Our privacy policy
Effective Date: 31 October, 2024
This Privacy Policy describes how Grégoire Gaonach, a micro-entreprise with Siren Number 987679271 (“PolicyMate” also referred to as our, us, and we), collects, uses, and discloses information from or about an identified or identifiable person, including information that we can associate with an individual person (“Personal Data”), as well as any choices you have with respect to your Personal Data.
Applicability of this Privacy Policy
This Privacy Policy applies to all of PolicyMate’s services, including our public affairs platform and any associated mobile and desktop applications (collectively, the “Services”), the policymate.eu website and all other PolicyMate websites (collectively, the “Websites”), as well as other interactions (e.g., customer support) you may have with PolicyMate, including the processing of any messages, text, files, audio or video content, or any other content submitted through the Services (collectively, “Customer Content”).
By using the Services or any Website, you as well as any organisation controlling or connected with your use of the Services, such as an employer or similar entity, (each, an “Organisation”), and any other individuals granted access to the Services by you or an Organisation (each individually a “User” and collectively with you and all Organisations, “Customer”) you agree to the terms of this Privacy Policy and also agree to be bound by our Website Terms of Services and any other product or master services agreement between you and PolicyMate (collectively, the “Customer Agreement”).
This Privacy Policy does not apply to any third-party applications or software that integrate with our Services or any other third-party products, services, or businesses (“Third-Party Services”).
If you have any questions about specific Organisation settings and privacy practices, please contact that Organisation. If you have received an invitation to join an Organisation but have not yet created an account, you should request assistance from the person that sent the invitation.
Identifying the Data Controller and Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of Personal Data. Whether PolicyMate or Customer is the controller or processor of Personal Data depends on the type of data used and the purposes for such use.
Customer is the controller for all Customer Content that is also Personal Data. As the controller, Customer may, for example, use the Services to grant and remove access to an Organisation, assign roles and configure settings, access, modify, export, share, and remove information, and otherwise apply its policies to the Services. As the processor for Customer Content, PolicyMate processes Customer Content that is Personal Data only on Customer’s request and in accordance with Customer’s written instructions, including the applicable terms in the Customer Agreement, Customer’s use of the Services, and as required by applicable law. For more information about how Customer Content is processed (such as how your Personal Data is processed, the purpose and legal basis for processing, and your data subject rights), we refer you to the relevant Customer’s privacy notice.
PolicyMate is the controller for Services Data as defined in Section 3.
The Types of Personal Data We Collect
Your Personal Data is provided by you, obtained from third parties, and/or created by us when you use the Services.
Customer Content. PolicyMate collects Customer Content routinely submitted when using the Services.
Services Data. PolicyMate also collects, generates, and/or receives the following types of Personal Data, other than Customer Content, through and in connection with PolicyMate’s provision of the Services (the “Services Data”):
Organisation and Account Information. To create or update an Organisation account, you or the relevant Customer (e.g., you or your employer) will supply PolicyMate with an email address, phone number, password, domain, and/or similar account details. We may also receive your email address and name from other organisations with whom our platform has integrations (e.g., Slack).
Billing Information. Customers that purchase a paid version of the Services may provide PolicyMate (or its payment processors) with billing details such as credit card information, banking information, and/or a billing address.
Log Data and Service Metadata. Like most websites and services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services, recording this information in log files. Additionally, when a User interacts with the Services, metadata is generated to provide additional context about their use of the Services. This log data and metadata may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, your browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences, Organisations, policies, people, features, content, and links that you view or interact with, as well as the types of files shared and any Third-Party Services that you use.
Device Data. PolicyMate collects information about devices accessing the Services, including the type of device, operating system used, device settings, application IDs, unique device identifiers, and crash data.
Location Data. We receive information from you, the relevant Customer, and other third parties that helps us approximate your location. We may, for example, use a business address submitted by your employer or an IP address received from your browser or device to determine the approximate location.
Third-Party Data. PolicyMate may receive data about organisations, industries, lists of companies that are customers, Website visitors, marketing campaigns, and other matters relevant to our business from affiliates, partners, or other third parties that we use to make our own information more useful. This data may be combined and may include aggregate-level data. For example, information about how well an online marketing or email campaign performed, or to create a business contacts directory.
