Privacy Policy (Non-HR Data)
This Privacy Policy describes how Bee Content Design Inc. (“BCD”, “we”, “us”) handles personal data1 to which it is given access, relating to individuals located within the European Union, under the EU-U.S. Data Privacy Framework Principles (“DPF”). It applies to personal data which does not qualify as “HR Data” under the DPF, in accordance with the definition provided in the European Data Protection Board’s EU-U.S. Data Privacy Framework F.A.Q. for European Businesses (16 July 2024)2.
EU-U.S. Data Privacy Framework Principles
We comply with the DPF, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data transferred from the European Union to the United States, as described in this Policy. We have certified to the Department of Commerce that we adhere to the DPF with respect to such personal data.
If there is a conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern.
The Federal Trade Commission has jurisdiction over our compliance with the DPF and, as such, we are subject to their investigatory and enforcement powers in that context.
To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.
What types of personal data do we handle, and why?
In the course of our business activities, we may have access to the following personal data related to individuals within the European Union, such as actual (or potential) customers and users of our websites:
- Name and surname
- Professional details, including job title, office address and location, company of employment, job functions and responsibilities
- Contact details, including personal and business phone number, personal and business e-mail address
- Information collected in the context of interactions with actual or potential customer contact persons, including meeting notes, IP addresses and information collected by means of cookies/other tracking technologies, (for interactions carried out online, through BCD’ websites or online meetings), recordings of online meetings (potentially including image and voice), information shared during online meetings and information extracted from online meeting analytics (produced using third-party systems)
- Browsing data
- IP addresses
We may also process certain personal data related to our suppliers’ contact persons and/or representatives, such as name, surname, and business e-mail address.
We access these personal data to provide our services, such as:
- registration and providing access to the software provided by BCD and/or to certain features of BCD websites
- helping customers and/or users if they lose or forget their software/websites login details/password (as well as helping them recover certain files or images created when they use the software should they be stored on BCD's file system)
- providing access to all functions of the software; responding to requests for support sent to BCD through the specific software/websites section and/or handling reports for any alleged breach of copyright
- allowing customers and/or users to view accesses to the software and provide them with any other services they request
- managing participation to events organized by BCD, recording videos of the speakers and attendees for online or printed promotions
We further access these personal data for marketing activities in the broadest sense – including contacting representatives of certain companies as potential new clients, in order to propose new business opportunities through our services (after identifying them via our partner’s lead generation tool on connected platforms) – as well as to analyze information on general activities on the BCD software and/or its websites. The purpose is to use users’ profile to provide them with information on other BCD’s products and/or services that BCD believes may be of interest for them. BCD may also process these personal data to create audiences who are similar to the users currently engaging with our services.
Personal data may be processed also for security purposes, to allow BCD to improve the functioning of its services and systems and to carry out debugging activities. In addition, personal data are processed to collect information about how the BCD software is used, to prevent or identify any abuse in the use of the BCD software or of the websites or any other fraudulent activity, thereby allowing BCD to defend itself in any legal proceedings, and to comply with applicable laws and regulations.
Furthermore, BCD may process email addresses of other third parties when BCD users and customers require their collaboration in order to allow them to carry out any activity on shared documents, as well as some information related to their activities on BCD systems (such as access and operational logs automatically collected by the systems).
Do we transfer any personal data onwards, to other entities?
As a rule, we do not sell personal data related to actual or potential customers contact persons/representatives, websites users, or any other individuals, to any third parties, or otherwise share data with third parties, other than as mentioned below.
We may transfer personal data to the following types of third parties:
-
Other BCD Group companies, specifically the Holding Company, Growens S.p.A. (located in Italy).
- Personal data is shared with this company for internal administrative purposes, and this company acts as controllers in its own right, and is therefore autonomously responsible for ensuring that these personal data are correctly handled.
- In accordance with the Obligatory Contracts for Onward Transfers Supplemental Principle of the DPF, both BCD and Growens S.p.A. are bound by the Growens Group’s Group Data Protection Compliance Framework, which is a set of internal governance documents establishing controls to ensure that personal data is handled in accordance with applicable data protection requirements – including those of the DPF. As such, continuity of the protection of personal data under the DPF is ensured in the context of this data sharing.
- Service providers which provide various services, including cloud and hosting solutions, marketing and analytics platforms for SEO, advertising, and customer insights, as well as collaboration and project management tools. Additionally, BCD leverages security and compliance tools, customer support systems, automation platforms, and specialized services for design, localization, and quality assurance to enhance its operations and customer engagement. These companies act as agents on behalf of BCD, regarding the processing of personal data inherent to BCD’s use of their platforms and tools.
