Privacy and Data Protection Policy
Last updated: July 2021
1. About Empiflow
  1. Empiflow S.àr.l, a limited liability company existing and governed under the laws of Grand-Duchy of Luxembourg with the registered office at 25а Boulevard Royal, 2449 Luxembourg, Luxembourg, together with its affiliates (collectively, "Empiflow", "we", "our", "us") has created this Privacy and data protection in line with Empiflow's commitment to your privacy (the "Privacy Policy").
  2. We provide software as a service that helps companies create engaging onboarding and learning experiences for their employees and other content creators.
2. About this Privacy Policy
  1. This Privacy Policy sets forth our handling practices in regard to the data processed by Empiflow, including personal data or personal information that you may provide to us through using the services available on Empiflow platform (the "Platform"), or visiting our website (https://www.empiflow.com/) (the "Website").
  2. Users of our Platform who made an order are "customers" and other users, which include i) customer's employees / collaborators / service providers or and/or other individuals who are authorized by customer or other users of the Website and/or the Platform are "users".
  3. If you ("you" including both customers and users) do not accept this Privacy Policy, then you should not use our Platform and Website.
  4. You consent to our processing of your personal information in accordance with this Privacy Policy by using our Platform or visiting our Website (including, but not limited: when you communicate your Personal Data by subscribing to our newsletter, by requesting or scheduling a demo, by giving you email address to get resources or content, by submitting a support inquiry or directly emailing to Empiflow for information or by creating a client account, when Empiflow collects your Personal Data to manage the platform user access, to manage the after-sale service, and to analyze statistics regarding the Website ).
  5. If you have any questions about this Privacy Policy, please contact us by email at privacy@empiflow.com.
3. What is "personal data"?
  1. "Personal Data" (or "Personal information") is any information about you, from which you can be identified provided by you or collected by Empiflow. Examples of personal data are: name, address, date of birth, telephone number, location data, email address or an IP address.
  2. Our processing of your personal information will depend on our relationship with you, the circumstances of collection and the types of products and services you request from us. We may collect additional personal information from you from time to time.
4. Processing personal data under the GDPR
  1. If an organization 'processes' personal data, it does so as either a Controller or a Processor, and there are different requirements and obligations for each.
  2. A Controller is the organization that determines the purposes and means of processing personal data. A Controller also determines the specific personal data that is collected from a data subject for processing. A Processor is the organization that processes the data on behalf of the controller.
  3. In the context of the Platform, in the majority of circumstances, our customers are acting as the Controller and Empiflow is acting as the Processor. Our customers, for example, decide what content is uploaded or transferred into their Empiflow account.
  4. In the context of the Empiflow's Website, Empiflow is acting as the Controller.
  5. How Empiflow processes personal data is addressed below.
5. Processing your personal data through your use of our Platform
  1. In the context of the Empiflow's Platform, Empiflow processes personal data under the direction of its customers. If you are a user acting as an employee, contractor or other representative of our customer, the latter may provide your information to us on your behalf, for example when they register you as a user of our Platform or contact our support team for issues relating to your account.
  2. Under applicable privacy laws we are a data processor and your employer/principal remains the data controller at all times, please refer to its privacy policy, which applies to the collection, use, processing and retention of your personal information.
  3. Users who seek access to their personal information, or who seek to correct, amend, or delete inaccurate personal information should direct their requests to the respective Empiflow's clients, who shall be able to remove and update personal information and data without our involvement
  4. Personal data that Empiflow processes through your use of our Platform, this data is controlled by our customers (ex. your employer):
  • First name, last name, email address. This information is required to create an account. Additional optional data can be entered by your employer or by you (for example, job title, department, address, profile image, phone number, etc.).
  • HR forms and Sensitive information. We generally do not collect sensitive information about you, unless you provide it to your employer voluntarily. Empiflow's HR forms functionality allows your employer to directly collect certain information for human resource purposes. As a Platform user, when you respond to HR forms, created by your employer and hosted by Empiflow, you may voluntarily provide sensitive information such as racial or ethnic origin, sexual orientation, health information or religious or philosophical beliefs, personal financial account information, social security numbers, passport numbers, driver's license numbers, family or similar personal identifiers. Your employer is responsible for that data and manages it.
  • Navigational Information and Log files. When you use our Platform, we automatically collect information about your computer hardware and software. This information can include your IP address, location, browser type, domain names, internet service provider (ISP), the content viewed, learning and onboarding progress metrics, operating system, clickstream data, and access times.
5. Empiflow processes personal data because it is necessary for the functioning of its Platform on the basis of the agreement with its customers (your employer) and/or on the grounds of Empiflow's compliance with its legal obligations or its legitimate interest regarding the continuation of the commercial relationship.