Marketing and Communications Data. PolicyMate may obtain marketing information, including your preferences in receiving marketing from us and our third parties, and your communication preferences.
Cookie Data. PolicyMate may use a variety of cookies and similar technologies on our Websites and Services to help us collect Services Data. For more details about how we use these technologies, as well as your opt-out opportunities and other options, please see our Cookie Policy below.
Email Performance Data. PolicyMate may use a ‘clear image’ in email communications in order to track engagement and performance metrics. Much of this data is aggregated and does not contain Personal Data. If you wish to turn off this tracking, you can do so by turning off images in the email itself.
Third-Party Services Data. A Customer may choose to use Third-Party Services. If a Customer enables Third-Party Services, PolicyMate may access and exchange Customer Content and Services Data with the Third-Party on the Customer’s behalf, in accordance with our agreement with the Third-Party Services and any permissions granted by the Customer (including its User(s)).
Contact Data. In accordance with the consent provided by you, your device, or third-party API, we process any contact information that a User chooses to import when using the Services.
Community Data. We also receive Services Data when submitted via our Websites or in other ways, such as at live events such as at a conference, live demonstration, via contests or other activities hosted by PolicyMate or on our behalf.
Call Data. Our Customer Success team may record video or telephone calls with Customers for the purposes of training and quality assurance. You will be notified of this when a recording is made, and can request that PolicyMate does not record these calls.
Additional Data Provided to PolicyMate. Services Data also includes data associated with your interaction with any artificial intelligence tools or services made available by PolicyMate. We also receive Services Data when you request support, interact with our social media accounts, or otherwise communicate with PolicyMate.
Business Data. PolicyMate may receive information about individuals from organisations, industries, Customers, (potential) partners, affiliates, and our partners for cooperation and communication purposes.
Generally, no one is under a statutory or contractual obligation to provide any Personal Data. However, certain Personal Data is collected automatically, and if some Personal Data, such as Organisation setup details, is not provided, we may be unable to provide the Services.
How We Use Personal Data
Customer Content. Customer Content that is Personal Data will be used by PolicyMate in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of the Services, and as required by applicable law.
Services Data. PolicyMate uses Services Data for the purposes of our legitimate interests in operating our Services, Websites, and business. More specifically, PolicyMate uses Services Data:
To provide, update, maintain, and protect our Services, Websites, and business. This includes the use of Services Data to support delivery of the Services under a Customer Agreement, including to create or update an Organisation, to prevent or address service errors, security or technical issues, and to analyse and monitor usage of the product and its features, trends, and other activities.
To develop and improve products and Services, including AI features, provided you have not opted out.
To comply with applicable law, legal process or regulation.
To support and communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your Services Data to respond.
To develop, test, and provide search, learning, and productivity tools and additional features. PolicyMate strives to make the Services as useful as possible. For example, we may make Service suggestions based on historical use and predictive models, identify organisational trends and insights, customise your experience of the Services, or create and develop new features and products.
To conduct market and user research. To improve our Services and troubleshoot new products and features, we may carry out research. For example, we may survey Customers (including Admins, Users, and other contacts) or third parties about customer satisfaction, user experience, the effectiveness of our marketing campaigns, and their broader interests.
To send emails and other communications.
Transactional: As part of our Services, we provide Users with certain communications and updates. We may send you service, transactional, technical, and other administrative communications, such as communications about your account, our Service offerings, changes to the Services, and important Services-related notices, such as security and fraud notices. We consider these communications as part of our Services to you.
Soft Opt-in/Legitimate Interests: In addition, we may sometimes send emails about new product features, recommendations, promotional communications, or other news about PolicyMate. You can opt-out of these messages at any time by using the unsubscribe link included in all of these communications.
For billing, account management, and other administrative matters. PolicyMate may need to contact you for invoicing, account management, and similar reasons, and we use account data to administer accounts and keep track of billing and payments.
To investigate and help prevent security issues and abuse.
To manage and contact you with regard to involvement. We may need to manage and contact you with regard to your involvement and participation in PolicyMate events.
