Wedia Privacy Policy

INTRODUCTION

Wedia SA ("Wedia") appreciates your interest in its products and services and your visit to our
web site. Your privacy is important to us and we want you to feel comfortable visiting our site
and using our product. The protection of your privacy in the processing of your personal data
is an important concern to which we pay special attention during our business processes.
Personal data collected during visits to our web site or/and during use of our product are
processed by us according to the legal provisions valid for the countries in which the web
sites are maintained, especially according to the Regulation (EU) 2016/679 of the European
parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data (GDPR). In
addition, our Corporate Policy for Personal Data Protection covers also the processing of
Customer and Partner Data which is applicable company-wide for Wedia. The Wedia web
site may include, however, links to other web sites which are not covered by this privacy
statement.

‍
Wedia (Processor/Controller) respects your privacy and your personal data and guarantees the
lawfulness of data processing.

‍
This Privacy Policy explains what information (data) Wedia and its related entities collect
about you and why, what we do with this data, how we share, processe it, and how we handle
the content you place in our products and services. It also explains the choices available to
you regarding our use of your Personal Data, how you can access and rectify this data and
the applicable security measures.

‍
1.1. Scope of Privacy Policy

‍
This Privacy Policy applies to the data that we obtain through your use of "Wedia Services"
via a "Device" or when you otherwise interact with Wedia.

‍
"Wedia Services" include our:
Websites (Controller)
SaaS Products (Processor)

‍
but does not include:
Third Party Products. These are third party products or services that you may choose
to integrate with Wedia product or services, such as third-party product or sites
integrated to Wedia solution. You should always review the policies of third party
products and services to make sure you are comfortable with the ways in which they
collect and use your data.

A "Device" is any computer used to access the Wedia Services, including without limitation a
desktop, laptop, mobile phone, tablet, or other consumer electronic device.

‍
By registering for or using Wedia Services you consent to the collection, transfer, processing,
storage, disclosure and other uses described in this Privacy Policy.

‍
1.2. Definitions

‍
Content: any data or data that you upload, submit, post, create, transmit, store or display in
a Wedia Service.

‍
Controller: the natural or legal person, public authority, agency or other body which, alone or
jointly with others, determines the purposes and means of the processing of personal data.
‍

Data: all of the different forms of data, content, and data collected by us as described in this
Privacy Policy.

‍
Personal Data: any information relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person. Personal Data
does not include data that has been anonymized such that it does not allow for the ready
identification of specific individuals.

‍
Processor: a natural or legal person, public authority, agency or other body which processes
personal data on behalf of the controller;

‍
SaaS Products: Wedia "Cloud" hosted solutions.

‍
Websites: Wedia's websites, including but not limited to wedia-group.com, and any related
websites, sub-domains and pages.

‍
The terms not defined here above have the meanings given in the GDPR.

‍
DATA PROCESSING AND PURPOSES

‍

1.3. Data you provide to us

‍
We collect the following data:

‍
Account and Profile Data: We collect data about you and your company as you register for
an account, create or modify your profile, use, access, or interact with the Wedia Services
(including but not limited to when you upload, download, collaborate on or share Content).
Data we collect includes:
‍
• Contact data such as name, email address, mailing address, and phone number
• Profile data such as a username, profile photo, and job title
• Preferences data such as notification preferences
‍
You may provide this data directly when you enter it in Wedia Services.

‍
In some cases, another user (such as a system administrator) may create an account on your
behalf and may provide your data, including Personal Data (most commonly when your
company requests that you use our products). We collect Data under the direction of our
customers and often have no direct relationship with the individuals whose personal data
we process. If you are an employee of one of our customers and would no longer like us to
process your data, please contact your employer. If you are providing data (including
Personal Data) about someone else, you must have the authority to act for them and to
consent to the collection and use of their Personal Data as described in this Privacy Policy.

‍
Content: We collect and store Content that you create, input, submit, post, upload, transmit,
store or display in the process of using our SaaS Products or Websites. Such Content includes
any Personal Data or other sensitive data that you choose to include ("incidentally-collected
Personal Data").

