Effective date: 21st of September, 2023
The protection and confidentiality of personal data is of paramount importance to Beam. With this Privacy Notice, we inform you about how we handle your personal data in accordance with applicable laws and regulations on data protection.
Overview
Our data processing activities and our responsibilities with respect to personal data differ depending on the context in which these data are processed.
Part I: Data Processing Related to Use of our Website
1. Name and Address of Data Controller
Beam SAS of 157 rue de l’Université, 75007 Paris, France (Beam)
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@beamxp.com
2. Nature of Data Processing, Data subjects affected by Data Processing
When you visit our website for information purposes, we collect personal data about your access to our server on which our website is stored for retrieval via the Internet (so-called server log files). This data includes
the name of the website accessed
File, date and time of access
Amount of data transferred
Message about successful retrieval
browser type and version
the user's operating system
Referrer URL (the previously visited page)
IP address, and
the requesting provider.
The data subjects affected by our processing of the aforementioned categories of data are Internet users accessing our website.
3. Purpose and legal Basis of Data Processing
The purpose of this data processing is to offer access to our website and its content. The legal basis is our legitimate interest in presenting our range of services on the Internet (legitimate interest pursuant to Art. 6(1)(f) GDPR).
4. Use of Sub-Processors
We engage the following sub-processors for hosting our website:
Sub-Processor Name
Address
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy L-1855 Luxembourg
All Processed Data hosted by Amazon Web Services EMEA SARL will be stored on servers located in the European Union and in accordance with their privacy policies.
We may engage other third parties to process personal data in connection with our website. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Article 28 of GDPR.
5. International Transfers
5.1. Beam does not transfer any Customer Employee Data outside the EU/EEA, or engage a Sub-Processor to process Customer Employee Data outside of the EU/EEA.
5.2. Beam may use tools to process Customer Contact Data that imply transfer of such Data outside the EU/EEA, in particular tools that are hosted in the USA. This is limited to Customer Contact Data and any transfer of such Data outside the EU/EEA or engagement of Sub-Processors to process such Data outside of the EU/EEA will only be carried out if the receiving country has an adequate level of protection of personal data as decided by the European Commission, or if the transfer is subject to the European Commission’s then current Standard Contractual Clauses (SCCs) for transfer of personal data to third countries.
6. Data Retention
The personal data collected during your visit of our website is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum period of seven days and then deleted. Data that must be retained for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.
7. Recipients
The recipients of your personal data is limited to authorised staff members of Beam and, where required, of our sub processors. They only have access to your personal data on a need-to-know basis. If legally required, your personal data may also be provided to government authorities and law enforcement authorities. Last, we may share your personal data with any third party that would act as our successor in title and to whom we transfer all or substantially of our assets and business.
Part II: Our Cookie Policy
1. Name and address of Data Controller
Beam SAS of 157 rue de l’Université, 75007 Paris, France (Beam)
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@beamxp.com
2. Nature of Data Processing, Data subjects affected by Data Processing
Cookies are small files or other types of stored information that are transmitted from our web server or third party web servers to the web browser you are using and deployed on your device (smartphone, computer, etc.) stored there for later retrieval.
Cookies serve different purposes depending on their type. We use the following types of cookies:
Strictly necessary cookies are used to make our website usable by enabling basic functions such as page navigation and access to protected areas of the website. Without these cookies, the website cannot function properly.
Session cookies are only stored for the duration of your current visit to our website, e.g. to allow your login status to be saved. A randomly generated unique identification number is stored in a session cookie (so-called session ID). In addition, a session cookie contains information about its origin and the duration of storage, but does not store any other data. Session cookies are deleted when you stop using our website and log out or close the browser.
Functionality cookies store your preferences for our website, such as the language setting or your user name.
Performance cookies collect website and app usage data at an abstract level and are used to provide analytics and metrics such as number of visitors and most viewed pages. These cookies include Google Analytics (see also below).
Statistics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
Marketing or advertising cookies are used by us to collect information about browsing habits and may be used to tailor advertising and marketing. These cookies are in most cases third party cookies.
