Definitions
“Affiliates” means any entity which is controlled by, controls or is in common control with AMIGO.
“AMIGO” means the AMIGO Group or any of its Affiliates.
“AMIGO Group” means AMIGO and its Affiliates engaged in the Processing of Personal Data.
“Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data. In the context of MAGNUS Service, the Data Controller is the End-Customer, except when the User registers to the Magnus Service directly as a consumer, in which case the Data Controller is AMIGO.
“Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller. In the context of the MAGNUS Service, Data Processor is any Service Supplier, AMIGO and AMIGO sub-contractors which contribute to the delivery of the Magnus Service. “Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union (“EU”), the European Economic Area (“EEA”) and their member states applicable to the Processing of Personal Data.
“Data Subject” means the individual to whom Personal Data relates. In the MAGNUS service context, the Data Subject is the User using the Service.
End-Customer: means a company or legal entity contracting with the Service Supplier for the purpose of using the Magnus Service for its own community of Users
“Personal Data” means any information relating to an identified or identifiable person.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).
“Data Breach” is a security incident in which sensitive, protected, personal or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
“Services” means the provision of the MAGNUS service where AMIGO Processes Personal Data of End-Customers.
“Standard Contractual Clauses” means the agreement executed by and between AMIGO and some of its sub-contractors, pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
“Service Supplier” means Amigo or an Authorized Reseller from which the End-Customer has purchased the Magnus Service
“User” means the individual who accesses the Magnus Service. The User is the Data Subject.
A. General
The Service branded as “MAGNUS” is a set of cloud-based collaboration services that enables cross-community interactions and transactions between business users beyond company borders. The Service’s main purpose is to collect identities and link them so as to operate persistent collaborative activities such as messaging, voice or video calls, screen or file sharing, exchanging multimedia data (content) between terminals such as desktop, mobile phones.
AMIGO is the editor of the Service. AMIGO is Data Controller when the User registers to the Magnus Service directly as a consumer and is Data Processor otherwise. AMIGO is committed to abide by all laws and regulations pertaining to personal data, data privacy and data protection. AMIGO has designed and is enforcing policies and procedures with respect to Personal Data collection & processing through i) AMIGO Global Privacy Policy and ii) the provisions in the present Magnus Data Privacy Notice complementing the AMIGO Global Privacy Policy.
AMIGO has nominated a data
protection officer who can be addressed at:
AMIGO Data
Protection Officer
690 Dorval Drive, Oakville L6K 3X9
Canada
dataprivacy@magnusity.com
B. The obligations of Data Controller and Data Processor
B.1 Obligation of AMIGO as a Data Controller
Where it is Data Controller,
AMIGO is committed to abide by all laws and regulations, in this context, those pertaining to data privacy, personal data protection and security.
AMIGO will instruct its Data Processors to collect and process personal data in accordance with all the relevant provisions of the applicable data protection laws, in particular, with respect to the security, protection and disclosure of personal data.
AMIGO will inform the Data Subjects i) of the use of their personal data (see sections C below) ii) of the involvement of data processors to process their personal data and iii) that they personal data may be processed outside the EEA (European Economic Area).
AMIGO will respond in reasonable time and to the extent reasonably possible to enquiries by Data Subjects regarding the Processing of their Personal Data by the Data Controller, and it will give appropriate instruction to the Data Processor in a timely manner.
AMIGO will respond in a reasonable time to enquiries from the Data Protection Supervisory authority.
B.2 Obligations of AMIGO as a Data Processor
Where it is Data Processor:
AMIGO is committed to abide by all laws and regulations, in this context, those pertaining to data privacy, personal data protection and security.
Instruction:
AMIGO only processes Personal Data on behalf of and in accordance with Data Controller’s instructions,
Individuals accessing personal data:
AMIGO ensures that its personnel involved in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and are subject to obligations of confidentiality. Such obligations survive the termination of that individual’s involvement with AMIGO.
