TANDEMZ, a simplified joint stock company with a capital of €2,400, whose head office is located at 27 rue du Chemin Vert - 75011 PARIS, registered with the Paris Trade and Companies Registry under number 881 896 187, represented by its President, Mrs. Marine WOLFFHUGEL (hereafter "TANDEMZ") is concerned about the protection of Personal Data and undertakes to protect it in accordance with the applicable regulations and in particular with EU Regulation no. 2016/679 of April 27, 2016 called "Règlement Général sur la Protection des Données" or "RGPD", and the Law no. 78-17 of January 6, 1978 as amended, called "Loi Informatique et Liberté."
When it collects the Personal Data of the Platform's users, TANDEMZ carries out processing operations for which it is qualified as "data controller," in the sense of the above-mentioned texts.
As part of the operational management of the Platform, TANDEMZ may also have to access and process the Personal Data of participants in tests outside the TANDEMZ panel that the User may integrate on the Platform (the "Testers").
The Users and Testers are also hereinafter referred to collectively as the "Concerned Persons".
TANDEMZ undertakes to comply at all times with the requirements of the applicable Personal Data Protection Regulations and to process Personal Data only under the conditions set out below.
1. Purposes of the processing of Personal Data
TANDEMZ processes the User's Personal Data for the following purposes:
- Managing of the opening and use of a User Account by the User on the Platform
Furnishing of Services and operational management of the Platform:
- Allow the User, from their account, to organize and follow testing sessions
- Provided that the Tester has given prior and express consent allowing the User to obtain all useful information on the Tester
- Ensure technical support for the User while using the Platform as well as its maintenance
- Receive the TANDEMZ newsletter (news and service offers) if the User expressly requests it upon inscription on the Platform
- Contact the User to obtain feedback with the goal of improving the Platform
- Improve the performance and functionality of the Platform
- Prevent and detect fraud, malware (malicious software or malicious programs), and management of security incidents
- Provide payment management
- Manage possible disputes
- Monitor and analyse Platform traffic
- For statistical purposes
2. Personal Data processed
As data controller, TANDEMZ processes the following Personal Data:
User Data collected during creation of the Account:
- Name and surname
- Email address
- Phone number
User data collected during the use of the Platform:
- IP address, connection data
3. Specifities of treatment of Tester data
The User is reminded that they are soley responsible for how they make use of their User Account, TANDEMZ has no a priori control on the content integrated by the User onto the Platform.
TANDEMZ will act as a subcontractor of the Personal Data of the Testers integrated by the User on the Platform.
In this respect, the User undertakes and guarantees that all Personal Data of the Testers that is integrated on the Platform has been collected with respect to the applicable Regulations concerning the Protection of Personal Data.
The User is free to enter and/or upload to their Account any information they judge useful relating to their Testers, provided that they comply with the general conditions of use and the applicable Regulations for the Protection of Personal Data. In particular, the User will ensure (i) to treat only the Personal Data that is strictly necessary and pertinent with regards to the processing made within the framework of using the Platform, (ii) to inform concerned parties of the treatment of their Personal Data and ensures their consent to said treatment and (iii) to respect, at all times and in any event, the rights of data subjects whose Personal Data is processed.
TANDEMZ will not be held liable in the event of the User's non-compliance to their obligations as data controller.
As a subcontractor, TANDEMZ is committed to:
- process the data only within the strict and necessary framework for management and maintenance of the Platform and User's requests and will only act on the basis of these instructions.
- ensure the confidentiality of the data and make sure that each person it authorises to process such data undertakes to respect said confidentiality or is subject to an appropriate obligation of confidentiality not to retain it beyond the duration of the Contract or any other time period specified by the User.
- notify and assist the User in ensuring compliance with the obligations relative to the security of personal data, in particular in the context of the procedures of security breach notification, as soon as possible and notably within 48 hours after being made aware of the breach, unless the violation in question does not result in a risk to the rights and liberties natural persons.
- provide its assistance to the User in order to permit them to respond within the time limits and according to the conditions set forth by the Data Protection Regulation, to any request for exercising a right, request or complaint of a concerned person or from a data protection authority or any other such regulator.
- not to transfer processed data to countries outside of the European Economic Area which have not been recognised by the European Commision as insuring an adequate level of protection (i) without having obtained prior, express, written authorisation from the User and (ii) without the implementation of legal instruments recognised as appropriate by the Data Protection Regulation to govern the concerned transfer(s).
4. Storage period of Personal Data
4.1 Storage of the User Data
Conforming to the general conditions of use of the Platform, the User's Personal Data, collected by means of their User Account and during their use of the Platform, is kept throughout the duration of its use by the Platform's User in their free version or a paid subscription contract ending with the Client. Beyond that, the Personal Data is archived by TANDEMZ, in a secure environment, for the legal statute of limitations for the purpose of proof for the establishment, exercise, or defence of a legal claim.
4.2 Storage of the Personal Data of the Tester
The Tester's Personal Data will be kept by the User's instruction for the duration of the use of the Platform by the User, who shall be responsible, as data controller, for deleting the Tester's Personal Data.
At the end of the above-mentioned duration of storage, the Tester's data will be automatically deleted from the Platform.
5. Recipients of Personal Data
The Personal Data of the User is strictly confidential and is intended exclusively for TANDEMZ.
