Who are we?

SAS Seekoya
12 Rue de la Part-Dieu 69003 Lyon
Represented by Matthieu THOMAS, in his capacity as President, and Nicolas LEGENDRE, in his capacity as CEO.

Legal information: SIRET: 83460654300025
RCS: LYON — NAF: 6201Z

Quality, Purpose and Purpose of Data Processing

‍So-called personal data is processed by Seekoya as data controller when you are a customer, administrative contact or prospect linked to our commercial relationship.

We are sometimes required to work with our partners to successfully manage and maintain the commercial relationship with our customers and prospects. Our partners, as trusted third parties, therefore act as subcontractors for Seekoya (this is achieved through our tools such as CRM, social networks, payment, newsletters, customer satisfaction, customer satisfaction, statistical monitoring of our Cards, etc.)

The treatment carried out by Seekoya:

As part of our commercial relationship,
namely: prospecting, customer relations, exchanges on social networks, applications, meetings and exchanges during online or face-to-face events) is as follows:
• Through our online contact forms (including the download of resources) -> To process the request made, to provide you with information and to deliver the resources and services requested.
• Prospecting -> To contact our prospects and identify the interest in our solution and our possible associated services.
• Exercising your rights -> To assist you in this process and to respond to it while informing our internal teams of the treatment requested.

The duration of processing in this context of commercial relationship as indicated above, leads us to keep the data for up to 13 months.
The categories of data concerned are: data related to browsing our website, contact identity data, data related to professional life as well as any data expressly transmitted by you yourself within the form (s) concerned.

Legal bases for processing and data: in the legitimate interest of our company and our processes, in the framework of legal obligations (RGPD), in the context of consent for cookies.
‍
Treatment carried out as a user,
to access micro-learning and materials shared by one of our customers or partners, Seekoya may be required to process personal data as a subcontractor.

In this case, the treatment that will be carried out by Seekoya is as follows:
- Customer account configuration
- Customer account management (registration, storage, consultation and deletion of Personal Data and Provision of the Tool)
- Technical Support/Maintenance

The Customer's Personal Data is Processed for the following purposes:
- Main purpose: Create micro-courses with Cards
- Sub-Purpose 1: Provide support and advice for using the Tool
- Sub-Purpose 2: Access shared micro-formations
- Sub-Purpose 3: To allow statistical monitoring

Data categories processed on Cards

We distinguish 2 types of profiles on Cards:
- owners: the people who create their space on the platform, and who manage the subscription
- learners & editors: users, added by the owner. Learners access the micro-courses that are shared with them. Editors create micro-courses and share them with learners.

Identification data:
- first name
- name
- photography (optional)

Professional data:
- professional email address
- department/service (optional)
- telephone (optional except for the owner at registration)

Usage data:
- Usage statistics, types of content created, type of offer/subscription taken out

Duration of treatment on Cards

Data Category -> Duration of Treatment
- Contractual data -> Duration of the provision agreement +10 years according to legal requirement
- Identification data -> 13 after receipt of the last request
- Professional data -> 13 months from the date of collection of the last request
- Usage data -> 6 months after the end of the contract

Ownership of data

Data used, processed, hosted, saved or stored by Seekoya on behalf of the Customer or at the Customer's initiative are and remain the property of the Customer.

How do we use your personal data?
Seekoya acts as a data controller in the relationship between Seekoya and our customers (creators of micro-learning with Cards), for the personal information that you provide to us in order to use our service. Seekoya does not sell personal data to third parties and does not use it for marketing purposes or to deliver advertising. We only share your information with our service providers who help us run our business, in which case these third parties are required to comply with the GDPR framework.

Confidentiality and integrity
‍
Seekoya is committed to:
- Have its staff sign a confidentiality agreement for the performance of the Services, in accordance with art. 5, paragraph 1 f) of the RGPD;
- Train and inform its staff about Data Protection regulations, and Customer guidelines;
- Do not disclose the Customer's confidential information without the prior written authorization of the Customer;
- Do not use the Customer's confidential information, for any reason whatsoever, except in execution of the rights and obligations arising from this Agreement;
- Do not disclose the Client's confidential information to anyone, by any means whatsoever, except to their staff, potential agents or subcontractors to whom this information is necessary for the performance of the Services and provided that they are subject to confidentiality obligations at least as stringent as those herein, or in the event of a request from a police, judicial or administrative authority;
- Warn its staff, potential agents, subcontractors and their staff and potential agents, as well as third party entities or legal persons, of the confidential nature of the information communicated by the Customer and to assume responsibility for any disclosure arising from them;
- Take the necessary protective measures that it would take to protect its own confidential information, especially in the context of teleworking.