AMIGO shall take commercially reasonable steps to ensure the reliability of any AMIGO personnel involved in the Processing of Personal Data.
AMIGO ensures that AMIGO Group’s access to Personal Data is limited to those personnel who require such access to perform the Service.
Personal data protection and personal data security
AMIGO maintains highest protection of data, including personal data, and has therefore designed and enforced internal data security policy and procedures for the protection and the security, confidentiality and integrity of Personal Data.
Data Breach:
If AMIGO becomes aware of any unlawful access to any Data Subject’s Personal Data stored on AMIGO’s equipment or in AMIGO’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Data Subject’s Personal Data (Data Breach), AMIGO will promptly: (a) notify the relevant Data Protection Authority (DPA) and potentially after DPA’s approval, notify the concerned Data Subject and Service provider thereof of the Data Breach, through any appropriate mean; (b) investigate the Data Breach and provide Data Protection Authority and the Data Subject with information about the Data Breach, through any appropriate mean; and (c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Data Breach.
Where:
(i) An unsuccessful Data Breach attempt will not be subject to this Section. An unsuccessful Data Breach attempt is one that results in no unauthorized access to Data Subject’s Personal Data or to any of AMIGO’s equipment or facilities storing Data Subject’s Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers) or similar incidents; and
(ii) AMIGO’s obligation to report or respond to a Data Breach under this Section is not and will not be construed as an acknowledgement by AMIGO of any fault or liability with respect to the Data Breach.
Notification(s) of Data Breaches, if any, will be delivered to the Data Subjects by any means AMIGO selects, including via email. It is the recipient’s sole responsibility to ensure it maintains accurate contact information in the Magnus Service at all times.
Additional terms for personal data transfers out of the EU/EEA and Switzerland:
AMIGO has implemented the appropriate guarantees in order to ensure existence of an adequate level of protection of Personal Data upon export to territories deemed not having such adequate level of protection by EU (list of territories with adequate level of protection). This means that AMIGO has concluded contracts with those of its sub-contractors that may be importer of Personal data out of the EU/EEA in the form of European Standard Contractual Clauses approved by the European Commission. Such clauses include the technical and organizational measures taken by the sub-contractor to protect personal data.
Engaging another Data Processor
AMIGO’s Affiliates may be retained as Data Processors; and
AMIGO and AMIGO’s Affiliates respectively may appoint sub-contractors in connection with the provision of the Services.
Any such sub-contractor will be permitted to obtain Personal Data only for the purpose of delivering the services for which AMIGO has appointed them, and they are prohibited from using Personal Data for any other purpose.
AMIGO will be liable for the acts and omissions of its sub-contractors to the same extent AMIGO would be liable if performing the services of each sub-contractor.
AMIGO Assistance
AMIGO will assist the User and the Data Controller by using appropriate technical and organizational measures, insofar as this is commercially possible, for the fulfilment of the Users’ rights (as Data Subjects) or for the fulfilment of its obligations as per the applicable Personal Data Protection laws and regulations.
To the extent the User or its Data Controller, in its use or receipt of the Services, does not have the ability to correct, amend, block or delete Personal Data, as required by Data Protection Laws, AMIGO will assist to facilitate such actions to the extent AMIGO is legally permitted to do so and to the extent such activity is commercially reasonable.
AMIGO shall, to the extent legally permitted, promptly notify the Data Controller if it receives a request from a Data Subject for access to, correction, amendment or deletion of that User’s Personal Data. AMIGO shall not respond to any such Data Subject request without Data Controller’s prior written consent except to advise the Data Subject that such request must be addressed to the Data Controller. AMIGO shall provide the Data Controller with commercially reasonable cooperation and assistance in relation to handling of a Data Subject’s request for access to that User’s Personal Data, to the extent legally permitted and to the extent the Data Controller does not have access to such Personal Data through its use or receipt of the Services.
