Bond - Personal Security for All.

Legal Information

Legal information: www.ourbond.com Publisher: TG-17 France, simplified single shareholder company with a capital of 1 000,00 euros, registered with the Paris Trade and Companies Register under the number 929091981, whose registered office is located at 35 boulevard Malesherbes 75008 Paris, VAT number FR64929091981

Director of publication: Frédéric Allot, CEO of TG-17 France

Host: Amazon Web Services, 410 Terry Avenue North P.O. Box 81226 Seattle WA. 98108-1226 USA, https://aws.amazon.com/fr/contact-usIntellectual Property: TG-17 Group is the exclusive owner of all intellectual property rights relating to both the structure and the content of the www.ourbond.com website and its application. The contents of the application are subscription-based and are accessible in exchange for a subscription for the paid content. Any use of this content in a professional or commercial context or any marketing of this content to third parties is forbidden, except with the express agreement of TG-17 France, which can be requested at the following address: [email protected].

Privacy Policy

Updated February 2025

Bond application is a cloud-base application that is provided to customers and Users with the aim to assist them with the intention of reducing the likelihood of unsafe situations materializing or worsening. The core capabilities in Bond application include messaging, calling, video and file sharing. Bond is made up of different legal entities in different countries. This Privacy Policy is issued on behalf of all Bond entities and explains how the Bond entities use and protect customer Personal Data and provides information about the rights individuals have in respect of their customer Personal Data.

We at TG-17, Inc. (doing business as “Our Bond”) (together with the Related Parties as defined in the Terms of Use “we,” “us,” “our” or, “Company”) know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. By using or accessing the Services in any manner, you acknowledge and accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Remember that your use of Bond’s Services is at all times subject to the Terms of Use, which incorporates this Privacy Policy and our Cookies Policy. Any terms that we use in this Policy without defining them are defined in the Terms of Use.

Bond complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce.

Bond has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy covers our treatment of Personal Data. Our gathering of data is limited to Bond Members who’ve authorized us to do so, and only while they’re using our Products and/or Services.

We gather various types of Personal Data from our Members, as explained in more detail below, and we use this Personal Data internally to personalize, provide, and improve our Services. For example, we may use data to allow you to set up a member account and profile, to contact you and allow other Members to contact you, to fulfill your requests for certain Products and/or Services and to learn how you use our Services. In certain cases, we may also share some Personal Data with third parties, as described below.As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data from anyone under the age of 15, except as authorized by a parent or guardian. If you are under 15, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the required minimum age without being authorized by a parent or guardian, we will delete that information as quickly as possible. If you believe that a child under the required minimum age may have provided us with personal information without being authorized by a parent or guardian, please contact us at [email protected].

WHO WE ARE AND OUR CONTACT INFORMATION?

We act as a Data Controller or Data Processor, depending on the circumstances:

Data controller: concerning consumer Users of the Services, we act as a data controller, as outlined in the privacy policy applicable to Services consumer Users.
Data processor: each enterprise customer is a data controller of its employee Users. When the enterprise provides its employee Users to us via the Services, we are a data processor of those employee Users to deliver Services from the enterprise customers to those Users.

Our obligations as Processor. To the extent required by applicable law, we and you agree to the following:

We shall only process Personal Data in accordance with your instructions.
We confirm that:
- the duration, subject matter, nature and purpose of the processing shall be as specified by yourself;
- the types of Personal Data processed comprise your contact information as described by yourself;
- the categories of Data subjects comprise employee Users with whom we communicate using the Services; and
- your obligations and rights as Controller in relation to this Personal Data are as set out in these Privacy Policy and in the Terms of Use.
We shall ensure that any person authorized to process Data Information under these Privacy Policy and the Terms of Use is bound by appropriate obligations of confidentiality.
We will implement appropriate technical and organizational measures to protect the Personal Data processed under these Privacy Policy and the Terms of Use, including against unauthorized or unlawful processing or accidental loss, alteration, disclosure, or destruction. These include the measures listed in the security measures (as updated from time to time, for example, to reflect technological developments) which are expressly incorporated into these Privacy Policy;
We will notify you without undue delay of the discovery by us of any Personal Data breach;
Taking into account the nature of the processing and the information available to us, we will assist you in your role as a Controller, by appropriate technical and organizational measures, insofar as this is possible, in fulfilling any obligations under law applicable to you as a Controller to respond to requests from Users regarding the exercise of their rights;
To the extent required by law applicable to you as the Controller, the Processor agrees to support your obligations as a Controller, in particular regarding the security of the processing or regarding Personal Data breaches, by providing you with reasonable assistance, taking into account the nature of the processing and the information available to us;
Upon your request, we will make available to you all information and provide all assistance that is reasonably necessary to demonstrate our compliance with our legal obligations as a processor under these Privacy Policy and the Terms of Use;
We may subcontract our processing obligations under these Privacy Policy and the Terms of Use to a sub-processor, who may be based in a country other than the one in which you or we are located given the global nature of our Services, including the European Economic Area (EEA) or the United States, only by way of written agreement that shall impose obligations on the sub-processor that are no less rigorous than the obligations imposed upon us by these Privacy Policy and the Terms of Use. We will remain fully liable to you for the performance of that sub-processor’s obligations.
You hereby authorize us to engage third parties as our sub-processors. Subject to applicable law, we will notify you in advance of any changes related to our sub-processors. If you reasonably object to such changes, you may inform us in writing and stop using our Services; and
Upon termination of our agreement with you, we shall cease processing Personal Data and shall delete it within the time period set forth in these Privacy Policy, unless applicable law requires further storage or to the extent that we have a right or obligation to use the Personal Data independent of the these Privacy Policy.

We have appointed a European data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice in Europe. For requests to exercise your rights, please contact: [email protected].

WHAT INFORMATION DOES BOND COLLECT?

Bond collects Personal Data that you provide directly to us and that is automatically collected in connection with your use of our Services. Personal Data may also be sent to us by third party business partners or service providers.

Personal Data may include (but is not limited to): Member info/data, usage data/info, in-app activity info, command center engagements, marketing communications preferences and engagements, payment data (Bond uses third-party payment processors), and more. This information is collected when you share the following with us: Name (first, last); Email; Phone Number; Country of Residence; Personal PIN code (which we store locally in the Company Application at the device/smartphone level. We will not store in our servers); Device default language; User Picture (from your FB account); Audio and video of you (e.g. related to calls made through the Services); Home Address; Billing Address; Company Username and password for account login.

In addition, we may collect the User profile data you choose to volunteer to Company (please note: Company does not verify for accuracy) including, without limitation: (1) Eye Color; (2) Hair Color; (3) Other information from Command Center during onboarding: (i) Height; (ii) Weight; (iii) Medical and health conditions (if known); (iv) Medications (if known); (v) Blood Type; (vi) Default language preference for communication with TG; (vii) Second language preference; (4) Date of Birth; (5) Apple Pay or Paypal; (6) Information we gather about family, emergency contacts or other personal contacts you choose to share with Company: (i) Name (first, last); (ii) Phone Number; (iii) Relationship to you; (iv) Email; (v) Home address; (vi) Date of birth; (7) Posts, data and images that you share; (8) Data from hardware devices; (9) Location Information (e.g. Home or Office).

We may process sensitive data (biometric data, health data) relating to Users, only if it is contained in content that may be recorded or stored (such as voicemails, call recordings, files) by Users and which is hosted on our partner’s infrastructure. However, we do not collect it for our own purposes, and we are not aware of when we are processing such data and, as such, we don’t use such data outside of a user’s reasonable expectations. The collection of your biometric data is governed by a control system ensuring their ephemeral passage through our application server, so no biometric database is established either at the level of Bond or at the level of our host provider.

We receive and store any information that you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect Personal Data such as your email address and third-party account credentials.

We may communicate with you if you’ve provided us with the means to do so. For example, if you’ve given us your email address, we may email you about your use of our Services. If you do not want to receive certain forms of communications from us, please indicate your preference by [email protected].

