Product
Learn more about the all-in-one, most powerful solution for community engagement
About this policy
This privacy notice explains how KIT UNITED SAS (hereinafter “KIT UNITED” or “we”) processes your personal data, when it acts as data controller, including in all situations where we collect your data via our website https://hivebrite.io/.
We are committed to abiding by data protection laws and to be open and transparent in how we use your personal information. We take your privacy seriously and this policy and notice has been drafted in accordance with the requirements of the General Data Protection Regulation (“GDPR”), the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK GDPR).
Data Controller
For the purpose of the Data Protection Legislation, KIT UNITED, having its headquarters 5 rue des Italiens, 75009, Paris, France, is the data controller (as defined in the applicable legislation) and any enquiry regarding the collection or processing of your data should be addressed to us and our Data Protection Officer, at [email protected].
Purposes, legal basis and retention periods
Your personal data may be processed by authorized KIT UNITED personnel for several purposes.
Each of these purposes is associated with a “legal basis”, which justifies our processing.
Your data is also kept for a predetermined period, which depends on the purpose of the processing. This period is expressed as an “active database”, which corresponds to the stage where your data is processed in order to achieve the purpose described in the table, and as an “intermediate archive”, which corresponds to a state of conservation of the data with restricted access. The archived data is no longer used for the purpose of the processing but is still retained in order to comply with a legal obligation and/or to enable us to defend our legal rights, if necessary.
The purposes, legal bases and retention periods are detailed in the table below:
Purpose of the processing activity |
Legal basis |
Data retention term |
Communicating with you and managing the request you send us using the “contact” feature of our website |
Our legitimate interest in responding to your requests and queries |
In active database: Until the request is processed Intermediate archive: 5 years from the date the request is processed |
Commercial prospecting (including proposing a demo of our services) |
To pursue our legitimate interest in growing our business |
In active database: 3 years after the last contact from you In intermediate archive: N/A |
General accounting |
Our legal accounting obligations |
In active database: during the current fiscal year In intermediate archive: 10 years from the end of the fiscal year |
Recruitment |
Pre-contractual measures taken at the request of a candidate if you apply to our job offer, our legitimate interest to recruit people otherwise |
In active database: the duration of the recruitment process In intermediate archive: 5 years from the end of the recruitment process |
Sending our newsletter |
Our legitimate interest in informing you about our activity |
In active database: for the duration of your subscription In intermediate archive: N/A |
Retention of login information for security, maintenance |
Our legitimate interest in ensuring the security of our website |
In active database: 12 months from data recording In intermediate archive: N/A |
Management of our video surveillance system |
Our legitimate interest in ensuring the security of our premises |
In active database: 1 month from the recording of the images In intermediate archive: N/A |
Customer Management |
The contract we have with our client |
In active database: for the duration of the commercial relationship In intermediate archive: 5 years from the end of the business relationship |
Supplier management |
The contract we have with our supplier |
|
Management of access controls to the premises |
Our legitimate interest to ensure the security of our premises |
In active database: 3 months In intermediate archive: N/A |
Generating metrics about the use of our services, the performance of our agreements with our customers or our prospecting activities |
Our legitimate interests to benefit from the metrics we generate |
Regarding customers: For the duration specified for the “Customer Management” processing Regarding prospects: For the duration specified for the “Commercial prospecting” processing Regarding users of our services: Until 90 days after the end of our contractual relationship with the customer |
Storage of personal data to comply with our legal requirements (inter alias, under French LCEN) |
Legal obligation to comply with Article 6 of French LCEN |
In active database: For the duration of the legal requirement (currently, a year from the day of the connection or creation of content). In intermediate archive: N/A |
Recipients of your personal data
There are a range of circumstances where we may disclose your data to third parties. Here are the third parties we may send your personal data to:
Indirect collection
We may collect your personal data indirectly, for recruitment purposes, via social network (Linkedin, Indeed, etc.) and through our recruitment tool called “Lever”. The personal data thus collected is your name, surname, qualification, current and past jobs, diploma, and any personal data published on social networks.
Personal data transfers outside the EU/EEA
Your personal data may be transferred to third party countries, such as:
When transferring personal data outside the EU/EEA, we make sure that the latest version of the standard contractual clauses of the EU Commission are signed with the recipient, unless there is an adequacy decision from the EU Commission regarding the country where the recipient is located.
Your rights
You have rights in relation to your personal data, depending on the circumstances, including:
You can exercise these rights at any time by writing to us by email to [email protected].
You also have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (“CNIL”), at the following address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris – Cedex 07 or through the dedicated website of the CNIL.
Changes to this policy
We may update this policy to reflect changes to our processing activities. Please regularly review this policy to be informed of how we are protecting your personal data.