Personal data retention:
AMIGO retains Personal Data for as long as it is needed to fulfil the purpose for which it was collected and within the limit of compliance with laws and regulations.
C. Personal Data AMIGO collects and uses to deliver the Magnus Service
Registration information
AMIGO will obtain from and concerning the User, at minima the User’s email address, for the purpose of registration of the User to the Service and its usage thereof.
AMIGO may also obtain other information from and concerning the User which the User optionally enters in order to deliver a better Service experience. Such optional information includes: first name, last name, nickname, job title, other title, photo, phone numbers, other email addresses (together “Registration Information”).
Such Personal Data shall not be used for other purposes than those set forth in the paragraphs below. below.
AMIGO uses Registration Information to enroll the Users in the Service, to operate the Magnus Service, to display the identity of the Users to other Magnus Users, to notify Users about new or enhanced features and updates of the Service.
AMIGO may also identify or collect the End-Customer company name with the Users’ email address termination in order to (a) propose to Users additional contacts within the End-Customer’s company and (b) offer directly to the End-Customer’s company additional Magnus Services.
AMIGO does not use Personal Data to send commercial or marketing messages without User’s consent except as part of a specific program or feature regarding the Magnus Service for which the User has the ability to opt-in.
AMIGO may also use Users’ Personal Data for non-marketing or administrative purposes such as, without limitation, for notifying Users of major changes made to the Magnus Service or for maintenance and technical service purposes if any provided to the Users.
User generated information
AMIGO stores User generated information (information that the Users upload, provide or create while using the Service. This includes:
Conferences: in the Service, all discussions, be they supported by text, voice or video, between 2 or n Users, are considered as conferences. Hence all content exchanged in any conversation is considered as User generated information and is stored (to the limit of the retention period described in below section).
Bubbles: Activity recorded in the bubbles (such as joining or leaving), including activity related to third-party integrations, together with the date, time, Users involved in the activity, and other participants in the bubble
Messages: Message content, sender and recipients, date, time, and read receipts
Content shared: Files and file names, sizes, and types
Audio conferencing: Call participants, date, time, duration, and quality ratings that you provide. We route audio and video call content and screen sharing content between call participants but we do not retain nor store the content. Such connection information is also described as CDR (call details records).
Presence: Status information, for example whether and when you are active, out of office, or have turned on Do Not Disturb, is displayed to other users.
AMIGO uses this information to provide the User an enhanced experience of the Service, including a persistent history of its interactions with other Users. It should be noted that all messages and content the User shares, including personal information about itself or others, will be available to all other participants of the discussion/call/shared folder, including participants who join the discussion/call/shared folder after the User has shared messages or content.
If the User shares a discussion with another User who is not already in the discussion, when that User joins the discussion, he or she will be able to see the list of other Users in the discussion as well as past messages exchanged before he/she has joined the discussion.
AMIGO may use aggregated usage data that provides service information to understand how the Service is used and to improve the quality and design of the Magnus Service and to create enhanced or new features, functionalities, and services by storing, tracking, and analysing User’s preferences and trends. AMIGO may use cookies and log file information to: (a) remember information so that the Users will not have to re-enter login and password the next time they use the Magnus Service; (b) monitor individual and aggregate metrics such as total number of interactions, pages viewed, device used and (c) track their entries, submissions, views and such.
Connection information:
When the User is connecting to the Service, connection information generated consists of: IP address, date, time & technical details that are needed to support billing calculation.
Special note concerning Magnus mobile application:
When the User installs the Magnus mobile application on its mobile device, the Magnus mobile application will ask the User permission to access its address book or contact list from its mobile device.
D. When Personal Data is disclosed to others
Registration Information and User Presence
When a User voluntarily (i) joins its End-Customer’s private Magnus membership or (ii) joins a “Magnus bubble” (dedicated group of users) or (iii) accepts to be part of another User’s contact list, then the User’s Personal Data and Presence is displayed on the Magnus Service to (i) other End-Customer’s members, (ii) to other Users in the Magnus bubble, or (iii) to the other User whose contact list the User has accepted to join, respectively.
