Wedia Privacy Policy

INTRODUCTION

Wedia SA ("Wedia") appreciates your interest in our products and services and your visit to our website. Your privacy is important to us and we want you to feel comfortable visiting our site and using our product. Protecting your privacy in the processing of your personal data is an important concern to which we pay particular attention during our business processes.
‍

Personal data collected during visits to our website or/and when using our product are processed by us in accordance with the legal provisions in force in the countries where the websites are maintained, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR). In addition, our corporate policy for the protection of personal data also covers the processing of customer and partner data, which is applicable company-wide for Wedia. The Wedia website may, however, include links to other websites that are not covered by this privacy statement.

‍

In this end, Wedia (Data Controller) undertakes to:

‍

• Respects your privacy and your personal data and guarantees the lawfulness of data processing.
• Collects personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
• Process data lawfully, fairly and transparently in relation to the data subject.
• Keeps data in a form that allows identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

This Privacy Policy explains what information (data) Wedia and its related entities collect about you and why, what we do with that data, how we share it, process it, and how we handle the content you place in our products and services. It also explains the choices you have regarding our use of your personal data, how you can access and rectify this data, and the applicable security measures.

This information does not concern processing carried out via cookies. For these treatments, see the cookies policy.

‍

Compliance with the law: We may disclose your data (including your personal data) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the safety or integrity of Wedia's products and services, (d) to protect Wedia, our customers or the public from harm or unlawful activity, or (e) to respond to an emergency that we believe in good faith requires us to disclose data to help prevent a person's death or serious bodily injury.

‍

Business Transfers: We may share or transfer your data (including your personal data) as part of, or during the negotiations of, any merger, sale of business assets, financing, or acquisition of all or part of our business to another company. You will be notified by e-mail and/or by prominent notice on Wedia services of any change in ownership or use of your personal data, as well as any choices you may have regarding your personal data.

‍
A. Scope of Privacy Policy

‍
This Privacy Policy applies to data we obtain through your use of the "Wedia Services" via a "Device" or when you otherwise interact with Wedia.

‍
The "Wedia Services" include our:

‍

• Websites (controller)
• SaaS products (processor)

‍
But does not include third-party products. These are third-party products or services that you may choose to integrate with Wedia products or services, suchas third-party products or sites integrated with the Wedia solution. You should always review the policies of third-party products and services to ensure that you are comfortable with how they collect and use your data.

‍
By registering or using Wedia services, you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

‍
B. Definitions

‍
Device: any computer used to access the Wedia Services, including, without limitation, a desktop computer, laptop computer, cell phone, tablet or other consumer electronic device.

‍
Content: any data that you upload, submit, publish, create, transmit, store or display in a Wedia Service.
‍

Controller: the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‍
Data: all the different forms of data, content and information collected by us, as described in this Privacy Policy.

‍
Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data does not include data that has been rendered anonymous in such a way that it cannot be easily used to identify specific individuals.

‍
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‍
SaaS products: Wedia "Cloud" hosted solutions.

‍

Websites: Wedia's websites, including, but not limited to, wedia-group.com, and all related websites, subdomains and pages.

‍
Terms not defined above shall have the meaning given to them in the GDPR.

‍

C. Security

‍
Wedia is committed to protecting the data under its control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons. Security procedures are continually improved as new technologies become available.

‍
Wedia implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risk, including, among others, where applicable:
‍

• a) Pseudonymization and encryption of personal data;
• b) The ability to ensure the confidentiality, integrity, availability and resilience of processing systems and services at all times;
• c) The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
• d) A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures designed to guarantee the security of processing;
• e) When data is transferred over the Internet as part of the website, it is encrypted using the industry standard SSL (HTTPS).

‍
WEBSITE

‍
1/ Intro

Links to third-party sites: Wedia Services may include links to other websites whose privacy practices may differ from ours. If you submit personal data to any of these sites, your data is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

‍

‍

2/ Data you provide to us

We collect data mainly concerning your profile. This is data about you and your company. This includes contact details such as name, e-mail address, postal address and telephone number.

