Privacy Policy

This Privacy Policy ("Privacy Policy") describes how we, Eyako, process, use, collect, and store the Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Eyako website, any website owned or operated by Eyako, and our service offerings (collectively referred to below as the "Services"). Please read this Privacy Policy carefully to fully understand our practices regarding your Personal Information.

Important Note: Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or enforcement action.

In situations where Eyako provides Services to our client, and the client entity has entered into an agreement with Eyako for the use of the services, Eyako is the data processor/service provider (a provider that processes Personal Data on behalf of or under the direction of a data controller, or any other similar designation under the law), and the client entity is the data controller/company (the entity that decides how and why the information is processed) of the information provided to Eyako through the use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our client. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement shall prevail.

"Personal Information" and/or "Personal Data" means any information that can be used, alone or with other data, to uniquely identify a living human being and any information considered Personally Identifiable Information under applicable privacy laws.

Please note that this is a primary privacy policy and some of its provisions apply only to individuals in certain jurisdictions. For example, some jurisdictions require us to provide you with the "legal basis" for processing your Personal Information, and we have included that information below. We may update this Privacy Policy from time to time, so please check back periodically for the latest version. If we make significant changes to how we use your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or through other means in accordance with applicable legal requirements.

This Privacy Policy is part of our Website Terms of Use ("Terms"). Any capitalized term not defined in this Privacy Policy shall have the meaning given to it in the Terms.

a. When you browse or use our Services

Personal data we collect: We may use analytics tools, cookies, other similar technologies and log files in our Services that may collect information such as IP address, pages clicked, events, search and browsing information, and device information. For more information on our use of cookies, please read our Cookie Policy.

Purposes: We use this information to analyze trends and behavior, maintain and improve the Services, and for our marketing and promotional efforts. We may disclose this information to third-party platforms.

Legal basis:

• Consent (e.g., non-essential cookies, to the extent required by applicable law)
• Legitimate interest (e.g., cookies essential for the operation of the Services, marketing)

Consequences of not providing Personal Data: Some features of the Services may not be available and we may not be able to analyze the use of our Services or use the Personal Data for the purposes explained.

b. When you request a demonstration

Personal data we collect: Full name, professional email address, job title, company, professional address, phone number, country, any other Personal Data you choose to provide. We may also record the demo and/or follow-up sessions for business intelligence and improvement of our Services.

Purposes:

• Provide you with a demonstration
• Send you marketing communications

Legal basis:

• Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract, i.e. a subscription agreement
• Legitimate interest (to provide you with a demo or trial, marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to provide you with a demonstration or send you marketing communications.

c. When you subscribe to our blog, newsletter, or status page

Personal data we collect: Full name, professional email address, any other Personal Data you choose to provide.

Purposes: Send you the communications you have subscribed to as well as other marketing communications.

Legal basis:

• Legitimate interest (to give you access to our blog, newsletters, or updates you have subscribed to, marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to send you such communications.

d. When you contact us

Personal data we collect: Full name, professional email address, company, job title, professional phone number, country, message (to the extent it includes Personal Data) and any other Personal Data you choose to provide.

Purposes:

• Respond to your questions
• Send you marketing communications

Legal basis:

• Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract, i.e. a subscription agreement
• Legitimate interest (e.g., to respond to your questions, marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to respond to your questions or send you marketing communications.

e. When you apply for a job with us

Personal data we collect: Full name, email address, any Personal Data contained in your CV, your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data you decide or agree to provide, such as if you agree to have your interview or assessment recorded. Please note that in most cases we receive information directly from you, but we may also receive information from recruitment companies, references, or background check companies.

Purposes: Assess you as a candidate, review your application and communicate with you about it.

Legal basis:

• Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract, i.e. an employment contract
• Legitimate interest (to assess you as a candidate, recruitment)

Consequences of not providing Personal Data: We will not be able to process your application or communicate with you.

f. When you provide your Personal Data for marketing purposes (e.g., when you attend a physical or virtual marketing event, a webinar, or provide us with your business card)

Personal data we collect: Full name, professional email address, job title, company, address, phone number, country, any other Personal Data you choose to provide.

Purposes: Establish a business relationship with you, contact you about the Services and send you marketing communications.

Legal basis:

• Legitimate interest (marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to establish a business relationship or send you marketing communications.

g. When we acquire your Personal Data from third-party sources for marketing purposes (e.g., lead generation companies or as part of marketing campaigns)

Personal data we collect: Full name, professional email address, job title, company, address, phone number, country.

Purposes: Contact you about the Services and send you marketing communications.

Legal basis:

• Legitimate interest (marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to contact you about the Services or send you marketing communications.

h. When we use the Personal Data of our clients/end users (e.g., when we communicate with clients, when you log into and use our online products and services)

Personal data we collect directly from you or your employer who provides us with your contact details: Full name, professional email address, Eyako password (if you have an Eyako account), job title, role, company, address, phone number, country, and any other Personal Data you choose to provide, such as any feedback you provide to the extent it includes Personal Data.

Personal data we collect automatically when you use our Services: When you access or use the Services, we automatically collect information about you, including data relating to your use of our Services, such as pages visited, IP address, browser information, access times.

Purposes:

• Allow you to register and log into our Services
• Provide our Services and perform our agreements with our clients
• For billing and account management
• Provide support (e.g., ticketing and chat functionality)
• Monitor our Services
• Collect analytical information about the use of the Services
• For security reasons, including user authentication, logging and debugging, and to prevent system abuse
• Maintain and improve our Services
• Communicate with you and enable you to provide feedback on our Services
• Send you marketing communications
• Perform sanctions checks and other legally required checks

Legal basis:

• Performance of a contract to which the client is party
• Compliance with a legal obligation (e.g., tax laws, bookkeeping laws, sanctions laws, etc.)
• Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates on features or services)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: We will not be able to fulfill our obligations, provide the Services, or communicate with you.

i. When we collect threat and security data in connection with your use of the Services

Personal data we collect: In the course of your use of the Services, we may collect data that we believe may be related to unauthorized third parties, such as malware and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.

Purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior in order to prevent, investigate, or report threats, and to improve the Services. We may disclose this information to third parties.

Legal basis:

• Legitimate interest (to provide and improve the Services and for threat intelligence)

Consequences of not providing Personal Data: Some features of the Services may not be available or improved.

j. When you apply to become an Eyako partner

Personal data we collect: Full name, title/position, professional email address, professional phone number, country of residence, company name, any other Personal Data you choose to provide.

Purposes:

• Enable your company to become an Eyako partner
• Communicate with you
• Fulfill our legal and record-keeping obligations
• Send you marketing communications

Legal basis:

• Performance of a contract to which the partner is party (partnership/integration agreement) or to take steps at the request of the partner prior to entering into a contract (partnership/integration agreement)
• Compliance with a legal obligation (e.g., tax laws, bookkeeping laws, etc.)
• Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
• Consent (for marketing, if required by applicable law)

Consequences of not providing Personal Data: You will not be able to become an Eyako partner.

k. When we use the Personal Data of our service providers

Personal data we collect: Full name, professional email address, title/position, company, professional address, phone number, country, payment information, any other Personal Data you choose to provide.

Purposes:

• Perform our agreement with you.
• Communicate with you.
• Fulfill our legal and record-keeping obligations.

Legal basis:

• Performance of a contract to which the service provider is party.
• Compliance with a legal obligation (e.g., tax laws, bookkeeping laws, etc.).
• Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing).

Consequences of not providing Personal Data: We will not be able to perform the agreement with you or communicate with you.

l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)

Personal data we collect: Full name, professional email address, title/position, company, phone number, any other Personal Data you provide us.

Purposes: Respond to your requests, establish a business relationship and send you marketing communications.

Legal basis:

• Legitimate interest (responding to your requests, marketing, and business development).
• Consent (for marketing, if required by applicable law).

Consequences of not providing Personal Data: We will not be able to respond to your requests, establish a business relationship, or send you marketing communications.

m. When we undertake social media marketing, including through the use of audiences or list-based advertising

Personal data we collect or receive for these purposes: Full name, professional email address, title/position, company, phone number, IP address, pages clicked, search and browsing history, device information, and any other Personal Data you or third parties provide us.

Purposes: We may use your Personal Data to contact you via social media platforms to establish a business relationship with you and to contact you about the Services. We may also use your Personal Data to create lists of individuals we would like to target with advertising for our Services via social media, including through direct message marketing solutions. You may be included in such a list (in which case you will see Eyako-related ads when you visit these social media platforms) or we may use your Personal Data to ask social media platforms to identify a list of other individuals who may be interested in our Services, so that those individuals can see ads about Eyako.

Legal basis:

• Legitimate interest (marketing, advertising, and business development).
• Consent (if required by applicable law).

Consequences of not providing Personal Data: We will not be able to establish a business relationship with you via social media platforms; you will be excluded from social media advertising and marketing campaigns.

Note: Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate away from their pages. The resulting information may be provided to us (generally for statistical purposes to see how users interact with our content on social media platforms). Social media platforms are responsible for how they process your Personal Data and information on how these platforms collect and use your Personal Data (and how they use cookies and other technologies, including instructions on how you can disable them) can generally be found in their respective privacy policies and cookie policies on their websites.

o. When you visit Eyako offices where Eyako has enabled video surveillance

Personal data we collect or receive for these purposes: Visual images collected via CCTV cameras.

Purposes: For the purpose of protecting the physical security of the offices, safeguarding our offices, staff and data, and fulfilling our contractual obligations (e.g., with clients and insurers).

Legal basis: Legitimate interest (to protect and secure our offices).

Consequences of not providing Personal Data: We will not be able to protect and secure our offices or fulfill our contractual obligations.

Finally, please note that some of the Personal Data mentioned above may be used to detect, take action to prevent, and prosecute fraud or other illegal activities, to identify and fix errors, to conduct audits and for security purposes. Personal Data may also be used to comply with applicable laws, in the context of investigations conducted by competent authorities, for law enforcement purposes and/or to exercise or defend legal claims.

In some cases, we may or will anonymize or de-identify your Personal Data and use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information that does not allow identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restriction (e.g., to improve our Services and improve your experience with them).

Depending on the context described above, we may disclose your personal data to the following categories of third parties:

• Hosting / Storage: Providers of hosting and data storage services.
• Messaging System Provider: Services that manage and send email communications.
• Authentication: Providers that manage authentication processes for secure access to our services.
• Support and Ticket Management: Companies that offer support and ticket management systems to assist with inquiries and customer services.
• Logging and Monitoring: Services that provide logging and monitoring tools for security and operational purposes.
• Marketing: Third-party providers that assist with marketing activities, including digital advertising and email marketing.
• Event Sponsors: Organizations that sponsor events and may receive information about attendees for event-related purposes.
• CRM (Customer Relationship Management): Systems used to manage relationships and interactions with customers.
• Data Enrichment: Providers that enrich or supplement existing data with additional information.
• Email Verification: Services that verify the accuracy of email addresses.
• Sales Engagement: Tools that facilitate sales engagement and communications.
• Sales Automation: Platforms that automate sales processes.
• Analytics and Business Intelligence: Tools that provide analytics and insights on business performance.
• Chat and Support Tools: Third-party providers that offer chat and support features via our website and application, including customer service chats, inquiries, and collection of information about these interactions.
• Sanctions Checks and Other Legally Required Checks: Entities that conduct legal background checks.
• Document Management/Automation: Services that manage and automate document-related processes.
• Background Check Services: Third parties that conduct background checks if you apply for a job with us.
• HR and Application Process Automation/Management: Platforms that manage HR functions and the application process.
• Partners: Companies that offer products and services, either in connection with our services or separately, that we believe may be of interest to you.
• Other Service Providers: Any other service provider necessary to fulfill the objectives listed above.

We may also disclose your personal data as follows:

• Legal Compliance: If necessary, in good faith, we may disclose your information to regulators, courts, or competent authorities to comply with applicable laws, regulations and rules, or in response to requests from law enforcement agencies, regulators, or other government agencies, or if a court order requires it.
• Affiliated Companies: We may share your data with affiliated companies if necessary to fulfill the objectives listed above.
• Business Transfers: In the event of a future sale or transfer of all or part of our business, shares, or assets to a third party, we may disclose your information to the potential or actual buyer. If we are acquired by or merged with a third-party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign personal information as part of such events.
• Social Media Platforms: We may disclose information to social media platforms for the objectives mentioned above.
• With Your Consent: When you have given us your consent to disclose or transfer your personal information.

a. Security

We have implemented appropriate technical, organizational and security measures to protect your personal information. However, please note that we cannot guarantee that this information will not be compromised, particularly in the event of unauthorized intrusion into our servers. Since information security depends in part on the security of the computer, device, or network you use to communicate with us, and the measures you take to protect your credentials and passwords, please ensure you take appropriate measures to protect this information.

b. Retention of your personal information

We may retain your personal information as long as necessary to achieve the purpose for which we collected it, to respond to your requests or provide services, or until we proactively delete it or you send a valid deletion request. Additionally, in certain circumstances, we may retain your personal information for longer periods, for example (i) when we are required to do so under legal, regulatory, tax, or accounting requirements, or (ii) to have an accurate record of your interactions with us in the event of claims or disputes, or (iii) if we reasonably believe there is a prospect of litigation regarding your personal information or interactions. We have an internal data retention policy to ensure we do not retain your personal data indefinitely. Regarding cookie retention, you can learn more in our Cookie Policy.

a. Internal transfers

Transfers within Eyako are covered by an internal data processing agreement, which contractually obliges each member to ensure that personal data benefits from an adequate and consistent level of protection, wherever it is transferred.

b. External transfers

When Eyako carries out transfers of personal data protected by the GDPR and/or UK GDPR outside the EEA or the UK (for example to third-party service providers for the purposes listed above), we generally rely on: (i) adequacy decisions adopted by the European Commission under Article 45 of the GDPR; (ii) standard contractual clauses issued by the European Commission or the UK (updated from time to time); or (iii) another legal transfer mechanism provided for by the GDPR, such as binding corporate rules. Eyako also monitors the circumstances surrounding these transfers to ensure that personal data continues to benefit from a level of protection essentially equivalent to that guaranteed by the GDPR and the UK GDPR.

a. Rights

The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may apply to you are as follows:

• You have the right to access personal data about you. Your right of access can normally be exercised free of charge, but we reserve the right to charge appropriate administrative fees where permitted by applicable law;
• You have the right to request that we correct any inaccurate or misleading personal data we hold;
• You have the right to request erasure/deletion of your personal data (e.g., from our records). Please note that there may be circumstances in which we are required to retain your personal data, for example for the establishment, exercise, or defense of legal claims;
• You have the right to object to or request restriction of processing;
• You have the right to data portability. This means you may have the right to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller;
• You have the right to object to profiling, where applicable;
• You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we have the right to continue processing your data, particularly if processing is necessary to comply with our legal and regulatory obligations. Additionally, please note that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal;
• You also have the right to request certain details on the basis of which your personal data is transferred outside the European Economic Area or the United Kingdom, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
• You have the right to lodge a complaint with your local data protection authority (i.e., your place of habitual residence, place of work, or place of the alleged infringement) at any time or with competent institutions in your place of residence. We ask that you please try to resolve any issue with us before contacting your local supervisory authority and/or the competent institution.

b.

To the extent that the privacy laws applicable to you grant you the rights mentioned above, we will respect your rights and comply with these laws. You may exercise your rights by contacting us at: dpo@eyako.fr. Subject to legal and other admissible considerations, we will make all reasonable efforts to honor your request promptly in accordance with applicable legislation or will inform you if we need more information to fulfill your request.

c.

To help protect the security of your personal data, Eyako will verify your identity upon any request. We also take steps to ensure that only you or your authorized representative can exercise rights over your information. If you are an authorized agent making a request, we may require and request additional information to protect the personal data entrusted to Eyako, including information to verify that you are authorized to make such a request. There may be situations where we cannot comply with your request, for example, where your request would negatively affect the rights and freedoms of others (e.g., would impact the confidentiality obligation we owe to others) or if we are legally authorized to process your request in a manner different from that originally requested, we will process your request to the fullest extent possible, in accordance with applicable law.

d.

We will not discriminate against you (e.g., by restricting or denying you access to our services) because of the choices and requests you make in connection with your personal data. Please note that certain choices may affect our ability to provide services. For example, if you sign up to receive marketing communications by email, then ask Eyako to delete all your information, we will no longer be able to send you marketing communications. You may exercise any of your rights in connection with your personal information by contacting us using the contact details provided in the "CONTACT US" section below.

We do not offer our services to children and, therefore, we do not knowingly collect personal information from or about children under the age of eighteen (18). If you are under 18, you may not use the website or services, or provide information to the website without the participation of a parent or guardian. In the event we discover that you have provided personal information in violation of applicable laws, we reserve the right to delete it. If you believe we may have such information, please contact us at dpo@eyako.fr.

Our website or services may allow you to interact with, or contain links to, your third-party accounts and other websites, mobile applications and third-party products or services that are not owned or controlled by us (each a "third-party service"). We are not responsible for the privacy practices or content of these third-party services. Please note that these third-party services may collect personal information about you. Therefore, we encourage you to read the terms and conditions and privacy policies of each third-party service you choose to use or interact with.

The "Do Not Track" (DNT) feature is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to DNT signals. However, as explained above in Section 7, we respect browser-based opt-out preference signals that are legally required.

Please consult our cookie policy for information on cookies and other tracking tools that Eyako uses on our website.

If you have any questions about this notice or would like to exercise your rights, we encourage you to contact us at dpo@eyako.fr.

Address: Reunion Island - France

Contact: contact@eyako.fr