LIVDEO

Privacy Policy

Livdeo - Privacy Policy

Version 04-2021

1. General information

The websites livdeo.com, geed.info, deealog.com, geed.ai, are operated by Livdeo SAS, a company with headquarters in France that offers software solutions for cultural institutions and tourism. We provide you with this data privacy policy to inform you of how your data collected on Livdeo websites is managed.

2. Data controller

The controller under data protection law is: Livdeo SAS 14 rue Madeleine Bres 25000 Besancon France Phone: (+33)9 72 49 05 46 Commercial register entry number: 80540701200022 Data Protection Officer contact: rgpd@livdeo.fr

3. Access logs (“server access logs”)

Each access to our websites automatically is logged on our servers. This data does not allow for inferences about the identity of an individual.

Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. Also, processing this data is necessary under security aspects, particularly for access, input, transfer, and storage control. Furthermore, we may use anonymous information for statistical purposes and service optimization. Besides, the log files can be checked and analyzed retrospectively when the software’s unlawful use is suspected. The legal basis for this is Article 6.1.f of the GDPR.

Generally, data such as the website’s domain name, the web browser and web-browser version, the operating system, the IP address, and the timestamp of the access to the software are collected. The scope of this logging means does not surpass the standard log scope of any other websites on the web.

These logs are collected for a period of up to 30 days. There is no right to object to this.

4. Error logs (“server error logs”)

The error logs are produced to identify and fix bugs. This is necessary to ensure that we can respond as quickly as possible to any problems with displaying and fulfilling content (legitimate interest). As a rule, this data is anonymized and does not allow for deductions about a person’s identity. The legal basis for this is Article 6.1.f of the GDPR.

When an error report occurs, general data such as the website’s domain name, the web browser and its version, the operating system, the IP address, and the timestamp upon the existence of the respective error message and/or specification is collected.

The error logs are collected for a period of up to 30 days. There is no right to oppose this.

5. Use of cookies

Our websites use cookies. The cookies are small text files that are stored on the browser used for accessing our websites. We use different categories of cookies:

Essential cookies are required for guaranteeing the core functionalities of our websites. Functional cookies are used to track user behavior on our websites to improve our websites’ functionalities. Marketing cookies are cookies that we use for serving interest-based advertisements. External media cookies serve the purpose of displaying external media (such as videos or maps)

The legal basis for the use of essential cookies is Art. 6.1.f GDPR (legitimate interest). Our legitimate interest in the usage of these cookies is: providing functioning websites.

The legal basis for the usage of the other cookies is Art. 6.1.a GDPR (your consent). Without your consent, no non-essential cookies will be set. You can revoke your consent anytime, with effect for future sessions.

6. Use of third-party provider tools

To provide and improve our services, we are using the following third-party providers’ tools and services, which may also process personal data. The third-party providers have been chosen diligently and in line with the GDPR requirements.

a. Google

Unless otherwise stated in the data privacy policy, the Google services operator mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland.

i. Google Maps

Our websites may incorporate the “Google Maps” API service to be able to represent geographical information. The use of Google Maps allows Google to collect, process, and use data related to your service use.

By using Google Maps, information about the use of this website, including your IP address and the (start) address entered in the itinerary planner function, can be transmitted to Google in the USA. The map content is transferred by Google directly to your browser and integrated into our websites. Livdeo has no control over the scope of the data collected by Google in this way. Livdeo also has no control over the further processing and use of the data by Google. We have no impact and therefore cannot accept any responsibility for this. You can find additional information on your data processing by Google at the Google data privacy information.

The following data is collected and processed:

Location information Date and time of visit IP addresses URLs Usage data

The legal basis for this data processing is based on Art. 6.1.a GDPR (your consent). If you do not want Google to collect, process, or use data about you via our website, you can refuse your consent or revoke it at any time with effect for future sessions.

The data will be stored for as long as it is necessary for processing purposes. The data will be deleted as soon as it is no longer required for processing purposes.

As part of the processing, the data may be carried to the following recipients besides Google Ireland Limited:

Google LLC. Alphabet Inc.

Data may be carried to the USA as part of the processing by Google Maps. The transmission security is guaranteed by so-called standard contractual clauses, which guarantee that personal data processing is subject to a security level that corresponds to the GDPR. If the standard contractual clauses are insufficient to ensure an adequate security level, we will obtain your consent following Art. 49.1.a GDPR before the data processing.

ii. Google Tag Manager

This website uses the service “Google Tag Manager.” The Tag Manager is a tool for managing so-called tags that are used during tracking in online marketing. In doing so, the tag manager does not process any personal data since it merely serves to manage other services – e.g., Google Analytics, etc.

You can find further information on the tag manager at https://www.google.com/intl/de/tagmanager/use-policy.html

iii. Google Analytics

Our websites use the service “Google Analytics”. The service is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics is a web analysis service. It uses cookies that allow us to make inferences about user behavior on our website. The information generated by the cookies is sent to a Google server in the USA and stored there. Our websites use Google Analytics on an exclusively pseudonymous basis. Your IP address is stored in anonymized form.

