Skip to content

PRIVACY POLICY

1. Introduction & scope

Powell Software is the publisher of a comprehensive digital workplace platform that covers the spectrum of business communication and employee experience, as well as employee engagement, collaboration, and productivity, for organizations using Microsoft 365 (hereinafter the “Service(s)”), that is distributed in SaaS. 

Please read our Privacy Policy, as you must agree to it in order to use our Websites and Services. This Privacy Policy sets out how and why we collect, store, use, transfer and disclose your personal information and how you may access your personal information, correct it, or ask us to remove it. 

This Privacy Policy applies: 

  1. to your use of the Powell Software websites https://powell-software.com/  and subdomains such as https://support.powell-software.com (“Websites”); 
  2. when you register to receive a newsletter, to attend an event or where you share your personal data with us during a sales promotion, campaign or by completing any survey (for example to give us feedback); and 
  3. to the processing of your personal data collected through a third party or public website in connection with:  
  • a job application, 
  • marketing and promotional activities. In such cases, you will retain the right to object to the processing of your data in accordance with applicable data protection regulations. 

Definitions: 

Services shall mean, whether in the plural or in the singular, the services as described in the products documentation (https://powell-software.com/products/). 

Data Controller: The entity (company or individual) that determines the purposes and means of processing personal data. It is responsible for ensuring GDPR compliance. 

Data Processor: A third party that processes personal data on behalf of the data controller, following their instructions (e.g., cloud service providers, payment processors). 

Personal Data: Any information that directly or indirectly identifies a person, such as name, email, IP address, or even behavioral data. 

Processing: Any operation performed on personal data, including collection, storage, modification, transfer, or deletion, whether automated or manual. 

 

2. Data we collect and legal basis for processing 

data collect private policy

 

 

 

 

 

 

 

 

 

 

 

 

Specifically, regarding the Services: 

  • Powell Intranet: no personal data is collected nor stored for the users accessing and using Powell Intranet (everything is associated to Microsoft Office 365). Powell Software does not store any kind of information related to a user. 
  • Powell Governance: no personal data is collected nor stored for the users accessing and using Powell Intranet (everything is associated with Microsoft Office 365), except for the email of the Powell Governance administrators in order to be able to activate the licenses. 

 

3. How data is collected 

We use a number of methods and technologies to gather information about how you use our Websites and Services or otherwise interact with us, such as: 

  • Web forms, such as when you type information into a registration or application form or type a search query into a search box. 
  • Technologies like cookies (cf. dedicated paragraph). 
  • E-mails 
  • External or public sources: we may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.  

 

4. How data is used 

We may use your information to: 

  • Provide, operate, and maintain our Service. 
  • Improve, personalize, and expand our Service. 
  • Understand and analyze how you use our Service. 
  • Communicate with you, to provide you with customer service, updates and other information relating to the Service, and for marketing purposes. 

We will always use and process your personal data in accordance with the applicable laws.
For certain purposes, it is appropriate for us to obtain your prior consent. Where we rely on consent, you may at any time withdraw the specific consent by contacting us at gdpr@powell-software.com. 

Where we are relying on a basis other than consent, we process your personal data mainly to pursue our legitimate interest to (i) maintain and develop business relationships and to run and develop our business; (ii) to comply with our contractual obligations; and (iii) to comply with our legal obligations. 

 

5. Data sharing & transfers 

We only share your personal information in the following circumstances: 

  • When you give us explicit consent to do so. 
  • When needed, with trusted organizations we work with to provide the Service to you such as web hosts and cloud storage providers. 
  • When we are obliged to share it with regulators and authorities for the purpose of legal or contractual compliance, reporting purposes, or when disclosure is reasonably necessary to protect our rights, or the rights of third parties or the public. 

Regardless of where we use, process, or store your data, we will comply with the protections set out in this Privacy Policy. Where local data protection regulations so require, we have put in place security measures for the export of personal information from its original jurisdiction. We have made arrangements with the third parties receiving your personal information that they shall ensure that security measures are in place, and that your personal data is processed only in accordance with EU Data Protection laws. 

