Our commitment to confidentiality

This Privacy Policy is issued by RINGO (trading name "MODJO"), a société par actions simplifiée (simplified joint stock company) with capital of 38,666.31 euros, registered with the Nanterre Trade and Companies Registry under number 879 606 283, having its registered office at 59, avenue Sainte Foy - 92200 Neuilly-sur-Seine.

We have placed at the center of our commitments, that of respecting and protecting the privacy and personal data of our customers and users, and therefore to comply with the regulations in force, and in particular Law No. 78-17 of January 6, 1978 "informatique et libertés" as amended and the European Data Protection Regulation No. 2016/679 (known as "RGPD") which came into force on May 25, 2018, but also to ensure better protection of the data we use in order to improve our products and services.

This Policy applies to the processing of personal data carried out by RINGO in its capacity as data controller via its website www.modjo .ai and the app.modjo.ai application.

This Policy does not apply to the processing of personal data for which RINGO acts as a subcontractor. For the processing of personal data relating to your customers or prospects, which you may entrust to us in connection with the use of our services, you act as the controller and we act as the processor within the meaning of the RGPD. It is therefore your responsibility to ensure that the information and rights of the data subjects are respected and, more generally, the applicable regulations.

In order to reflect our desire to inform you, this Privacy and Data Protection Policy will enable you to understand how and why your personal data is collected and processed by RINGO and how to exercise your rights.

If your personal data is processed by a RINGO customer, please refer to their privacy policy or the information they have provided to you regarding the processing they carry out.

This Privacy Policy may be updated from time to time, in particular to reflect changes in our services, technologies or applicable regulations. These updates will take effect as soon as they are made available and consulted on our website or via the Modjo application.

If you have any questions regarding this document and, in general, regarding the collection and processing of your personal information by RINGO, please do not hesitate to contact us at the following e-mail address: dpo@modjo.ai

Who is this Policy for?

This Privacy Policy is directed to anyone who may provide or entrust us with personal information through our products and services. This includes users of the modjo.ai website, customers and prospects of RINGO and applicants for employment with RINGO. This Privacy Policy applies only to the processing carried out by RINGO as data controller.

When another company uses Modjo, RINGO acts as a subcontractor. Information regarding the processing of personal data that this other company carries out through Modjo is provided directly by that company and may differ from that provided in this Policy.

What are "personal data"?

Within the meaning of the RGPD and the "Informatique et Libertés" law, "personal data" is any information relating to a natural person who can be directly or indirectly identified, such as surnames, first names, e-mail and postal addresses, his or her image, an IP address, location data, a license plate

What personal data do we collect?

The personal data we collect when you contact us, we contact you or you use our services may include, but is not limited to, data relating to:

• your identification (e.g. surname, first name, e-mail address, username, telephone number);
• your professional life (e.g. position, company, contact details) ;
• information sent via the "Contact us" function or assistance and claims services;
• Information relating to the recruitment and professional life of job applicants, collected at the time of your application via Welcome to the Jungle or via the profile search tools available on Linkedin ;
• telephone and videoconference interactions between our employees and our customers, prospects and candidates (e.g. telephone number, audio and video recording, date and time)

We record telephone calls and videoconferences between our employees and prospects and customers, as well as between members of our recruitment team and candidates.

When you browse our websites and services, we may also collect :

• information about your use of our sites and services, including data traffic and records of the choices you make online;
• log files and statistics relating to actions taken on our sites and services;
• technical information about any device and operating system you use when visiting our sites, including your device identifier, Internet Protocol (IP) address, your device's browser version, the pages of our service you visit, the time and date of your visit, the time spent on these pages and other statistics. To collect and process tracking data on our sites, we use cookies; to better understand how they work and what they are used for, you can consult our Cookie Policy available at the following address: https: //www.modjo.ai/legals/cookie-policy

Why do we need to collect personal data?

RINGO collects personal data for the following purposes:

• Provide and manage our websites and services
• To understand your uses and adapt our products and services accordingly
• To communicate with our customers and prospects and to improve the quality of our services, i.e. to answer your questions and inform you of our latest news, as well as to carry out sales and marketing prospecting.
• Resolve any dispute or resolve any bug or problem related to the use of our services
• Identify and recruit new employees

We record telephone calls and videoconferences between our employees and our customers and prospects for the following purposes:

• Promoting employee training
• To improve the follow-up of exchanges and commercial relations with our customers and prospects
• Promoting collaboration between teams

To achieve these objectives, we use features such as note-taking, translation of recordings and intelligent summaries of exchanges.

We record telephone calls and videoconferences between members of our recruitment team and candidates for the following purposes:

• Promote the training of our recruitment team members
• Facilitate and improve the recruitment process

In order to carry out the processing of personal data for these purposes, RINGO relies on the pursuit of the following legitimate interests: establishing and maintaining a commercial relationship with its customers and prospects, promoting the collaboration and training of its teams and providing useful and attractive user interfaces.

With regard to recordings made between members of our recruitment team and job applicants, RINGO relies on the pursuit of the following legitimate interests: team building and recruitment of new employees.

The personal data collected is necessary for the proper fulfilment of the purposes of the processing. If this data is not provided, these purposes will not be correctly achieved. You may, however, object at any time to the recording and processing of your telephone and video-conference interactions with Modjo.

RINGO relies on user consent to place and read cookies for the purposes of measuring advertisements and content, personalizing advertisements and content, tracking audience and improving and developing products**.** You can withdraw your consent as easily as you have given it in our Cookie Policy. You will find all information relating to cookies in this Cookie Policy.

