Last Update: June 1,2024
This Data Privacy Policy (“Privacy Policy” or this “Policy”) represents the minimum standards that Jiyou S.à.r.l. and its affiliates including Jiyou Labs, Inc, Jiyou SRL and Jiyou SAS (collectively, “Jiyou”, “we”, “our”) have set with respect to data privacy, for ensuring that we collect, use, retain, and disclose Personal Data in a fair, transparent, and secure way.
This Policy aligns with (and in some cases exceeds) the main requirements of applicable laws and regulations. It is also aligned with other specific policies of Jiyou relating to the collection and use of Personal Data implemented by each entity of the Jiyou Group to cover the specific Personal Data processing purposes needed for day-to-day activities (e.g. cookies policy, specific local policies such as employees’ privacy policies, specific information notices for customers, etc.). This Policy acknowledges that certain Jiyou affiliates are located in countries with varying legal and cultural approaches to privacy and data protection.
This Privacy Policy may thus be supplemented by other policies and procedures in certain geographic regions as may be appropriate to comply with applicable laws and meet cultural norms. In the event of a conflict between this Privacy Policy and the local applicable privacy policies and/or applicable local law as relevant, or inapplicability of the provisions of this Privacy Policy, the local applicable policy and local law should prevail. Some useful definitions are provided in section 2 of this Privacy Policy for your ease of reference.
- Scope
1.1 The Policy covers all Personal Data in any form, including but not limited to electronic data, disks, and paper documents, and all types of processing, whether manual or automated, that is in Jiyou’s possession or under Jiyou’s control, in all geographical areas where Jiyou operates. This will include information held about Jiyou members, partners, employees, contractors, consultants, clients, consumers, suppliers, business contacts, and any third parties.
1.2 This Policy also applies to any Third Parties who perform services for or on behalf of Jiyou and who are expected to embrace standards of conduct consistent with the principles set out in this Privacy Policy.
- Definitions
2.1 Jiyou shall mean the relevant Jiyou entity processing the Personal Data and the various Jiyou affiliates.
2.2 Third-Party shall mean a third party or business partner who receives from Jiyou or who is granted access to or is otherwise entrusted with Personal Data on behalf of Jiyou, for example, suppliers, contractors, sub-contractors, and other service providers.
2.3 Data Subject shall mean an identified or identifiable natural person whose Personal Data is being processed by Jiyou.
2.4 Informed Consent shall mean any freely given specific and informed indication of the Data Subject’s agreement to the processing of his/her Personal Data, when required.
2.5 Personal Data shall mean any information enabling to identify a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity. Data is considered Personal Data when it enables anyone to link said data to a natural person, even if the person or entity holding that information cannot make that link.
2.6 Application Data shall mean any Personal Data that is processed by Jiyou’s Services, whether by Jiyou or by Third Parties who perform services for or on behalf of Jiyou. For the sake of clarity, Personal Data processed through Jiyou’s marketing websites shall not be Application Data.
2.7 Sensitive Data (or Special Category of Data) shall include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
2.8 Personal Data relating to criminal convictions and offences are a subset of Personal Data, which due to their nature have been classified by law or by an applicable policy as deserving additional privacy and security protections.
2.9 Process / Processing shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automated means, including but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or through other means, such as Jiyou’s marketing websites (“Process” shall be interpreted accordingly).
2.10 Jiyou’s Services shall mean the services that are used by you pursuant to the applicable agreement, which may notably include Yet Another Mail Merge, Form Publisher, Awesome Table (and the Awesome Table add-ons), Playengo, GPT for Work (i.e., GPT for Sheets™ and Docs™, and GPT in Excel™), including any update or replacement thereof and technical support provided by Jiyou to you from time to time.
- How do we ensure the lawfulness, fairness, and transparency of your Personal Data?
Personal Data is processed on the basis of legal grounds with the informed knowledge of the Data Subjects.
3.1 We will only use Personal Data on the basis of a legal ground:
- If necessary to perform a contract (e.g. with our employees, contractors, clients using Jiyou’s Services, suppliers); in particular, we will use Application Data only for the purpose of providing Jiyou’s Services as provided in such contract; or
- If required to comply with a legal obligation (e.g. when we need to satisfy our obligations as an employer); or
- Where we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (e.g. when carrying out a processing to better know our clients and send them promotional offers), except that this shall not apply to Application Data; or
- Where we have obtained the Data Subject’s Informed Consent when it is specifically required by law or by applicable policy. This may notably be the case where none of the other legal grounds described above is applicable and to the extent permitted under applicable law.
3.2 We consider that it is important to assess the privacy risks before we collect, use, retain, or disclose Personal Data, such as in a new system or as part of a new project.
3.3 Jiyou will only process Personal Data in the way described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject.
3.4 Jiyou will not carry out profiling activities based on automated decision-making unless legally grounded on a requirement of applicable law, the performance of a contract, or the Data Subject’s consent, and provided that suitable safeguards are implemented to protect the Data Subject’s rights.