The following data is collected and processed:

IP-Addresses (anonymized) Date and time of visit Usage data Click path Pages visited Referrer URL Downloads Location information App updates Browser information Device information JavaScript support Purchase activity

The legal basis of the processing is your consent, according to Art. 6.1.a GDPR. If you do not want Google Analytics to collect and process the data mentioned above, you can reject your consent or revoke it at any time with effect for the future.

The data will be stored for as long as it is necessary for processing purposes. The data will be deleted as soon as it is no longer needed for processing purposes.

As part of the processing, the data may be transferred to the following receivers besides Google Ireland Limited:

Google LLC. Alphabet Inc.

Data may be transferred to the USA as part of the processing by Google Analytics. The security of the transmission is guaranteed by so-called standard contractual clauses, which guarantee that personal data processing is subject to a security level corresponding to the GDPR. If the standard contractual clauses are insufficient to ensure an adequate security level, we will obtain your consent following Art. 49.1.a GDPR before the data processing.

vi. YouTube

Our websites might use the service “YouTube” to insert videos into the page. The software necessary for this purpose is operated by the company Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The integration of YouTube content is carried out in “extended privacy mode”. This ensures that YouTube does not initially store cookies on your device. As a result, YouTube no longer holds any information about visitors until you watch the video.

When you click on the video, your IP address is transmitted to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube, this information is also associated with your account. This can be prevented by logging out of YouTube before viewing the video.

Accordingly, the following data can be collected and processed:

IP Addresses Referrer URL Device Information Watched videos

The legal basis of the processing is your consent, according to Art. 6.1.a GDPR. If you do not want YouTube to collect and process the data mentioned above, you can deny your consent or revoke it at any time with effect for the future.

The data will be stored for as long as it is necessary for processing purposes. The data will be removed when the processing is no longer required.

As part of the processing, the data may be carried to the following recipients besides Google Ireland Limited:

Google LLC. Alphabet Inc.

Data may be transferred to the USA as part of the processing by YouTube. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that personal data processing is subject to a security level that corresponds to the GDPR. If the standard contractual clauses are insufficient to ensure an adequate security level, we will obtain your consent following Art. 49.1.a GDPR before the data processing.

vii. Google Web Fonts

Our websites may use the Google Web Fonts service. The service provider is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Web Fonts enables us to load and display external fonts, so-called Google Fonts, on our website.

In the context of processing via Google Web Fonts, the following personal data is collected and processed:

IP address

The legal basis for this processing is Art. 6.1.f GDPR — a legitimate interest. Our legitimate interest in the processing is to present the website in an attractive and user-friendly manner. Local hosting ensures that no data is carried to Google, and no data transfer takes place.

Personal data is collected for as long as it is necessary for processing purposes. The data is removed as soon as it is no longer required for the purpose.

b. HubSpot

On our websites, we use HubSpot for different purposes. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover different aspects of our online marketing that includes, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms.

Our registration service enables visitors to our website to find out more about our company, to download contents, and to provide their contact information, together with further demographic information. Together with our websites’ contents, this information is stored on our software partner HubSpot’s servers. We can use it to make contact with our website visitors and determine which of our company’s services are attractive to them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures.

You can find more information about the Privacy Policy here: https://legal.hubspot.com/privacy-policy. You can find more information about HubSpot regarding the EU-Data Protection Regulations here: https://www.hubspot.com/data-privacy/gdpr

More Information about HubSpot’s Cookies can be found here: https://legal.hubspot.com/cookie-policy. As part of the optimization of our marketing activities, HubSpot may collect and process the following data:

IP address Device identification Duration of the visit Performance data Geographical position Browser type Navigation information Aggregated use Reference URL Files displayed on site Domain names Operating system version Internet service provider Operating system Access times Device model and version

We also use HubSpot’s contact forms. You can find more information about this “Forms” article of this Privacy Policy.

The legal basis of the processing is your consent, according to Art. 6.1.a GDPR. If you do not want HubSpot to collect and process the data mentioned above, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for processing purposes. The data will be deleted as soon as it is no longer needed for the purposes.

Data may be transferred to the USA as part of the processing by HubSpot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that personal data processing is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, Art. 49.1.a GDPR can serve as a legal basis. Please note the reference to data transfer risk to an unsafe third-country under sub-item “Forms”.

c. Vimeo

We use Vimeo on our website. The service is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, United States of America. Vimeo is used to display videos on our website.

In this context, the following data is collected and processed:

IP address Browser type Browser information Browser language Referrer URL Search query Operating system Cookie information Device information Visited pages Information that users provide on our websites Information from third-party sources

The legal basis of the processing is your consent, according to Art. 6.1.a GDPR. If you do not want the data as mentioned earlier to be collected and processed by Vimeo, you can refuse your consent or withdraw it at any time with effect for the future.

The personal data will be stored for as long as necessary to fulfill the processing’s purpose. The data will be deleted as soon as it is no longer needed for processing purposes.

