Neobrain Privacy Policy
It describes how we protect your data and respect your privacy. Protecting your Data is important to us. Our Privacy Policy enables us to inform you about the processing carried out on your Data, in compliance with all European and French regulations on the protection of personal data and privacy, and in particular the General Data Protection Regulation 2016/679 of April 27, 2016 ("GDPR") and the amended Law no. 78-17 of January 6, 1978 relating to information technology, files and freedoms.
I. Overview
NEOBRAIN understands that privacy and data security is important to you and your organization (individually and collectively referred to herein as “you” or “your”) and we are committed to respecting your privacy when you visit any website operated by the company (collectively, the “Sites”), use any of our mobile applications, and/or otherwise access our services via a direct or indirect connection to the internet or sign up for and use any of our products or service offerings via our website or otherwise, including, without limitation the NEOBRAIN platform (collectively, the “Services”).
The following information in this Policy is designed to help you better understand what information we gather from you and through your use of any of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps NEOBRAIN takes.
This Policy is incorporated into and subject to the terms of any End User Subscription Agreement, Free Trial Agreement, or other agreement entered into between NEOBRAIN and you and/or your organization (either via clickthrough acceptance or otherwise) (collectively, the “Use Agreements”). This Policy applies to all Sites operated or controlled by the Company and all Services provided, however it does not apply to any third-party site linked to our Site or recommended or referred by our Site or any third party service used in the provision of the Services to you (including, without limitation, third party sites used for sign-in to our Services).
II. Data Collection and Use
Overview and Definition of Personally Identifiable Information; Additional Information Collected by NEOBRAIN.
By visiting our Websites, accessing or using our Services, or interacting with any aspect of our business, you accept the terms of this Privacy Policy and expressly consent to our collection, use, and disclosure of data, including Personal Data, provided to or otherwise received by us for the purposes and in the manner described in this Privacy Policy (and the Client Agreement when applicable).
Client Data
Clients and Authorized Users routinely submit Client Data to NEOBRAIN when using the Services. Client Data is governed by the Client Agreement. Client Data may include Account Information, Hosted Data, Sync Data, or any Client Data otherwise defined in the Client Agreement.
If you have any questions about your Personal Data with respect to Client Data, please contact your Company representative.
Account Information (Including Personally Identifiable Information)
In providing our Services or otherwise interacting with you through your use of our Sites or our Services, we may collect your personally identifiable information (“PII”) as well as other information we receive as described in this Policy. PII includes personal information such as:
- Employee First Name
- Employee Last Name
- Employee email address
- Employee ID
- Gender
- Profile Photo URL
- Feedback data (unstructured)
- Performance Management Data (unstructured)
- Employment Status (e.g., Active/Inactive)
- Employment Type (e.g., Full-Time, Part-Time, Contract)
- Tenure
- Hiring Date
- Job Title
- Job Location
- Division / BU / Legal Entity
- Department Name
- Manager Employee ID
- Manager Name
- Manager Email Address
- HRBP Employee ID
- HRBP Name
- HRBP Email Address
- anything else a user provides to us that can in any manner identify the user.
Additionally, PII collected by NEOBRAIN includes such information that you upload or otherwise submit to NEOBRAIN, including, but not limited to any content you share publicly in connection with your use of the Services, information provided to NEOBRAIN in connection with communications related to support or other issues you contact us about, or billing information. When you create or establish an account with us, we collect and store such information about you and your company, and we use this information for reasons including to provide access and permissions necessary to facilitate the Services, to communicate with your regarding your account and/or the Services, and to monitor and improve the Services.
Hosted Data
Through its Services, the Company provides technology services used to support certain internet-based solutions, including internet-based communications and applications (including “mobile apps”) as well as other information that users input, post, upload, or store via use of the Services. As a result, the Company’s hosting services store and transmit information about our customers, their business, as well as information collected or inputted by those businesses (the “Hosted Info”). Hosted Info may include PII and other information that belongs to you and/or your employees or other service providers.
Except to the extent necessary to render the Services to you, the Company does not purposefully access any Hosted Info. For example, if you input information as text feedback, our Service passively receives such information and normally only accesses or reviews such information to the extent necessary to provide the Services to you (and provide any related support of the Services) and you agree that such access is permissible for all purposes. You are solely responsible for the content of all information you post, upload, store, display, transmit, or submit on the Services, including Personal Information, and the consequences thereof. NEOBRAIN is not responsible and will not be liable for the information you disclose while using the Services.
Third Party Authenticator and Application Information
If you log-in to our Services using a Third Party Authenticator (as defined in Section 5 below) or if you utilize a third party application that you integrate with the Services (a “Third Party Application”), we may receive and collect information relating to your credentials with such Third Party Authenticator or Third Party Application, as applicable, including service log-in, email, profile picture, and/or other information transmitted by such Third Party Authenticator or Third Party Application to us.