Unless it is legally or judicially obliged to do so, TANDEMZ will never disclose, transfer, rent or transmit Personal Data that are processed on the Platform to third parties other than its clients and the following technical service providers:
The Platform's hosting service providers, for the purpose of performing technical hosting and database management services:
- Amazon Web Services Inc: 440 Terry Avenue North 99404 WA Seattle, host of the TANDEMZ database and servers
- Netlify, Inc, 2325 3rd Street, Suite 215, San Francisco, California 94107, host of the Site, https://www.netlify.com/privacy/
TANDEMZ's subcontractors for the functional needs of the Platform, in particular:
- Datadog, Inc. 620 8th Avenue, Floor 45, New York, NY 10018, providing a logging service to fix bugs and improve the Platform
- SendinBlue, located at 55 rue d'Amsterdam, 75008 Paris, providing the Sendinblue service for sending automatic emails
- Google, 1600 Amphitheatre Pkwy, Mountain View, CA 94043 USA providing the Google Suite service as an internal office for emails, calendars, documents, and file storage
- TYPEFORM SL Carrer, Bac de Roda, 163, local, 08018 - Barcelona (Spain) providing the Typeform service to generate the questionnaire to participate in a Test and collect the answers
- HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, providing the Hubspot service for tracking sales prospects and customers
- Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France providing the Crisp service for conversation tracking and support
- Airtable, 799 Market St, San Francisco, CA, United States, providing the Airtable service for tracking our studies and customers information for invoicing
These service providers act as subcontractors of TANDEMZ in the sense of the applicable regulations for the protection of Personal Data, on the instructions of TANDEMZ and in accordance with the contractual conditions signed with TANDEMZ respecting the applicable regulations for the protection of Personal Data.
6. Security measures implemented
TANDEMZ undertakes to ensure the security and integrity of the Personal Data processed on the Platform. To this end, TANDEMZ implements and maintains technical and organizational security measures for the Platform and, more generally, for its information system, adapted to the nature of the Personal Data processed and the risks presented by their processing. These measures aim to (i) protect Personal Data against destruction, loss, alteration, and disclosure to unauthorized third parties, (ii) ensure the restoration of the availability of Personal Data and access to it within appropriate time limits in the event of a physical or technical incident.
7. Transfers of Personal Data outside the European Union
The User acknowledges having been informed that the Personal Data concerning him/her is hosted on the servers of the company Amazon Web Services Inc located in United Kingdom.
The User acknowledges having been informed and accepts that the Personal Data concerning him/her may be communicated to subcontractors whose services are hosted in countries outside the European Union. TANDEMZ's subcontractors guarantee that such transfers are carried out under appropriate and adequate security and confidentiality conditions that guarantee a level of protection of the User's Personal Data equivalent to the level required within the European Union, in accordance with the applicable Personal Data Protection Regulations.
8. Rights of Data Subjects with respect to their Personal Data
The Persons Concerned have, at any time, the following rights over their Personal Data:
- Right of access: to obtain information on the processing of their Personal Data as well as a certain amount of information on the processing, it being understood that this information is in any case given in the present Personal Data Protection Policy
- Right of rectification: obtain the rectification of Personal Data when it is inaccurate or incomplete
- Right to erasure ("right of oblivion"): to obtain the erasure of Personal Data when it is no longer necessary for the purposes for which it was collected or when the Data Subject objects to the processing of his or her Personal Data
- Right to limitation of processing: to obtain the limitation of the processing of Personal Data when the Data Subject contests the accuracy of the data, when the time limit for storing the data has expired but the Data Subject still needs to keep the Personal Data for the establishment, exercise, or defence of a right in court, or if the Data Subject has opposed the processing
- Right to portability: to obtain the communication of the Personal Data that the Concerned Person has communicated to TANDEMZ in a readable format, or to ask TANDEMZ to transmit the Personal Data that the Concerned Person has communicated to another data controller
- Right of opposition: to oppose at any time, for reasons related to his/her personal situation, to the processing of his/her Personal Data, in particular in case this opposition concerns commercial prospecting, including profiling
- Withdrawal of Consent: to withdraw one's consent to the future processing of one's Personal Data by TANDEMZ, when the processing is based on consent
- Right to lodge a complaint: to lodge a complaint with the National Commission for Information Technology and Civil Liberties if the Concerned Person considers that the processing carried out by TANDEMZ constitutes a violation of his/her Personal Data, online at https://www.cnil.fr/fr/plaintes or by post at the following address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
The rights of the Persons Concerned regarding their Personal Data can be exercised at any time by contacting TANDEMZ by email at the following address: firstname.lastname@example.org. The Concerned Person will be asked to provide proof of his/her identity.
9. Cookie management
The information collected by means of cookies is solely and strictly intended for TANDEMZ, in compliance with the Personal Data Protection Regulations. Cookies from third party publishers (Google, Facebook) allow these publishers to access the information collected through their cookies, according to the modalities specified in the table and the clause "Social Networks" below.
The list of cookies used by TANDEMZ is available in its acceptance window. Click here to see it again.
The User may also set his or her browser to accept or disable cookies.
Cookie instructions for the most commonly used browsers are available at the following links:
• Windows Internet Explorer®: https://support.microsoft.com/en-us/help/17442/delete-and-manage-cookies
• Google Chrome®: https://support.google.com/accounts/answer/61416?
• Apple Safari® (iPhone; iPad): https://support.apple.com/en-us/HT201265
• Apple Safari® (Mac): https://support.apple.com/en-ca/guide/safari/sfri11471/mac
• Disabling Google Analytics: https://tools.google.com/dlpage/gaoptout
10. Do Not Track
The Site and Platform respond to the Do Not Track ("DNT") signal. For more information on the DNT parameter, visit https://allaboutdnt.com/.