The individual types of cookies used on our website are listed in the chart below:
Cookie Name
Type of Cookie
beamxp.session-token
Session
beamxp.callback-url
Redirection
beamxp.csrf-token
Security
_ga
Security
hubspotutk
Security
framer.session
Session
The data subjects affected by our processing of the aforementioned cookies are Internet users accessing our website.
3. Legal Basis of Data Processing and Management of Cookie-Settings
We may store cookies on your device only if they are absolutely necessary for the operation of this site. The legal basis for the processing of essential cookies is our legitimate interest in presenting our range of services on the internet (legitimate interest pursuant to Art. 6(1)(f) GDPR). For all other types of cookies, we rely on your consent.
When you visit our website, we display a “cookie banner” in which you can declare your consent or your refusal to the use of cookies on our website by clicking on a button.
We also store your consent in the form of a cookie (“opt-in cookie”) on your end device in order to determine whether you have granted your consent when you visit the website again.
Strictly necessary cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.
You can also manage cookies using your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this subject here.
Please note that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.
4. Cookie Data Retention
The cookies used by us on our website remain active for different periods depending on whether they are transient or persistent cookies. Transient cookies, also called "session cookies" - are automatically deleted when you close your browser. Persistent cookies remain stored on your end device for a certain period of time after the browser is closed.
The cookies used on our website fall into the categories listed in the chart below:
Cookie Name
Type of Cookie
Storage Time / Expiry
beamxp.session-token
Session
30 days
beamxp.callback-url
Redirection
30 days
beamxp.csrf-token
Security
30 days
5. Specific Third-Party Cookies
Cookie Name
Type of Cookie
Storage Time / Expiry
_ga
Analytics
15 days
hubspotutk
Marketing
15 days
framer.session
Session
15 days
Part III: Data Processing Related to Use of Application
1. Introduction
The Application is made available to our customers – essentially start-up and scale-up companies – on a subscription basis by means of customer contracts for software application services. A key feature of our service offering related to the Application is that our customers are granted the opportunity to enter specific data regarding their employees and their business on dedicated dashboards displayed exclusively to the respective customer via the Application. Further, our customers are provided the opportunity to compare their employee data with statistical market benchmarking data generated by us in connection with the Application. The specific employees and business data provided by our customers are used by us as basis for creating further statistical and market benchmarking data, always on an anonymised basis – without identifying any of our customers or their employees.
2. Names and addresses of Data Controllers
Beam SAS of 157 rue de l’Université, 75007 Paris, France (Beam),
and customers of Beam that have signed a customer contract for use of the Application.
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@beamxp.com
3. Terms and Conditions
Under the contract we conclude with our customers, we provide for specific terms and conditions regarding the processing of personal data. The key provisions are summarised below:
(i) We only process personal data of employees of our customers that has been collected and submitted to us by the respective customer under the customer contract. Our customers take the responsibility for ensuring that all such personal data is collected and transferred to us on a legal basis in accordance with applicable laws and regulations on data protection.
(ii) We only process personal data of customer employees for the specific purposes agreed with the customer in the customer contract. These purposes are described in more detail under item 5 below.
(iii) We agree with all of our customers that we and the respective customer will ensure that all relevant provisions of applicable laws and regulations of data protection law are complied with, and that the rights of data subjects under applicable data protection law are safeguarded.
4. Nature of Data Processing, Data subjects affected by Data Processing
The categories of personal data processed by us in connection with the Application are the following:
(i) Personal data of contact persons of our customers (hereinafter: "Customer Contact Data"):
First name, last name and email address of contact persons for contract administration
First name, last name and email address of contact persons for invoicing
(ii) Personal data of employees of our customers (hereinafter: "Customer Employee Data"):
First name, last name or combination of characters or numbers chosen by our customers to identify the employee
Gender
Date of birth (optional)
Job title
Seniority
Annual base salary (optional)
Annual bonus (optional)
Geographical location
Department
Office name or location
Hire date
Name of manager
Performance ratings (optional)
Profile picture (optional)
The data subjects affected by the data processing activities in connection with the Application are the following:
(i) For Customer Contact Data:
Employees of our customers designated for administration of the Customer Contract
Employees of our customer designated invoicing related to the Customer Contract
(ii) For Customer Employee Data:
Employees of our customer reported by our customer to us for purposes of using the Application.
