Pigment Platform
Privacy and Data Protection Policy

At Pigment we take Privacy and Data Protection seriously. In this Privacy and Data Protection Policy (“Policy”) we have set out how we process personal data as a data processor, i.e. when we provide our services, via our Platform, on behalf of your organization (our customer). In short, this Policy applies to users of the Pigment Platform. By “Platform”, we mean the tool that your organization uses to process and analyze business data and plan its business operations, as well as our training programs related to our tool and our community. In this context, your organization is the data controller of your personal data.

Who is Pigment? 

When we refer to “Pigment” in this Policy, we mean Pigment SAS, a French simplified joint stock company with a capital of 26 468,73 euros registered with the trade and commercial register of Paris under n° 852 785 914 and having its head office at 8 rue Sainte-Cécile, 75009 Paris, France and/or its affiliate(s) ("Pigment"), acting as data processor on behalf of our customers (such as your organization).

What is “personal data”?

Within the meaning of the European Data Protection Regulation No. 2016/679 (known as "GDPR") entered into force on May 25, 2018 and of the French Law n° 78-17 of 6 January 1978 "Informatique et Libertés" in its amended version (“French law Informatique et Libertés”), “personal data” consists of any information that relates to an identified or identifiable individual, such as a name, email address, telephone number, and IP address.

What personal data do we process about you and why? 

At Pigment, as instructed by your organization, we process the following personal data about you: 

• Your identification data and professional contact details, e.g. name, last name, image, email address, postal address, phone number, job title, company, user name, newsletter subscriptions, for instance, in order to register your organization, create your account and enable you to use our Platform. 
• Your communications and any information you decide to share with us, such as your email address, mailing address, meeting and call recordings (e.g. webinars or demos), events recordings, forms and tickets raised, or any other information you provide to us when you request customer or technical support or otherwise communicate with us. 
• Information related to our interactive features: we may offer interactive features such as forums, blogs, community and notifications: by using the interactive features, you understand that the information will be shared and viewed by other users and / or third-parties. 
• Data related to your usage of Pigment products and services, e.g. your IP address, logs, statistics, feedback, screen recordings, satisfaction survey, in order to support you appropriately and further develop our Platform.
• Data you decide to upload and generate within our Platform, in order to use our Platform, and in accordance with the agreement concluded between us and your organization. This is applicable, in particular, when you use a Pigment AI Feature. 
• Third-party information about you, for instance, to enable you to connect our Platform with other tools you may use. We may obtain information about you from other sources for instance, from a third-party login service you decide to connect with Pigment Platform. 
  

To be clear, we process your personal data for the following purposes: 

• Deliver our services, via our Platform, in accordance with our contract with your organization, including our Pigment AI Features when your organization has activated them, 
• Manage the usage of our Platform for your organization, 
• Ensure the appropriate maintenance of our Platform,
• Ensure the security of our Platform, 
• Facilitate collaboration with other users of your organization in our Platform, 
• Answer to questions, comments and other requests,  
• Process information on behalf of your organization; 
• Analyze your usage and improve our Platform and related services, 
• Communicate with you about the latest news and developments of Pigment and Pigment Platform, 
• Send you notifications (via email or instant messaging tools) about actions to be performed on Pigment Platform, 
• Enable you to connect Pigment Platform with other tools you may use,
• Enable you to use specific functionalities as well as beta features, such as AI-related features, 
• Allow you to benefit from dedicated training and participate in the Pigment community. 

Please note that we may use de-identified and/or aggregated information that can no longer be linked to you. This information is not subject to this Policy and we may use this information, in accordance with our agreement with your organization, for various purposes such as internal analysis, analytics or product/services improvement (e.g. within the context of our Pigment AI Features). 

How does Pigment respect GDPR to process your personal data? 

As data processor, we comply with our customers’ instructions, in accordance with article 28 of the GDPR. 

How long is Pigment keeping your personal data? 