‍
Other submissions: We collect other data that you submit to our Websites or as you
participate in any interactive features of the Wedia Services, participate in a survey, contest,
promotion, sweepstakes, activity or event, apply for a job, request customer support,
communicate with us via third party social media sites or otherwise communicate with us.
For example, data regarding a problem you are experiencing with a Wedia product could
be submitted to our Support Services.

‍
Job searches: You do not have to give us any Personal Data in order to perform job searches.
Nevertheless, to apply for (web application eRecruiting), you will have to type your name, email address, telephone number and a CV. We strongly suggest that your CV should not contain data relating to your (i) racial or ethnic origin (ii) political beliefs (iii) philosophical or religious beliefs (iv) membership of a trade union or political party (v) physical or mental health (vi) sexual life or (vii) the commission of criminal offences or proceedings. If your CV does contain such data, then you agree that we may retain this data and use it in accordance with this Statement.

‍
1.4. Data we collect from your use of Wedia Services

‍
Web Logs: As is true with most websites and services delivered over the Internet, we gather
certain data and store it in log files when you interact with our Websites and SaaS Products.
This data includes internet protocol (IP) addresses as well as browser type, internet service
provider, URLs of referring/exit pages, operating system, date/time stamp, data you search
for, locale and language preferences, identification numbers associated with your Devices,
your mobile carrier, and system configuration data. In the case of our SaaS Product, the URLs
you accessed (and therefore included in our log files) include usernames as well as elements
of Content (such as project names, asset names, status names, and filters…) as necessary for
the SaaS Product to perform the requested operations. Occasionally, we connect Personal
Data to data gathered in our log files as necessary to improve Wedia Services for individual
customers. In such a case, we would treat the combined Data in accordance with this privacy
policy.

‍
Analytics Data from Website and SaaS Products: We collect analytics data when you use our
Websites and SaaS Products to help us improve our products and services. In the SaaS
Products, this analytics data consists of the feature and function of the Wedia Service being
used, the username and IP address of the individual who is using the feature or function
(which will include Personal Data if the Personal Data was incorporated into the username),
the sizes and original filenames of attachments, and additional data required to detail the
operation of the function and which parts of the Wedia Services are being affected. For
example:

‍

• In the Digital Asset Management, analytics data that we collect when a user
  download an asset includes the system-generated numeric identifier of the asset, the
  selected variation type of the asset (if any), the IP address of the user.
• Similarly, in the Creative Project, analytics data that we collect when a subject is
  edited includes the system-assigned numeric subject id, the modified item, whether
  the edit is made by a user or automatically generated by the system, and whether
  email notifications are to be sent.

‍
As shown in the examples above, the analytics data we collect includes elements of Content
related to the function the user is performing. As such, the analytics data we collect may
include Personal Data or sensitive business data that the user has included in Content that
the user chose to upload, submit, post, create, transmit, store or display in an Wedia Service.
We use Elasticsearch and Pendo as the analytics solution for our SaaS product.

‍
Cookies and Other Tracking Technologies: Wedia and our third-party partners, such as our
advertising and analytics partners, use various technologies to collect data, such as cookies
and web beacons. Cookies are small data files stored on your hard drive or in device memory.
We use cookies to improve and customize Wedia Services and your experience; to allow you
to access and use the Websites or SaaS Products without re-entering your username or
password; and to count visits and understand which areas and features of the Websites and
SaaS Products are most popular. You can instruct your browser, by changing its options, to
stop accepting cookies or to prompt you before accepting a cookie from websites you visit.
If you do not accept cookies, however, you may not be able to use all aspects of our Websites
or SaaS Products. Wedia and our third-party partners also collect data using web beacons
(also known as "tracking pixels"). Web beacons are electronic images that may be used in our
Websites or SaaS Products or in emails that help us to deliver cookies, count visits,
understand usage and campaign effectiveness and determine whether an email has been
opened and acted upon.

‍
Wedia and our third-party partners also use javascript, e-tags, "flash cookies", and HTML5
local storage to collect data about your online activities over time and across different
websites or online services. Many browsers include their own management tools for
removing HTML5 local storage objects.

‍
You may be able to opt out of receiving personalized advertisements as described below
under "Your Choices."

