Comeen Workplace - Privacy Policy
Comeen, a simplified joint stock company (société par actions simplifiée) organized and operating under the laws of France, registered with the Bordeaux Trade and Companies Register under Registration Number 834 702 821, having its registered office located at 88 cours de Verdun, 33000 Bordeaux, France, and represented by Mr. Benjamin Gauthier, its President, (“Comeen”) complies with all applicable regulations relating to Personal Data protection (the “Applicable regulations”), and in particular all provisions defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the « General Data Protection Regulation » or « GDPR »), as well as provisions of French law No 78-17 of 6 February 1978 said “Informatique et Libertés” as amended (the “LIL”).
Comeen edits and operates the COMEEN SaaS solution (the “Solution”) consisting in the following solutions:
The Clients and the Users (as defined in the applicable terms) acknowledge and agree that Comeen processes certain of their personal data (“Personal Data”) in accordance with the Applicable Regulations in order to ensure to proper functioning of the Solution, management of Clients and Users, and the provision of its Services, in accordance with the terms and conditions of this Privacy Policy (the "Privacy Policy" and alternatively the "Policy").
“Personal Data" refers to any information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
It is reminded that, in accordance with the Applicable Regulations, Personal Data is:
a) Processed in a lawful, fair and transparent manner with regard to the data subjects;
b) Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
c) Adequate, relevant and limited to what is necessary for the purposes for which they are processed
d) Accurate and, where necessary, kept up to date;
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed
f) Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
4.1 The data controller is Comeen, the recipient of the concerned Personal Data.
The Personal Data which is processed is intended for the data controller. If the data subject where appropriate fails to provide such data, their request may not be processed.
For all intents and purposes, it is reminded that the data controller is, in accordance with the applicable legislation, the entity that defines and limits the data to be collected as well as the purposes of processing.
In any event, such Personal Data is collected and processed based on a legal obligation, a legitimate interest of Comeen and/or the consent of the data subject.
4.2 The Personal Data of the data subjects which are collected by Comeen in its capacity as data controller, necessary for the provision of the Services of the Solution, are the following:
Comeen also collects, in an anonymised manner, data relating to the number of Users and of comings, with a view to providing the Services and invoicing the Services subscribed by the Clients.
4.3 In any event, and in general, it is recalled that Comeen may process Personal Data of the following nature:
It is also specified that certain data and information are collected through the interactivity that may be established between the Client and/or the User and the Solution, as follows:
4.4 It is furthermore reminded that in accordance with the agreements between Comeen and the Client and the Services provided to the Client and its Users by Comeen, Comeen may act according to the terms of the Applicable Regulations as a processor and the Client as a data controller. In this respect, Comeen and the Client execute the agreements and clauses applicable according to the Applicable Regulations, relating in particular to the description of the processing subject to subcontracting, to the obligations of Comeen in its capacity as processor with regards to the Client in its capacity as data controller, and to the obligations of the Client with regards to Comeen in these respective capacities.
The Client in this context informs its Users of the processing operations of their Personal Data at the time of their collection and more generally of the policy implemented by the Client relating to the processing of Personal Data, in compliance with the rules relating to the use of Personal Data, and in the context of the relationship between the Client and the User.
The Client shall inform the data subjects of the nature, means and purposes of the processing of the said Personal Data. Comeen is in any case not a party to the relationship between the data subject and the Client and it is up to the data subject to approach the Client in order to exercise his or her rights in the context of their relationship.
The Personal Data which may be collected by Comeen in its capacity as a processor are the following:
Comeen also collects Users' on-site presence schedules. The data for past dates is anonymised within a period of one week.
The Solution also allows for the synchronization of meeting room events and the identity of participants.
Concerning Visitors, information about visits and meetings on the Users' calendar and the identity of participants is collected.
Users may share their calendar information with other Users of their choice.
More generally, in the context of the installation of the Solution on Google Workspace or Microsoft 365, Comeen has access to the information of the Google or Microsoft professional calendar attached to the domain administered by the Client.
5.1 The Personal Data of the Clients and/or Users of the Solution are collected directly and solely from them.
It is reminded that the Solution is installed directly on the Users' Google Workspace or Microsoft 365 by the Client, administrator of the Google Workspace or Microsoft 365 used by the User in the context of his or her professional activity.
