HomePrivacy Policy

Privacy Policy

At Bireme Lab, protecting your personal data is a priority.

During your interactions with Bireme Lab (use of the bireme.io website hereinafter the "Site")), we may collect personal data about you.

The purpose of this policy is to inform you about how we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").

Who is the data controller?Link to who-is-the-data-controller

The data controller is Sidevision, a one-person simplified joint stock company with share capital of 1,000.00 euros, headquartered in HOUILLES (78800) 29 rue Emile Combes, France, registered in the VERSAILLES trade and companies register under number B 887 682 128 (hereinafter "we**").

What data do we collect?Link to what-data-do-we-collect

Personal data is data that can be used to identify an individual, either directly or by cross-referencing with other data.

When you use our website, we collect data in the following categories:

  • Identification data (e.g. your e-mail address);
  • Profile data (e.g. your first name, last name and profile picture);
  • Device information (e.g. IP address, device type, unique identifier, app version, operating system, network data, and phone state);
  • Browsing preferences (your browser's language settings);

Mandatory data are indicated when you provide us with your data. They are marked with an asterisk and are necessary to provide you with our services.

On what legal grounds, for what purposes and for how long do we keep your personal data?Link to on-what-legal-grounds-for-what-purposes-and-for-how-long-do-we-keep-your-personal-data

Purpose: To build up a file of customers and prospects.

Legal basis: Our legitimate interest in developing and promoting our business.

Retention period: For customers: data is kept for the duration of the contractual relationship; for prospects: data is kept for a period of 3 years from your last contact, for prospecting purposes.

Purpose: To send newsletters, solicitations and promotional messages.

Legal basis: For customers: our legitimate interest in building customer loyalty and informing our customers of our latest news. For prospects: your consent. For corporate customers: our legitimate interest in building customer loyalty and informing our customers and prospects of our latest news.

Retention period: Data is kept for 3 years from your last contact with us or until your consent is withdrawn.

Purpose: To respond to your requests for information.

Legal basis: Our legitimate interest in responding to your requests.

Retention period: Data is retained for the time necessary to process your request for information and deleted once the request for information has been processed.

Purpose: To comply with legal obligations applicable to our business.

Legal basis: To comply with our legal and regulatory obligations.

Retention period: Invoices are archived for 10 years. Transaction data (with the exception of bank details) is kept for 5 years.

Purpose: To develop statistics for analyzing cohorts (audience) and browsing behavior on our site.

Legal basis: Our legitimate interest in analyzing the composition of our customer base and improving our services.

Retention period: Data is kept for 25 months.

Purpose: To provide personalized advertising.

Legal basis: Your consent.

Retention period: Data is kept for 90 days.

Purpose: To manage requests to exercise rights.

Legal basis: Our legitimate interest in responding to your requests and keeping track of them.

Retention period: If we ask you for proof of identity, we keep it only for the time needed to verify your identity. Once verification has been completed, the proof of identity is deleted. If you exercise your right to object to receiving prospecting: we keep this information for 3 years.

Who will receive your data?Link to who-will-receive-your-data

The following will have access to your personal data:

Identity and access to Bireme Lab productsLink to identity-and-access-to-bireme-lab-products

When you sign up for accessing Bireme Lab's products, we ask for your first name, last name and email address. We are using thoses informations to personalize your account and provide a custom/tailored user experience.

We'll never sell your personal infos to third parties, and we won't use them neither in marketing statements without your permission.

About our authentication providerLink to about-our-authentication-provider

Bireme Lab is relying on a third party service named Clerk to handle authentication and ensure security accross all our ecosystem. This service has been setup to be used and shared accross our root domain (e.g. bireme.io); and subdomains (e.g. *.bireme.io);

Clerk is GDPR compliant, SOC 2 type 2 certified and CCPA compliant.

You can learn more about how Clerk is processing your data by reading their privacy policy page.

Usage of "Sign in with" options with Integrated ServiceLink to usage-of-sign-in-with-options-with-integrated-service

If you decide to register through or otherwise grant access to a third-party social networking or integrated service (what we call an Integrated Service), such as Microsoft Connect or Google, Bireme Lab may also collect personal information that is already associated with your Integrated Service account.