If information is aggregated or pseudonymized so that it can no longer reasonably be associated with an identified or identifiable natural person, PolicyMate may use it for any business purpose.
Data Retention
PolicyMate will retain Customer Content and Personal Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of the Services, and as required by applicable law. The deletion of Customer’s Personal Data may result in the deletion and/or pseudonymization of an account and certain associated Services Data. PolicyMate may retain Services Data for as long as necessary for the purposes described in this Privacy Policy.
Further, note that we may keep certain types of Services Data after the deactivation of an account for the period needed for PolicyMate to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.
How We Share and Disclose Personal Data
This section describes how PolicyMate may share and disclose Personal Data. Customers determine their own policies and practices for the sharing and disclosure of Personal Data. PolicyMate does not control how they or any other third party chooses to share or disclose Personal Data.
PolicyMate may share and disclose Personal Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and the Customer’s use of the Services, and in compliance with applicable law. Where necessary, we may only share Personal Data with third parties where we have obtained consent to do so.
We may share Personal Data as follows:
Displaying the Services: When a User submits Customer Content (including Personal Data), it may be displayed to other Users who have access to the same PolicyMate team. For example, a User’s name and PolicyMate profile may be displayed.
Customer Access: Owners, administrators, Users, and other Customer representatives and personnel may be able to access, modify, or restrict access to Personal Data. This may include, for example, your employer using Service features to export logs of your activity or accessing or modifying your profile details.
Subprocessors: We may engage third parties as subprocessors to process Personal Data. These third parties may, for example, provide virtual computing and storage services, or we may share business information to develop strategic partnerships to support our Customers. Please see more information on our subprocessors here.
Third-Party Services: Customers may choose to enable Third-Party Services. “Third-Party Services” means any platform, add-on, service, product, app or integration not provided by PolicyMate that Customer elects to integrate or enable for use with the Service. When enabled, PolicyMate may access and exchange Customer Content with the provider of Third-Party Services on Customer’s behalf. For example, AI features may share limited data with Third-Party Services in connection with the use of AI features and to monitor compliance with codes of conduct. Third-Party Services are not owned or controlled by PolicyMate, and third parties that have been granted access to Personal Data may have their own policies and practices for its collection, use, and sharing. Please check the permissions, privacy settings, and notices for these Third-Party Services, or contact the relevant provider with any questions.
Partners: We may share Personal Data with developers, partners, and others we engage to create PolicyMate applications and/or integrate PolicyMate features.
Corporate Affiliates: PolicyMate may share Personal Data with its corporate affiliates, parents, and/or subsidiaries for business continuity purposes.
In connection with a change to PolicyMate’s business: If PolicyMate engages in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of PolicyMate’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Personal Data may be shared or transferred, subject to standard confidentiality arrangements.
To comply with laws: If we receive a request for Personal Data, we may disclose Personal Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
To enforce our rights, prevent fraud, and for safety: To protect and defend the rights, property, or safety of PolicyMate, its Users, or third parties, including enforcing its contracts or policies, or in connection with investigating and preventing illegal activity, fraud, or security issues, including to prevent death or imminent bodily harm.
Security
PolicyMate takes the security of Personal Data seriously. PolicyMate strives to protect Personal Data from unauthorised access or disclosure. However, PolicyMate cannot guarantee that Personal Data stored or sent to PolicyMate will be completely safe and encourages you to use caution. To the maximum extent allowed by applicable law, you agree and acknowledge that PolicyMate will not be liable or responsible if any information about you is intercepted, accessed, and/or used by an unintended recipient.
Our Responsibility for Third-Party Links
Our Services may contain links to websites and services operated by third parties, which we do not own or control. This Privacy Policy does not apply to your use of such third-party websites, and you should read the relevant privacy notices and terms and conditions before using such websites or services.
Age Restriction
PolicyMate does not allow the use of our Services and Websites by anyone younger than 16 years old (“Minor”). If you learn that a Minor has unlawfully provided us with Personal Data, please contact us, and we will take steps to delete this information.
By using our Services and Websites, you represent and warrant that you are not a Minor as of the date of first access to our Services and Websites.