Comeen undertakes to obtain the express consent of the data subjects and to allow them to object to the use of their Personal Data for any other purpose, as soon as this is necessary.
5.2 In any event, it is reminded that the Personal Data collected is necessary for the proper performance of Comeen's services and to enable it to comply with its legal obligations.
The collection, storage and processing of this information and Personal Data have the following purposes:
6.1 Comeen undertakes not to commercialize the Personal Data collected from the Clients and Users.
6.2 Personal Data may be shared with third parties, subject to the express consent of the data subject in cases where Comeen acts as data controller, in the following cases:
6.3 Comeen shall keep the Personal Data of the data subjects within the European Union.
However, if Comeen's partners and/or processors are located outside the European Union, the Personal Data collected may be transferred to countries outside the European Union whose legislation on the protection of personal data differs from that of the European Union, it being specified that, in the event that the recipient country or countries do not ensure a level of data protection equivalent to that of the European Union, Comeen undertakes to take all appropriate guarantees, either on the basis of an adequacy decision or, in the absence of such a decision, on the basis of appropriate guarantees, and to enter into specific contracts with the said processors and partners in order to supervise and secure the transfer of the Personal Data of the data subjects, in particular on the basis of the standard contractual clauses adopted, a copy of which may be requested from the contact details below.
The list of Comeen's partners and processors may be provided to data subjects upon request sent to the following email address: privacy@comeen.com
Comeen's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Comeen shall keep the Personal Data of data subjects for the period strictly necessary for the purposes pursued, and in particular for the provision of its Services, in accordance with legal and regulatory requirements.
Personal Data is retained three (3) years from the last incoming contact from the data subject with Comeen.
Regarding Clients, for the duration of the subscription, plus three (3) years.
This information may also be kept for an additional period of two (2) years, under restricted and exceptional access, for the purposes of proof in compliance with the Company's legal and regulatory obligations.
Accounting documents and records shall be retained for ten (10) years as accounting evidence.
Comeen collects and uses the Personal Data of the Clients and Users if this processing meets at least one of the following bases:
It is reminded that:
Pursuant to the Applicable Regulations, data subjects are reminded that they have the following rights:
If the data subject wishes to know how Comeen uses their Personal Data, to request rectification, to object to the processing thereof, to request deletion thereof, or to request a copy of all Personal Data in Comeen's possession, he or she should send his or her request to Comeen by mail, the request to be accompanied by a copy of valid ID documents, to the following address:
By e-mail to the address: privacy@comeen.com
- By registered mail with acknowledgement of receipt addressed to
Comeen
88 cours de Verdun
33000 Bordeaux
In addition, the data subjects may lodge a complaint with the supervisory authorities, and in particular with the CNIL (https://www.cnil.fr/fr/plaintes).
Comeen takes all necessary precautions, in view of the personal nature of the data collected and the risks presented by the processing, to protect the security of Personal Data relating to users of the Solution and, in particular, to prevent such data from being distorted or damaged or from being accessed by unauthorised third parties.
Comeen implements all technical and organisational measures to ensure the security of the processing of Personal Data and the confidentiality of Personal Data. Persons working for Comeen are required to respect the confidentiality of the Personal Data of the data subjects.
The Solution is intended for people of legal age who are capable of entering into obligations in accordance with the legislation of the country in which the person concerned is located.
The Solution may contain links to websites and platforms of Comeen's partners or third parties.
These websites and platforms have their own policies on the use of personal data and Comeen shall not be liable for the use made by these third-party websites and platforms of the information collected when users click on these links.
Comeen reserves the right to make any changes to this Policy at any time in accordance with this clause.
If Comeen makes a change to this Policy, it will publish the new version which will be accessible on the Solution and any other media communicated by Comeen and will update the date of the last update appearing at the top of this document.
Comeen encourages its Clients and Users to visit this page regularly.
If the Client, User or any other data subject has any questions or complaints regarding Comeen's compliance with these provisions, or if the latter wishes to make recommendations or comments to Comeen, he or she may contact Comeen in writing at the following address
- By e-mail to the following address: privacy@comeen.com ;
- By registered mail with acknowledgement of receipt addressed to:
Comeen, 88 cours de Verdun, 33000 Bordeaux