G
Reflect uses cookies to improve your experience and analyze site performance.
RefuseAccept

Privacy Policy

Welcome to the website (“Site”) of REFLECT SAS (“REFLECT”). REFLECT is a French company offering a SaaS software solution that connects automatically and securely to its clients’ third‑party HR software (“Solution”).

The Solution centralizes users’ HR data, which are aggregated and displayed on a single platform in the form of dashboards, enabling better readability and supporting decision‑making (“Services”).

1. Preamble

This Privacy Policy (“Policy”) informs you how we collect, use, store, protect, and share your personal data. We are committed to respecting your privacy and protecting your personal data in compliance with Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), and all applicable laws. In accordance with Article 5 GDPR, we ensure your data are processed lawfully, fairly, and transparently, for specified, explicit, and legitimate purposes.

2. Definitions

For the purposes of this Policy, the following terms are defined in accordance with the GDPR:

- Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

- Processing: any operation or set of operations performed, whether or not by automated means, on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

- Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

- Processor: the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

- Purpose of processing: the objective for which personal data are collected, processed, and used.

- Consent: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

- Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

3. Identity of the Controller

REFLECT is a société par actions simplifiée (SAS) with share capital of €1,251.18, registered with the Paris Trade and Companies Register (“RCS”) under number 909 475 53, with its registered office at 3, rue Villebois‑Mareuil, 75017 Paris. REFLECT acts as the Controller for personal data collected in connection with use of the Site and the Solution.

4. Nature of personal data collected

We collect the following personal data, directly and/or indirectly, in connection with operation of the Site:

- Identification and authentication data: name, surname, email address, password, phone number.

- Professional data: position, employer, department, professional status.

- Connection data: IP address, login logs, browser type.

Certain data may be collected automatically by cookies or similar technologies. For more information, please consult our Cookie Policy available on the Site.

5. Purposes of processing

Personal data are collected and processed exclusively for the following purposes:

- Provision of Services: ensuring operation of the Site and the Solution, including user account management and access to Service features.

- Customer relationship management: communications with customers, handling support requests, and subscription management

- Service improvement and optimization: analysis of usage data to develop new features and improve user experience

- Security: detection, prevention, and management of security incidents, fraud, and abuse

- Marketing: sending commercial or promotional information, with your prior consent where required

- Legal and regulatory compliance: compliance with legal obligations, including accounting and tax

6. Legal bases for processing

Processing of personal data is based on the following legal grounds:

- Contract performance: processing is necessary for performance of the contract concluded between REFLECT and its clients.

- Consent: where required, notably for sending commercial communications.

- Legitimate interests: ensuring Site security, improving our services, and preventing fraud. 

- Legal obligation: compliance with legal obligations to which we are subject.

7. Recipients of personal data

Personal data collected may be transmitted, exclusively and securely, to the following recipients:

- Processors: technical providers, hosting, maintenance, and technical support service providers, where applicable

- Competent authorities: public bodies or judicial authorities only where required by law and upon written, documented request

- Partners: in certain cases, and only with your consent, to commercial partners for marketing operations, including mailing

All our processors and partners undertake to comply with GDPR obligations and to ensure protection of your personal data.

8. Hosting

Personal data collected in connection with the Services are hosted exclusively in Europe, on Amazon Web Services (AWS) servers. REFLECT ensures its services meet the strictest security standards.

9. Transfers outside the European Union

If, in the future, personal data collected in connection with provision of the Services must be transferred to countries outside the European Union, such transfers will be strictly governed by appropriate safeguards, such as adoption of standard contractual clauses and/or adequacy decisions of the European Commission, in accordance with GDPR requirements.

10. Data retention

Personal data collected are retained for the period strictly necessary for the purposes for which they were collected, as set out above. This period may be extended to comply with REFLECT’s regulatory obligations.

11. Data security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or accidental or unlawful destruction. REFLECT holds ISO/IEC 27001 certification, ensuring a high level of information security management.

12. Your rights

In accordance with the GDPR, you have the following rights:

- Right of access: obtain information on the data concerning you that we hold

- Right to rectification: request correction of inaccurate data

- Right to erasure: request deletion of your data, under the conditions expressly provided by the GDPR

- Right to restriction: request temporary suspension of processing of your data

- Right to object: object to certain processing of your personal data in the conditions provided by the GDPR

- Right to data portability: obtain a copy of your data in a structured format

To exercise your rights, please contact us at: baptiste@getreflect.io

13. Changes to the Privacy Policy

We reserve the right to amend this Policy at any time. Changes will be published on this page together with their update date.

14. Contact

For any questions relating to this Policy or your personal data, you may contact us at: baptiste@getreflect.io