5. Purposes and Legal Basis of Data Processing
We process the aforementioned categories of personal data exclusively for the following purposes:
(i) For Customer Contact Data:
for the purpose of administration and execution of the respective customer contract, including receipt of the remuneration owed by our customers under such contracts;
(ii) For Customer Employee Data:
for the purpose of generating overviews and reports made available exclusively to our respective customer by means of dashboards displayed as part of the Application and
only in anonymised form - without identification of our customers or any of their employees - for the purpose of generating aggregated statistical benchmarking data; such data are stored by us on separate databases which are accessed by the Application for display of aggregated market benchmarks to our customers.
The legal basis we are relying on is our legitimate interest in providing our customers with the Application (legitimate interest pursuant to Art. 6(1)(f) GDPR).
6. Use of Sub-Processors
We engage the following sub-processors for hosting our website:
Sub-Processor Name
Address
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy L-1855 Luxembourg
All Processed Data hosted by Amazon Web Services EMEA SARL will be stored on servers located in the European Union and in accordance with their privacy policies.
We may engage other third parties to process personal data in connection with our website. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Article 28 of GDPR.
7. International Transfers
7.1. Beam does not transfer any Customer Employee Data outside the EU/EEA, or engage a Sub-Processor to process Customer Employee Data outside of the EU/EEA.
7.2. Beam may use tools to process Customer Contact Data that imply transfer of such Data outside the EU/EEA, in particular tools that are hosted in the USA. This is limited to Customer Contact Data and any transfer of such Data outside the EU/EEA or engagement of Sub-Processors to process such Data outside of the EU/EEA will only be carried out if the receiving country has an adequate level of protection of personal data as decided by the European Commission, or if the transfer is subject to the European Commission’s then current Standard Contractual Clauses (SCCs) for transfer of personal data to third countries.
8. Data Security and Data Retention
We use appropriate technical and organisational security measures in order to protect your data processed by us against manipulation, loss, destruction and against access by unauthorised persons.
We do not process and or store personal data for no longer than is necessary for the purposes set forth above.
(i) Customer Contact Data related to contract administration and execution is retained for the mandatory preservation period prescribed by the laws applicable to our commercial activities, which is five (5) years from termination or expiry of the Customer Contract. Customer Contact Data related to accounting and billing is retained for a period of ten (10) years in accordance with applicable tax legislation.
(ii) Customer Employee Data and Customer Business Data are retained by us for the duration of the Customer Contract and erased after termination or expiry of the Customer Contract, unless erasure at an earlier point of time should be required upon request of a data subject. will erase such Processed Data from its operational systems no later than 30 days after the effective date of termination or expiry of the Customer Contract. The right of Beam to retain Processed Data for archiving and statistical benchmarking purposes set forth in Section 8.1 (i) and 8.2 above.
We reserve the right to retain aggregated statistical benchmarking data generated on the basis Customer Employee Data submitted to us by our customers for longer periods as the retention periods set forth in the foregoing Section 6.1(ii), it being understood that none of such statistical benchmarking data will identify any Customer employee or other data subject.
9. Recipients
The recipients of your personal data is limited to authorised staff members of Beam and, where required, of our sub processors. They only have access to your personal data on a need-to-know basis. If legally required, your personal data may also be provided to government authorities and law enforcement authorities. Last, we may share your personal data with any third party that would act as our successor in title and to whom we transfer all or substantially of our assets and business.
Part IV: Your Rights in Connection with our Processing of Personal Data
In accordance with the provisions of the GDPR, you as a data subject may assert the following data protection rights against us:
In case you provided your consent, you may withdraw the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future.
You have the right to obtain information about your personal data processed by us (Art. 15 GDPR).
You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete (Art. 16 GDPR).
You have the right to request the deletion of the data we hold about you, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims) (Art. 17 GDPR).
You may request us to restrict the processing of your data in accordance with Art. 18 GDPR.
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transfer this data to another party (Art. 20 GDPR), if applicable.
You may object to the processing of your data in accordance with Art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR).
Changes to our Privacy Notice
We reserve the right to amend or update this Privacy Notice from time to time in order to adapt it to changes in the law or changes in the framework conditions for our data processing activities.