The aim of this Policy is to inform users (the Users) of the reflek.io website (the Website) what kind of personal data may be processed on the Website; further, it informs the Users about processing purposes and the manner of using the data, and about related rights available to the Users. A personal data controller (the Controller) protects the Users' privacy and ensures security of data provided by the Users. The Controller complies with personal data processing rules and applies technical and organisational measures which guarantee that the data are secure and processed as prescribed by law. The Users' personal data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR). The personal data may be processed in the Users' cookies, in line with rules laid down in the Cookies Policy.
Effective Date: Sept 1, 2024
The Controller is reflek.io with registered office in Paris (75008), France, 37-39 rue de Surène, 890 140 486 R.C.S. Créteil. Contact address: dpo@reflek.io. Data subjects can contact the Controller also otherwise as preferred, including verbally and in writing.
At reflek.io, your privacy is of utmost importance. This Privacy Policy (“Policy”) outlines our data privacy practices and explains how we collect, use, and safeguard personal data in connection with our services. By using our platform and associated services (collectively, the “Services”), you consent to the collection, use, storage, and disclosure of your personal data as described herein.
1. Scope of this Policy
This Policy applies to data collected by Reflek.io and governs how we handle personal information across our products and services, which include but are not limited to:
- Cloud Edge SaaS Platform – Our platform for managing digital execution twins in real-time environments.
- Asset API in Cloud, Apigate, Event Service, GulfStream, Search Service, UI, and Wildcard Service.
Reflek.io operates primarily out of its headquarters with remote teams across Europe, following robust internal data governance policies as part of our ISMS (Information Security Management System).
The personal data may be processed also by the Controller's other service providers rendering, among others, financial settlements, legal, advisory, consulting, archiving and IT services. The Users' data will not be shared with any third parties, unless this proves necessary and the User consents thereto or a data disclosure obligation results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body. The Controller does not transfer any data to third countries outside the EEA, yet in some cases Webflow, Inc. (which, as a rule, processes data in the EEA) may transfer the personal data to the USA on terms specified in its Privacy Statement. In such a case, the data may be transferred exclusively in compliance with the GDPR requirements.
2. Key Privacy Points
2.1 User Data
Profiling consists in any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject's work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject. The Controller does not profile the User's data.
The User has the right of access to content of their personal data and the right of rectification and erasure of the personal data, the right to restrict processing of the data and the right to data portability. The User has the right to object to processing of the personal data, which involves especially the profiling. To this end, the User can contact the Controller at an e-mail address: contact@reflek.io. The User can contact the Controller also otherwise as preferred, including verbally and in writing. As for cookies, the User can make relevant changes on their own, in accordance with rules laid down in the Cookies Policy.
The Controller protects the Users' data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The Users' data may be accessed exclusively by authorised individuals bound by confidentiality and by subcontractors that have entered into personal data sub-processing agreements with the Controller and satisfy security criteria set forth therein.
The Users' data shall be processed for as long as the Users use the Website. In case of the provision of the Services, the personal data shall be processed for as long as the Services are provided. In case of e-mail correspondence, the personal data shall be processed for a period necessary to provide the User with an answer. To a limited extent, the personal data may also be processed upon the lapse of the indicated terms, until any potential claims are time-barred or for as long as possible or required in compliance with applicable laws, e.g. for statistical purposes. Upon the lapse of a processing period, the personal data are permanently deleted or anonymised.
We collect user data for the purpose of account creation, service delivery, and customer support. Personal data such as names, email addresses, and billing details are only used to provide you access to our services and are not shared with third parties except under specific legal circumstances.
2.2 Service-Specific Data Collection
- API Usage: Data transmitted via APIs is secured using encryption, and Reflek.io only accesses or stores the data necessary to ensure the functionality of our platform.
- Asset Management and Event Services: Data collected from these services is used to enhance the performance and accuracy of digital twins, aligning with our mission to reduce waste and increase industrial efficiency.
We do not process personal data through any of our services unless explicitly required by customers, and such data remains under the control of the customer.
2.3 Security and Storage
All data collected is stored on secure servers within the European Union and complies with applicable privacy regulations, including the General Data Protection Regulation (GDPR). We leverage cloud infrastructure, such as Google Cloud Platform (GCP), to ensure optimal security and data integrity. For more information, refer to our Trust Center.
3. Compliance with Applicable Laws
3.1 GDPR Compliance
As part of our commitment to privacy, Reflek.io implements all necessary measures required under the GDPR to protect personal data. We adhere to the principles of data minimization, purpose limitation, and data security as part of our Information Security Management System (ISMS).
3.2 EU-US Data Privacy Framework
Reflek.io adheres to the EU-US Data Privacy Framework for any data transferred between the EU and the US, ensuring that transatlantic data transfers meet the required safeguards for protecting personal data.
3.3 AI Regulations
Reflek.io follows the guidelines set out by the EU AI Act and the Ethics Guidelines for Trustworthy AI, ensuring that AI-driven features within our platform prioritize transparency, security, and fairness in line with emerging legal standards.
4. Sharing of Information
Reflek.io does not share your personal data with third parties unless required by law or with your explicit consent. We may share aggregated, non-personally identifiable information with our partners for the purpose of improving service functionality and security.
5. Your Rights
You have the right to access, modify, or delete the personal data that Reflek.io holds about you. Additionally, you may opt-out of marketing communications at any time by updating your preferences in your account settings or contacting our support team.
6. Security Measures
Reflek.io employs state-of-the-art security measures to ensure the safety of personal data. This includes encryption, access control, and regular audits as part of our commitment to protecting your information.
7. If you have questions regarding reflek.io Privacy Policy or practices, please contact us as follows:
The best way to reach us for inquiries related to the processing of your personal data is by contacting us directly:
Email: client_data_protection@reflek.io
Mail:
Reflek.io SAS
8 rue des Pirogues de Bercy
75012 Paris
France
The Users have the right to file a complaint with the President of the Personal Data Protection Office if they consider that their personal data are processed in breach of mandatory rules of law.
This Policy shall apply upon its publication on the Website.