Privacy policy
Data Controller
Shadow SAS, a simplified joint stock company (société par actions simplifiée) registered in the Paris Trade and Companies Register under number 891 586 299 ("Shadow" or the "Company"), is responsible for the processing of personal information collected and processed via the Company's websites (the "Websites"), the Shadow devices, products, services, online stores and applications referring to this privacy policy (hereinafter together the "Shadow Services"). All relevant information concerning the Company, including its address, is indicated on the legal notices page.
All relevant information concerning the Company, including its address, is indicated on the legal notices page.
Scope and purpose
This privacy policy (the “Privacy Policy”) applies to all Shadow Services and their users (the “Users”). Its purpose is to inform Users about the way Shadow processes Personal Data.
Personal data
Personal data is any information that directly or indirectly identifies a User (“Personal Data”).
Anonymised information, which is understood as Personal Data that has been processed appropriately to make it irreversibly non-identifiable, is excluded from the definition of Personal Data.
Source of Personal Data
The Personal Data processed by Shadow comes from three sources:
Personal Data collected
Shadow does not collect any Personal Data relating to the use made by Users of their Shadow, unless the processing is necessary for the proper functioning of the Shadow Services or their optimization or if the User has explicitly given his or her consent.
Shadow may collect Personal Data when a User uses the Shadow Services, and in particular the following data (each category of data includes non-exhaustive examples enabling a better understanding of the type of data collected):
The Personal Data collected varies according to the Shadow Users and the Services they use (for example, some data only concerns Shadow's Websites, others only the Shadow service). Furthermore, some of this data is only processed with the agreement of the User (see the “Legal basis for processing” section).
For the Shadow Chatbot, input data is not linked to any Personal Data. No Personal Data is requested at the beginning, during or at the end of the conversation. Input Data is only linked to a key that allows it to be identified. Shadow and its Partners collect only the Data entered.
Shadow does not process or collect sensitive data.
Purpose of processing
Shadow processes Personal Data for the purpose of operating, providing, improving and informing about Shadow Services. In particular, depending on the Shadow Services used, Personal Data may be processed for the purposes described below.
Firstly, we process part of your data in order to allow the proper functioning and provision of the Shadow Services, including the management of the contractual and commercial relationship (orders, subscriptions, invoicing, accounting, outstanding payments, etc.), the proper technical and administrative functioning of the Shadow Services, the provision of the Shadow Services, assistance with the use of the Shadow Services, the reply to requests and questions from Users as well as the sending of notifications in the event of a technical incident.
For example, Shadow processes your Personal Data to manage your subscription, to respond to support requests from Users, or to notify Users of maintenance or an incident.
Secondly, we process part of your Personal Data in order to improve and optimise the Shadow Services, which includes measuring and improving the quality of the Shadow Services and User satisfaction, following the navigation of the User, producing statistics on the Shadow Services and their use, managing and optimising the operation of the servers, providing Shadow Services in line with the needs of the Users, in particular on the equipment making up the servers, as well as defining User profiles to enable the improvement and optimisation of the Shadow Services.
For example, Shadow processes your Personal Data to measure the impact of an update through user satisfaction or the Shadow usage rate, to manage server cooling, or to determine whether a User is more likely to use Shadow in the morning or in the evening.
We also process part of your Personal Data for the purposes of communication and marketing, including providing information and news, managing the registration of Users for the newsletter and notifications, carrying out surveys, setting up contests and advertising games, by random draw or by any other means, communication relating to new Shadow Services, commercial or promotional offers, whether targeted or not, as well as the setting up of partnerships with third parties.
For example, Shadow processes your Personal Data to send Users a newsletter, to propose surveys or contests, or to offer a new service or an option
Finally, we also process part of your Personal Data for the purpose of verifying and ensuring the use of the Shadow Services in accordance with the Terms of Use and the applicable laws, to ensure the security and integrity of the systems, to comply with our legal obligations, including the compliance of the contractual and commercial relationship with the obligations in force, as well as the response to requests from administrative authorities or legal requisitions, in accordance with current legislation.
For example, Shadow processes your Personal Data to ensure that you are the holder of a Shadow account, to prevent or stop a breach of the integrity of a server, or to process User requests relating to their Personal Data.
Storage duration
Depending on the processing carried out on Personal Data, retention periods may vary between 1 and 10 years:
Typebot and Open AI keep the Input Data for a maximum of 30 days. Also, Shadow keeps the Input Data for a period of 30 days. This input data is anonymized by means of a key.
Once the retention periods have expired, Shadow will delete or anonymize the Personal Data concerned.
Sharing and transferring Personal Data
In order to carry out the processing necessary for the purposes described in this Privacy Policy, Shadow may transfer Personal Data outside the European Union. These transfers are mainly due to the location of the subcontractors we have chosen. When these are established outside the European Union, Shadow ensures that the legal framework of the country in question provides a satisfactory level of security, or implements the procedures required to obtain the necessary guarantees for the security of transfers. Wherever possible, Shadow ensures that the service provider is certified by the Data Privacy Framework when established in the United States. You can also connect to your SHADOW account via:
Cookies
Use of the Websites also involves the use of Cookies, web beacons or other mechanisms such as pixels (“Cookies”). For more information about Cookies and their use, please refer to the Cookies Charter.
Rights of Users
Right of access, rectification and opposition
The User has a right to access and correct the Personal Data concerning him/her, which he/she may exercise by going to his/her User Account.
With regard to the right of opposition, the User may object to the processing of his/her Personal Data, within the limits of applicable law and with the exception of processing for which there are legitimate and compelling reasons for the processing of Personal Data (for example, the User may object to the processing of his/her Personal Data for marketing purposes).
Right to restriction of processing
The User may request the restriction of processing of his/her Personal Data in the following cases and according to the following procedures:
In the event that a processing restriction has been put in place, the Personal Data will only be processed, with the exception of storage, with the User’s consent, except (i) for the protection of the rights of another natural or legal person, or (ii) for important reasons of public interest.
In the event that the restriction on processing is lifted, the User shall be informed thereof by an appropriate means (email or letter, for example).
Right to erasure of Personal Data
Also called the right to be forgotten, the User may request the exercise of his or her right to erasure. By exercising this right, the User requests that his/her Personal Data be erased.
In accordance with applicable law, this right applies to the following two categories of Personal Data:
Right to portability of Personal Data
The User may request that he/she receives his/her Personal Data in a structured, commonly used and machine-readable format
In accordance with applicable law, this right
Right not to be subject to an automated individual decision
The User may request not to be the subject of a fully automated decision.
Exercise of rights
To exercise any of these rights, the User is invited to send an email to the following address: [email protected].
A reply will then be sent to the User in response within one (1) month of the request. This deadline may exceptionally be extended to two (2) months, depending on the complexity of the request or the number of requests to be processed. The User will then be informed of the extension of the deadline by email.
For the purposes of confidentiality and protection of Personal Data, a copy of an identity document signed by the User must be included in the request.
Any requests that are manifestly unfounded or excessive, in particular because of their repetitive nature, may give rise to a refusal to act on the requests or to subordinate the response to the payment of reasonable costs taking into account the administrative costs incurred to process the request.
In the event of an unsatisfactory response, you can contact the CNIL.
Updates
Shadow reserves the right to modify this Privacy Policy at any time and to notify Users of this by any appropriate means. The last update date visible on this page indicates the date of the last changes.
Date of last update: May 2024