Privacy Policy (Platform)
March 2024
1. Definitions
Where drafted in upper case, the following definitions are applicable to the entire Privacy Policy.
Unless stated otherwise, definitions stated in the singular shall have the same meaning in the plural form.
Any term defined in article 4 of the GDPR and mentioned in this Privacy Policy shall have the same meaning.
2. Foreword
Lampi believes that trust is the key to successful and lasting relationships. In this respect, the protection of Your Personal Information and privacy is no exception. For this reason, Lampi takes great care to collect and process Your Personal Information only with the utmost care and in strict compliance with the applicable legal framework.
In drafting this Privacy Policy and making it available to Our Users, We intend to fulfill Our duty to inform data subjects within the meaning of articles 13 and 14 of the Regulation EU (2016/679) of the EU Parliament and the Council of 27 April 2016 (the “GDPR”).
This Privacy Policy will describe how Your Personal Information is processed when You navigate the Website or Platform and use the Services offered by Lampi. This Privacy Policy applies to Personal Information we collect when you use the Website, the Platform, and our Services, or otherwise interact with us.
This Privacy Policy does not apply to the extent we process Personal Information in the role of processor or service provider on behalf of our customers. Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Customers’ use or collection of personal information in connection with the use of our Services by individuals with whom our Customers interact. If you are an individual who interacts with a Customer using our Services or you otherwise believe that a Customer uses our Services to process Your personal information, and you contact us regarding this data, you will be directed to contact the applicable Customer for assistance with any requests or questions relating to Your personal information, including without limitation any requests to access, amend or erase Your personal information.
We may amend this Privacy Policy from time to time, in which case We will update You by any available means, including by way of notification on the Platform.
3. Our role
Lampi acts as a data controller regarding User’s Personal Information.
4. Personal Information We Collect
When you subscribe to Lampi or chat with us, we may ask you for Your name, Your first name, Your postal address, Your telephone number, Your email address, the company in which you work, Your function, Your contact preferences, and more generally any other data allowing a persona to be identified.
The categories of Personal Information that Lampi may be required to process are as follows:
5. How and why we use Personal Information
Lampi only processes personal data strictly necessary to achieve the specified and legitimate purposes defined in this section.
In accordance with current regulations, Lampi does not process any sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of the persons concerned. The same applies to any information on the life or sexual orientation, genetic, biometric or health data of the persons concerned.
Collection methods. We receive information from You, directly and indirectly.
Directly: Most of the information We process is information You give us when using Our Services and in one of the situations described below:
When You browse our Website or the Platform, including behavioral information on Our Website for the purposes of optimizing the customer journey;
When submitting a form on Our Website, you are asked for Personal Information such as data relating to Your professional life, identification data or location data. These are used as part of the prospecting relationship or in accordance with the GDPR if information is transmitted to You;
In an information transfer, via email, push notification or in-app message about product updates, industry news, new partnerships and events. You may be asked for identification information such as Your email address, first name and last name. You can always withdraw Your consent to receive commercial offers from us by using the unsubscribe link at the bottom of any email received.
When you register to Lampi, you are asked for identification data such as Your email address, Your first name, or Your last name. Legally, we need this data to carry out the Services described in the Main Services Agreement the Customer signed with us.
During a commercial partnership with Lampi, You will be asked for identification and professional data such as Your contact details, Your legal address and Your professional email address. We collect this data in accordance with the conditions set out in the contract you have signed.
During Your use of the Platform, internet data may be collected for the purposes of optimizing Our platform to understand Your use.
When making contact, by email, telephone or another channel, personal identification data such as Your email address, Your telephone number (mobile or landline), Your first and last name, as well as any other information in Your contact (professional life data).
Indirectly: We may also collect Personal Information from third-party sources such as authentication partners and public databases for the purposes of user authentication and marketing activities. For example, if you create or log into Your Lampi account using Your Google Account credentials, we will access Your name and email for authentication.
Automatically. We use typical tools and services, such as log files, tags, and similar technologies to automatically collect information, which may contain personal information from Your devices while you navigate our Services or interact with emails we sent to you.
Objectives and bases of legality. Your Personal Information has several purposes for us depending on the data and the relationship you have with Lampi. We distinguish the following categories:
GDPR compliance. For GDPR compliance, the basis of lawfulness is the legal obligation in order to respond to GDPR rights requests. The shelf life is 3 years after the closure of an opposition request (limitation period for an offense), or 1 year after closure of a request for access, erasure or rectification (limitation period for an infringement). The recipient of this data is the CNIL, the legal and litigation department of Lampi AI as well as the department which will receive the GDPR rights request. The data source is: the data subjects. This data is necessary for the fulfillment of legal obligations regarding reporting violations and exercising rights
6. Personal Information Sharing and Disclosure
We may share your personal information as described in this Privacy Policy or at the time of collection:
Customer Admin and Users. If your User account was provisioned by a Customer, your Administrator may have access and control over the information associated with your account. The Customer may have its own policies governing access and use of information in your User account. Depending on a Customer’s settings and your choices, we will share certain information with other Users that are part of a Customer account.
Affiliates. Lampi may share personal information with affiliates for purposes consistent with this Privacy Policy.
Service Providers. Lampi uses certain trusted third-party service providers to help us provide, improve, protect, and promote our Services. These third parties may have access to your Personal Information to perform services on our behalf but only as is reasonably necessary for the purpose that Lampi has engaged them for and in compliance with this Privacy Policy. Some of the third parties that Lampi may share your personal information with include providers who assist Lampi with functions such as: billing; customer support; hosting and storage; analytics; and marketing services. We only share Personal Information with these providers if you have agreed to the transfer, or if it is permitted by data protection law. The information we share is limited to the data necessary for the third parties to provide their services. These companies are obligated to protect your information in accordance with data protection law and provide the necessary safeguards if they are outside of the EU.