6. We collect and process personal information for a variety of purposes, including:
  • to administer customer/user accounts;
  • to provide Platform's functionality and personalize user experience;
  • to respond to customer service requests, resolve technical issues analyze crash information, and to repair and improve the Platform
  • to communicate with our customers about our Platform and services;
  • to display relevant content;
  • for safety and security to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Terms of Use policies
  • to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Platform.
6. Processing your personal data through your use of our Website
  1. We do not collect/process any personal data through your use of our Website.
  2. We may post customer testimonials and comments on our Website, which may contain personal information. We obtain each customer's consent via email prior to posting the customer's name and testimonial.
7. Security of your personal information
  1. We have in place physical, electronic and procedural safeguards appropriate to the sensitivity of the information we maintain, including encryption of information via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols
  2. We secure your personal information in a controlled, secure environment, protected from unauthorized access, use or disclosure. Our customers' data is hosted in different countries depending on the location and needs of individual customers and applicable laws.
8. External Websites
Our Platform may include links to other websites. We do not control, and are not responsible for, the content or practices of these other websites and applications. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.
9. Transfer Your Personal Data outside the European Union?
The Personal Data collected may be processed outside the European Union by our data processors. In this case, Empiflow takes the necessary steps with its data processors and partners to ensure an adequate level of protection to your Personal Data, in accordance with the Regulations. To do so, we ensure that our processors and partners (i) are located in a country ensuring an adequate level of protection, or (ii) have adhered to the Privacy Shield (in case of transfer to the United States), or (iii) have signed a contract with Us that includes the "standard data protection clauses" adopted by the European Commission.
10. Security measures does Empiflow put in place to protect your Personal Data?
To provide the highest level of security for your Personal Data, Empiflow implements appropriate physical, technical and organizational measures to prevent any alteration or loss of your Personal Data or any unauthorized access to it, and in particular:
  1. an access to Personal Data strictly reserved to employees and service providers who need to know it. These persons are subject to strict confidentiality obligations and may be subject to sanctions, if necessary, in the event of a breach;
  2. regular verifications of data collection, storage and processing;
  3. communication of security instructions to employees who have access to Personal Data;
  4. hosting of Personal Data in secure data centres;
  5. traceability of the accesses to the databases;
  6. data encryption.
11. Your rights and how to exercise them
Pursuant to the Regulations, you have the following rights regarding the processing of your Personal Data by Empiflow, acting in capacity of data controller:
  1. To access and be informed: you have the right to be informed in a concise, transparent, intelligible and easily accessible form about the way your Personal Data is processed (this is precisely the purpose of this Privacy Policy). You also have the right to obtain (i) confirmation as to whether or not your Personal Data is being processed by Empiflow and, if so, (ii) to access all your Personal Data and obtain a copy of it.
  2. To rectify: at any time, you can ask Empiflow to rectify and/or complete any of your Personal Data which would be incomplete or erroneous, which Empiflow will do as soon as possible.
  3. To erase: in certain cases, you can ask Empiflow to erase your Personal Data ("right to be forgotten"); however, as this is not an absolute right, Empiflow may have, in certain cases, legal or legitimate reasons to keep your Personal Data.
  4. To restrict: in certain cases listed in article 18 of the GDPR, you can ask Empiflow to restrict the processing of your Personal Data.
  5. To transfer: you have the right to data portability, in a structured, commonly used, and machine-readable format. You are free to transmit your Personal Data to a recipient of your choice without Empiflow being able to oppose it. However, this right only applies if the processing of your Personal Data is based on your consent or on the execution of a contract, and if the processing is carried out by automated means.
  6. To oppose: when the processing of your Personal Data is based on Empiflow's legitimate interest, you have the possibility to oppose to this processing. Empiflow will then stop the processing of your Personal Data unless there is a legitimate reason to do so. You also have the right to object at any time to the processing of your Personal Data for marketing purposes. Finally, you have the right to unsubscribe from our newsletter simply by clicking on the "Unsubscribe" link at the bottom of each newsletter.
  7. Setting out instructions on data handling after your death: these instructions, which may be revoked at any any time, may concern the retention, deletion, or communication of your Personal Data after your death by designating a person responsible for their execution.
  8. Filing a complaint.
12. Contact
  1. If you wish to exercise some or all of the above rights or to receive some additional information, you can send a request to Empiflow, accompanied by a copy of a signed proof of your identity and any other information necessary to confirm your identity and process your request (your postal address for example):
2. A response will be sent to you within one (1) month of receipt of your request.
13. Modification of the Privacy Policy
Empiflow reserves the right to modify this Privacy Policy, at any time, according in particular to the legal and regulatory context and the recommendations, opinions, and decisions of the European Committee for Data Protection and the Luxembourg and European jurisdictions.
Last updated: July 1, 2021.