Privacy Policy

This page explains how the application collects, uses, stores and protects personal data within the corporate group. The following information applies to internal use of the application and to integrations with cloud services and AI tools used to enhance functionality and productivity.

1. Data Controller

The data controller is the company within the group that operates the application (the "Company"). For specific requests about your data, please contact the system administrator or the group's legal/privacy office.

2. Purpose of Processing

Data processed by the application is used for the following purposes:

  • Managing authentication and authorization of users within the group (accounts, roles, permissions).
  • Operating the application: configuration, logs, error reporting and technical support.
  • Managing content and documents uploaded by users (storage, indexing, semantic search).
  • Improving services through aggregated analysis, performance monitoring and, where applicable, the use of AI models for suggestions and automation.
  • Legal and compliance obligations applicable to the group.

3. Categories of Data

  • Identification and contact data: name, corporate email, department, role.
  • Authentication and authorization data: username, session identifiers, roles and permissions.
  • Operational and usage data: access logs, usage metrics, diagnostic information.
  • Documents and user-uploaded content: text, files and metadata required for application features.
  • Data derived from AI services (e.g. embeddings, generated answers): these may be temporarily processed by third-party providers to provide features, and are handled according to the group's confidentiality rules.

4. Legal Basis

The processing is based on one or more of the following legal bases, depending on the case:

  • Execution of employment or internal contractual obligations within the group.
  • Compliance with legal or regulatory obligations.
  • Legitimate interests of the controller to ensure security, operation and improvement of IT systems.
  • Explicit consent of the user, when required (e.g. optional local registrations or use of certain additional services).

5. Data Retention

Data is retained only for the time necessary to fulfill the purposes described and in accordance with the group's internal retention policies. Logs and diagnostic data may be kept for a limited period for operational and security needs; user documents and content will be retained according to the organization's retention schedules.

6. Disclosure and Processors

Data may be disclosed to internal or external processors appointed by the controller, including cloud service providers, AI providers (e.g. embedding or model providers), hosting services, monitoring and analytics tools, and consultants or contractors providing technical support. Providers are selected and managed to ensure appropriate security measures and contractual safeguards for data protection.

7. International Transfers

If data is transferred outside the European Economic Area, transfers will be carried out in compliance with applicable law using adequate safeguards (such as standard contractual clauses) or based on adequacy decisions where available.

8. Security

The Company implements appropriate technical and organizational measures to protect personal data from unauthorized access, loss or alteration. Measures include authenticated access, role-based access control, encryption in transit and where appropriate at rest, controlled backups and access monitoring.

9. Data Subject Rights

Data subjects can exercise their rights under applicable law, including access, rectification, erasure, restriction of processing, objection and data portability, subject to legal limits and the group's internal policies. To exercise these rights or request information, contact the system administrator or the group's privacy office.

10. Use of AI Services and Third-Party Providers

Certain features may use AI services (e.g. for embeddings, text analysis or response generation). Such processing may involve sending portions of data to third-party providers. Providers are chosen after evaluating security, compliance and contractual requirements; processing with such providers is carried out according to the controller's documented instructions and with appropriate contractual safeguards.

11. Notes on Internal Group Use

As the application is intended for internal group use, data processing is primarily for organizational and operational purposes. Access to data is limited to authorized personnel according to roles and responsibilities, and data use is governed by internal confidentiality and security policies.

12. Updates to this Notice

This privacy notice may be updated from time to time. Material changes will be communicated according to the group's procedures. Users are advised to review this page periodically for updates.

13. Contact

For questions about this notice, to exercise your rights, or to report data protection concerns, contact: privacy@[yourdomain].local or the group's legal/privacy office.

This notice is provided for informational purposes and does not constitute legal advice. For specific compliance requirements please consult the group's Data Protection Officer (DPO) or legal counsel.