Business Transferees. We may transfer or otherwise share information in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
Authorities and Others. We may disclose your information to third parties if we determine such disclosure is reasonably necessary to: (i) comply with applicable law, regulation, legal process, or government request, (ii) protect any person from death or serious bodily injury, (iii) prevent fraud, abuse, or security issue of Lampi or other users, and (iv) to protect Lampi’s or its licensors’ rights, property, safety, or interest.
Consent. We may also disclose or share your personal information where you have given us your consent to do so for a specific purpose.
To obtain a copy or the location of the guarantees linked to data transfers outside the European Union, please contact: contact@lampi.ai
We may sometimes need to transfer personal data outside the European Union in order to provide our services to you. If this is the case, we always ensure that such transfer is carried out in a country considered by the European Commission to have an adequate level of protection of personal data and, if this is not the case, we apply the protections of the CCT (Standard Contractual Clauses adopted by the Commission) in order to achieve the level of protection required by the standard. You can obtain a detailed copy of the transfer tool or further information by submitting a request to Us.
7. Data storage
We will store Personal Information as long as You use the Platform and more broadly any of Our Services. Once Your Account has been inactive for a certain period of time, or if You choose to delete Your online Account or end Our relationship in any manner, We will nevertheless keep and store Your Personal Information for a certain period of time.
We will keep Your Personal Information at least 3 years after the end of Our relationship (materialized, for instance, by the deletion of Your Account), for various legal reasons, including statute of limitation rules and potential litigation where We may be involved and where We might need Your Personal Information. This includes, at the moment, all of the Personal Information We process.
If the Company considers that it is not necessary to keep Your Personal Information in its active database, it will archive it and ensure that access to it is restricted to a limited number of persons with a genuine need to access it.
8. Other information
Users are never compelled to provide Personal Information that We may request. However, We draw Your attention to the fact that if You refuse, access to the Services may be limited, suspended or impossible.
In any event, and regardless of the purpose of the processing in question, We will adhere to a strict principle of data minimisation and will therefore only collect and process Personal Information that is necessary for the purposes mentioned above.
9. Your rights
Users are informed that they have the following rights regarding the processing of their Personal Information, under the conditions provided for in articles 15 to 22 of the GDPR:
A right of access to the Personal Information collected by Lampi;
A right to the rectification and/or erasure of the Personal Information collected by Lampi;
A right to the restriction of the processing;
A right to Personal Information portability.
According to French privacy laws (articles 84 to 86 of Act n°78-17 of 6 January 1978), Users also have the right to specify instructions defining how Lampi shall manage Person Data after their death under the conditions of such law.
Although You have rights, the exercise of such rights is not unlimited; each of the rights offered by the GDPR may be subject to specific conditions.
This being said, in order to exercise their rights or for any question on privacy, Users shall make a request accompanied by a proof of their identity by email at Lampi.
We will process the requests within a reasonable timeframe taking into account the complexity and the number of requests. We shall strive to reply without undue delay and at the latest within one month of receipt of the request. We may extend this period to three (3) months in the case of a complex request.
The exercise of the rights offered by the GDPR are in practice free. However, where Your requests may involve important costs, You may have to bear some of them.
Finally, Users have the option to refer to the competent supervisory authority, the French Commission Nationale Informatique et Libertés (“CNIL”), in order to submit a claim. Contact information of the CNIL can be found on its website.
10. Security
The Company has implemented measures to protect the confidentiality, security and integrity of Your Personal Information, against unauthorized access and disclosure, modification, alteration, damage, accidental loss or accidental or illicit destruction, as well as against any other form of illicit processing or communication to unauthorized persons.
Access to Personal Information is restricted to those employees, partners and service providers who need to know the information, to whom we impose strict security and information protection rules. All persons with access to Personal Information are bound by a duty of confidentiality and may be subject to disciplinary action and/or other sanctions if they fail to comply with these obligations.
Where Lampi uses subcontractors, such disclosure is contracted to ensure the protection of such information.
Data is hosted and processed on secure servers located within France or the European Union and operated by Lampi's subcontractors acting in accordance with the requirements of the GDPR.
However, the Company cannot guarantee you against any loss, destruction or damage of Your Personal Information. The Company is not held, or able to carry out a safeguard of Your data present on Your personal space.
In the event that the integrity, confidentiality or security of the User's Personal Information is compromised, Lampi undertakes (i) to notify the CNIL of the breach within Lampi hours of becoming aware of it and (ii) to inform the person concerned as soon as possible when the breach is likely to result in a high risk to the rights and freedoms of that person.
When you need to choose a password to access certain parts of the Website that require you to log in to Your personal space, it is Your responsibility to choose a secure password (strong, unique (i.e. not used for another site and/or application, etc.) and to keep it confidential.
11. Cookies
A cookie is a small computer file playing the same role as a tracker, stored and read for instance at the moment where a website is visited, an email is read or a mobile app is used, whatever the device used.
In compliance with EU privacy regulations, Users are informed that “non-essential” cookies may be deposited on their device without their consent. Non-essential cookies include (i) cookies having as their essential purpose to allow or enable electronic communications and (ii) are strictly necessary for the provision of online communication service.
The cookies that We use have defined expiration times; unless You visit Our website within that time, the cookies are automatically disabled and retained Data is deleted.
12. Changes to the Policy
We might review and update this Policy. Any changes We make will be posted on the Platform and, where appropriate, notified to You. Please check back frequently to see any updates or changes to Our Privacy Policy.
It is important that the Personal Information We hold about you is accurate and current. Please keep us informed if Your Personal Information changes during Your relationship with Us.
Last updated