Information we receive from third party sources: Some third parties, such as our business partners and service providers, provide us with Personal Data about you, including (without limitation):

Account information for third party services: If you provide your third-party account credentials to us, or if you share content from our Services through a third party social media service, or otherwise sign into the Services through a third party site or service (e.g., Facebook Connect), you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions through your account settings, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy. Certain information may be required to register with us or to take advantage of some of our features. We do not have access to account passwords.
Information from our advertising partners: We receive Personal Data from some of our marketing and promotional service providers, related to how you interact with our websites, applications, products, services, advertisements or communications.
Information from other service providers: We work with service providers who assist us in offering and improving our Services by providing us with information about how you use our Services. This information helps us to maintain the security and integrity of our platform.
Account Information: Facebook Login; Google Login. For more information, please see our Terms of Use.

Information we automatically collect when you use our Services: Some Personal Data is automatically collected when you use our Services, such as the following data: IP address; Device identifiers; Web browser information; Usage information; Cookies and other tracking technologies (e.g. web beacons, pixel tags, SDKs, etc.); Log data (e.g. access times, hardware and software information); Language preference; Biometrics for TouchID or FaceID recognition (comes from the OS we will never store in our servers); Smartphone data; Real time location via GPS; Audio (via permission access to microphone), Video (via permission access to video camera), as permissions the member chooses to provide to Company; Smartphone IP address; Device identifiers; Company Application usage information (via Appsee); Log data (e.g. access times, hardware and OS software information); Cellular connectivity information; Pictures (via permission access to the member’s camera library); Battery status information; View of Wifi or other internet access points in your area; Data from smartphone’s sensors (accelerometer, magnetometer, others); Recordings of audio and or video Calls a member had with Company Command Center personnel; Recordings of audio and or video Calls a member had with Authorities if the connections were made via the Company Application; Notes/logs the Command Center personnel might have collected when assisting a member with a live case; Historical records about a member’s location; Data collected via member engagement with our Application; Messages exchanged between the member and their contacts via the Company Application.

Information About Cookies: Please see our Cookie Policy for more information about the type of cookies and tracking technologies that we use and why, and how to accept or reject them.

Google Analytics: We also may utilize Google Analytics, a web analysis service provided by Google, to better understand your use of our products and/or Services. Google Analytics collects information such as how often uers visit the website, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the website, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the website to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google also offers an opt-out mechanism for the web available here.

HOW DO WE USE AND PROCESS YOUR PERSONAL DATA?

We process Personal Data to operate, improve, understand and personalize our Services. For example, we use the following Personal Data to: Create and manage member profiles; Empower our Command Center personnel to share the relevant information to the authorities; Empower or Command Center personnel to personalize our Services to a specific member; Create predictive models that can identify potentially risky situations to members, member’s family and contacts and for the broader Company community; Use your data augmented with data from our operations to improve the accuracy of our services; Communicate with you about Bond Services; Contact you about Service announcements, updates or offers; Provide support and assistance for Bond services; Meet or comply with contractual or legal obligations; Protect against or deter fraudulent, illegal or harmful actions; Collaborate, cooperate and otherwise work with our business partners, vendors and service providers; Sharing Personal Information with our vendors and service providers who perform services on our behalf; Enforce our Terms of Use; Additionally, we may communicate with you through the means you’ve provided us to do so.

The Company processes your Personal Data for one or more of the purposes outlined in this section and according to the appropriate legal basis.

The Company shall not process Personal Data unless there is a legal basis for such processing. The legal bases according to which the Company may process Personal Data are as follows:

Your consent that the Company will process Personal Data about you for one or more specific purposes. By way of example, for the purpose of sending marketing materials to you.

Where the legal basis for the processing of the Personal Data about you is consent, you may at any time withdraw your consent for the purposes for which you provided your consent by sending a notice to the following email address: [email protected].

Where you withdraw your consent for the processing of Personal Data about you, we might not be able to provide you with some or all of the Products and/or Services (including, but no limited to, the Application) you requested or in the form intended to be provided to you, and you will have no claim in respect of that.

Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. By way of example, in order to allow you to install and use the Application.

Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party. By way of example, for the purpose of improving our Products and/or Services (including, but not limited to, the Application), or for the exercise or defense of legal claims.

Whenever the processing of Personal Data about you is necessary for the purpose of the legitimate interests pursued by the Company or by a third party, the processing is conditional upon such interests not overridden by your interests or fundamental rights and freedoms which require protection of Personal Data about you. At any time, you may approach us by sending a notice to the following email address: [email protected], in order to receive information concerning the review performed by us in order to reach the conclusion that we may process the Personal Data about you on account of such processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party.

The following list outlines the purposes for which we may process Personal Data about you and the legal basis for any such processing:

	Purpose	Legal Basis
1	In order to install and register as an account holder to the Application We will process your Personal Data in order to allow you to install the Application and open an account.	Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
2	In order to allow us to provide you with as well as use our Products and/or Services (including, but not limited to, the Application) Whenever you request to use our Products and/or Services (including, but not limited to, the Application), We will process the Personal Information required for Us to perform such requests.	Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
3	In order to contact you for the purpose of operational requirements In some circumstances, we will contact you in order to update you in respect of certain operational matters; for instance, where a certain aspect of our Products and/or Services (including, but not limited to, the Application) is changing. In these circumstances, we will need to use Personal Data about you accordingly.	Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
4	In order to respond to your queries, requests and/or complaints, and to provide you with customer support services Processing of Personal Data about you is required in order to respond to queries you have concerned our Products and/or Services (including, but not limited to, the Application), and in general to provide you with customer support services.	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
5	In order to provide you with tailor made services, marketing materials and offers In order to enhance and improve your user experience and the use of our Products and/or Services (including, but not limited to, the Application), and in order to offer you additional and new offers, Products and/or services (whether of ours or of third parties), we process Personal Data about you in order to adjust the materials presented to you according to your preferences, behavior, characteristics and interests; these materials can be ours or of third parties. For this purpose, we use Personal Data automated analysis techniques, including profiling.	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
6	In order to improve our Products and/or Services (including, but not limited to, the Application), as well as to offer new ones We may use Personal Data about you in order to improve Our Products and/or services (including, but not limited to, the Application), as well as for the purpose of offering new ones; such processing will include, inter alia, an analysis of previous uses by you of our Products and/or Services (including, but not limited to, the Application), any comments and complaints received in respect of Our Products and/or Services (including, but not limited to, the Application), as well as any errors and malfunctions.	Processing is based on your consent and necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
7	In order to send you marketing materials Inasmuch as you agree to receive marketing materials from us, we will send you, via the means of communication you consented to, marketing materials relating to our Products and/or Services (including, but not limited to, the Application), whether in existence now or in the future, whether similar to our Products and/or services (including, but not limited to, the Application) and whether different ones and/or Products and/or services of third parties. It is hereby clarified that you may withdraw your consent at any time, by sending an email with the title “unsubscribe” to the following email address: [email protected] or by clicking the unsubscribe option in any marketing material sent to you. Please note that you will be requested to choose from which means of communication (one, some or all) you wish to unsubscribe. It is hereby clarified that unsubscribing will not cause the deletion of your contact details, but to cease receiving marketing materials – unless you re-request to receive them.	Your consent
8	In order to analyze the effectiveness of any marketing and advertising campaigns and activities of the Company	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
9	In order to perform and maintain various activities supporting the offering and provision of our Products and/or Services (including, but not limited to, the Application) Such activities include back-office functions, business development activities, technical functionality and security, strategic decision making, oversight mechanisms, etc.	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
10	In order to perform analysis, including statistical analysis We use various analytical measures (including statistical ones) in order to make decisions on various issues, including improving existing Products and/or services and introducing and developing new ones.	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
11	In order to protect Our and third parties’ interests, rights and assets, including initiation or exercise or defense of legal claims We may process Personal Data about you in order to protect the interests, rights and assets of ours and of third parties, according to any law, regulation and agreement, including any of our terms and conditions and policies.	Processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party.
12	In order to assist national law enforcement / security agencies, to respond to requests from public, governmental and regulatory authorities, to comply with court orders, litigation procedures and other legal processes	Necessary to comply with legal obligations we may have under applicable laws (for example to provide lawful intercept and/or data retention by national law enforcement / security agencies)