Service operation and improvement:
AMIGO may provide and share the User’s Personal Data with its affiliated companies, subsidiaries or sub-contractors acting as Data Processors on a need-to-know basis to support AMIGO for any of the usage purposes set forth in paragraph Registration Information above. The User’s Personal Data is communicated to such entities in accordance with applicable Data Protection law i.e. under agreements ensuring the security and confidentiality of User’s Personal Data. See data transfer paragraph below for more information.
E. User consent
The Service does not operate and can’t be accessed unless the minimum personal data is provided by the User as listed in Registration Information section above. The Service cannot operate the main purpose of the Service (as described in section A above) without such personal data input. This makes the main purpose be a legitimate interest such that no further consent is needed from the User to allow the Data Controller to collect and process such personal data.
The User may decline submitting Personal Data other than the mandatory Registration Information through the Magnus Service, in which case AMIGO may not be able to provide certain functionalities to the User. If the User does not agree with the AMIGO Global Privacy Policy or the current Magnus Data Privacy Notice, the User may request deletion of its account, uninstall all the Magnus applications and discontinue use of the Magnus Service.
The User or the End-Customer may contact AMIGO if it: (i) wishes to be provided with access to the Personal Data that AMIGO has collected about a given User, (ii) wishes to review and update an User’s Personal Data or requests deletion of any and all of its Personal Data at any time, (iii) objects, for legitimate reasons, to the processing of its Personal Data ; furthermore upon any questions or comments about this Magnus Data Privacy Notice, the User or the End-Customer may contact AMIGO via email at: support@openMagnus.com or via Emily agent while connected in Magnus Services.
F. AMIGO’s Commitment to Data Security
AMIGO intends to protect the personal information entrusted to AMIGO and treats it securely in accordance with this Data Privacy Notice. AMIGO implements physical, administrative, and technical safeguards designed to protect any personal information from unauthorized access, use, or disclosure. AMIGO contractually requires that AMIGO’s sub-contractors protect such information from unauthorized access, use, and disclosure. The Internet, however, cannot be guaranteed to be 100% secure, and AMIGO cannot ensure or warrant the security of any personal information Users provide to AMIGO.
AMIGO recommends not using unsecured wifi accesses or other unprotected networks to connect, use or submit messages through the Magnus Service. AMIGO makes reasonable efforts to ensure the security of its systems and uses state of the art high level encryption to protect data in transit.
Media encryption is used to protect the audio and video (if any) that Users transmit during a call. When Users make a call, media is encrypted from User’s device to the other participant.
Transport encryption is used to protect all connections to and from the Service and between audio or video call participants. When the User registers to the Service, sends messages, shares Contents, or otherwise connects to the Service, AMIGO always uses transport encryption.
Should a User or an End-Customer become aware of a Data breach affecting its Magnus Service account, then such User or End-Customer must notify AMIGO immediately using support@openMagnus.com
G. Special Note to EU End-Users
The Magnus Service is hosted in data centers in different geographies. Please refer to our data location policy available at https://support.openMagnus.com. Furthermore, we have the necessary contractual material in place with the Data Center providers to ensure that the level of data protection is adequate in the sense of the GDPR. Finally, AMIGOI is operating the Magnus Service instance across all the Data Centers of Magnus Service network in a uniform manner, compliant with the “adequate” level of data protection expected by the GDPR.
The designer and developer of the Magnus Service concerning the processing of Users’ Personal Data is Amigo, a French corporation formed as a “Société par Action Simplifiée” with registered office address at 32, Avenue Kléber 92700 Colombes, France, registered at the Nanterre Commerce and Companies Registry under number 602 033 185 RCS Nanterre; more information available at https://www.mangusity.com
See also: Terms of Service