Integrated Services have been setup through Clerk, ensuring we rely on a dedicated, secured and audited company to implement OAuth2 procotol.

This ensure we reduce friction on sign-up and sign-in by proposing different methods to connect and access Bireme Lab ecosystem.

Here is an exhaustive list of scopes and informations we are aggregating through the different OAuth2 providers we are using:

Service: Google.

Scope: openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile

Usage:

  • Email: we use email address as identifier to create your Bireme Lab account, required,
  • First name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Last name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Profile picture: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,

Google uses OAuth2 for user permissions and consent, which enables us to specify the type, and level of access required for our app to function via strings known as API scopes. To enable a Sign in with Google feature, we had to publish our applications and ask Google compliance department to review and verify the proper setup and respect of Google terms regarding API services User Data Policy.

Service: Microsoft.

Scope: openid, email, profile, offline_access

Usage:

  • Email: we use email address as identifier to create your Bireme Lab account, required,
  • First name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Last name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Profile picture: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,

Microsoft privacy policies can be found on this page: https://privacy.microsoft.com/en-gb/privacystatement

Service: Github.

Scope: user:email, read:user

Usage:

  • Email: we use email address as identifier to create your Bireme Lab account, required,
  • First name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Last name: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,
  • Profile picture: we use it to provide you a custom experience on Bireme Lab's products interfaces, optional,

Github privacy policies can be found on this page: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

Data processing and storage within Bireme Lab servicesLink to data-processing-and-storage-within-bireme-lab-services

Personnal informations (including ones aggregated from Integrated Service such as Google) are stored on our hosting providers as the following:

  • Your email address, your first name and your last name are replicated in our database hosted on Digital Ocean, this replication process is mandatory to reduce requests latency and provide a best-in-class responsive experience while using our applications.
  • Assets, such as your profile picture, are hosted and served using AWS services (e.g. S3 and Cloudfront).

Only informations considered as "non-sensitive and non-restricted scope requirements" are stored on our servers.

Our hosting providers services have been set up to store your personal informations on servers located in the European Union, in accordance with GDPR requirements.

Are your data likely to be transferred outside the European Union?Link to are-your-data-likely-to-be-transferred-outside-the-european-union

Your data is kept and stored for the duration of the processing operation on the company's servers (*), located in the European Union.

In the context of the tools we use (see article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:

  • either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
  • or the data is transferred to a country whose level of data protection has not been recognized as adequate to the GDPR: in this case such transfers are based on appropriate safeguards indicated in Article 46 of the GDPR, tailored to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
  • or the data is transferred on the basis of one of the appropriate guarantees described in Chapter V of the GDPR.‍

What are your rights regarding your personal data?Link to what-are-your-rights-regarding-your-personal-data

You have the following rights with regard to your personal data:

  • Right to information: this is precisely why we have drawn up this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all your personal data at any time, in accordance with article 15 of the GDPR.
  • Right of rectification: you have the right to rectify at any time your inaccurate, incomplete or obsolete personal data in accordance with Article 16 of the GDPR.
  • Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection on the grounds set out in Article 17 of the GDPR.
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of the applicable texts. (Article 77 of the GDPR)
  • Right to define directives relating to the retention, deletion and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act.
  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states that you may withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out prior to the withdrawal.
  • Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to demand its transfer to the recipient of your choice.
  • Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process them despite this objection, for legitimate reasons or the defense of legal rights.

You can exercise these rights by writing to us using the contact details below. We may ask you to provide additional information or documents to prove your identity.

What cookies do we use?Link to what-cookies-do-we-use

To find out more about cookie management, please consult our Cookie Policy page.

Personal data contact pointLink to personal-data-contact-point

Contact e-mail: [email protected]

ChangesLink to changes

We may modify this policy at any time, in particular in order to comply with any regulatory, legal, editorial or technical developments. These modifications will apply as of the effective date of the modified version. You are therefore invited to consult the latest version of this policy on a regular basis. Nevertheless, we will keep you informed of any significant changes to this privacy policy.

Effective date: June 20, 2024