‍
1.5. Data we collect from other sources

‍
Data from third party services: We also obtain data from third parties and combine that with
Data we collect through Wedia Services. For example, we may have access to certain data
from a third-party social media or authentication service if you log into Wedia Services
through the service or otherwise provide us with access to Data from the service. Any access
that we may have to such Data from a third party social or authentication service is in
accordance with the authorization procedures determined by that service. By authorizing us
to connect with a third-party service, you authorize us to access and store your name, email
address(es), current city, profile picture URL, and other data that the third-party service
makes available to us, and to use and disclose it in accordance with this Privacy Policy. You
should check your privacy settings on these third-party services to understand and change
the data sent to us through these services.

‍
Google Data and Youtube API: Google gives us an access to the Google user data, but we do
not process this data (no consultation, use, modification, etc.). Wedia Services (Wedia
application) accesses the Google data by using Youtube APIs.

‍
Wedia application stores authentication video tokens on a secure database to interact with
the Youtube chain and to permit further video modifications. Wedia application permits to
modify the video data (name of the video, etc.), and to retrieve its views, likes, sharings,
comments, statistics and etc., stored on a secure database. There is no personal data
processing. No data shared.

‍
1.6. Purposes of the processing

‍
We processe the Data for specified, explicit and legitimate purposes and this Data will be not
further processed in a manner that is incompatible with those purposes. Consequently, we
use the Data we collect about you (including Personal Data to the extent applicable) for a
variety of purposes, including to:

‍

• Provide, operate, maintain, improve, and promote Wedia Services;
• Enable you to access and use Wedia Services, including uploading, downloading,
  collaborating on and sharing Content;
• Process and complete transactions, and send you related data;
• Send transactional messages, including responding to your comments, questions,
  and requests; providing customer service and support; and sending you technical
  notices, updates, security alerts, and support and administrative messages;
• Send promotional communications, such as providing you with data about services,
  features, surveys, newsletters, offers, promotions, contests, events and sending
  updates about your team and chat rooms; and providing other news or data about
  us and our select partners. You have the ability to opt out of receiving any of these
  communications as described below under "Your Choices";
• Monitor and analyze trends, usage, and activities in connection with Wedia Services
  and for marketing or advertising purposes;
• Investigate and prevent fraudulent transactions, unauthorized access to Wedia
  Services, and other illegal activities;
• Personalize Wedia Services, including by providing content, features, or
  advertisements that match your interests and preferences;
• Enable you to communicate, collaborate, and share Content with users you
  designate;
• Recrutment; and
• For other purposes about which we obtain your consent.

Notwithstanding the foregoing, we will not use Personal Data appearing in our Analytics
Logs or Web Logs for any purpose. The use of Data collected through our Wedia Services
shall be limited to the purposes disclosed in this policy.

‍
Wedia collects the Personal Data which is adequate, relevant and limited to what is necessary
in relation to the purposes for which they are processed.

‍
1.7. Data sharing and disclosure

‍
Wedia processes the Data lawfully, fairly and in a transparent manner in relation to the data
subject.

‍
We will not share or disclose any of your Personal Data or Content with third parties except
as described in this policy. We do not sell your Personal Data or Content.

‍
Your Use: When you use Wedia Services, Content you provide will be displayed back to you.
Certain features of Wedia Services allow you or your administrator to make some of your
Content public, in which case it will become readily accessible to anyone. We urge you to
consider the sensitivity of any data you input into Wedia Services.

‍
Collaboration: As a natural result of using Wedia Services, you may create Content and grant
permission to other Wedia users to access it for the purposes of collaboration. Some of the
collaboration features of Wedia Services display your profile data, including Personal Data
included in your profile, to users with whom you have shared your Content. Where this data
is sensitive, we urge you to use the various security and privacy features of the Wedia Services
to limit those who can access such data.

‍
Access by your system administrator: You should be aware that the administrator of your
instance of Wedia Services may be able to:

• access data in and about your Wedia Services account;
• access communications history, including file attachments, for your Wedia Services
  account;
• disclose, restrict, or access data that you have provided or that is made available to
  you when using your Wedia Services account, including your Content; and
• control how your Wedia Services account may be accessed or deleted.

‍
Service Providers, Business Partners and Others: We work with third party service providers
to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers
may have access to or process your Data for the purpose of providing those services for us.
Some of our pages utilize white-labeling techniques to serve content from our service
providers while providing the look and feel of our site. Please be aware that you are providing
your Data to these third parties acting on behalf of Wedia.