Without limiting the foregoing and notwithstanding any rights of publicity, privacy or otherwise (whether or not statutory) anywhere in the world, and without any further compensation or right to review or approve any use permitted herein, we may and are hereby authorized to use audio and/or visual recording media (and other data) make in compliance with this Policy (including my voice, image, likeness and appearance) in whole or in part, on a non-permanent and non- systematic basis, with or without modification, in connection with providing Command Center and other member services, training and quality assurance, purposes and improving our Products and/or Services offerings via print, broadcast, Internet and mobile.

WILL BOND SHARE ANY OF THE PERSONAL DATA IT RECEIVES?

We do not rent or sell your Personal Data in personally identifiable form to anyone. We may share your Personal Data with third parties as described in this section. For Members with accounts located in the European Economic Area (EEA), all processing of Personal Data is performed in accordance with privacy rights and regulations following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR“).

Data that’s been de-identified. We may de-identify your Personal Data so that you are not identified as an individual, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.

Advertisers: We allow advertisers and/or merchant partners (“Advertisers”) to view the demographic information of members who will see their advertisements and/or promotional offers. In using our Services, members agree to provide any of the information we have collected from you in non-personally identifiable form to an Advertiser, so that Advertiser is able to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in Kansas City to show you ads or offers for Kansas City based businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to members with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach. Sometimes Bond conducts advertising campaigns on third party websites and applications (e.g., Facebook) (collectively, “Third Party Platforms”). In those cases, we may disclose your information in personally identifiable form to the operators of the Third Party Platforms solely to allow them to direct our advertising content to you via the Third Party Platform. In no event would we authorize such Third Party Platform Operators to reuse your email address in conjunction with other advertisers or for any other purpose.

Business Partners: In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). Users are able to clearly recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Data with that affiliated business only to the extent that it is related to that transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.

Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. For example, we may use a data hosting service provider to store your information and make it available to use for our Services. Unless we tell you differently, our agents do not have any right to use the Personal Data we share with them, beyond what is necessary to assist us.

User Profiles and Submissions: Your profile information, including your name, location, and any video or image content you have uploaded to the Services, may be displayed to other members to facilitate member interaction within the Services or address your request for our services. Your account privacy settings may allow you to limit the other members who can see the Personal Data in your member profile and/or determine what information in your member profile is visible to others. Please remember that any content you upload to your public member profile, along with any Personal Data or content that you voluntarily disclose online in a manner other members can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your member name may also be displayed to other members if and when you send messages or comments or upload images or videos through the Services, and other members can contact you through messages and comments. As explained in more detail in the Terms of Use, Bond may store and use Recordings (as defined in the Terms of Use) in any manner and for any purpose.

Business Transfers: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party.

Protection of Bond and Others: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary in response to a lawful request by public authorities, including to meet national security or law enforcement requirements; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of Bond, our employees, our members, or others.

Transfers to contractors or agents: In any case, where Bond transfers personal information to its contractors or agents to perform tasks on behalf of Bond and under its strict instructions, Bond requires said companies to keep personal information confidential and secure, and to protect it in accordance with the law and Bond’s policies. They may only access personal information for the lawful purpose for which it has been shared and in accordance with Bond’s instructions. Such personal information will be processed exclusively according to the terms of the contract entered into by Bond and its contractors and agents, ensuring an adequate level of data protection at all times.

Choice: Under any other circumstances, you will be given the choice to opt in or out of your personal data being disclosed to a third party for a purpose materially different from the purposes for which it was originally collected.

Where you have opted in for a determined processing of your personal data which is materially different from the purposes for which it was originally collected, you may modify their option and withdraw your consent at all times, and notify Bond of your choice to opt out of such a processing by specifying it at the following address: [email protected].

Liability in cases of onward transfers: In any case, Bond remains liable for the processing of personal information entrusted to its agents or contractors in a manner that would prove to be inconsistent with data protection laws and principles, and in particular the GDPR and the EU – U.S. DPF and its UK extension, unless Bond can prove that it is not responsible for the specific event giving rise to a potential damage.

