At TAPE LABS, the protection of your personal data is a priority.
When you use the Pillow solution (the "Solution"), we may collect personal data about you (the "Data").
The purpose of this policy is to inform you of the manner in which we process such Data in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), and Law No. 78-17 of January 6, 1978 on data processing, files and individual liberties (together, the "Applicable Regulations").
#1. Who is the Data Controller?
When you use the Solution, the data controller is the company TAPE LABS, a simplified joint-stock company (société par actions simplifiée), registered with the Trade and Companies Registry (RCS) of Créteil under number 925 003 303, with its registered office at 14 Avenue Du General De Gaulle, 94160 Saint-Mandé ("We" / "Us").
#2. What Data do we collect?
Personal Data means any data that allows an individual to be identified, directly or by cross-referencing with other data.
We collect personal Data falling within the following categories:
- Identification Data: surname, first name, email address;
- Connection Data: connection logs;
- Usage Data: IP address, date and time of connection, operating system, usage statistics;
- Professional Data: company name;
- Licence order Data;
- Authentication Data collected from third-party services: using a third-party authentication service such as Google (name, email address). We do not collect the password of your third-party account;
- Browsing Data: IP address, pages visited, date and time of connection, browser used, operating system, user ID;
- Financial and banking Data: bank account details (RIB), payment card data;
- Any information you wish to send us in the context of your contact request.
Mandatory Data are indicated when you provide your data to us. They are identified by all appropriate means.
#3. How do we collect Data?
We have collected your Data because you provided it to us directly by creating an Account on our Solution.
#4. On what legal bases, for what purposes, and for how long do we retain your personal Data?
| Purposes | Legal bases | Retention periods |
|---|---|---|
| Providing our services available on the Solution via your Account | Performance of the contract you have entered into with Us | Where you have created an Account: your data are retained for the entire duration of your Account. Your connection logs are retained for 6 months. In addition, your data may be archived for evidentiary purposes for a period of 5 years. |
| Complying with our legal obligations regarding the reporting of unlawful content on the Solution | Compliance with our legal and regulatory obligations in connection with our Solution | Identity-related data are retained for 5 years from the expiry of the Terms of Use, the closure of your Account, or the closure of the report. Technical data enabling identification of the connection source, or data relating to the terminal equipment used, are retained for one year from the date of the connection or use of the terminal equipment. |
| Sending newsletters, solicitations and promotional messages by email | Our legitimate interest in retaining and informing our users of our latest news | Data are retained for 3 years from your last contact with us. |
| Responding to your information requests | Our legitimate interest in responding to your requests | Data are retained for 3 years from your last contact with us. |
| Handling requests to exercise rights | Compliance with our legal and regulatory obligations | If we request proof of identity: we retain it only for the time necessary to verify your identity. Once verification has been completed, the document is deleted. If you exercise your right to object to receiving marketing communications: we retain this information for 3 years. |
#5. Who are the recipients of your Data?
The following parties will have access to your personal Data:
- The staff of our company;
- Our sub-contractors: hosting provider, CRM provider, authentication provider, audience measurement and analytics provider, transcription and translation provider, AI model provider, error and bug monitoring provider, payment provider;
- Where applicable: public and private bodies, solely for the purpose of complying with our legal obligations.
#6. Are your Data liable to be transferred outside the European Union?
Your Data are stored and kept throughout the processing operations on the servers of Google Cloud, located within the European Union.
In the context of the tools we use (see the article on recipients regarding our sub-contractors), your Data may be transferred outside the European Union. Any such transfer is secured by means of the following instruments:
- Either the Data are transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in that case, the country in question is considered to ensure a level of protection deemed sufficient and adequate with the provisions of the GDPR;
- Or the Data are transferred to a country whose level of data protection has not been recognised as adequate with respect to the GDPR: in that case, such transfers are based on the appropriate safeguards referred to in Article 46 of the GDPR, adapted to each provider, including in particular, without limitation, the execution of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or pursuant to an approved certification mechanism;
- Or the Data are transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
You may obtain a copy of the instruments enabling transfers of your Data outside the European Union by contacting us at the details indicated in the article "Contact point for exercising your rights" below.
#7. What are your rights with respect to your Data?
You have the following rights with regard to your personal Data:
- Right to information: this is precisely the reason we have drafted this policy. This right is provided for by Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all of your personal Data at any time, pursuant to Article 15 of the GDPR.
- Right of rectification: you have the right to rectify your inaccurate, incomplete or outdated personal Data at any time, in accordance with Article 16 of the GDPR.
- Right to restriction: you have the right to obtain the restriction of the processing of your personal Data in certain cases defined in Article 18 of the GDPR.
- Right to erasure: you have the right to request that your personal Data be erased, and to prohibit any future collection thereof, on the grounds set out in Article 17 of the GDPR.
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal Data constitutes a violation of the applicable regulations, in accordance with Article 77 of the GDPR.
- Right to define directives regarding the retention, erasure and communication of your personal data after your death.
- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal shall not affect the lawfulness of any processing carried out prior to the withdrawal.
- Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
- Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal Data. Please note, however, that we may continue such processing notwithstanding your objection, on legitimate grounds or for the establishment, exercise or defence of legal claims.
You may exercise these rights by writing to us at the contact details below. We may ask you on that occasion to provide us with additional information or documents to verify your identity.
#8. Contact point for exercising your rights
Contact email: privacy@trypillow.ai
Contact address: TAPE LABS, 14 Avenue Du General De Gaulle, 94160 Saint-Mandé.
#9. Modifications
We may modify this policy at any time, in particular to comply with any regulatory, case law, editorial or technical developments. Such modifications shall apply as of the effective date of the amended version. You are therefore invited to consult the latest version of this policy on a regular basis. We will, however, keep you informed of any significant modification to this privacy policy.