‍
Third Party Add-Ons: You may choose to make use of third party Add-Ons in conjunction
with Wedia Services. Third party Add-Ons are software written by third parties to which you
grant access privileges to your Content (which may include your Personal Data). When
access is granted, your Content is shared with the third party. Third party Add-On policies
and procedures are not controlled by Wedia even though the third-party Add-On may be
available through Wedia Services. Third parties who have been granted access to your
Content through Add-Ons could use this data to contact you and market services to you and
could share your data with other third parties. This Privacy Policy does not cover the
collection or use of your data by third party Add-Ons, and we urge you to consider the privacy
policies governing third party Add-Ons. If you object to your Personal Databeing shared with
these third parties, please terminate your agreement with the third-party Add-On provider
(in the event you have purchased a direct integration).

‍
Links to Third Party Sites: The Wedia Services may include links to other websites whose
privacy practices may differ from ours. If you submit Personal Data to any of those sites, your
data is governed by their privacy policies. We encourage you to carefully read the privacy
policy of any website you visit.

‍
Testimonials: We may display personal testimonials of satisfied customers on the Wedia
Websites. With your consent, we may post your testimonial along with your name. If you wish
to update or delete your testimonial, you can contact us using the data below.

‍
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may
disclose your Data (including your Personal Data) to a third party if (a) we believe that
disclosure is reasonably necessary to comply with any applicable law, regulation, legal
process or governmental request, (b) to enforce our agreements, policies and terms of
service, (c) to protect the security or integrity of Wedia's products and services, (d) to protect
Wedia, our customers or the public from harm or illegal activities, or (e) to respond to an
emergency which we believe in the good faith requires us to disclose data to assist in
preventing the death or serious bodily injury of any person.

‍
Business Transfers: We may share or transfer your Data (including your Personal Data) in
connection with, or during negotiations of, any merger, sale of company assets, financing, or
acquisition of all or a portion of our business to another company. You will be notified via
email and/or a prominent notice on the Wedia Services of any change in ownership or uses
of your Personal Data, as well as any choices you may have regarding your Personal Data.
‍

Aggregated or Anonymized Data: We may also share aggregated or anonymized data that
does not directly identify you with the third parties described above.

With Your Consent. We will share your Personal Data with third parties when we have your
consent to do so.

‍
1.8. Data we do not share

‍
We do not share Personal Data about you with third parties for their marketing purposes
(including direct marketing purposes) without your permission.

‍
DATA STORAGE LIMITATION AND TRANSFER

‍
1.9. Data storage limitation

‍
Wedia hosts data with a hosting service provider (AWS, Azure) in numerous countries. The servers on which Personal Data is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Data, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Data you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that data.

‍
Personal Data is kept by Wedia in a form which permits identification of data subjects for no
longer than is necessary for the purposes for which the personal data are processed; personal
data may be stored for longer periods insofar as the personal data will be processed solely for
archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes in accordance with Article 89 (1) of GDPR subject to implementation of
the appropriate technical and organisational measures required by this Regulation in order
to safeguard the rights and freedoms of the data subject.

‍
1.10. Data transfer

‍
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is
encrypted using industry standard SSL (HTTPS).

‍
If the storage and/or processing of Personal Data involves transfers of the Personal Data out
of the EEA and the European Data Protection Legislation applies to the transfers of such data
(“Transferred Personal Data”), Wedia will ensure that you have given your consent to this transfer and that the data exporter/importer of the Transferred Personal Data enters into Standard Contractual Clauses (or alternative transfer solution) with your as the data exporter/importer of such data, and that the transfers are made in accordance with such Clauses.

‍
YOUR CHOICES

‍
You may opt out of receiving promotional communications from Wedia by using the
unsubscribe link within each email or emailing us to have your contact data removed from
our promotional email list or registration database. Although opt-out requests are usually
processed immediately, please allow ten (10) business days for a removal request to be
processed. Even after you opt out from receiving promotional messages from us, you may
continue to receive transactional messages from us regarding Wedia's Services. You can optout of some notification messages in your account settings.