Transfers Of Personal Data To A Third Country Or An International Organization

Personal Data about you may be transferred to a third country (i.e., jurisdictions outside the EEA) or to international organizations. In such circumstances, the Company shall take any reasonable efforts to safeguards aimed to ensure the protection of Personal Data about you and provide that enforceable data subject rights and effective legal remedies for data subjects are available.

These safeguards and protection will be available if any of the following are met:

The transfer is to a third country or an international organization which the EU Commission decided that they provide an adequate level of protection to the Personal Data that is transferred to them pursuant to Article 45(3) of the GDPR;
The transfer is according to legally binding and enforceable instrument between public authorities or bodies pursuant to Article 46(2)(a) of the GDPR; or
The transfer is in accordance with standard data protection clauses adopted by the EU Commission pursuant to Article 46(2)(c) of the GDPR; the clauses adopted by the EU Commission can be viewed at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en.

You may request the Company to be provided with details concerning the safeguards employed by it to protect the Personal Data about you which is transferred to a third country or an international organization, by sending an email to the following address: [email protected].

International transfers to our entities: We may transfer your Personal Data amongst your entities as controller or processor, inside or outside of the European Economic Area (EEA). All our entities have signed the EU Commission standard contractual clauses, setting out the adequate safeguards all our entities must put in place to protect Personal Data and its transfer.International transfers from EEA: When we transfer customer Personal Data from EEA to an external supplier located outside of the EEA, we make sure that a similar degree of protection is afforded to the customer Personal Data. For transfers outside of the EEA to the United States to entities that are not part of the EU – U.S. DPF and its UK extension, or for transfers outside of the EEA to a country which the EU Commission has not assessed as providing an adequate level of protection, we use the EU Commission standard contractual clauses or another appropriate safeguard.

IS PERSONAL DATA ABOUT ME STORED?

A retention period of 10 years from the date of acceptance of the order is justified by our legal obligations resulting from French law, in particular Articles L213-1, D213-1 and D213-2 French Consumer Code, for contracts worth more than €120. For contracts that were less than €120, a 5-year retention period commencing from the date of last connection to the user account is justified for legal proceedings and anti-fraud purposes. Data of a prospect who has not had contracts with the Company and not responding to any solicitation are kept for 3 years. The data in question included customers’ first and last names, telephone numbers, and e-mail addresses,Media, messages and content that may be recorded or stored (such as voicemails, call recordings, files) by Users are only stored for delivery and are deleted after 7 or 30 days, respectively. It is at your discretion to decide on your data storage, message archiving, etc.

12-Month Log Retention. We will retain Internet User logs of traffic metadata, Internet User binary identifiers, and other traffic information (e.g. if an Internet User sends message through Bond application, we only log information about the transaction; it does not log the email content) for 6 months regardless of whether you hereby give us permission to collect, retain and discard such Internet User logs. To the extent applicable laws require the Internet Users to be notified of the collection, retention or deletion of Internet User logs, you are solely responsible for notifying the Internet Users and (if necessary or required by applicable laws) for obtaining the consent of the Internet Users. After the 6-month period, the oldest logs will be overwritten by new entries. We can extend the log retention period from 6 months to 12 months.

IS PERSONAL DATA ABOUT ME SECURE?

We implement appropriate technical and organizational and technical measures to ensure an appropriate level of security to Personal Data taking into account the risks that are presented by processing, in particular from an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. Notwithstanding, any transfer of Personal Data via the internet cannot be fully secured. Therefore, the Company cannot ensure the protection of Personal Data about you when transferred via the internet to Us (including, but not limited to, via the Application).

Your account is protected by a password for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third party site or service. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password and/or other sign-on mechanisms appropriately and limiting access to your device by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of member information at any time.

We may be required, due to legal or other obligations outside our control, to transfer Personal Data about you to third parties, such as public authorities. In such circumstances, we have limited control over the level of protection provided to the Personal Data about you by such third parties.