International Transfers
If we share your Personal Data with our PolicyMate group company(ies) or third parties located outside the European Economic Area or the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your Personal Data, such as by entering into the Standard Contractual Clauses adopted by the European Commission (Article 46(2)(c) GDPR), which were also adopted by the UK Government under section 119A of the UK Data Protection Act 2018.
Your Rights
Where we are the controller of your Personal Data, and subject to the privacy rights granted to you under the law in your country, you have the following rights:
Access: You can request access to your Personal Data, subject to applicable law.
Portability: You can request a copy of your Personal Data that we process on the basis of consent or in order to perform a contract with you.
Erasure: You can request to erase your Personal Data that we are not required to process for compliance with law or in connection with legal claims. Where we rely on an exemption, we will inform you about this.
Correction: You can request that we correct inaccurate information we maintain about you.
Objection and Restriction of Processing: You can use the "unsubscribe" link in our marketing communications to stop us from using your information for direct marketing. You can object to our processing of your Personal Data where we rely on legitimate interests or perform a task in the public interest. We will consider several factors when assessing an objection, including reasonable expectations of PolicyMate customers, the benefits and risks to you, us, other users, or other available means to achieve the same purpose that may be less invasive and do not require disproportionate effort. Unless we find that we have compelling legitimate grounds for this processing, which are not outweighed by your interests or fundamental rights and freedoms, or the processing is needed for legal reasons, your objection will be upheld and we will cease processing your Personal Data.
Withdrawal of Consent: Where you have provided your consent to our processing of your Personal Data, you can withdraw your consent at any time. If you do withdraw consent, it will not affect the lawfulness of what we have done with your Personal Data before you withdrew consent.
Exercising Your Rights: To exercise your rights or ask us any questions pertaining to your rights, please contact us using the details set out in the How to Contact PolicyMate section below. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to access the relevant personal information.
You also have the right to lodge a complaint with a data protection authority. For more information, please contact your local data protection authority.
Cookie Policy
This following provides information about how and when PolicyMate may use cookies on our Websites and on the Services. Any information we collect through cookies will be used in accordance with this Privacy Policy, including the Cookie Policy in this Section 12. If you do not accept the use of cookies, you can disable them by following the steps below.
What is a cookie?
A “cookie” is a small text file sent to your computer or mobile device used to collect data regarding your use of the Site and Services. Cookies do many different jobs. Some PolicyMate features and functionality require the use of cookies to properly work. For the purposes of this Privacy Policy, the term “cookie” includes all cookies, web beacons, pixels, tags and similar technologies.
Cookies are unique to your account or your browser. There are different types of cookies, including first party cookies (which are served directly by us to your computer or device) and third-party cookies (which are served by a third party on our behalf). Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the Site and also when it visits certain other websites. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
What is a web beacon?
Cookies are not the only way to track users of a website. PolicyMate may also use “web beacons” (sometimes called tracking pixels or gifs) to collect data regarding your use of the Site and to enable certain features of the Services. A web beacon is a small graphic file, sometimes only a pixel in size, embedded onto a page of our Site. Web beacons are used to identify each of our pages in order to be analysed by our system tools. This allows us, for example, to monitor the traffic patterns of users from one page to another, to deliver or communicate with cookies, to understand whether you have come to our Services from an online advertisement displayed on a third-party site, and to improve site performance. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
To find out more about cookies and beacons, visit this site.
Does PolicyMate use cookies?
Yes, PolicyMate uses Cookies, web beacons and other similar technologies. We use or intend to use both session-based and persistent cookies on our Sites and Services. In addition, we also may use third party cookies (e.g., Google Analytics).
How does PolicyMate use cookies?
PolicyMate uses some cookies that are tied to your account and personal information to recognize your logins and the workspaces where you are logged in. PolicyMate may use other cookies which are not tied to your account but are unique to carry out analytics, customization, and other similar tasks.
Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and provide a personalised experience that’s consistent with your settings. Cookies also make your interactions with the Site faster and more secure.
Categories of Use.
