Privacy Policy

Regulation (EU) 2016/679 (General Data Protection Regulation) differentiates between the data “Controller” and “Processor”. In most cases, Siit acts as processor and each Client as controller of the Users’ Personal Data. Clients may, for example, grant and remove access to a Workspace, assign roles, configure settings, access, modify, export, share or remove Personal Data from a Workspace.

Siit shall not be held liable for Client’s collecting and processing of Personal Data for its own purposes.

Siit may collect and receive Personal Data as Controller, as described in Section 3 (Data collected, purposes and storage periods).

When Users navigate on the Platform, Siit processes Personal Data for special purposes, each of them being duly legitimated by a valid legal basis. Siit stores Personal Data for a limited duration, not exceeding the fulfilment of the purposes described herein.  

Users are under no obligation to provide Personal Data. Nevertheless, Siit draws Client's and Users’ attention to the fact that, in such a case, access to the Platform and use of the Services may be altered, if not impossible.

Each User will have to join a Workspace to access the Platform.

The User will need to create an account when joining a Workspace. To manage each account and to allow Clients accessing content reserved only to Workspace holders, Siit collects and processes the following Personal Data: name, date of birth, telephone number, email, address, login and password to access the account. The legal basis of this processing is the necessity for Siit to perform the contract to which the User is a party - Siit hereby refers to the User Terms available here https://siit.io/terms-of-services.

Siit will retain your Personal Data until such account is closed. Nevertheless, if Siit needs to retain your Personal Data for evidence purposes beyond the date the account is closed, the maximum retention period applicable will then be in line with the statute of limitation and will not exceed the period during which Siit is required to retain evidence.

Siit tries to make the Platform as useful as possible for Users. For example, Siit may improve search functionality to help determine and rank the relevance of content or channels to a specific User, customise the Platform experience or create new productivity features and products. Consequently, Siit is willing to understand how Users interact with the Platform and needs to process various browsing information resulting from Cookies which qualify as Personal Data, for the performance of analytic operation related to the Platform use.

In this respect, the legal basis Siit relies upon is its legitimate interest which consists of (i) understanding the way its Platform is browsed by Users and visitors (including Clients); and (ii) improving the Platform where needed.

The Personal Data processed by Siit or on its behalf for performing analytic operations shall not be retained by Siit after the analytic operations are finalized and the corresponding reports/summaries are completed. Where the applicable retention period expires, Siit either deletes your Personal Data or irrevocably anonymised it so that you can no longer be identified.

Siit collects and processes User's Personal Data for managing and following up any questions, requests or feedback a User may submit. As such, please note that this processing is only carried out in the event User submits a question, a request or a feedback directly on the Platform or to Siit's email or postal address. Otherwise, User's Personal Data is not processed for this purpose. This processing requires Siit to collect and process the following categories of Personal Data: (i) identification data (i.e. the information the User provides, including his/her name and email address) and (ii) the content of the message(s) User sends to Siit as part of the question, request or feedback.

While processing User's Personal Data for this purpose, Siit relies on its legitimate interest, which consists of duly managing its relationships with Users.

Siit will not retain Personal Data for this purpose for more than two (2) years following the last contact on User's initiative.

You may connect third party integrations to your Siit account, which may ask for certain permissions to access data or send information to your Siit account. It is your responsibility to review any third party integrations you authorize. We may collect information about what types of integrations you use in your Siit account.Any permission(s) granted by you, grants these third parties access to your data, which may include (but is not limited to) granting third party applications access to view, store, and modify your Siit account data.Additional Limits on Use of Your Google User DataSiit’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In any event, and disregarding the processing purpose at stake, please note that Siit will comply with a strict data minimization principle and will thus only collect and process Personal Data which is necessary for the above purposes.

Where Siit considers it does not need to retain User's Personal Data in its active database, it will archive it and will ensure that access thereto is restricted to a limited number of persons who have an actual need to access User's Personal Data.

Siit keeps a register of processing activities carried out on behalf of Clients when they act as controller. Siit provides the controller with all the information necessary to demonstrate compliance with its obligations and allow audits to be carried out.

Siit shares and discloses Personal Data with Clients, solely in accordance with a Client’s instructions, in compliance with the Terms of Service and with any applicable law and legal process.

Siit shares User's Personal Data with third-party service providers and suppliers which assist Siit in fulfilling the purposes specified in this Privacy Policy. The Services providers and suppliers may have access to Personal Data for the sole and exclusive purpose of carrying out the missions assigned to them. Siit ensures that the Services providers and suppliers offer sufficient guarantees for the performance of the mission and comply with the applicable laws and regulations.