‍

We also collect and store Content that you enter as part of your use of our Website. This Content includes any personal or other sensitive data you choose to include ("incidentally collected personal data").

We also collect other data you submit on our websites when you participate in a survey, event, or communicate with us via third-party social media sites.

‍

Finally, you can apply for a job via our website, using the "Apply" button. This takes you to an e-mail address where you can send us your CV and cover letter, which are also considered personal data.

‍

We strongly advise you not to include in these documents any data relating to (I) your racial or ethnic origin (II) your political beliefs (III) your philosophical or religious convictions (IV) your membership of a trade union or political party (V) your physical or mental health (VI) your sex life or (VII) the commission of criminal offences or criminal proceedings.

‍

‍

3/ Purpose of processing

We process data for specified, explicit and legitimate purposes, and such data will not be further processed in a manner incompatible with these purposes. The envisaged processing operations, their purposes and the basis for processing are as follows:

‍

Contact fom:

• Purpose: To send transactional messages, including answering your questions and requests.
• Legal basis: consent.

Newsletter:

• Purpose: To send promotional communications, such as data on services, features, surveys, newsletters, offers, promotions, competitions, events and sending updates on your team and chat rooms; and to provide other news or data about us and our selected partners.
• Legal basis: consent.

Recruitment:

• Purpose: to enable site visitors to apply directly using the button on the site.
• Legal basis: pre-contractual measure.

Access to testimonials/customer cases:

• Purpose: to enable site visitors to access customer testimonials.
• Legal basis: consent.

‍

4/ Data sharing and disclosure

We work with third-party service providers to provide us with a website:

‍

• Storage: AWS
• Website hosting: Webflow
• Recruitment mailbox: Gmail
• Cookie providers: see cookie policy

We do not share your personal data with third parties for marketing purposes (including direct marketing) without your permission.

‍

‍

5/ Limitation of data storage

The servers on which personal data is stored are kept in a controlled environment.

‍

‍

6/ Your rights in relation to processing

You may access, rectify, delete or transfer your personal data to another party by sending your request to the following portal https://agencergpd.fragmos.app/org/wedia/public/right-requests or at the following address: dpo@wedia-group.com.

‍

You may withdraw your consent (e.g. refuse to receive promotional communications from Wedia) by using the unsubscribe link contained in each e-mail.

‍

‍

7/ Retention period

We will retain data as follows:

‍

• Contact form: 3 years from the last contact.
• Newsletter: period of validity of consent (3 years renewable).
• Recruitment: 2 years from last exchange.

‍

8/ Children

Wedia does not knowingly collect personal data from children without insisting on prior parental consent if required by applicable law. We will only use or disclose a child's personal data to the extent permitted by law, to seek parental consent in accordance with local law and regulations, or to protect a child. The definition of "child" or "children" must take into account applicable laws as well as national and regional cultural customs.

‍

SOFTWARE

‍

1/ Data processing and purposes

We collect data about you and your business when you register for an account, create or edit your profile, use, access or interact with the Wedia Services (including, but not limited to, when you upload, download, collaborate or share content). The data we collect includes:

‍

• Contact data such as name, email address and phone number.
• Profile data such as username, profile photo and job title.
• Preference data such as notification preferences.

‍

In some cases, another user (such as a system administrator at your organization) may create an account on your behalf and provide your data, including personal data (most often when your company asks you to use our products). We collect data on behalf of our customers and often have no direct relationship with the people whose personal data we process. If you are an employee of one of our customers and no longer wish us to process your data, please contact your employer. If you provide data (including personal data) about another person, you must have the authority to act on their behalf and consent to the collection and use of their personal data, as described in this privacy policy.

‍

In addition, we collect and store Content that you create, enter, submit, publish, upload, transmit, store or display in the course of using our SaaS Products. This Content includes any personal or other sensitive data you choose to include ("incidentally collected personal data").

‍

In addition, we also collect other data that you submit when you participate in interactive features of Wedia services, request customer support, communicate with us through the application's ticketing tool. For example, data concerning a problem you encounter with a Wedia product may be submitted to our support services.