‍
1.11. Access to personal data

‍
You may access, rectify, erase, remove or transmit to another your Personal Data in your
account settings or by directing your query to your account administrator. You may also
contact Support Services or Data Protection Officer. We will respond to your request for
access within 30 days.

‍
You can often remove Content using editing tools associated with that Content. In some
cases, you may need to contact your administrator to request they remove the Content.
You or your administrator may be able to deactivate your Wedia Services account. If you can
deactivate your own account, you can most often do so in your account settings. Otherwise,
please contact your administrator. To deactivate an organization account, please contact
Support Services. To deactivate an account made for you without authorization, please
contact us at the contact data below.

‍
We will retain your account data for as long as your account is active, or as reasonably useful
for commercial purposes or as necessary to comply with our legal obligations, resolve
disputes, and enforce our agreements. If your account is managed by an administrator, that
account administrator may have control with regards to how your account data is retained
and deleted.

‍
SECURITY

‍
Wedia uses all technical and organizational security measures in order to protect the data
we have under our control against accidental or intentional manipulation, loss, destruction
and against access by unauthorized persons. Our security procedures are continually
enhanced as new technology becomes available.

‍
Taking into account the state of the art, the costs of implementation and the nature, scope,
context and purposes of processing as well as the risk of varying likelihood and severity for
the rights and freedoms of natural persons, Wedia implements appropriate technical and
organisational measures to ensure a level of security appropriate to the risk, including inter
alia as appropriate:

‍
(a) the pseudonymisation and encryption of personal data;

‍
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of
processing systems and services;

‍
(c) the ability to restore the availability and access to personal data in a timely manner in the
event of a physical or technical incident;

‍
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and
organisational measures for ensuring the security of the processing.

‍
If you need more information you can contact our Data Protection Officer (dpo@wedia-group.com) in oder to obtain an access to our Security Policy.

‍
DATA INCIDENT

‍
If Wedia becomes aware of a Data Incident, Wedia will: (a) notify Subject,
Processor/Controller and Supervisory Authority of the Data Incident promptly and without
undue delay, and, where feasible, not later than 72 hours after having become aware of it;
and (b) promptly take reasonable steps to minimize harm and secure Customer Data.

‍
Notifications made pursuant to this section will, to the extent possible:

‍
(a) describe the nature of the personal data breach including where possible, the categories
and approximate number of data subjects concerned and the categories and
approximate number of personal data records concerned;

‍
(b) communicate the name and contact details of the data protection officer or other contact
point where more information can be obtained;

‍
(c) describe the likely consequences of the personal data breach;

‍
(d) describe the measures taken or proposed to be taken by the controller to address the
personal data breach, including, where appropriate, measures to mitigate its possible
adverse effects.

‍
Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or,
at Wedia’s discretion, by direct communication (for example, by phone call or an in-person
meeting). Another party is solely responsible for ensuring that the Notification Email Address
is current and valid.

‍
Wedia’s notification of or response to a Data Incident will not be construed as an
acknowledgement by Wedia of any fault or liability with respect to the Data Incident.

‍
CHILDREN

‍
Wedia does not knowingly collect personal data from children without insisting that they
seek prior parental consent if required by applicable law. We will only use or disclose personal
data about a child to the extent permitted by law, to seek parental consent pursuant to local
law and regulations or to protect a child. The definition of "child" or "children" should take
into account applicable laws as well as national and regional cultural customs.

‍
FREEDOM OF DATA

Upon written request, Wedia or its representatives will inform you by letter without delay
what personal data is stored by us as defined by applicable law. Should such data be
incorrect, we will at your request correct that data for you, also as a registered user you have
the option of viewing, deleting or amending your personal data yourself.

‍
CONTACT

Should you have questions regarding the processing of your personal data you can refer to
the Wedia Data Protection Officer, who is also available for enquiries, suggestions or
complaints.

‍
Wedia Data Protection Officer
Wedia SA
33 rue La Fayette c/o Wework, 75009 Paris
France

‍
E-Mail: dpo@wedia-group.com
‍

Wedia
33 rue La Fayette c/o Wework, 75009 Paris
France

‍
E-Mail: contact@wedia-group.com

‍
This Privacy Statement was last updated in April 2023