- Target or acquiring companies, their consultants, investors, shareholders and third-party service providers, as well as subjects, entities or authorities to whom it could be mandatory to disclose personal data.
This may include personal data related to individuals within the European Union, in which case the DPF applies in full. Under the DPF, BCD will remain liable for damages caused by a failure of any of its agents, or other BCD Group companies, to handle personal data in a manner consistent with the DPF, save for where BCD is not responsible for the event giving rise to those damages.
If you, as an individual based in the European Union, wish to opt out of the disclosure of your personal data to third parties, or if you would like more information on the specific third parties to which we may transfer your data, please reach out to us at: privacy@beefree.io.
Please note that your right to opt out, under the DPF, does not apply to transfers of your personal data to BCD’ agents. In any case, BCD has entered into written agreements with these agents to ensure the following, in accordance with the DPF:
- The transfer of personal data to agents is only performed for limited and specified purposes (i.e., the use of their platforms and tools by BCD);
- Agents are required to provide at least the same level of privacy protection as is required by the DPF;
- Agents are required to effectively process received personal data in a manner consistent with BCD’ obligations under the DPF; and
- Agents must notify BCD if they determine that they can no longer provide the same level of privacy protection as is required by the DPF, in which case BCD will take reasonable and appropriate steps to stop and remediate unauthorized processing of the transferred personal data.
We will also provide a summary or representative copy of the relevant privacy provisions contained within our agreements with agents to competent authorities, upon a valid request.
It is also important to understand that we may be required to disclose personal data in response to lawful requests by competent U.S. public authorities, including to meet national security or law enforcement requirements.
How can you reach out to us?
For any questions regarding this Policy, our adherence to the DPF or our practices regarding personal data, you can reach out to us at privacy@beefree.io.
What are your rights, as a data subject? How can you react if you believe that we are mishandling your personal data?
Under the DPF, you are entitled to:
- Access the personal data we hold about you
- Request the correction, amendment or deletion of personal data we hold about you, where it is inaccurate or has been processed in violation of the DPF
The above rights can be restricted where the burden or expense for us in allowing them to be exercised would be disproportionate to the risks to your privacy, in your specific case. Restriction may also happen if allowing your rights to be exercised would violate the rights of other persons. However, we will always endeavor to allow the exercise of your rights to the fullest extent feasible.
You can exercise these rights by contacting us at: privacy@beefree.io. You are also allowed to opt out from the further use of your personal data for marketing purposes autonomously (e.g., by clicking on the “unsubscribe” or similar link provided in the footer of marketing e-mails sent) -- please refer to our Privacy Policy for more information on this.
In any case, you retain the right to opt out from any further processing activities which we might wish to carry out using your personal data, for purposes which are different to or incompatible with the purposes laid out in this Policy. We will notify you of any such further processing if and when it takes place, so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.
While we do not intentionally process any sensitive data under the scope of this Policy, you also have the right to opt-in (rather than merely opt-out) to any onward transfer of those data or further processing of those data, for purposes which are different to or incompatible with the purposes laid out in this Policy. If and when this becomes applicable, we will notify you so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.
In compliance with the DPF, we commit to resolving complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding this Policy, or our compliance with the DPF, should first contact us at: privacy@beefree.io.
Should you consider that we have not been able to fully resolve your complaint, you remain entitled to submit your complaint to a data protection authority within the European Union, so that the panel established by the European Union data protection authorities (DPAs) can engage us to fully resolve the issue. We may also proactively refer your complaint to these authorities.
We commit to cooperating with this panel and complying with the advice given by these authorities with regard to personal data transferred from the European Union, in the context of this Policy.
In particular, this means that we will cooperate with these authorities in the investigation and resolution of any complaints brought against us under the DPF. It also means that we will comply with any advice given by these authorities in these cases, including where they consider that we need to take specific action to comply with the DPF (such as by offering remedies or compensation to you or other affected individuals), and that we will provide written confirmation to these authorities that such action has been taken.
Under certain conditions, it may be possible for you to invoke binding arbitration against us for complaints regarding DPF compliance which have not been resolved through the above mechanisms. Please refer to Annex I of the DPF for more information.
1. Personal data means any information relating to an identified or identifiable natural person or individual.
2. HR Data, therefore, refers to “human resources data collected in the context of an employment relationship” (see p. 3, Q1 ofthe F.A.Q.).