The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe, unless the European Commission has decided that a certain country outside the EU/EEA ensures an adequate level of protection, and the data can be transferred without any further safeguards being necessary. 

You understand and acknowledge that the country where you are resident may have data privacy laws that are different from the laws to which your personal information may be transferred. You acknowledge that the personal information may be transferred to recipients in the member states of the European Economic Area, the UK and other countries, such as the United States, which is generally deemed to have less stringent data privacy laws and protections than the European Economic Area. Further, you acknowledge and understand that the transfer of personal information to such third parties is necessary for the use of the Website and Services. Provided that we have sufficient arrangements in place for such transfer (as described above in this clause), you explicitly consent to the transfer. 

 

6. Data retention policy 

We will not store personal data for a longer period than is necessary for the purpose described in this Privacy Policy, any contractual terms, or as required by law. The length of time that we hold your personal data may vary based on its purpose and will be reviewed regularly. We will keep your personal information for as long as we have an ongoing business relationship with you. After that, your personal information will be deleted within 6 months unless we are required to keep it longer, which may be the case for tax and accounting purposes or/and for any applicable statute of limitations periods for the purpose of bringing and defending claims (generally 5-10 years retention requirements). Regarding prospects, the personal data is retained for a period not exceeding three (3) years from the last contact with the concerned person. After the expiry of the applicable retention periods, your personal data will be deleted. 

 

7. User rights 

You have the following rights in relation to your personal information: 

  • Right to access: a right to obtain confirmation and information about the processing of your personal information. 
  • Right to rectification: a right to have your personal information corrected. 
  • Right to erasure: a right to have your personal information erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing. 
  • Right to object: a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing. 
  • Right to restrict data processing: a right to demand that the processing of personal information is restricted, e.g. if you oppose the correctness of the data. 
  • Right to data portability: a right to request that personal information be sent from one data controller to another. This right is restricted to data which you have submitted to us. 

If you want to exercise any of those rights, please email gdpr@powell-software.com. 

We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request. We may request documentary proof for certain requests, and we always need to verify your identity. 

If you have a complaint regarding our processing of your personal information, you have the right to submit such complaint to a Data Protection Authority (CNIL in France, or any other Data Protection Authority in the EU or where you are resident). 

 

8. Cookies & tracking 

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, get geolocation and identification data (IP addresses, browser type, etc.), understanding audiences through statistics, and measure performance. 

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. You can customize your consent preferences when visiting our website by clicking on the dedicated banner on your first visit. You can also use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. 

 

9. Security measures 

We take all reasonable steps within our control to ensure that the personal information we hold about you is correct, complete and up to date. However, we also rely on you to tell us about any changes to your personal information. 

We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. 

Traffic encryption: all the traffic from and to the Powell Software platform is encrypted (and HTTPS protocol enforced), using TLS 1.2, ensuring secure communication between our customers and our platform. To do so, we are using Azure Front Door as the only entry point to the app (web apps and API). 

Database encryption: our infrastructure is hosted by Microsoft Azure. We use the services SQL Azure Database. The database is encrypted using the TDE (Transparent Data Encryption) feature. 

Backup: our infrastructure is hosted by Microsoft Azure. We use the services of backup/restore offered by Microsoft Azure. Backup is performed once a day. The retention period is 6 months. 

 

10. Third-party services & integrations 

Please note that our websites may include links to third-party sites whose privacy practices may differ from those of Powell Software. If you submit personal information to any of those sites, your information is governed by the privacy statements on those sites. We encourage you to review the privacy statement of any site you visit. 

 

11. Policy updates 

We may update this Privacy Policy from time to time as it may be deemed necessary. If we make any substantial changes to this Privacy Policy and the way in which we use your personal data, we will post these changes on this page. Therefore, please visit this page and read this Privacy Policy from time to time.