Data may be transferred to the USA as part of the processing by Vimeo. The security of the transmission is ensured by so-called “Standard contractual clauses”, which guarantee that personal data processing is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate security level, we will obtain your consent following Art. 49.1.a GDPR before the data processing.

d. DocSend

For our operational workflows, we use the service DocSend file sharing. The service is operated by DocSend, Inc. a software company with headquarters at 351 California St., STE 1200 San Francisco, California, 94104 USA. If you want to access our shared documentation through Docsend, the following data will be collected from you: e-mail address Name Company IP address

Duration of storage: The data is stored only as long as necessary to achieve the service’s purpose. https://www.docsend.com/privacy-policy/

7. Forms and Chat Services

We use the service HubSpot to provide you with the following online forms and chat services. For this purpose, we forward your data to HubSpot, which processes the data exclusively at our request. See data privacy policy on “HubSpot”.

Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that US authorities may process your data for control and monitoring purposes without you possibly being entitled to legal remedies. So-called standard contractual clauses regularly ensure the security of the transfer. Suppose the standard contractual clauses and binding corporate rules are insufficient to establish an adequate level of protection. In that case, your approval of this privacy policy will be considered to be consent within the meaning of Art. 49.1.a GDPR, which justifies data transfer to unsafe third countries.

a. Free offer of digital contents

To provide you with our downloadable content, we collect personal data from you. Below we explain these data.

Collected data: Email address, first name, last name, title, job title, company name Purpose of use: Customized sending of contents requested Storage period: As a general rule, the data is stored for as long as needed to fulfill the purpose. The data is removed after sending the content. Legal basis: Art. 6.1.b GDPR

b. Newsletters

If you subscribe to our newsletters, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties.

Collected data: Email address, first name, last name, title, job title Purpose of use: Sending of the newsletter requested Storage period: For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not opposed to the use of your data. Legal basis: Art. 6.1.a GDPR – consent Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address, first name, last name, title, job title, company name from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to newsletter@livdeo.fr.

c. Product Demos

If you request a web demo appointment, we use your data to contact you and set up and hold the meeting.

Collected data: Email address, last name, first name, telephone number, company mane Purpose of use: Organizing and holding of the web demo, as well as preparation for and follow-up on the demo Storage period: The data are stored as long as is required to prepare, hold, and follow up on the meeting. Legal basis: Art. 6.1.b GDPR

d. Webinars

If you register for a webinar, then we use your data to ensure that you receive the necessary information and to enable you to participate in the webinar.

Collected data: Email address, last name, first name Purpose of use: Sending of the requested invitation to the webinar, as well as preparation, holding, and follow-up on the webinar Storage period: The data is stored for as long as it is required to fulfill the purpose. The information is removed after holding the webinar. Legal basis: Art. 6.1.b GDPR

e. Trial accounts

Suppose you register for a trial account of our solutions. In that case, we use your data to ensure that you receive the necessary information and introduce you to the test account and the software features.

Collected data: last name, first name, email address, telephone number, company name Purpose of use: Provision of the requested test account and software features presentation. Storage period: the data is stored for as long as is required to fulfill the purpose. After the test phase expiry, your data is deleted if you do not become a customer. Legal basis: Art. 6.1.b GDPR

8. Rights of data subjects

If the company Livdeo SAS processes personal data as data controller, then you, as the data subject, have certain rights derived from Chapter III GDPR, which depend on the legal basis and purpose of the processing. These rights include when relevant, especially the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to cancellation (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to objection (Art. 21 GDPR). If the personal data processing is based on your consent, you have the right, according to Art. 7 III GDPR, to revoke this consent granted under data protection law.

Please contact the Data Protection Officer of Livdeo (see Section 2) to assert your rights as a data subject regarding the data processed for this website’s operation. Please be aware that you must contact the data controller directly to assert your rights as a data subject derived from the processing by us as data processors of our customers. We reserve the right not to respond to corresponding queries or to redirect them to the related companies.

If Livdeo SAS as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular, the right of access (Article 15 of the GDPR) and the rights to rectification Article 16 of the GDPR), erasure (Article 17 of the GDPR), restriction of processing (Article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.

Please contact the data protection officer of Livdeo SAS to assert your rights regarding the data processed for the operation of this software (see section 2). Please note that you must address yourself exclusively to the controller to assert your rights as a data subject from the processing of personal data by Livdeo as a subprocessor on behalf of our customers. We reserve the right not to answer such questions or pass them on to this data processing controller.

9. Right to lodge a complaint

We would like to inform you that according to article 77 GDPR, you have the right to complain with the supervisory authority if you believe that your data have been processed illegitimately by us.

10. Right to object

You can object to using your data by using the appropriate opt-out or contacting Livdeo by email at rgpd@livdeo.fr

11. Final clauses

Livdeo reserves the right to adjust this data privacy policy at any point to ensure that it is in line with the current legal requirements or accommodate changes in the services offered. For example, when new services are introduced, modifications are made to our websites. In this case, the latest data privacy statement applies to any later visit to our websites or software.