‍

Finally, in the case of our SaaS product, the URLs you access (and which are therefore included in our log files) include user names as well as content elements (such as project names, asset names, status names and filters...) necessary for the SaaS product to perform the requested operations. Occasionally, we link personal data to data collected in our log files in order to improve Wedia services for individual customers. In such cases, we will process the combined data in accordance with this privacy policy.

‍

‍

2/ Purposes of processing

We process data for specified, explicit and legitimate purposes and such data will not be further processed in a manner incompatible with those purposes. Accordingly, we use the data we collect about you (including personal data to the extent applicable) for a variety of purposes, including to:

‍

• Enable use of the platform;
• Purpose: To provide, operate, maintain and improve the Wedia Service, to access and use the Wedia Services, including uploading, downloading, collaborating and sharing content;
• Secondary purpose: to enable you to communicate, collaborate and share content with users you designate;
• Ensure maintenance and security platform;
• Purpose: to send technical notices, updates, security alerts, support and administration messages.

‍

‍

3/ Data sharing and disclosure

Some features of the Wedia services allow you or your administrator to make part of your content public, in which case it will become easily accessible to everyone. We strongly advise you to take into account the sensitivity of the data you enter in the Wedia services.

‍

As a natural part of using Wedia Services, you can create content and grant permission to other users of your platform to access it for collaboration purposes. Some of the collaboration features of the Wedia Services display your profile data, including personal data included in your profile, to users with whom you have shared your content. When this data is sensitive, we strongly advise you to use the various security and privacy features of the Wedia services to limit who can access this data.

‍

You should be aware that the administrator of your Wedia Services instance may be able to:

‍

• Access your Wedia Services account and related data;
• Access the communication history, including attachments, for your Wedia Services account;
• Disclose, restrict or access data provided by you or made available to you in the course of using your Wedia Services account, including your content;
• Control how your Wedia Services account may be accessed or deleted.

We work with third-party service providers to provide us with application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics.

‍

• Hosting, storage, infrastructure: AWS
• Payment processing : SG
• Analysis: Pendo

These service providers may access or process your data for the purpose of providing these services to us.

‍

You may choose to use third-party add-ons in conjunction with the Wedia Services. Third Party Complements are software modules written by third parties to whom you grant access privileges to your Content (which may include your Personal Data). These third parties are considered subcontractors of Wedia and are therefore treated as such in accordance with the GDPR.

‍

‍

4/ Limitation of data storage

Wedia hosts data with a hosting service provider (AWS, Azure) in many countries. The servers on which personal data is stored are kept in a controlled environment.

‍

‍

5/ Your rights in relation to processing

You can access, rectify, delete or transfer your personal data in your account settings or by sending a request to your account administrator. You can also make a request via the https://agencergpd.fragmos.app/org/wedia/public/right-requests portal, or contact our Data Protection Officer (dpo@wedia-group.com). We will respond to your access request within 30 days.

‍

You can delete content by using the editing tools associated with that content. In some cases, you may need to contact your administrator to ask them to remove the content. You or your administrator can deactivate your Wedia Services account. If you can deactivate your own account, you can usually do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization's account, please contact support. To deactivate an account created for you without authorization, please contact us using the details below.

‍

‍

6/ Retention period

We will retain your account data for as long as your account is active, or as long as is reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. If your account is managed by an administrator, the administrator may exercise control over how your account data is stored and deleted.

‍

Thus, your data will be kept for the shorter of the duration of the contract binding our entities or the duration of your employment contract, plus one (1) month.

‍

‍

D. CONTACT

If you have any questions concerning the processing of your personal data, or if you have any requests, suggestions or complaints, please contact Wedia's Data Protection Officer at the following addresses:

‍

Data Protection Officer

Wedia SA

33 rue La Fayette

c/o Wework,

75009 Paris

France

‍

E-Mail: dpo@wedia-group.com

‍

Wedia

33 rue La Fayette

c/o Wework,

75009 Paris

France

‍

E-Mail: contact@wedia-group.com

‍
This Privacy Statement was last updated in September 2023