Technical Data and Syncing Information
In addition, when you use the Services, we may collect certain information related to you by automated means, including (1) technical data about your computer or device, such as IP address, operating system, browser and platform information, and device type and (2) usage data and statistics relating to your interactions with our Services. We use the foregoing technical data to facilitate updates and support, and to improve our Services.
We make other tools available to sync information with our Services, and may also develop additional features that allow you to sync information stored via our Services to other third-party services used by you or your organization (each an “Additional Platform”). If you use the Service and integrate your receipt of Services with one or more additional Platforms, we will receive and collect information, potentially including PII, from the Additional Platform for the purpose of important information between our Services and the Additional Platform, and you consent to such syncing and agree that the transfer of all such information that is distributed to an Additional Platform is permissible.
B. Methods of Information Collection of Information, Including Collection of PII.
General Use
When you use the Services or otherwise interact with our Site, your information, including your PII, Hosted Info, and any other information you input, post, display, transmit, or submit via use of our Services may be collected and stored by us, and such information is available to other users accessing the Services in your company. Information that you provide through your direct interactions with our Site, or through email or written correspondence, telephone calls, or web-based forms or otherwise may be collected and stored in our general business practices, and to facilitate the provision of Services and related support.
Cookies
We also may place “cookies” (a small file) or similar technologies on your hard drive during your access to any of our Sites or use of our Services to help us identify the number of unique visitors to our Sites, learn what our users’ technology preferences are, monitor the functionality of our Sites and/or Services, help with authentication/login and otherwise improve our Services. We may also use “local storage,” a feature of your browser, to retain information locally regarding your usage to improve our Services. If you do not wish to have cookies placed on your computer or do not wish for us to use “local storage” you may adjust your web browser settings accordingly. If adjustment is not feasible, you may elect to refrain from using our Services or accessing our Sites. Please be aware that restricting cookies may impede your ability to use our Site or our Services or certain features of our Site or our Services.
For additional information about cookies and your ability to opt out of certain aspects of their functionality, you can visit applicable resources including http://www.allaboutcookies.org, http://youronlinechoices.eu/ (European
Union), https://helpx.adobe.com/flash-player/kb/disable-localshared-objects-flash.html (flash cookies).
Log Files & Third-Party Analytics
Like most internet-enabled services, we use log files on the server side. The data held in log files includes information such as your IP address, browser type, e-mail application, Internet service provider ("ISP"), referring/exit Web pages, computer platform type, date/time stamp, and user activity. The Company uses server log data to analyze trends, administer the Services offered through our Sites and otherwise administer our Sites and the Services.
The software enabling the Sites and the Services has associated log and temporary files that are stored on Company controlled servers. These files may store your account information, preference settings, system notifications as well as other data necessary to enable you to participate on the Site and/or use the Services. Your information may also exist within regularly performed server backups.
We use third-party analytics services to provide us with information relating to your use of the Services, including information relating to your usage of the Services, performance data, and related information, to help us better understand how our Services perform on different devices and under different circumstances.
By visiting our Websites, accessing or using our Services, or interacting with any aspect of our business, you accept the terms of this Privacy Policy and expressly consent to our collection, use, and disclosure of data, including Personal Data, provided to or otherwise received by us for the purposes and in the manner described in this Privacy Policy (and the Client Agreement when applicable).
Client Data
Clients and Authorized Users routinely submit Client Data to NEOBRAIN when using the Services. Client Data is governed by the Client Agreement. Client Data may include Account Information, Hosted Data, Sync Data, or any Client Data otherwise defined in the Client Agreement.
If you have any questions about your Personal Data with respect to Client Data, please contact your Company representative.
Account Information (Including Personally Identifiable Information)
In providing our Services or otherwise interacting with you through your use of our Sites or our Services, we may collect your personally identifiable information (“PII”) as well as other information we receive as described in this Policy. PII includes personal information such as:
- Employee First Name
- Employee Last Name
- Employee email address
- Employee ID
- Gender
- Profile Photo URL
- Feedback data (unstructured)
- Performance Management Data (unstructured)
- Employment Status (e.g., Active/Inactive)
- Employment Type (e.g., Full-Time, Part-Time, Contract)
- Tenure
- Hiring Date
- Job Title
- Job Location
- Division / BU / Legal Entity
- Department Name
- Manager Employee ID
- Manager Name
- Manager Email Address
- HRBP Employee ID
- HRBP Name
- HRBP Email Address
- anything else a user provides to us that can in any manner identify the user.
Additionally, PII collected by NEOBRAIN includes such information that you upload or otherwise submit to NEOBRAIN, including, but not limited to any content you share publicly in connection with your use of the Services, information provided to NEOBRAIN in connection with communications related to support or other issues you contact us about, or billing information. When you create or establish an account with us, we collect and store such information about you and your company, and we use this information for reasons including to provide access and permissions necessary to facilitate the Services, to communicate with your regarding your account and/or the Services, and to monitor and improve the Services.
