![A woman teaching a class](http://web-assets.zxunweb.com/-/media/assets/internet/images/about-us-pageheader-1200x299.jpg?h=299&w=1200&v=1&d=20230913T073325Z&hash=E8BA5AE53ED64E05ED919B19F49970A6)
Rainbow - Data privacy notice
Protecting your personal data is important to ALE. This page sets out our commitment to handle all personal data in a transparent, compliant and responsible way.
Definitions
“关联公司”系指由ALE控制、控制或与ALE共同控制的任何实体.
“ALE” means the ALE Group or any of its Affiliates.
“ALE集团”指ALE及其从事个人数据处理的关联公司.
“数据控制者”是指确定个人数据处理的目的和方法的实体. In the context of RAINBOW Service, the Data Controller is the End-Customer, except when the User registers to the Rainbow Service directly as a consumer, in which case the Data Controller is ALE.
“数据处理者”指代表数据控制者处理个人数据的实体. In the context of the RAINBOW Service, Data Processor is any Service Supplier, 提供彩虹服务的ALE和ALE分包商. “Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union (“EU”), 适用于个人数据处理的欧洲经济区(“EEA”)及其成员国.
“Data Subject” means the individual to whom Personal Data relates. In the RAINBOW service context, the Data Subject is the User using the Service.
End-Customer: means a company or legal entity contracting with the Service Supplier for the purpose of using the Rainbow Service for its own community of Users
“个人资料”指与已识别或可识别的人有关的任何资料.
“处理”指对个人资料进行的任何操作或一组操作, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).
“Data Breach” is a security incident in which sensitive, protected, personal or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
“服务”指在ALE处理终端客户个人数据时提供的RAINBOW服务.
“标准合同条款”是指ALE与其部分分包商之间签订的协议, pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
“Service Supplier” means ALE International or an Authorized Reseller from which the End-Customer has purchased the Rainbow Service
“User” means the individual who accesses the Rainbow Service. The User is the Data Subject.
A. General
The Service branded as “RAINBOW” is a set of cloud-based collaboration services that enables cross-community interactions and transactions between business users beyond company borders. The Service’s main purpose is to collect identities and link them so as to operate persistent collaborative activities such as messaging, voice or video calls, screen or file sharing, exchanging multimedia data (content) between terminals such as desktop, mobile phones.
ALE is the editor of the Service. ALE is Data Controller when the User registers to the Rainbow Service directly as a consumer and is Data Processor otherwise. ALE承诺遵守所有与个人资料有关的法律法规, data privacy and data protection. ALE已设计并执行有关个人资料收集的政策和程序 & processing through i) ALE Global Privacy Policy ii)本《火狐体育手机》中补充ALE全球隐私政策的条款.
ALE has nominated a data protection officer who can be addressed at:
ALE Data Protection Officer
32 avenue Kleber, 92700, Colombes, France
dataprivacy@zxunweb.com
B. The obligations of Data Controller and Data Processor
B.1 Obligation of ALE as a Data Controller
Where it is Data Controller,
ALE is committed to abide by all laws and regulations, in this context, those pertaining to data privacy, personal data protection and security.
ALE will instruct its Data Processors to collect and process personal data in accordance with all the relevant provisions of the applicable data protection laws, in particular, with respect to the security, protection and disclosure of personal data.
ALE will inform the Data Subjects i) of the use of their personal data (see sections C below) ii) of the involvement of data processors to process their personal data and iii) that they personal data may be processed outside the EEA (European Economic Area).
ALE will respond in reasonable time and to the extent reasonably possible to enquiries by Data Subjects regarding the Processing of their Personal Data by the Data Controller, and it will give appropriate instruction to the Data Processor in a timely manner.
ALE将在合理的时间内回复来自数据保护监管机构的询问.
B.2 Obligations of ALE as a Data Processor
Where it is Data Processor:
ALE is committed to abide by all laws and regulations, in this context, those pertaining to data privacy, personal data protection and security.