What are your rights?

The information that you agree to communicate to us, through the use of our sites and services, remains your personal data.

You have the following rights with regard to your personal data:

• the right of access allowing you to access all the information concerning you and to obtain a copy, a fee not exceeding the cost of reproduction may be requested
• the right of rectification, allowing you to request that your data be rectified, completed or updated, as the case may be
• the right to object to the processing of commercial prospecting and, under certain conditions, to the processing of your personal data for purposes other than commercial prospecting. You may object at any time to your call being recorded by a Modjo employee.
• the right to restrict the processing of your data, which allows you to restrict the processing of your personal data
• the right to erasure, enabling you to request the deletion of your personal data

You can exercise your rights in writing by sending us an e-mail to the following address: dpo@modjo.ai.

Your requests will be processed within one month of receipt. This period may be extended by two months if necessary due to the complexity or number of requests. We reserve the right to ask you for a copy of an identity document in order to verify your identity if we have reasonable doubts as to your identity.

You may also verbally object, during a telephone conversation or video conference with a RINGO employee or member of staff, to the processing of your personal data recorded during this exchange. In this case, your request will be met immediately and processing will not take place.

To find out more about your rights, visit the CNIL website: www.cnil.fr

You also have the right to lodge a complaint with the CNIL.

How does RINGO protect your personal data?

RINGO has implemented a number of actions and technical and organizational measures to meet the requirements of the RGPD regarding the protection and security of personal data.

Although RINGO is not legally obliged to do so, RINGO has a Data Protection Officer (DPO) who can be contacted at the following e-mail address: dpo@modjo.ai

For each new processing operation implemented by RINGO, our DPO, as part of an internal prior approval procedure, checks its purpose and legitimacy with regard to the company's needs, but also and above all with regard to the risk of infringement of data protection and the privacy of the persons concerned.

With regard to the security measures implemented to protect personal data from any risk of violation, unauthorized disclosure or harm to its integrity, RINGO has deployed all necessary means with its teams and service providers. For example, data processed on Modjo is encrypted.

RINGO agrees not to use any user data obtained via the Workspace APIs to develop, improve or train any generalized AI or machine learning model.

In particular, we strive to maintain 24-hour system monitoring to guarantee the security of the personal data entrusted to us.

Our sites are regularly scanned for security flaws and vulnerabilities, and we take precautions to prevent the loss, misuse or alteration of personal data.

When certain services require the use of a third party (subcontractor), RINGO selects its service providers on the basis of strict security and confidentiality criteria defined in advance with regard to the issues at stake, and systematically requires its subcontractors to have a level of security guaranteeing an adequate level of protection for the personal data they process on our behalf.

Who receives the data we process?

Only persons authorized by RINGO may access the data, and then only within the scope of the tasks entrusted to them. The only potential recipients of personal data are authorized RINGO employees and subcontractors offering a sufficient level of security. These include the Recall subcontractor, which enables RINGO to record calls, the OpenAI subcontractor, which enables RINGO to generate intelligent summaries of recordings, automatically segment recordings into chapters, intelligent scoring, and the Deepl subcontractor, which provides translations of recordings.

As part of its commercial prospecting operations, RINGO may share with a partner the names of corporate customers or prospects (legal entities) that they have in common. This does not include the identity and contact data of the contacts.

In the course of recruitment, RINGO may share candidate information with external organizations involved in candidate recruitment (subcontractors), such as recruitment companies or SaaS recruitment software.

What are the retention periods for the personal data collected?

RINGO undertakes to keep the personal data entrusted to it for periods limited to the provision of services or necessary to comply with its contractual or legal obligations.

In particular :

• Data relating to interactions (telephone calls and videoconferences): Duration of the contractual relationship when it concerns a RINGO customer, or 3 years from the last interaction when it concerns a prospect. Intermediate archiving for 5 years from the end of the contractual relationship, then destruction.
• Customer data : Duration of contractual relationship. Intermediate archiving for 5 years from end of contractual relationship, then destruction. 13 years from last interaction. Intermediate archiving for 5 years, then destruction.
• Prospect data: 3 years from last interaction. Intermediate archiving for 5 years, then destruction.
• Recruitment data: For selected candidates, data is kept for the duration of the employment relationship and for 5 years after its termination.For non-selected candidates, data is kept for 2 years from the last contact.Recordings of candidate interviews are kept for the duration necessary for the recruitment process.
• Navigation data: 25 months maximum from date of collection, then destruction.
• Identity document/information : The time strictly necessary to establish the identity of the person wishing to exercise his/her rights (only when necessary). Destroyed immediately after responding to the request.

Is your personal data transferred to countries outside the European Union?

In terms of data hosting and storage, RINGO requires its hosting providers to host the data entrusted to it in France. RINGO's websites and databases are hosted by AWS on servers located in France and the European Union.

If, for technical reasons or for specific needs related to the maintenance of certain applications, personal data is transmitted or made accessible to RINGO's service providers located outside the European Union, RINGO will first ensure that these providers guarantee an adequate level of protection for such data and comply with the RGPD.

Thus, RINGO only uses subcontractors with an adequate level of security and data protection, for example by supervising data transfers outside the EU through binding corporate rules or by adopting the European Commission's standard contractual clauses. Copies of these documents are available on request by writing to dpo@modjo.ai.