Hosted Data
Through its Services, the Company provides technology services used to support certain internet-based solutions, including internet-based communications and applications (including “mobile apps”) as well as other information that users input, post, upload, or store via use of the Services. As a result, the Company’s hosting services store and transmit information about our customers, their business, as well as information collected or inputted by those businesses (the “Hosted Info”). Hosted Info may include PII and other information that belongs to you and/or your employees or other service providers.
Except to the extent necessary to render the Services to you, the Company does not purposefully access any Hosted Info. For example, if you input information as text feedback, our Service passively receives such information and normally only accesses or reviews such information to the extent necessary to provide the Services to you (and provide any related support of the Services) and you agree that such access is permissible for all purposes. You are solely responsible for the content of all information you post, upload, store, display, transmit, or submit on the Services, including Personal Information, and the consequences thereof. NEOBRAIN is not responsible and will not be liable for the information you disclose while using the Services.
Third Party Authenticator and Application Information
If you log-in to our Services using a Third Party Authenticator (as defined in Section 5 below) or if you utilize a third party application that you integrate with the Services (a “Third Party Application”), we may receive and collect information relating to your credentials with such Third Party Authenticator or Third Party Application, as applicable, including service log-in, email, profile picture, and/or other information transmitted by such Third Party Authenticator or Third Party Application to us.
Technical Data and Syncing Information
In addition, when you use the Services, we may collect certain information related to you by automated means, including (1) technical data about your computer or device, such as IP address, operating system, browser and platform information, and device type and (2) usage data and statistics relating to your interactions with our Services. We use the foregoing technical data to facilitate updates and support, and to improve our Services.
We make other tools available to sync information with our Services, and may also develop additional features that allow you to sync information stored via our Services to other third-party services used by you or your organization (each an “Additional Platform”). If you use the Service and integrate your receipt of Services with one or more additional Platforms, we will receive and collect information, potentially including PII, from the Additional Platform for the purpose of important information between our Services and the Additional Platform, and you consent to such syncing and agree that the transfer of all such information that is distributed to an Additional Platform is permissible.
B. Methods of Information Collection of Information, Including Collection of PII.
General Use
When you use the Services or otherwise interact with our Site, your information, including your PII, Hosted Info, and any other information you input, post, display, transmit, or submit via use of our Services may be collected and stored by us, and such information is available to other users accessing the Services in your company. Information that you provide through your direct interactions with our Site, or through email or written correspondence, telephone calls, or web-based forms or otherwise may be collected and stored in our general business practices, and to facilitate the provision of Services and related support.
Cookies
We also may place “cookies” (a small file) or similar technologies on your hard drive during your access to any of our Sites or use of our Services to help us identify the number of unique visitors to our Sites, learn what our users’ technology preferences are, monitor the functionality of our Sites and/or Services, help with authentication/login and otherwise improve our Services. We may also use “local storage,” a feature of your browser, to retain information locally regarding your usage to improve our Services. If you do not wish to have cookies placed on your computer or do not wish for us to use “local storage” you may adjust your web browser settings accordingly. If adjustment is not feasible, you may elect to refrain from using our Services or accessing our Sites. Please be aware that restricting cookies may impede your ability to use our Site or our Services or certain features of our Site or our Services.
For additional information about cookies and your ability to opt out of certain aspects of their functionality, you can visit applicable resources including http://www.allaboutcookies.org, http://youronlinechoices.eu/ (European
Union), https://helpx.adobe.com/flash-player/kb/disable-localshared-objects-flash.html (flash cookies).
Log Files & Third-Party Analytics
Like most internet-enabled services, we use log files on the server side. The data held in log files includes information such as your IP address, browser type, e-mail application, Internet service provider ("ISP"), referring/exit Web pages, computer platform type, date/time stamp, and user activity. The Company uses server log data to analyze trends, administer the Services offered through our Sites and otherwise administer our Sites and the Services.
The software enabling the Sites and the Services has associated log and temporary files that are stored on Company controlled servers. These files may store your account information, preference settings, system notifications as well as other data necessary to enable you to participate on the Site and/or use the Services. Your information may also exist within regularly performed server backups.
We use third-party analytics services to provide us with information relating to your use of the Services, including information relating to your usage of the Services, performance data, and related information, to help us better understand how our Services perform on different devices and under different circumstances.
III. Data Controller and Data Processor
NEOBRAIN takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Data.
None of your Data is transmitted to third parties, except to our suppliers for the use of the Site's functionalities. Your Data may be transferred outside the European Union to authorized service providers.