We will keep your personal data for the retention period requested to us by your organization (i.e. 90 days after the expiry of our agreement with your organization), and in compliance with applicable statutes of limitations. 

Is the processing of your personal data secure?

Pigment has implemented a number of measures to protect your privacy and personal data and to meet the requirements of the GDPR.

If you want to learn more about our security measures, please read our Security Addendum. 

To whom do we share your personal data with?

Your personal data can be accessed by your organization which acts as data controller of your personal data (i.e.: your organization decides “why” Pigment Platform is being used). 

In addition, your personal data is shared with our sub-processors. You can access the list of our sub-processors, which may be updated from time to time in accordance with our agreement with your organization, by clicking here. 

When your personal data is shared outside Pigment, we make every effort to select our service providers on the basis of very demanding criteria in terms of privacy, data protection and security. All personal data transfers are secured contractually. 

Pigment SAS may also share Your personal data to providers located outside of the European Economic Area (“EEA”). In such case, we ensure that our providers are:

• Located in a country considered having an adequate level of protection by the European Union in terms of personal data, or
• They are bound by contractual provisions ensuring an equivalent level of protection of your personal data (i.e. standard contractual clauses established by the European Commission) or the transfer is otherwise permitted under the GDPR.

‍

What about third-party platforms / applications? 

What are we speaking about? Our Platform may contain connections that you can activate. For instance: 

• Data connectors, or 
• Integrations with instant messaging tools used within your organization. 
  

Be careful. These third-parties are not controlled by Pigment. We do not endorse or approve, and we are not responsible for their privacy practices. Using these integrations is at your own risk. 

Sensitive and personal data may be shared out from Pigment. We encourage you to read their privacy policies and to use these integrations carefully as it may lead to personal and sensitive data being sent out from Pigment. 

For instance, if Pigment notifications are enabled for your instant messaging or email applications, such third-parties’ platforms will get access to your personal data and the sensitive information that may be included in the Pigment Platform. They will process notifications containing (i) tasks attributed to you on the Pigment Platform, (ii) operational and / or technical actions required to be performed on the Pigment Platform, (iii) error messages and (iv) comments. If you don’t want these third-parties to get access to said information, please disable the notifications. However, if other users’ of your organization have enabled the third-parties’ notifications, said third-parties will still be able to get access to the information. 

We will collect your personal data from these third-parties. In order to enable you to activate and use these connections (including with the transfer of data from the third-party’s platform / application to Pigment Platform and vice versa), we will collect personal data from these third-parties. The categories of personal data collected depend on the connection at stake. For instance, if you use the Pigment App for Slack, we will receive from Slack your email address, your Slack ID and your display name.

Your choices? 

• You may have the right to opt out of certain uses of your information. Where you have consented to the processing of your information for a specific purpose, you may withdraw that consent at any time by contacting us. Please note that even if you opt out, we may still collect and use your information for other purposes that were not based on your consent.
• If you receive an email from us and do not want to receive future emails from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our product and services, and you will not be able to opt out of those communications.

Your rights? 

Within the limits and conditions of applicable data protection laws, please note that you can request your organization to: 

• Access your personal data;
• Rectify your personal data;
• Erase your personal data;
• Restrict the processing of your personal data;
• Object to the processing of your personal data;
• Transfer your personal data to another provider (right of portability). 

You can also lodge a complaint with a competent supervisory authority (for instance, the CNIL in France). 

If you want to exercise your rights, we advise you to contact your organization. 

How to contact us? 

For any questions regarding this document and, in general, about Pigment’s cookies, do not hesitate to contact us by e-mail: dpo@gopigment.com or send us a letter at: Pigment SAS - Data Protection Officer, 8 rue Sainte-Cécile, 75009 Paris (France).

What else? 

Changes. This Policy may be updated from time to time, in particular to take into account changes in our services, technologies or applicable regulations. These updates will be effective immediately when they are made available and searchable on our Platform.