3.5 We use cookie technologies on our websites to allow us to evaluate and improve the functionality of our websites. We can also use cookies for advertising or analytics purposes, subject to your consent and depending on your choice by using our cookie setting tool. For more information about how Jiyou uses cookies, please read our online Cookie Policy.
3.6 Where legally required, we will ensure that Data Subjects are provided with relevant information concerning the processing of their Personal Data, unless there is an impossibility to provide such information or if it requires disproportionate efforts to provide such information. Such information will notably include the purposes of the Personal Data processing, the types of Personal Data collected (if the Personal Data have not been obtained directly from the data subject), the categories of recipients, the list of rights which may be exercised by the Data Subjects, the consequences of a failure to reply or provide Personal Data, the conditions of the transfer of Personal Data outside the European Economic Area (“EEA”), if any, and the mechanism used to protect the Personal Data in the event of a transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the point where Personal Data are originally collected from them. Privacy notices shall be written in language which provides Data Subjects with a clear understanding as to how their Personal Data will be used.
- How do we process Personal Data for specific and legitimate purposes and verify that Personal Data is minimized and accurate?
4.1 Personal Data will only be collected and processed for specified, explicit, and legitimate purposes (which could be multiple), complying with the Personal Data minimization principle and ensuring the accuracy of the Personal Data processed.
4.2 Personal Data will not be further processed in a manner that is incompatible with those purposes.
4.3 We carefully evaluate and define the purposes of any Personal Data Processing before launching a project (e.g. management of HR data, management of recruitment data, payroll purposes, accounting and financial management, allocation of IT tools and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, client relationship management, bids, sales and marketing management, supply management, internal and external communication and events management, compliance with anti-money laundering and anti-bribery obligations or any other legal requirements, data analytics operations, implementation of compliance processes).
4.4 We will ensure that the Personal Data we collect is relevant, adequate, and not excessive in relation to the purpose of the Processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant Personal Data for the purpose sought can be collected and processed.
4.5 When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offences unless required by applicable law or when allowed by applicable law with the Data Subject’s prior express consent.
4.6 Every reasonable step will be taken to ensure that Personal Data is maintained in an appropriately accurate and up-to-date form at every step of Personal Data Processing (i.e. collect, transfer, storage, and access).
- What measures do we use to ensure appropriate security for Personal Data?
5.1 We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks of Personal Data Processing. These measures are implemented to protect Personal Data against unauthorized or unlawful Processing, accidental loss, destruction, or damage, including against internal or external, deliberate, or accidental threats.
5.2 We will continuously assess and improve our Information Security Management System (“ISMS”) and measures (e.g. anti-virus software, passwords, firewall protection, encryption measures, confidential paper document disposal, security compliance of service providers with appropriate security measures, access restrictions, IT backup processes, awareness-raising programs, and training).
5.3 We will ensure that persons accessing Personal Data have a business need to access that Personal Data and are subject to a confidentiality obligation.
5.4 We will carry out regular tests and evaluations of the effectiveness of our ISMS and measures, making improvements as necessary.
5.5 In case of a data breach, Jiyou will follow the process for reporting, managing, and recovering from such incidents. We will inform the competent data protection authorities and affected Data Subjects as appropriate and as required by applicable law.
- How long do we retain Personal Data?
6.1 Personal Data shall not be kept in a form which permits identification of Data Subjects for longer than necessary for the purposes for which the Personal Data is Processed, in accordance with Jiyou’s Data Retention Policy and applicable laws.
6.2 We will identify and follow applicable legal or contractual obligations regarding data retention. When we no longer need the Personal Data, we will securely delete it, including but not limited to Application Data.
- How do we ensure your rights are protected?
7.1 You have certain rights regarding your Personal Data, which include but are not limited to:
- The right to be informed about how your Personal Data is being used.
- The right to access your Personal Data.
- The right to correct your Personal Data if it is inaccurate.
- The right to request the deletion of your Personal Data in certain circumstances.
- The right to restrict the processing of your Personal Data.
- The right to object to the processing of your Personal Data.
- The right to data portability.
7.2 To exercise your rights, you can contact us at contact@2.5lab.app. We will respond to your request in accordance with applicable laws.
- How do we manage cross-border data transfers?
8.1 Personal Data may be transferred to countries outside the European Economic Area (EEA) where the level of protection of Personal Data may not be as high as within the EEA. In such cases, we will ensure that appropriate safeguards are in place to protect the Personal Data, such as entering into standard contractual clauses approved by the European Commission or relying on other legal mechanisms for such transfers.
8.2 We will provide more information about cross-border data transfers and the mechanisms used upon request
Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: contact@2.5lab.app
This Privacy Policy may be updated from time to time to reflect changes in our practices or applicable laws. We encourage you to review this Policy periodically to stay informed about how we are protecting your Personal Data.