Furthermore, as the case may be, Siit shares User's Personal Data with competent courts and any other governmental and/or public authorities requesting access to User's Personal Data, within the extent legally permitted.

In any event, Siit communicates User's Personal Data to the above recipients on a strictly need-to-know basis and only as necessary for fulfilling duly identified processing purposes.

Siit keeps an up-to-date list of the subcontractors: AWS, Datadog, Rollbar, Slack, Hubspot, Heroku.

Personal Data may be processed outside the European Union territory. In that situation, Siit shall take all necessary precautions and alternatively or cumulatively ensures that (i) an adequacy decision has been taken by the European Commission regarding the country of destination; (ii) contractual clauses adopted by the European Commission or the supervisory authority have been signed with the recipient.

Please note that, as part of the processing implemented for the purposes mentioned above in Section 3 (Data collected, purposes and storage periods), Siit transfers User's Personal Data to Google LLC which are located outside the European Union, in the United States of America.

This country does not benefit from an adequacy decision by the European Commission, depriving transferred Personal Data of an adequate level of protection.

Nevertheless, User is hereby expressly informed that Siit implements the following guarantees, additionally to the measures listed above, to protect User's Personal Data in the event of such transfer: encryption; Siit undertakes to limit as much as possible the data that could not be encrypted to cases of absolute necessity ;management of security incidents ;access limited to authorized personnel and to the extent necessary ;a secure subcontractor architecture in accordance with industry standards;regular reviews of the internal policies of its providers to assess the adequacy of the personal data security measures implemented; identification and implementation of additional or alternative solutions if necessary.

In addition, Siit undertakes to inform the person concerned by a transfer of his/her data outside the European Union about :the laws and regulations that would allow U.S. government authorities to access the personal data being transferred ;any requests for access to Personal Data by public authorities that Siit has received during the previous semester.

Finally, Siit certifies that it has not deliberately, or as a matter of legal obligation, created backdoors or similar programs that could be used to access the system and/or personal data, nor has it created or modified its business processes in a manner that would facilitate such access.

As data subjects, Users benefit from various rights regarding the processing of their Personal Data. These are as follows:right to request from Siit access to and rectification or erasure of User's Personal Data;right to request from Siit restriction of the processing concerning User;right to object to the processing of User's Personal Data;right to portability of User's Personal Data;right to give guidelines regarding the use of User's Personal Data after Client's death; right to complaint with the French Data Protection Authority (CNIL), the competent supervisory authority.

To exercise User's rights or for any question on Personal Data protection, Users shall make a request accompanied by proof of identity by mail addressed to Siit - 101 rue de Prony 75017 Paris, France or by email at contact@siit.io.
‍
Siit shall strive to reply without undue delay and at the latest within one (1) month after the receipt of the request.

Siit reserves the right to extend this period to three (3) months in the case of a complex request.Siit is committed to protect User's Personal Data and comply with the applicable data protection legal framework.

This is the reason why Siit requires User's assistance to this end. Thus, Users commit to informing Siit if the Personal Data Client shared with us becomes obsolete or inaccurate.

In addition, in the event User provide Siit with information enabling to identify directly or indirectly any other natural persons (e.g. User sends a request to Siit with the contact email address available on the Services and share personal data concerning another natural person in User's email), Client represent and warrant that, prior to sharing this information with Siit, such other natural persons have been provided with this Privacy Policy and, to the extent applicable, have consented to the processing of their data.When Siit acts as processor of Personal Data, Clients are responsible for the processing of requests from Users to exercise their rights. However, Siit undertakes to assist Clients in the processing of these requests.

Siit undertakes to take appropriate technical and organizational measures to ensure the security and confidentiality of the personal data processed.

Siit takes Personal Data security very seriously. Siit works hard to protect the information you provide from loss, misuse and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology.
‍
However, given the nature of communications and information processing technology, Siit cannot guarantee that information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others. When you click a link to a third-party website, you will be leaving our website and we don’t control or endorse what is on this third-party website.

This privacy policy (hereinafter the “Privacy Policy”) is intended to inform Users, about the way Siit controls their use of their workspace on the Platform (hereinafter a "Workspace"), enabling to identify them, either directly or indirectly (hereinafter “Personal Data”), as controller or processor.

This Privacy Policy is accessible at any time on the website, and prevails over any previous version. The Privacy Policy may evolve. The up-to-date version is the one available on the website when using it.