PRIVACY POLICY
Last updated 01.03.2023
We are committed to maintaining the confidentiality of your personal information and attach great importance to protecting your privacy, when processing some of your Personal Data, in accordance with current regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of Personal Data (the “GDPR”), as well as French law No. 78-17 of January 6, 1978 (as amended).We invite you to read this document (the “Privacy Policy”) carefully. If you have any questions about our Privacy Policy and, in general, about the collection and processing of your Personal Data by Zama please do not hesitate to contact us at: privacy@zama.ai.
Scope
This Privacy Policy governs and details the main principles that Zama applies to the Personal Data we collect and process to run our corporate website zama.ai (the “Website”).
The purpose of this Privacy Policy is to provide you with all the important information and explanations about how and why some of your Personal Data may be collected and processed by Zama when you browse on the Website.
This Privacy Policy also aims to remind you about your data protection rights and to provide you with all the elements you need to exercise them.
Important Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person that identifies the person directly (e.g. the name, an identification number) or indirectly (e.g. connection data)
- “Processing” (of Personal Data) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, storage, disclosure by transmission, etc.
- “Controller” means someone who determines the purposes and means of Processing
- “Processor” means someone who processes Personal Data on behalf of and on the instructions of the Controller
How we collect and process some of your Personal Data?
We collect and process:
(i) Personal Data you voluntary and knowingly provide us
We confirm that providing the Personal Data in this context is voluntary and that it is not subject to a statutory or contractual requirement
(ii) Analytics information
i.e. information about your use of the Website and your interaction with our Website’s contents
(iii) Personal Data you voluntary and knowingly provide us
You do not have a legal duty to provide any of the above information. However, you may not be able to submit an inquiry or an application for a job position on our Website without providing the required information.
a. Inquiries / Requests
You can submit an inquiry through our Website. You may be asked to provide information such as your name, email address, and other relevant information related to the request.
b. Job Opportunities
You may apply for career opportunities at Zama through the Website. To do so, we will ask you to provide information such as your name, current position, postal address, email, phone number, your web presence, and an option to provide additional information in an email and your CV. The mandatory fields for completion will be marked.When you apply for a job via the Website, your Personal Data is managed by Coruscant SAS (Welcome Kit / Welcome to the Jungle), our services provider. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://www.welcometothejungle.com/fr/pages/privacy-policy
c. Newsletters
You may subscribe to our Newsletters by providing your email address.
d. GitHub, Community Forum, and FHE.org Discord
You may use these tools to communicate with Zama’s Team, other Website’s visitors, and FHE.org Community members.
When using GitHub (GitHub B.V.), your Personal Data is managed by GitHub B.V. We inform you that we have no control over the use of your Personal Data by GitHub B.V. which acts as Controller within the meaning of the GDPR. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statementWhen using the FHE.org Discord (Discord Inc.), your Personal Data is managed by Discord Inc. We inform you that we have no control over the use of your Personal Data by Discord Inc. which acts as Controller within the meaning of the GDPR. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://discord.com/privacy
Why do we collect and process some of your Personal Data?
When you browse on the Website, we can collect and process some of your Personal Data for various legitimate purposes.
You will find below explanations regarding the reasons why Zama may collect some of your Personal Data and the legal basis Zama relies on in each case.
We collect and process some of your Personal Data:
- To respond to your inquiry / request
We will use your information to contact you about and handle your inquiry or request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)
- To consider your application for a job position
We will use your information to review your candidacy, consider you for the open job position (or other relevant open positions we may have), and update you as to the status of your candidacy. Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your candidacy) + Article 6-1(b) of the GDPR – Pre-contractual measures (taking pre-contractual steps in evaluating your application for an open position)
-To manage contact forms
We will use your information to contact you about and handle your inquiry or request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)
- To manage Newsletters sending
We will use your information to send you Zama’s newsletters upon your request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)
-To manage Zama’s Blog
We will use your information to run Zama’s Blog and ‘News’ pages. Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (blog management)
-To provide communication tools
Our Website also offers access via third-party tools including GitHub and the FHE.org Discord, which are communication tools allowing users to share content and code on social networks and online storage facilities. When you interact with such social media widgets, “share buttons”, or third-party code review sites, these social networks and companies may collect information about you and/or your device and connection. Your interactions with these services are governed by the respective privacy policies of the companies providing these services. For more information on the data protection and privacy practices of these companies, you can refer to their specific policies listed below:
Github
https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
Discord
https://discord.com/privacy
- To manage requests to exercise GDPR rights
We will use your information to contact you about and handle your GDPR inquiry or request.Legal basis: Article 6-1(c) of the GDPR – Compliance with a legal obligation
-To manage compliances and disputes
We will use your information to resolve any potential disputes or problems in connection with the use of the Website.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (defense of our rights)
- Who are the recipients of your Personal Data?