Instruction:
ALE仅代表数据控制者并根据其指示处理个人数据。
Individuals accessing personal data:
ALE ensures that its personnel involved in the Processing of Personal Data are informed of the confidential nature of the Personal Data, 是否接受过有关其职责的适当培训并有保密义务. 这些义务在该个人与ALE的关系终止后仍然有效.
ALE shall take commercially reasonable steps to ensure the reliability of any ALE personnel involved in the Processing of Personal Data.
ALE ensures that ALE Group’s access to Personal Data is limited to those personnel who require such access to perform the Service.
Personal data protection and personal data security
ALE maintains highest protection of data, including personal data, 并因此设计和执行了内部数据安全政策和程序,以保护和安全, confidentiality and integrity of Personal Data.
Data Breach:
If ALE becomes aware of any unlawful access to any Data Subject’s Personal Data stored on ALE’s equipment or in ALE’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Data Subject’s Personal Data (Data Breach), ALE将及时:(a)通知相关的数据保护局(DPA),并可能在DPA批准后通知, 将资料外泄事件通知有关资料当事人及服务提供者, through any appropriate mean; (b) investigate the Data Breach and provide Data Protection Authority and the Data Subject with information about the Data Breach, through any appropriate mean; and (c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Data Breach.
Where:
(i) An unsuccessful Data Breach attempt will not be subject to this Section. An unsuccessful Data Breach attempt is one that results in no unauthorized access to Data Subject’s Personal Data or to any of ALE’s equipment or facilities storing Data Subject’s Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers) or similar incidents; and
(ii) ALE’s obligation to report or respond to a Data Breach under this Section is not and will not be construed as an acknowledgement by ALE of any fault or liability with respect to the Data Breach.
Notification(s) of Data Breaches, if any, will be delivered to the Data Subjects by any means ALE selects, including via email. It is the recipient’s sole responsibility to ensure it maintains accurate contact information in the Rainbow Service at all times.
Additional terms for personal data transfers out of the EU/EEA and Switzerland:
ALE has implemented the appropriate guarantees in order to ensure existence of an adequate level of protection of Personal Data upon export to territories deemed not having such adequate level of protection by EU (list of territories with adequate level of protection). This means that ALE has concluded contracts with those of its sub-contractors that may be importer of Personal data out of the EU/EEA in the form of European Standard Contractual Clauses approved by the European Commission. 此类条款包括分包商为保护个人数据而采取的技术和组织措施.
Engaging another Data Processor
ALE’s Affiliates may be retained as Data Processors; and
ALE及其关联公司可就服务的提供分别指定分包商.
Any such sub-contractor will be permitted to obtain Personal Data only for the purpose of delivering the services for which ALE has appointed them, and they are prohibited from using Personal Data for any other purpose.
ALE will be liable for the acts and omissions of its sub-contractors to the same extent ALE would be liable if performing the services of each sub-contractor.
ALE Assistance
ALE将通过适当的技术和组织措施协助用户和数据控制人, insofar as this is commercially possible, for the fulfillment of the Users’ rights (as Data Subjects) or for the fulfillment of its obligations as per the applicable Personal Data Protection laws and regulations.
To the extent the User or its Data Controller, in its use or receipt of the Services, does not have the ability to correct, amend, block or delete Personal Data, as required by Data Protection Laws, ALE will assist to facilitate such actions to the extent ALE is legally permitted to do so and to the extent such activity is commercially reasonable.
ALE shall, to the extent legally permitted, 如果数据控制者收到数据主体的访问请求,立即通知数据控制者, correction, amendment or deletion of that User’s Personal Data. ALE shall not respond to any such Data Subject request without Data Controller’s prior written consent except to advise the Data Subject that such request must be addressed to the Data Controller. ALE shall provide the Data Controller with commercially reasonable cooperation and assistance in relation to handling of a Data Subject’s request for access to that User’s Personal Data, to the extent legally permitted and to the extent the Data Controller does not have access to such Personal Data through its use or receipt of the Services.