If you would like to know more about the appropriate safeguards in place in this respect, please contact us! Please note that your Data may be transmitted to third parties legally authorized to access it upon specific request, in certain cases provided for by law: judicial authority, administrative authority, etc.
Your Data may also be communicated to third parties if this is necessary to protect and/or defend our rights, or to ensure compliance with the present provisions.
IV. Avoidance of Sensitive Information; Use of Services by Children.
We will not intentionally collect or maintain, and request that you do not provide, sensitive personal information, including any information regarding or constituting any social security or other government-issued identification numbers, financial account numbers, consumer reports or background checks, biometric data, personal account access, or information relating to medical or health conditions, your race or ethnic origins, political opinions, your religious or philosophical beliefs, or other such information. Use of our Site and our Services are not designed for or directed to children under the age of 13, and we will not intentionally collect or maintain information about anyone under the age of 13 (or anyone under the age of 16 in the Europe Economic Area). Any parent who believes we may have collected personal data from a child under those ages can submit a request that it be removed by contacting us.
Personal Data shall be processed and retained for as long as required for the purpose for which it was collected.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between NEOBRAIN and the Customer shall be retained until the full performance of the contract.
- Personal Data collected for the purposes of NEOBRAIN's legitimate interests shall be retained for as long as necessary to achieve those purposes. Users may request specific information regarding the legitimate interests pursued by NEOBRAIN by sending a message to the address mentioned in paragraph 6.
NEOBRAIN may be authorized to retain Personal Data for longer whenever the User has given consent to such processing, as long as such consent is not withdrawn.
In addition, NEOBRAIN may be obliged to retain Personal Data for a longer period whenever this is required for the performance of a legal obligation or by order of a competent authority.
Once the retention period has expired, the Personal Data will be deleted. Consequently, the right of access, the right of erasure, the right of rectification and the right to data portability cannot be applied after the expiry of the retention period.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between NEOBRAIN and the Customer shall be retained until the full performance of the contract.
- Personal Data collected for the purposes of NEOBRAIN's legitimate interests shall be retained for as long as necessary to achieve those purposes. Users may request specific information regarding the legitimate interests pursued by NEOBRAIN by sending a message to the address mentioned in paragraph 6.
NEOBRAIN may be authorized to retain Personal Data for longer whenever the User has given consent to such processing, as long as such consent is not withdrawn.
In addition, NEOBRAIN may be obliged to retain Personal Data for a longer period whenever this is required for the performance of a legal obligation or by order of a competent authority.
Once the retention period has expired, the Personal Data will be deleted. Consequently, the right of access, the right of erasure, the right of rectification and the right to data portability cannot be applied after the expiry of the retention period.
B. Rules and Consents Applicable in Particular Jurisdictions
In accordance with the Regulations, in particular Articles 15 to 22 of the RGPD, you have the following rights concerning the processing of your Data, within the legal limits:
- Right of access: obtain information about your Data and a copy of your Data;
- Right of information: obtain information about the conditions of processing (recipients, purposes, categories of data, etc..);
- Right of rectification: to correct or update one's Data when it is inaccurate or incomplete;
- Right of opposition: to object to processing on grounds relating to one's particular situation, or to withdraw one's consent to processing on this legal basis;
- Right to limitation: request not to process all or part of the Data temporarily, without however requesting their deletion;
- Right to erasure: request the deletion of your Data;
- Right to portability: obtain your Data in a structured, machine-readable format and be able to transmit them easily to a third party;
- Right to define specific directives for the processing of your Data post-mortem.
You can exercise your rights via the contact address (below). If you have any doubts about your identity, you may be asked to provide proof. Any abusive or unfounded request with regard to laws and regulations may be rejected.
We undertake to respond to requests to exercise the rights of registered Administrators and Users as quickly as possible and, in any event, within the legal time limits.
VI. Enforcement.
TThe Company will actively monitor its relevant privacy and security practices to verify adherence to this Policy. Any individual service provider that the Company determines is in violation of this Policy will be subject to disciplinary action up to and including termination of service.
We reserve the right to change, modify, or update this Policy, in whole or in part, in our sole discretion at any time. Any changes to this Policy will be posted on this website. If we make material changes to this Policy, we will notify End Users via email, through a notification posted on the Services, or as required by applicable law, and we will include a summary of the key material changes. Unless stated otherwise in our notification, changes will become effective on the date of posting. As permitted by applicable law, your continued use of the Services after the effective date of any changes will constitute your agreement to follow and be bound by the revised Policy.
If you have any questions or concerns regarding our Privacy Policy or our handling of your information, please do not hesitate to contact us (including our designated personal information protection manager) (1) at our support email address, support@neobrain.io, or (2) by mail at NEOBRAIN, Inc., Attn: Privacy Policy Agent, One Sansome Street, Suite 3500, San Francisco, CA 94104.
