Iteration X, Inc (“Iteration X”, “us”, “we”, or “our ”) operates websites including www.IterationX.com (each a “Website”) and provide browser extensions (together with our Websites, our “Platform”) that allows the users (“you”, or “users”) of our Platform to (i) access to and download of certain information we provide through the Platform and (ii) the ability of users of our Platform to use the services provided therein and or to contact us electronically, including ,transmission, storage, and display of information from each user (collectively ,the "Services"). This document sets out our privacy and security policy (the “Policy”) and, among other things, informs you of our policies regarding the collection, use and disclosure of Personal Information (as defined below) when you access any of our Platform (whether directly or indirectly) or in any manner use our Services.
Please note that third party persons concerned by data or information can be processed by our users, acting as data controllers and us as their data processor.
For more information about the relations and responsibilities between us and our users, please consult the section 2 of this Policy and our Data Protection Addendum, available at this URL : www.iterationx.com/dpa-scc.
The following information in this Policy is designed to help you better understand what information we gather from you and through your access to the Platform or use of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps we take. By accessing our Platform, downloading any information made available via any of our Platform (e.g., guidelines, reports, etc.), and/or by using our Services in any manner (inclusive of downloading, installing, and using any of our Extensions), users provide us data that is necessary for us to collect and process in order to provide the Services and the Platform, in accordance with the statements of our Terms of Services.
Note, if you are a resident of the State of California, you may have additional personal information rights and choices. Please see the Your California Privacy Rights section below for more information.
Note also, if you are an European Union resident, you have specific rights over your personal data. Please see the GDPR rights section below for more information.
For the proper functioning of our Platform and Services, we rely on the supply of third-party providers. For more information about them, please see the Data recipients section below.
Except as expressly stated herein, this Policy does not apply to any third-party applications or technologies that integrate with our Services (e.g., social media websites, etc.), or any other third-party products, services, or businesses, or to third party websites that you access via links or otherwise while using the Online Platforms or our Services (“Third Party Services”).
Except for the scope of the data processing activities ruled by this Policy, this latest does not apply to data collected from, or provided by users to Third Party Services, and instead such data is subject to the practices of the provider(s) of the applicable Third Party Services. You should review the privacy policies of such Third Party Services (and any other applicable terms and conditions) to determine how your data will be used before sharing any of your data with them.
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. You may also elect to send us information at your discretion about yourself or others or otherwise post information through our Online Platform for public display.
Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address, IP address, employer, job title, and any other information that can in any manner identify you individually ("Personal Information" or “Personal Data”). For example, before being able to collaborate on projects via our Online Platform, you will be required to provide information regarding your organization and electronically provide your contact information, including your name, email address and phone number.
Your information, including your Personal Information, and any other information you input via use of our Services may be collected by us through your direct interactions with our Online Platforms, use of our Services via text messaging, email or written correspondence, telephone calls, messaging through our Services or web based forms or from third party providers.
We may also collect other information from you related to your use of the Online Platforms or our Services and your interactions with our Online Platforms or our Services (while this information may not typically contain Personal Information, we are not responsible for the content of such information). This information includes any such information that you affirmatively provide to us, and may include the following:
● Account Data.
When you subscribe to our Services on our Platform, we ask you to create an account. This means that we collect information such as: your email address; your username; your avatar; the provider of your identity authentication; your firstname and last name. Your password is not stored in itself, we just collect a cryptographic fingerprint of it.
● Usage related Data.
When you use the features of your Platform and our Services, you generate data, which is necessary for our Platform to be able to normally provide you with the Services and its features. Therefore, we also collect information such as : the problems you spotted on web pages using our extensions being part of our Platform; the solutions you found to these problems; the notifications your received; the invitation to people working in your virtual workspace on our Platform; your workspace membership; the messages you sent and received using our Platform and your source code modifications history for web pages you customized using our extensions being part of our Platform;
● Log Data.
Like most websites and web-based technology services, our servers may automatically collect data when you access or use our Services and record it in log files. Such may include yourInternet Protocol (IP) address, Internet service provider (ISP), geographic location, browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
We may collect technical data, such as information about devices accessing our Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers, phone number, country, location, and any other data you choose to provide. We do not intentionally relate this to any individual user of our Services, these technical data are just used to adapt the display and the represented features of our Platform and Services.
Some cookies might be categorized as being necessary for technical reasons, and some others might be useful only for advertisement or browsing analytics activities.
On the Platform and in our Services, we only rely on technical required cookies. We don’t use advertisement cookies or tracking ones either.