(i) Internal recipients of your Personal Data: The recipient of your Personal Data is the authorized staff of Zama.
(ii) External recipients of your Personal Data which act as Processors within the meaning of the GDPR and process data on behalf of Zama, according to our instructions and in compliance with any appropriate security and confidentiality measures:
- Webflow (hosting service provider)
11th Street, 2nd Floor
San Francisco, CA 9410
- Coruscant SAS (Welcome Kit / Welcome to the Jungle RH Solution)
24 rue du Mail – 75002
ParisRCS Paris No. SIREN 802 162 628
(iii) External recipients of your Personal Data which act as Controllers within the meaning of the GDPR:
- GitHub B.V. (hosting service provider)
Prius Bernhardplein 200 99135
The Netherlands
Registration No. 808709794
- Discord Inc. (messaging social platform)
444 De Haro St Suite 200 San Francisco
CA 94107, United States
(iv) Authorities
Only to the extent we are obliged to by applicable laws and regulations.
- For how long is your Personal Data stored?
We undertake to keep your Personal Data only for as long as strictly necessary for the processing operation(s) declared for the purposes mentioned above, and in any event within the limits imposed by law.
- Administration of the Website: login data, where relevant, is kept for a maximum of 6 months
- Personal Data in forms: we erase your Personal Data immediately by receiving a withdrawal request or objection or in case of two (2) years of ongoing inactivity
- Management of Newsletters sending: your Personal Data is erased within one month after you exercise your opt-out option
- Processing of job applications: your Personal Data is kept for two (2) years from the time of Zama’s last contact with you (except your previous erasure request); in the event of legal action, your Personal Data is archived for five (5) years (civil prescription)
- Management of general inquiries and requests: your Personal Data is erased within one month after Zama’s last contact with you
- Management of requests to exercise GDPR rights: your Personal Data is kept for six (6) years for the exercise of the right of opposition (criminal prescription) and for five (5) years for other rights (civil prescription)
- Management of compliances and disputes: your Personal Data is kept for five (5) years (civil prescription)
In any event, we undertake to delete your Personal Data from our databases at the end of these various periods, subject to the retention of certain information in order to meet our legal, accounting and tax obligations.
Do we transfer your Personal Data outside the EEA?
The global economic context and the associated internationality of our activity mean that data can be exceptionally accessed outside the Economic European Area (“EEA”) via our contractors and partners, provided such access is necessary and based on legal grounds. In such case, we ensure that:
- The Personal Data is transferred to countries recognized as offering an adequate level of protection or,
- For Personal Data exceptionally transferred outside of countries recognized by the European Commission as having a sufficient level of protection, any of the mechanisms offering appropriate guarantees is used, for which provision is made by applicable regulations, and notably the adoption of the standard contractual clauses of the European Commission.
How do we protect your Personal Data?
We are committed to ensuring that your Personal Data is duly protected.
To prevent unauthorized access, disclosure, modification, damage or destruction, we have taken appropriate physical, technical, and organizational security measures to protect the Personal Data we collect and process.
To this end, Zama and our technical and hosting service providers implement necessary measures to ensure the integrity, confidentiality, and security of your Personal Data (in particular by complying with the requirements of applicable personal data protection regulations).
As such, we have chosen to host your data on servers located within the European Union, more precisely in Frankfurt and Amsterdam.
Are there cookies on the Website?
Zama does not use any cookies or similar technologies on the Website.
What are your rights and how can you contact us?
Regarding the use of the Website, you have the following rights under the conditions provided for in the regulations:
- The right of access, rectification and erasure of your Personal Data (Art. 15 to 17 of the GDPR)
- The right to withdraw your consent (opt out) at any time (Art. 13-2(c) of the GDPR)
- The right to restriction of Processing of your Personal Data (Art. 18 of the GDPR)
- The right to object the Processing of your Personal Data (Art. 21 of the GDPR)
- The right to Personal Data portability (Art. 20 of the GDPR)
- The right to file a complaint with the CNIL (the French data protection authority) (https://www.cnil.fr/fr/plaintes)
- The right to issue instructions allowing access to your Personal Data in the event of death (Art. 85 of the French law No. 78-17 of January 6, 1978, as amended).
You can exercise these rights by e-mail at privacy@zama.ai, specifying the right you wish to exercise and attaching proof of your identity (if necessary) or a power of attorney if you are being represented.
If you exercise these rights, we will endeavor to respond to your requests as soon as possible and at the latest within one month.