Privacy and Personal Data Protection Policy
(January 2021)

This Privacy and Personal Data Protection Policy is issued by Pigment SAS (hereinafter referred to as “Pigment”, “We”), a French simplified joint stock company with a capital of 16.508,26 euros registered with the trade and commercial register of Evry under n° 852 785 917 and having its head office at 98, avenue de Paris – 91 300 Massy (France).

It applies to all the processing of personal data carried out by Pigment in its capacity as data controller via its website https://www.pigment.so/ and its application Pigment.

Pigment is extremely vigilant with regard to respecting your privacy and protecting your personal data: we have placed at the center of our commitments, that of respecting and protecting the privacy and personal data of our customers and users, and consequently to comply with applicable regulation, and in particular the French Law n °78-17 of 6 January 1978 “Informatique et Libertés” in its amended version and the European Data Protection Regulation No. 2016/679 (known as “GDPR”) entered into force on May 25, 2018, but also to ensure better data protection for the purpose of improving our goods and services.

This Privacy and Personal Data Protection Policy will allow you to understand how and why your personal data is collected and processed by Pigment and how to exercise your rights.

This Privacy and Personal Data Protection Policy may be updated, in particular to take into account changes in our services, technologies or applicable regulations. These updates will be effective immediately when they are made available and searchable on our website.

For any questions regarding this document and, in general, about the collection and processing of your personal data by Pigment, do not hesitate to contact us by e-mail: legal@gopigment.com

Who is this Policy for?

This Privacy and Personal Data Protection Policy is intended for any person who transmits or entrusts us with personal data via our website and/or application and the related Pigment services.

In this regard, there are two categories of data subjects:

  • A “Customer”, i.e. a person who uses the application on the basis of a subscription contract, including the persons who have agreed to be part of the tester community (hereinafter referred to as the “Testers”).
  • A “Prospect”, i.e. a person who visits our website without being a Customer nor a Tester.

What is “personal data”?

Within the meaning of the GDPR and of the French law “Informatique et Libertés”, “personal data” consists of any information relating to a natural person who can be identified directly or who is indirectly identifiable, such as names, first names, email addresses and postal service of a natural person, his/her image, an IP address, a location data…

What personal data do We collect?

The personal data that We collect when you contact us or use our services may be, depending on your use of our website and application:

  • identification data of Customer (name, surname, company, professional contact details, email address, phone number, IP address…);
  • billing and financial information (payment, reimbursement…);
  • any other information you share with us in other contexts such as customer support.

When you browse our website and our services, We may also collect:

  • information about your use of our site and services, including data traffic and records of the choices you make online, for internal purposes such as analysis, product development and improvements;
  • log and statistical files relating to actions taken on our sites and services;
  • technical information about any device and operating system that you use when you visit our sites, including your device identifier, your Internet Protocol (IP) address, the browser version of your device, the pages of our service that you visit, the time and date of your visit, the time spent on these pages and other statistics. For the collection and processing of tracking data on our sites, We use cookies; to better understand their operation and usefulness, please see “Are We using cookies?” below.

Why do We need to collect personal data?

Pigment collects personal data to provide and improve its services, and in particular for the following purposes:

  • deliver and perform our services;
  • assist you with using the services;
  • contact you in order to invite you to demos, webinars, keep you updated with our newest features or any other commercial communication;
  • manage our commercial relationship with you (contracts, invoice…)
  • manage unpaid debts and litigation;
  • send information or newsletter to Customers and, if agreed, to Prospects.

What is the legal basis for these processing?

Depending on your quality (as Customer, Tester or only Prospect), the legal basis may be:

  • the performance of the contract;
  • your consent;
  • compliance with a legal obligation;
  • our legitimate interest.

Can I object to the processing of my personal data?

Information that you communicate, through our website and/or the use of our products and services, remains your personal data.

You therefore have the right to oppose or limit certain processing of your personal data, as well as to access, rectify or even request the erasure of your personal data or request their portability, by writing to us at: legal@gopigment.com

Your requests will be processed within 1 month as from its receipt, this period being possibly renewable. We reserve the right to ask you for a copy of an identity document, in order to check your identity; this will be kept by us only for the duration of processing of your request.