Access to Personal Data

- Seekoya and his staff
Some teams at Cards can see your data, but only the data they need to do their jobs. They cannot use this information for anything else and must keep this data secret.

- Your company and your staff
Depending on whether you are a Learner or a User on the platform, your employer and those who have the right to manage the platform (such as Owners and Editors) can access your data.
‍
- The competent authorities‍
We may share your personal data with the authorities if a law, regulation, or decision of a competent authority, whether regulatory or judicial, requires us to do so. We are committed to scrupulously complying with applicable laws and regulations, in particular those concerning the protection of your data, to limit, regulate or prevent the disclosure of your information without compromising your privacy.
‍
- Social networks
If you interact on social networks and media via our pages and our site, this information will be sent to the social network and shown on your profile. To prevent the social network from connecting this information to your account, log out of your account first. Also, check out their privacy policies for more information.
‍
- Our partners and service providers
Some data may be transmitted to our partners, listed below in the “Data Hosting” section below.

Data hosting

Data is stored on servers in France only.
The [app.cards-microlearning.com] site and the MS Teams application are hosted by:
Clever CloudClever Cloud SAS, with a capital of €22,952
Registered under the RCS Nantes: B 524 172 699.
Head office: 3 rue de l'Allier, 44000 Nantes, France.
Intra-community VAT number: FR 87 524 172 699

The files are hosted by:
SCALEWAY Simplified Joint Stock Company with a capital of 214,410.50 Euros
SIREN: 433 115 904 RCS Paris - Head office: 8 rue de la Ville l'Evêque, 75008 Paris
Intra-community VAT number: FR 35 433115904
‍
Data subcontractors
-> We ensure that no personal data of your users (learners on Cards)... is transmitted outside the European Union. The sub-processors listed below allow us to access or use specific services. We invite you to consult our Data Protection Agreement contract, between Cards (Seekoya company) and the company called Card Customer, which contracts a subscription or a Cards offer.

List of data processors:

- PipeDrive: for registration in the CRM, only the information of the owner of the subscription is recorded. No data concerning user accounts (so-called “learners” and “editors”) is transmitted to the CRM.
- Location: Europe (Pipedrive Ireland Ltd = Ireland)
‍
- Mailjet: email addresses are sent to Mailjet so that the platform can send notification emails.
- Location: Europe (France)

- Firebase: push notifications (for mobile apps) are sent via Firebase.
- Location: Europe

- Stripe: email address, first name and last name of the owner of the subscription. Learner data is not sent. If an account does not use Stripe for payment, no data is sent to Stripe.
- Location: USA

- PostHog: only platform usage data is sent, and anonymized (no email address, only a user id will be sent).
- Location: Europe

- OpenAI: No personal data is transmitted. Can only be used if the AI option is activated, and the editor uses an AI feature. The data transmitted (requests or prompts) are then deleted within the following 1 to 30 days.
- Location: Europe

- Sentry: Application monitoring
- Location: USA

Some data may be transmitted to our partners and services when creating your Cards account: the account of the owner of the Cards space and the so-called “publisher” licenses subscribed only. No “Learner” user data is transmitted.
‍
The list of services and partners that have access to this data is available above, before creating a customer account, or when creating your Cards account by accepting and consulting this Cards privacy policy.

Data protection referent
‍
The company's data processing specialists are:
Matthieu THOMAS and Nicolas LEGENDRE, representing the company Seekoya 12 Rue de la Part-Dieu 69003 Lyon
‍
To contact them please use the following email format: [FIRST NAME] @seekoya [DOT] com
or via the contact form on our website.

User rights

Any user concerned by the processing of their personal data may exercise the following rights, in application of European Regulation 2016/679 and the Data Protection Act (Law 78-17 of 6 January 1978):
Right to access, rectify and right to delete data (set out respectively in articles 15, 16 and 17 of the RGPD);
Right to data portability (article 20 of the RGPD);
Right to limitation (article 18 of the RGPD) and to oppose the processing of data (article 21 of the RGPD);
Right not to be the subject of a decision based exclusively on an automated process;
Right to determine the fate of data after death;
Right to refer the matter to the competent supervisory authority (article 77 of the GDPR).

To exercise your rights, please send your request to Matthieu THOMAS or Nicolas LEGENDRE, by post to the company's headquarters, or by email to DPO [AT] seekoya [POINT] com

In order for the data controller to grant his request, the user may be required to provide him with certain information such as: his first and last names, his e-mail address as well as his account number, personal space or subscriber number.
‍
If you have a Cards user account, a form is also available from the “My Profile” page and on the “Support” page.