Personal data retention:
ALE retains Personal Data for as long as it is needed to fulfill the purpose for which it was collected and within the limit of compliance with laws and regulations.
C. Personal Data ALE collects and uses to deliver the Rainbow Service
Registration information
ALE will obtain from and concerning the User, at minima the User’s email address, for the purpose of registration of the User to the Service and its usage thereof.
ALE may also obtain other information from and concerning the User which the User optionally enters in order to deliver a better Service experience. Such optional information includes: first name, last name, nickname, job title, other title, photo, phone numbers, other email addresses (together “Registration Information”).
该等个人资料不得用于除下列各段所列目的以外的其他用途. below.
ALE uses Registration Information to enroll the Users in the Service, to operate the Rainbow Service, to display the identity of the Users to other Rainbow Users, to notify Users about new or enhanced features and updates of the Service.
ALE may also identify or collect the End-Customer company name with the Users’ email address termination in order to (a) propose to Users additional contacts within the End-Customer’s company and (b) offer directly to the End-Customer’s company additional Rainbow Services.
ALE does not use Personal Data to send commercial or marketing messages without User’s consent except as part of a specific program or feature regarding the Rainbow Service for which the User has the ability to opt-in.
ALE也可能将用户的个人资料用于非营销或管理目的,例如, without limitation, for notifying Users of major changes made to the Rainbow Service or for maintenance and technical service purposes if any provided to the Users.
User generated information
ALE stores User generated information (information that the Users upload, provide or create while using the Service. This includes:
Conferences: in the Service, all discussions, be they supported by text, voice or video, between 2 or n Users, are considered as conferences. Hence all content exchanged in any conversation is considered as User generated information and is stored (to the limit of the retention period described in below section).
Bubbles: Activity recorded in the bubbles (such as joining or leaving), including activity related to third-party integrations, together with the date, time, Users involved in the activity, and other participants in the bubble
Messages: Message content, sender and recipients, date, time, and read receipts
Content shared: Files and file names, sizes, and types
音频会议:呼叫参与者、日期、时间、持续时间和您提供的质量评级. We route audio and video call content and screen sharing content between call participants but we do not retain nor store the content. Such connection information is also described as CDR (call details records).
Presence: Status information, for example whether and when you are active, out of office, or have turned on Do Not Disturb, is displayed to other users.
ALE使用这些信息为用户提供增强的服务体验, including a persistent history of its interactions with other Users. It should be noted that all messages and content the User shares, including personal information about itself or others, will be available to all other participants of the discussion/call/shared folder, 包括在用户共享消息或内容后加入讨论/通话/共享文件夹的与会者.
如果用户与其他未参与讨论的用户共享讨论, when that User joins the discussion he or she will be able to see the list of other Users in the discussion as well as past messages exchanged before he/she has joined the discussion.
ALE may use aggregated usage data that provides service information to understand how the Service is used and to improve the quality and design of the Rainbow Service and to create enhanced or new features, functionalities, and services by storing, tracking, and analyzing User’s preferences and trends. ALE may use cookies and log file information to: (a) remember information so that the Users will not have to re-enter login and password the next time they use the Rainbow Service; (b) monitor individual and aggregate metrics such as total number of interactions, pages viewed, device used and (c) track their entries, submissions, views and such.
Connection information:
When the User is connecting to the Service, connection information generated consists of: IP address, date, time & technical details that are needed to support billing calculation.
Special note concerning Rainbow mobile application:
When the User installs the Rainbow mobile application on its mobile device, the Rainbow mobile application will ask the User permission to access its address book or contact list from its mobile device.
