection, exclusively to meet legal obligations, as well as in the case of the search for perpetrators of offenses committed on the Internet.
In addition, in the event of a reorganization, merger, sale, joint venture or other transfer or assignment of all or part of our business, NotMe may disclose or transfer your Personal Data to the transferee.
7. How is the security of Personal Data ensured?
The Data Controller undertakes, in the context of its activities and in accordance with the Regulations, to ensure the protection, confidentiality and security of Personal Data.
The Data Controller shall take the necessary precautions taking into account the state of knowledge, implementation costs and the nature, scope, context and purposes of the Processing and the likelihood of each risk to protect the security and confidentiality of the Personal Data you provide it with and in particular to prevent it from being distorted, damaged or disclosed to third parties (unless you agree).
Consequently, the Data Controller shall implement all technical, logical, physical and organizational measures to ensure a level of security appropriate to the risk and to prevent any loss, alteration, disclosure of Personal Data or access to unauthorized third parties.
In the event of a Personal Data breach and in accordance with the Regulations, the Data Controller undertakes to notify the CNIL (French Data Protection Authority).
8. Is the Personal Data transferred outside the European Union?
For the purposes mentioned above, Personal Data is not transferred to a country outside the European Union.
9. What are your Rights?
The Data Controller informs you that you benefit, under the terms and conditions set out in the Regulations, from:
The right of rectification that you have in respect of the Customer must not, in particular, allow the information contained in the alert or collected during investigation to be amended retroactively. Its exercise, when admitted, shall not make impossible the reconstruction of the timeline of any changes to important elements of the report.
Therefore, this right can only be exercised to rectify factual data, the material accuracy of which can be verified by the Customer, on the basis of evidence, without the replacement or deletion of the initially collected data, even when it is incorrect.
Where technically feasible, you may request that such Personal Data be transmitted directly by the Data Controller to another data controller.
You may exercise your rights with NotMe (at one of the following addresses: compliance@not-me.com or NotMe 18, rue Boissiere, 75116 Paris, France) or with the Customer, whose contact details can be found in your employment contract, depending on the entity that holds the capacity of Data Controller.
If, despite the Data Controller’s efforts to protect the confidentiality of your Personal Data, you consider yourself a victim of a breach of the Regulations, you may submit a complaint to the National Data Protection Authority: Commission Nationale de l’Informatique et des Libertés (CNIL), 3, place de Fontenoy – TSA 80715 -75334 Paris CEDEX 07 (01 53 73 22 22 – www.cnil.fr). You also have the right to seek redress from the competent courts if you consider that we have not respected your rights.
10. How to be informed of a change to our privacy policy?
The Data Controller reserves the right to change its Privacy Policy. Any changes to the Privacy Policy will be posted on the Website and the Application. We invite you to review the Privacy Policy on a regular basis.
COOKIE POLICY
Last updated on January 20, 2023
1. What is a “cookie”?
A cookie is a tracker likely to be stored on your device (computer, tablet, or smartphone) when using the Website. It makes it possible to recognize the terminal in question whenever the latter accesses digital content containing cookies of the same issuer, and according to the cookie, to collect additional information, not directly identifying information, about your behavior on the Website.
2. Who uses cookies?
NotMe, a simplified joint-stock company with its registered office at 18, rue Boissière – 75116 Paris is likely to place cookies via the Website.
Only the person on whose behalf the cookie is issued is responsible for its use and for the data it collects through it.
3. Are cookies used as part of the Application?
The following Cookies are used:
4. How to control cookies?
You can express your choices regarding the placement or not of cookies on the Website through the banner that appears on your first visit, you will need to restate it at each connection if you are in private browsing or at the next connection if you have deleted your pre-existing cookies. You can choose whether or not to consent to cookies by purpose. This choice can be changed at any time by stating it again by clicking here https://not-me.com/en/?banner=true.
The cookie is stored for a maximum period of thirteen (13) months.
If you do not consent to the storage of cookies or have deleted them, your browsing and experience on the Website may be limited.
No liability is accepted for the consequences related to the reduced functionality resulting from the absence of consent to cookies and the inability to save or view the cookies necessary for the operation of the website due to your choice.