Here are the details of the technical cookie we use :
This cookie is used to allow people to use the online chat available on our Website.
3. The data processing activities subject to this Policy and responsibilities
To provide you with our Platform and Services, we need to process the Personal Data. This is why we implement data processing activities, which can be performed by us as being a data processor of our users or as an independent data controller, depending on which data processing activity is considered
As a data processor of our Users, here are the data processing activities that are implemented by us on their behalf :
On our sole responsibility of data controller we only :
Please note that the Personal Data that can be processed by users using our Services and Platform are sole data controllers of the processing they decide to perform via our Services and Platform.
Thus, in case Personal Data subjects are not users, please note that the responsibility of being the data controllers of the data processing performed using our Platform and Services is assumed by our users who process the Personal Data of these data subjects. We propose to our Users, acting as data controllers, to agree to our Data Protection Addendum that is publicly available here : www.iterationx.com/dpa-scc
This Data Protection Addendum provides the statements ruling the relations between us and our users using our Services and Platform to perform such data processing activities.
The data processing activities previously described in the section 2 of this Policy are implemented to pursue certain purposes, as detailed hereinafter.
First, we handle the login and authentication credentials of our Users and we perform a technical monitoring of the infrastructure to ensure the security (prevention and treatment of security issues) and the proper functioning of our Platform and Services. We perform these data processing activities upon the legal basis of the existence of our legal obligation to ensure the security of our data processing activities, in accordance with the Article 32 of the GDPR provisions.
Moreover, we produce anonymized statistics of the audience browsing our Platform and using our Services and we analyze habits of the way our Users use our products to improve the experience and enrich our products, making them better in terms of features, content and user experience. This is legally grounded upon our legitimate interest to increase the experience and enrich our products, making them better in terms of features, content and user experience.
Furthermore, we manage our Users’ account creation to make them able to use our Platform and Services. This data processing activity is performed upon the legal basis of the enforcement of the contract they entered in with us, by accepting our Terms of Services during their subscription to the Services and Platform.
We also send emails to our users in order to :
Moreover, we send messages to users using our Website’s chat in order to interact with them when they want to chat with a person working at Iteration X. This is performed on the legal basis of our legitimate interest.
Finally, we handle the users' rights request related to Personal Data protection (CCPA, GDPR and Canadian individual rights) to make them able to use their respective rights over their Personal Data. This is implemented upon the legal basis of our legal obligation to answer data subjects' right requests, in accordance with the provisions of chapter 3 of the GDPR.
For the good functioning of our Platform that makes the Services available to the Users, we rely on third-party companies and individuals to facilitate our Services and manage our Platform and to provide our Services on our behalf. In the strict frame of the provision of services, these third parties (also called “our Data Processors”) might have access to your PersonalInformation only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.
You can find the list of our Data Processors, implementing data processings on behalf of us, hereinafter :
● Mixpanel is provided by Mixpanel,Inc. For more information on what type of information mixpanel collects, please visit the Terms of Service and Privacy Notice pages of Mixpanel: https://mixpanel.com/terms and https://mixpanel.com/privacy
For more information about all our data processors, please visit our page dedicated to give more details about them : www.iterationx.com/data-processors
To pursue the purposes exposed in section 3 of this Policy, we collect the categories of Personal data detailed in its section 2.
However, we also want to inform you that we don’t store this data for an unlimited period. Hereinafter you will find the details of the duration rules that we respect in terms of retention of these Personal data.
Generally, we don’t retain data more than the period of time that is necessary to achieve our purposes detailed in section 3.
So first, all the data processed to ensure security are stored for a 12 months period.
The relevant data processed to improve the experience and enrich our products are stored for a 6 months period, except if the users resigned their contract and deleted their account.
Concerning the data that are necessary to process for making our users able to actually use our Platform and Services, we store their data only for the period of time that corresponds to the moment when they created their account until the one when they resigned their account.
The data processed for making us able to inform our users about changes in our public legal documents is also only stored for this period of time.
Concerning the data processed to notify our users about the eventual occurrence of data breaches, we store it for a period of 5 years (the duration of limitation duration for legal actions in France).
The data processed to promote our products is stored from the moment of their collection (they are provided by the users during the subscription process) until 2 years after they resigned their account.
All the data processed to interact by messages, be it through emails or our chat available on the Website, is stored for 12 months, except if the users have an account, in this case the data is stored until they resign their account.
Finally, all the data we process to respond to data subject requests are stored for a period of 1 year after the receipt of each request.