Essential cookies. These cookies are needed to provide you with the Site and Services and to use some of its features, such as access to secure areas. Without these cookies, we would not be able to provide you with the services that you have asked for. These include authentication cookies, which help us show you the right information and personalise your experience when you're signed in to our Services, and security cookies that enable and support our security features and help us detect malicious activity.
Performance cookies. These include cookies that can tell us which language you prefer and what your communications preferences are. They can also help you fill out forms on our Sites more easily and provide you with features, insights, and customised content.
Targeting cookies. We may use cookies to help us deliver marketing campaigns and track their performance (e.g., a user visited our Help Center and then made a purchase). Similarly, our partners may use cookies to provide us with information about your interactions with their services.
Analytics and Research. Cookies help us learn how well our Sites and Services perform. We also use cookies to understand, improve, and research products, features, and services, including to create logs and record when you access our Sites and Services from different devices, such as your work computer or your mobile device.
Please be aware that the cookies we use may depend on the features you are using and the device, browser or operating system you are using. The number and names of cookies, pixels and other technologies may also change from time to time.
Does PolicyMate use cookies for marketing and/or advertising purposes?
PolicyMate may use cookies to market more effectively to users that may be interested in PolicyMate products and services. In doing so, we may work with third parties that use cookies to learn more about your visits to this and other sites in order to provide relevant advertisements about goods and services that you may be interested in. They also help provide PolicyMate with aggregated auditing, research, and reporting, and knowing when content has been shown to you.
What can you do if you don't want PolicyMate to use cookies?
Some cookies are essential and we cannot provide our Site or Services to you without them, but there are others that can be turned off. Please be aware if you limit the ability of our Site and Services to set cookies, this may worsen your overall user experience and/or you may lose the ability to access certain services. It may also stop you from saving customised settings, like login information.
Browser settings
Most browsers give users the ability to manage cookies according to personal preferences. In some browsers you can set up rules to manage cookies on a site-by-site basis, meaning you can allow cookies only on sites that you trust.
Browser manufacturers usually provide help pages relating to cookie management. Click on the links below for more information on cookie management for the common browser manufacturers:
For other browsers, please consult the documentation that your browser manufacturer provides.
If you want to change your settings at a later time (for example, if you accept all cookies but later decide you do not want a certain type of cookie), then you will need to use your browser settings to remove any third party cookies dropped on your previous visit.
Targeting cookies
You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (http://youradchoices.com). In addition, on your iPhone, iPad or Android, or other mobile device, you can change your device settings to control whether you have opted-in for interest-based ads.
Other third party cookies
In addition to managing cookies in your browser settings, you can also opt out of certain third party cookies. For example, we use Google Analytics to help us understand how users engage with our Services, compile reports and improve our Services. The reports disclose usage trends without identifying individual users. You can opt out of these cookies without affecting how you use our Services. For more information on Google Analytics, see here. You can opt out of Google Analytics and customise the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics Opt-out Browser Add-on from each browser on each device.
Cookie PreferencesTo change your cookie preferences on PolicyMate, click "Manage Cookies" under the Support section of the PolicyMate website footer navigation panel.
Does PolicyMate respond to Do Not Track Signals?
Your browser or device may include "Do Not Track" functionality. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to "Do Not Track" signals. However, you can opt out from the use of cookies and web beacons as explained above.
Changes to this Privacy Policy
PolicyMate may change this Privacy Policy from time to time. Laws, regulations, and industry standards evolve, which may make those changes necessary, or we may make changes to our services or business. We will post the changes to this page, and we encourage you to review our Privacy Policy to stay informed. If we make material changes to the Privacy Policy, PolicyMate will take commercially reasonable efforts to notify you and take additional steps as required by law. If you disagree with changes to this Privacy Policy, you should deactivate your account and discontinue your use of the Services. Contact the relevant Customer if you wish to request the removal of your Personal Data under their control.
How to Contact PolicyMate
If you have questions about this Privacy Policy, or regarding your Personal Data, you can contact us online, via email at hello@policymate.eu, or by mail at:
VIA MAIL:
PolicyMate
℅ EuraTechnologies
Place de Saintignon
165 Av. de Bretagne
59000 Lille, France
VIA EMAIL:
