Privacy Policy
_{Last Updated: Feb 28th, 2024}

LaTeam AI SAS / bloomflow respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how and why LaTeam AI collects and processes personal data about you as data controller and is provided pursuant to the European Union General Data Protection Regulation (or GDPR) and other applicable privacy laws.

Reading it will help you understand your privacy rights and choices, through clear, detailed and easy-to-read information about LaTeam AI’s privacy pratices and how we process personal information.

Summary

We hope you read this entire Privacy Policy. However if you’re in a hurry, here is a brief overview of the most important points:

We do not and will not sell your information. We don’t help companies advertise their products to you.
This policy is made for a broad diversity of person (e.g if you visit our website, receive an email from us, interact with our products). We’ve decided to gather all the privacy related information in a single policy as the go-to reference whether you have any questions. In order to make it easy-to-read, the document is divided into dedicated section depending on your relationship with us.
We use a small number of trusted third parties to help provide our products.
We use cookies (all listed in our Cookie Policy) to provide, protect and promote our products (read more)
You can exercice your GDPR rights (read more)
If you have any question about this policy, you can contact us here.

What is the scope of this Privacy Policy?

”Personal Information” or “Personal data” cover a broad range of information. Data protection laws around the world define

This Privacy Policy applies to the processing of personal data we collect when you:

Visit our corporate website (“Site”) ;
Receive communications from us, including emails or phone calls;
Use and interact with our Services or are designated as a point of contacts for administrative tasks regarding the Services such as billing and notifications;
Apply for positions;
Work with us as vendor;
Visit our premises

This Privacy Policy does not apply to our processing of personal data in our capacity as processor or service provider on behalf of our customers, including where we offer to our customers tools through which they can collect personal data about individuals. Our processing as processor is governed by our agreement with our customers.

About LaTeam AI

LaTeam AI provides an Internet-based service for project management in any company (“Subscribers”) collaborative tools to structure projects ECT, called “bloomflow” (“Services”).

Controller

LaTeam AI SAS is responsible for how your personal data is handled as controller. You can find our contact information in the “Contact Us” section below. Additionally, we have appointed a Data Protection Officer (“DPO”). To contact our DPO, please email dpo@bloomflow.com

‍

1. Personal Data We Collect

We have provided below an overview of the information we collect when you interact with our Services or the Site :

Identification data: Depending on your interaction with us, we may collect your name and professional email address, phone number, and/or mailing/billing addresses.

Professional life data: Depending on your interaction with us, we may collect job title and/or any information that you may provide when you interact with us.

Personal Data We Collect From Other Sources

We also collect information about you from other sources, in particular:

LinkedIn, used to search for prospects and obtain insights into the engagement with advertisement on LinkedIn. Please refer to LinkedIn Privacy Policy for further information: https://www.linkedin.com/legal/privacy-policy
Lusha, used to search for prospects. Please refer to Lusha Privacy Policy for further information: https://www.lusha.com/legal/privacy-notice
Other customers or our employees or contractors who may provide us with your business contact information for the purposes of obtaining services.

‍

2. How We Use Personal Data

The specific purposes for which we process your personal data and the legal bases we rely on for the processing are listed below.

Use and data retention

Identification data and profesionnal life data
Purpose: Client support. Customer & lead management (communication, prospection, contract management, billing, survey…)
Legal basis: Legitimate Interests in providing you the information that you request and in improving the overall experience of our prospects and customers

Retention period:

If you are a client:

Your data is stored for 5 years after the termination of the contract
Specific retention period:
- Phone call or meeting recording: 6 months
- Record of conversation held on chatbot: 2 years
- Billing documents: 10 years from the creation of the bill

If you are a prospect:

Your data is stored for no more than 5 years after the last time you've engaged with us (for instance answering one of our email or got a meeting with us.

3. How We Share Personal Data

We do not and will not sell your information. We don’t help companies advertise their products to you. However, we might share your personal data with third parties in the following situations:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with service providers, including hosting and other information technology services (ticketing tool, CRM…). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data may be shared in the diligence process with counter-parties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

‍

4. Data Transfers

By using SaaS services, transfer outside EU could occur to other countries outside the European Union including the United States of America. You can find out the complete list of the transfer performed by our providers below and the countries of transfer that might be performed:

If this case, such transfers are governed by the signature of Standard Contractual Clauses or any other guarantee in application of the GDPR.

‍

1. Personal Data We Collect

We have provided below an overview of the information we collect when you use our solutions :

Identification data: When your user account is created or if you request support to Bloomflow, we may collect your name, professional email address and phone number.

Professional life data: Depending on your interaction with us, we may collect job title, and information that you may provide when you interact with us.

Log data : Your browser automatically sends information whenever you visit and use our solutions (“log data”). Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with our solution. We collect these data to keep our solutions, network and system secured and this is supervised by our Terms & Conditions.

‍

2. How We Use Personal Data

The specific purposes for which we process your personal data and the legal bases we rely on for the processing are listed below. Your user account is directly managed by your employer.

Use and data retention

Identification data and professional life data
Purpose: Legitimate Interests to manage your request and to sending you information about our solutions and services that may be of interest to you regarding the solutions
Legal basis: Legitimate Interests to manage your request and to sending you information about our solutions and services that may be of interest to you regarding the solutions
Retention period: 5 years after the termination of the contract

Log data
Purpose: Security and audit tracking
Legal basis: Legitimate Interests in (i) keeping our solutions, network and information systems secure (ii) performing an audit in case of incident
Retention period: 1 year

Customer accompaniement
Purpose: Accompany our users in execution of the contract: onboarding, training, project management, platform's users support
Legal basis: Legitimate Interests in (i) training in support of our users is a legitimate activity as a service provider.
Retention period: 5 years after the termination of the contract

Client's feedbacks management
Purpose: Manage, centralize and analyse the feedback's sent by our clients in order to improve our product.
Legal basis: Legitimate Interests in (i) obtaining and processing feedback is important to improve our product.
Retention period: 3 years after the last feedback

Customer Survey management
Purpose: Survey conducted for customers in order to obtain feedback regarding platform's usage
Legal basis: Legitimate Interests in (i) obtaining and processing feedback is important to improve our product.
Retention period: Necessary retention to perform the aim of the survey or until the opposition of the user

‍

3. How We Transfer Personal Data

We do not and will not sell your information. We don’t help companies advertise their products to you. However, we might share your personal data with third parties in the following situations:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with service providers, including hosting and other information technology services; email communication software providers and email newsletter providers; security provides, database and sales/customer relationship management services. Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

‍

4. Data Transfers

Harvestr (tranfers to US)
Sentry
Hubspot, Inc. (transfer to US - list of suprocessor here)
Google Workspace (list of subprocessor and transfer location)

If this case, such transfers are governed by the signature of Standard Contractual Clauses or any other guarantee in application of the GDPR.

1. Personal Data We Collect

We have provided below an overview of the information we collect when you work with us as vendor/subcontractor/provider :

Identification data: Depending on your interaction with us, we may collect your name, professional email address, phone number, and/or mailing/billing addresses.
Professional life data: Depending on your interaction with us, we may collect job title and information that you may provide when you interact with us.

‍

2. How We Use Personal Data

The specific purposes for which we process your personal data and the legal bases we rely on for the processing are listed below.

Use and data retention

Identification data and professional life data
Purpose: Procurement : billing and contract management
Legal basis: Legitimate Interest to manage the contractual relationship with the vendor
Retention period: 5 years after the termination of your contract

‍

3. How We Share Personal Data

We do not and will not sell your information. We don’t help companies advertise their products to you. However, we might share your personal data with third parties in the following situations:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with service providers, including hosting and other information technology services; email communication software providers and email newsletter providers; security provides, database and sales/customer relationship management services; payment service providers; and web analytics services (for more details on the third parties that place cookies through the Site, please see the “Cookies” section below). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
Business Transfers: Your personal data will be used by us or shared with our affiliated companies for internal reasons, primarily for business and operational purposes. If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

‍

4. Data Transfers

Google Workspace (list of subprocessor and transfer location)

If this case, such transfers are governed by the signature of Standard Contractual Clauses or any other guarantee in application of the GDPR.

1. Personal Data We Collect

We have provided below an overview of the information we collect when you apply for our job positions :

Identification data: Your name, surname, birthdate, birth place, age, email address, address, phone number as well as any identification data contained on your resume ;
Professional life data: Your professional background (resume, education, skills, work experience, functions performed, LinkedIn profile, contact details for references you have permission to provide us, languages spoken, copy of your highest diploma, etc.) ;
Personal life data : The ones you provide us in your CV or cover letter such as your marital status or your hobbies - Any websites showcasing your work (examples: Github, Twitter, Portfolio) ;
Financial data : Your remuneration (previous/current position and expectations) ;
Touchpoint data : Our notes, feedback, and assessments following interviews with you or calls with your references.

Personal Data We Collect From Other Sources

We also collect information about you from other sources, in particular:

LinkedIn could be used to check your CV. In. Please refer to LinkedIn Privacy Policy for further information: https://www.linkedin.com/legal/privacy-policy

‍

2. How We Use Personal Data

The specific purposes for which we process your personal data and the legal bases we rely on for the processing are listed below.

Use and data retention

Identification and contact data
Purpose: To assess, manage and follow up on your application ; To finalize the hiring process if we offer you a position
Legal basis: Contractual Necessity
Retention period: 2 years after the last contact

Data relating to your personal life
Purpose: To assess, manage and follow up on your application; To assess your abilities and qualifications for the position for which you applied or for which your application was submitted to us
Legal basis: Contractual Necessity
Retention period: 2 years after the last contact

Data relating to your professional life
Purpose: To assess your abilities and qualifications for the position for which you applied or for which your application was submitted to us; To check your references; To assess your availability
Legal basis: Contractual Necessity
Retention period: 2 years after the last contact

Economic data
Purpose: To assess salary expectations ; if we need to reimburse traveling expenses
Legal basis: Contractual Necessity
Retention period: 2 years after the last contact

Touchpoint data
Purpose: To assess, manage and follow up on your application
Legal basis: Contractual Necessity
Retention period: 2 years after the last contact

‍

3. How We Share Personal Data

We do not and will not sell your information. We don’t help companies advertise their products to you. However, we might share your personal data with third parties in the following situations:

Service Providers: We may share personal data with service providers, including hosting and other information technology services (HRIS…). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

‍

4. Data Transfers

Google Workspace (list of subprocessor and transfer location)
Coruscant SAS, service known as "Welcome to the Jungle". Coruscant SAS can transfer Candidate data to the United States of America with Datadog in order to manage server infrastructure, with Jira (Atlassian) to manage ticketing and customer support, to Sendgrid to manage email provision.
Dropbox, Inc. (list of subprocessor and transfer location)

If this case, such transfers are governed by the signature of Standard Contractual Clauses or any other guarantee in application of the GDPR.

Security

We have implemented physical, technical, and administrative security measures designed to protect the confidentiality of personal data we process both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or e-mail. Please keep this in mind when disclosing any personal data to XXXX via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.

Children

The Site and our Services are not directed to children who are under the age of 18. LaTeam AI does not knowingly collect personal data from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided personal data to LaTeam AI through the Site or the Services please contact us and we will endeavor to delete that information from our databases.

Your Rights

Depending on your context, the GDPR could grant data subjects the following rights:

Access. You can request a copy of the personal data that we maintain about you. If you require additional copies, we may need to charge a reasonable fee.
Deletion and Correction. You can ask us to delete or correct the personal data that we hold about you.
Objection. You may have the right to object to how we use your personal data.
Restrict Processing. You may ask us to suspend our processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
Data Portability. If required to do so, we will give you your personal data in a structured, commonly used, and machine-readable format.
Withdraw Consent: Where we rely on your consent to process personal data about you, you have the right to later withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy.
Right to decide the fate of your data after death: the right to impose the fate that you wish to reserve your Personal Data in the event of death.

To exercise these rights, please email our DPO at dpo@bloomflow.com. You also have the right to submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL) sending a letter to the following mailing address:

CNIL 3 Place de Fontenoy TSA 80715 75334 Paris Cedex 07

You may also submit a complaint to then CNIL here.

Links to Other Sites

The Site may contain links to other websites not operated or controlled by LaTeam AI, including social media services (“ Third Party Sites ”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

Changes to The Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Site. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Site or the Services after the effective date of any modified Privacy Policy indicates your acknowledgment of the modified Privacy Policy.

Contact Us

If you have any questions about our Privacy Policy, please feel free to contact our DPO at dpo@bloomflow.com or send a letter to the following mailing address:

LaTeam AI, for the attention of the DPO, 10 rue Mabillon 75006 Paris, France.

Privacy PolicyLast Updated: Feb 28th, 2024

Summary

What is the scope of this Privacy Policy?

About LaTeam AI

Controller

‍

Security

Children

Your Rights

Links to Other Sites

Changes to The Privacy Policy

Contact Us

‍

Privacy Policy
_{Last Updated: Feb 28th, 2024}