D. When Personal Data is disclosed to others
Registration Information and User Presence
When a User voluntarily (i) joins its End-Customer’s private Rainbow membership or (ii) joins a “Rainbow bubble” (dedicated group of users) or (iii) accepts to be part of another User’s contact list, 则用户的个人资料和存在将在彩虹服务上显示给(i)其他最终客户的成员, (ii) to other Users in the Rainbow bubble, or (iii) to the other User whose contact list the User has accepted to join, respectively.
Service operation and improvement:
ALE may provide and share the User’s Personal Data with its affiliated companies, subsidiaries or sub-contractors acting as Data Processors on a need to know basis to support ALE for any of the usage purposes set forth in paragraph Registration Information above. 用户的个人数据将根据适用的数据保护法i传达给这些实体.e. 根据协议确保用户个人资料的安全和机密性. See data transfer paragraph below for more information.
E. User consent
The Service does not operate and can’t be accessed unless the minimum personal data is provided by the User as listed in Registration Information section above. The Service cannot operate the main purpose of the Service (as described in section A above) without such personal data input. This makes the main purpose be a legitimate interest such that no further consent is needed from the User to allow the Data Controller to collect and process such personal data.
The User may decline submitting Personal Data other than the mandatory Registration Information through the Rainbow Service, in which case ALE may not be able to provide certain functionalities to the User. If the User does not agree with the ALE Global Privacy Policy or the current Rainbow Data Privacy Notice, the User may request deletion of its account, 卸载所有Rainbow应用程序并停止使用Rainbow服务.
The User or the End-Customer may contact ALE if it: (i) wishes to be provided with access to the Personal Data that ALE has collected about a given User, (ii) wishes to review and update an User’s Personal Data or requests deletion of any and all of its Personal Data at any time, (iii) objects, for legitimate reasons, to the processing of its Personal Data ; furthermore upon any questions or comments about this Rainbow Data Privacy Notice, the User or the End-Customer may contact ALE via email at: support@openrainbow.com or via Emily agent while connected in Rainbow Services.
F. ALE’s Commitment to Data Security
ALE intends to protect the personal information entrusted to ALE and treats it securely in accordance with this Data Privacy Notice. ALE implements physical, administrative, 以及旨在保护个人信息免遭未经授权访问的技术保障措施, use, or disclosure. ALE的合同要求ALE的分包商保护这些信息免遭未经授权的访问, use, and disclosure. The Internet, however, cannot be guaranteed to be 100% secure, ALE不能保证或保证用户提供给ALE的任何个人信息的安全性.
ALE建议不要使用不安全的wifi接入或其他不受保护的网络进行连接, use or submit messages through the Rainbow Service. ALE makes reasonable efforts to ensure the security of its systems and uses state of the art high level encryption to protect data in transit.
媒体加密用于保护用户在通话过程中传输的音频和视频(如果有). 当用户发起呼叫时,媒体会被加密,从用户的设备传输到另一个与会者.
Transport encryption is used to protect all connections to and from the Service and between audio or video call participants. When the User registers to the Service, sends messages, shares Contents, or otherwise connects to the Service, ALE always uses transport encryption.
用户或最终客户是否应该意识到影响其Rainbow服务帐户的数据泄露, 则该用户或最终客户必须立即通过support@openrainbow通知ALE.com
G. Special Note to EU End-Users
The Rainbow Service is hosted in data centers in different geographies. Please refer to our data location policy available at http://support.openrainbow.com. Furthermore, we have the necessary contractual material in place with the Data Center providers to ensure that the level of data protection is adequate in the sense of the GDPR. Finally, ALEI is operating the Rainbow Service instance across all the Data Centers of Rainbow Service network in a uniform manner, compliant with the “adequate” level of data protection expected by the GDPR.
彩虹服务有关用户个人资料处理的设计和开发方是ALE International, 一个法国公司,成立为"社会组织和简化行动组织",注册办事处地址为32, Avenue Kléber 92700 Colombes, France, registered at the Nanterre Commerce and Companies Registry under number 602 033 185 RCS Nanterre; more information available at http://8ut.zxunweb.com.
See also: Terms of Service