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. Substantially all information we receive from you or via your use of our Services are copied, stored and managed through computer servers owned or controlled by us. While we attempt to employ security techniques commensurate with industry norms to protect your PersonalInformation and all other information we may host from unauthorized access by users inside and outside the organization, you should be aware that"perfect security" does not exist on the internet or any other method of electronic transmission or storage; third parties may unlawfully or improperly intercept or access transmissions, personal information, or private communications. As such, we cannot make any assurances or guarantee in any manner that a security breach will not occur that may expose your personally identifiable information to others.
For example, our servers are not located at our principal place of business but rather are managed and located at a third-partyInfrastructure-as-a-Service provider (an “IAAS”). We have taken commercially reasonable steps to choose a professional IAAS provider but we cannot guarantee the performance of the IAAS provider, its security measures, or the actions or inactions it takes in the future. By using ourServices, you understand and agree that we have no liability for the actions, behaviors or failings of our IAAS provider.
We endeavor to only require the collection of as much Personal Information as required to provide you access to our Services, ensure our ability to send you the communications described above, and meet our legal obligations. In addition, we will use commercially reasonable efforts to attempt to store Personal Information in a secure location. We do not represent that any Personal Information provided to us will be encrypted in any manner.
All information you provide to us, including Personal Information, is transferred, processed, and stored in the European Union.
However, we are an American company. This means that all the Personal data we process might be subject to potential transfers outside the EU, for reasons related to the legal obligations that apply to us.
To secure these data transfers, we provide to our users a document based on the Standard Contractual Clauses agreed by the European commission. You can take a look at it at the following URL : www.iterationx.com/dpa-scc
If we are involved in a merger, acquisition or asset sale, your Personal Information maybe transferred as a business asset. In such cases, we will attempt in good faith to provide notice before your Personal Information is transferred and/or becomes subject to a different Policy.
Our Services and our Online Platforms may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's Online Platforms. We strongly advise you to review the Policy of every Online Platforms you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.
Only persons age 18 or older have permission to access our Services. Our Services are meant for working professionals only and, therefore, are not meant to be used or accessed in any manner by anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 16 without verification of parental consent, we take steps to remove that information from our servers.
This Policy is effective as of the date listed at the top of this Policy and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
We reserve the right to update or change our Policy at any time and you should check thisPolicy periodically. Your continued use of our Services after we post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.
If we make any material changes to this Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our Websites.
For each one of the eventual data processing activities subject to the Policy and legally grounded upon the collection of the consent of the users, these latests can revoke their consent by sending us an email to email@example.com.
Additionally, upon receipt of any electronic communication from us to you, to unsubscribe from future communications, you can click on the link that says words substantially to the effect of "If you do not wish to receive these emails in the future, You can click here to unsubscribe."
Because we provide our California users with the ability to exercise his or her "opt out" rights as described above, pursuant to Section1798.83(c)(2) of the California Civil Code, we are in compliance with theCalifornia "Shine the Light" law and are not obligated to provideCalifornia users with the names and addresses of all the third parties that received personal information from the Company for the third parties' direct marketing purposes during the preceding calendar year.
Canadian residents have a right to request access or correction of Personal Information held by us. We will endeavor to process any requests for access or correction to Personal Information within a reasonable period of time. Where possible, we will provide you with access to that PersonalInformation either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held. If we need to deny your request for access we will let you know why and inform you how you may lodge a complaint regarding this decision.
We will otherwise try to ensure that all Personal Information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service being provided.
Please forward your request for access or correction to our Data Protection Officer in writing at the relevant address or email address below.
In accordance with GDPR provisions, you have the right to ask for access to your Personal Data. You can use your right to rectify your personal data. Moreover, you can ask for the erasure of your personal data and also send us a request to use your right to object to one or more of the processing activities that are performed on your personal data.
You also have the right to ask for the portability of your Personal Data.
While using one of the rights mentioned above, you have the right to ask for the restriction of the performance of the processing activities concerning your Personal Data.
Furthermore, if you encounter any problem concerning the processing of your Personal Data, you can file a complaint to your national data protection authority in charge of data protection.
Our leading national data protection authority within the EU is the CNIL, remaining at 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.
We appointed the french company DATAJURISTES SAS, located at 14 rue du vieux faubourg in Lille (France, 59000) and represented by its President François-Xavier Cao, as our Data Protection Officer.
You may contact our Data Protection Officer at firstname.lastname@example.org
Enforcement starting date : April, 8 2022