To find out more about your rights, you can visit the CNIL website: www.cnil.fr

How Pigment ensures the protection of personal data?

Pigment has implemented a number of actions and technical and organizational measures to meet the requirements of the GDPR in terms of protection and security of personal data.

Regarding the security measures implemented to protect personal data from any risk of violation, unauthorized disclosure or attack on their integrity, Pigment has deployed all the necessary means with its teams and service providers to minimize the risk of security breaches, in particular:

  • Website SSL
  • Pigment Accounts are secured by personal passwords
  • We strive in particular to maintain 24/7 systems monitoring in order to ensure the security of the personal data we process.
  • Our sites are regularly scanned for security breaches and vulnerabilities and we take the necessary precautions to avoid the loss, abuse or alteration of personal data.

When certain services require the use of a third party (subcontractor), Pigment selects its service providers on the basis of strict security and confidentiality criteria previously defined with regard to the issues, and systematically requires from its subcontractors a level security that guarantees a sufficient level of protection of the personal data that they process on our behalf.

What are the retention periods for the personal data collected?

Pigment undertakes to keep the personal data entrusted to it for periods limited to the provision of services or necessary with regard to its contractual or legal obligations. In particular:

Data relating to the Customers and Testers (company’s contact)Duration of the contractual relationship = 3 years as from its end 
Prospects
3 years as from the last contact
CV (job applicants)2 years as from the last contact and subject to the candidate’s prior consent
ID (for data subjects’ requests)Destruction once the checking are made

Are your personal data subject to transfers to countries outside the European Union?

Your personal data may be transmitted to service providers we use for IT services in particular.

The performance of these services is contractually regulated and we make every effort to select our service providers on the basis of very demanding criteria in terms of safety.

Regarding the hosting and storage of data, Pigment requires its hosting service providers that the data be hosted in a country of the European Union.

The Pigment website is hosted by Google Inc. on servers located in Ireland (EU).

In order to perform the Services, we may transfer some of your Personal Data to third party service providers located or using servers located outside the European Union (the “EU”) and the European Economic Area (the “EEA”). In such a case, we make sure that:

they are located in a country considered having an adequate level of protection by the European Union in terms of personal data or,
if located in the United States they are bound by contractual provisions ensuring an equivalent level of protection of your Personal Data (such as standard contractual clauses established by the European Commission).

Are We using Cookies?

Yes, We use cookies when you visit our website or use our Services.

A cookie is a small, non-executable file consisting simply of text that is sent by our website or third-party websites to your computer or smartphone, and stored through your browser.

Cookies cannot erase or read information from your computer or smartphone. However, the deposit and recording of cookies can indirectly identify the user since it can detect the pages visited by a user on a site and remember your user profile. However, cookies are neither spyware nor viruses.

We use functional and technical cookies, which are essential for the use of the website. They in particular allow you to access reserved and personal areas of our website, such as your personal account, for example by memorizing your identifiers and current editions.

Disabling these functional and technical cookies may have the effect of preventing the use of certain features of the site, navigation on the site or the display of certain pages.

We may use analytical cookies to measure and analyze traffic to our website to improve its ergonomics. They allow us to compile statistics on the average time spent on a page, the number of page views, the number of times the user has already seen this page, the most viewed services.

Your browser’s internet options menus should also allow you to disable cookies.

Through the configuration of your browser, you can carry out a number of actions allowing you to administer cookies in order to accept or refuse their use either globally or more precisely and at all moment. The configuration elements being specific to each browser, we suggest that you follow the link corresponding to your browser to find out more:

  • To manage cookies on Google Chrome: http://urlz.fr/75Kb
  • To manage cookies on Internet Explorer: http://urlz.fr/75Kd
  • To manage cookies on Mozilla Firefox: http://urlz.fr/75Ke
  • To manage cookies on Safari: http://urlz.fr/75Kf

For other terminals (smartphones, tablets, connected objects), we invite you to consult the help menu of your browser.