Last Updated: August, 2024
At Pigment we take Privacy and Data Protection seriously. In this Privacy and Data Protection Policy (“Policy”) we have set out how we process personal data as a data processor, i.e. when we provide our services, via our Platform, on behalf of your organization (our customer). In short, this Policy applies to users of the Pigment Platform. By “Platform”, we mean the tool that your organization uses to process and analyze business data and plan its business operations, as well as our training programs related to our tool and our community. In this context, your organization is the data controller of your personal data.
When we refer to “Pigment” in this Policy, we mean Pigment SAS, a French simplified joint stock company with a capital of 26,474.4202 euros registered with the trade and commercial register of Paris under n° 852 785 914 and having its head office at 86 rue Notre-Dame de Nazareth – 75003 Paris, France ("Pigment").
Within the meaning of the European Data Protection Regulation No. 2016/679 (known as "GDPR") entered into force on May 25, 2018 and of the French Law n° 78-17 of 6 January 1978 "Informatique et Libertés" in its amended version (“French law Informatique et Libertés”), “personal data” consists of any information that relates to an identified or identifiable individual, such as a name, email address, telephone number, and IP address.
At Pigment, as instructed by your organization, we process the following personal data about you:
Please note that we may use de-identified and/or aggregated information that can no longer be linked to you. This information is not subject to this Policy and we may use this information, in accordance with our agreement with your organization, for various purposes such as internal analysis, analytics or product/services improvement (e.g. within the context of our Pigment AI Features).
As data processor, we comply with our customers’ instructions, in accordance with article 28 of the GDPR.
We will keep your personal data for the retention period requested to us by your organization (i.e. 90 days after the expiry of our agreement with your organization), and in compliance with applicable statutes of limitations.
Pigment has implemented a number of measures to protect your privacy and personal data and to meet the requirements of the GDPR.
If you want to learn more about our security measures, please read our Security Addendum.
Your personal data can be accessed by your organization which acts as data controller of your personal data (i.e.: your organization decides “why” Pigment Platform is being used).
In addition, your personal data is shared with our sub-processors. You can access the list of our sub-processors, which may be updated from time to time in accordance with our agreement with your organization, by clicking here.
When your personal data is shared outside Pigment, we make every effort to select our service providers on the basis of very demanding criteria in terms of privacy, data protection and security. All personal data transfers are secured contractually.
Your personal data may also be shared to providers located outside of the European Economic Area (“EEA”). In such case, we ensure that our providers are:
What are we speaking about? Our Platform may contain connections that you can activate. For instance:
Be careful. These third-parties are not controlled by Pigment. We do not endorse or approve, and we are not responsible for their privacy practices. Using these integrations is at your own risk.
Sensitive and personal data may be shared out from Pigment. We encourage you to read their privacy policies and to use these integrations carefully as it may lead to personal and sensitive data being sent out from Pigment.
For instance, if Pigment notifications are enabled for your instant messaging or email applications, such third-parties’ platforms will get access to your personal data and the sensitive information that may be included in the Pigment Platform. They will process notifications containing (i) tasks attributed to you on the Pigment Platform, (ii) operational and / or technical actions required to be performed on the Pigment Platform, (iii) error messages and (iv) comments. If you don’t want these third-parties to get access to said information, please disable the notifications. However, if other users’ of your organization have enabled the third-parties’ notifications, said third-parties will still be able to get access to the information.
We will collect your personal data from these third-parties. In order to enable you to activate and use these connections (including with the transfer of data from the third-party’s platform / application to Pigment Platform and vice versa), we will collect personal data from these third-parties. The categories of personal data collected depend on the connection at stake. For instance, if you use the Pigment App for Slack, we will receive from Slack your email address, your Slack ID and your display name.
Within the limits and conditions of applicable data protection laws, please note that you can request your organization to:
You can also lodge a complaint with a competent supervisory authority (for instance, the CNIL in France).
If you want to exercise your rights, we advise you to contact your organization.
For any questions regarding this document and, in general, about Pigment’s cookies, do not hesitate to contact us by e-mail: dpo@gopigment.com or send us a letter at: Pigment SAS - Data Protection Officer, 86 rue Notre-Dame de Nazareth, 75003 Paris (France).
Changes. This Policy may be updated from time to time, in particular to take into account changes in our services, technologies or applicable regulations. These updates will be effective immediately when they are made available and searchable on our Platform.