In addition, this is how we ensure all Services provided by us is compliant with GDPR:

Measures	Description
No access to user’s phone book	Differently from the consumer WhatsApp app, the Business API does NOT include access to the user’s phone book
End-to-end encryption	Bond App messages are encrypted from Bond to the device and secured over HTTPS from the application to Bond
Data protection	Media and messages are only stored for delivery and are deleted after 7 or 30 days, respectively. It is at the discretion of enterprise customer to decide on customer data storage, message archiving, etc.
Data processing	The content sent from you to Bond is secure (datacenter in the USA). The transmission of data between the involved networks is done via HTTPS
Opt-ins	Active opt-ins are required and can be collected with existing communication channels used by users
Opt-outs	Employee Users can report or block enterprise customer on Bond App
Additional security measures by us	Multiple security transmission options like VPN or TLS, regular penetration tests, automated vulnerability scans, and more

Your Rights in respect of The Personal Data

You are entitled to the following rights in respect of the Personal Data about you. The exercise of such rights will be via sending an email requesting to exercise your right to the following email address: [email protected]. You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Right of access

You have the right to receive from the Company confirmation as to whether or not Personal Data about you is being processed, and, where that is the case, access to the Personal Data and the following information: (1) the purposes of the processing; (2) the categories of Personal Data concerned; (3) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries outside the European Economic Area (EEA) or international organizations; (4) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; (5) the existence of the right to request or restriction of processing of Personal Data about you or to object to such processing; (6) the right to lodge a complaint with a supervisory authority; (7) where the Personal Data is not collected from you, any available information as to its source; (8) the existence of profiling; and (9) where Personal Data is transferred to a third country outside the EEA or to an international organization, the appropriate safeguards relating to the transfer.

The Company shall provide a copy of the Personal Data undergoing processing and may charge a reasonable fee for any further copies requested by you. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.

The right to obtain a copy of the Personal Data shall not adversely affect the rights and freedoms of others, and therefore if the request will harm the rights and freedoms of others, the Company may not fulfill your request or do so in a limited manner.

Right to rectification

You have the right to obtain from the Company the rectification of inaccurate Personal Data about you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data about you completed, including by means of providing a supplementary statement.

Right to erasure

You have the right to obtain from the Company the erasure of Personal Data about you where one of the following grounds applies: (a) the Personal Data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; (b) you withdraw your consent on which the processing is based and there is no other legal ground for the processing; (c) you object at any time, on grounds relating to your particular situation, to processing of the Personal Data which is based on the legitimate interests pursued by Us or by a third party, and there are no overriding legitimate grounds for the processing; (d) you object to the processing of the Personal Data for direct marketing purposes; (e) the Personal Data has been unlawfully processed; (f) the Personal Data has to be erased for compliance with a legal obligation in European Union or Member State law to which the Company is subject.

This right is not applicable to the extent that the processing is necessary: (a) for compliance with a legal obligation which requires processing by European Union or Member State law to which the Company is subject; or (b) for the establishment, exercise or defense of legal claims.

Right of restriction of processing

You have the right to obtain from the Company restriction of processing of Personal Data about you where one of the following applies: (a) the accuracy of the Personal Data is contested by you, for a period enabling the Company to verify the accuracy of the Personal Data; (b) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead; (c) the Company no longer needs the Personal Data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; (d) where the processing of the Personal Data is necessary for the purpose of the legitimate interests pursued by the Company or by a third party, unless We demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims; (e) where the Personal Data is processed for direct marketing purposes, including profiling the extent that it is related to such direct marketing.

Where processing of Personal Data about you has been restricted following your request, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Right to data portability

You have the right to receive the Personal Data about you, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit such Personal Data to another controller, where: (a) the processing is based on your consent or on a contract to which you are a party; and (b) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the Personal Data about you transmitted directly from the Company to another controller, where technically feasible. The exercise of your right to data portability is without prejudice to your and the Company’s rights under your right to erasure. In addition, the right to data portability shall not adversely affect the rights and freedoms of others.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing of Personal Data about you which is based on the legitimate interests pursued by the Company or by a third party, including profiling based on such legitimate interests; in such case, we shall no longer process the Personal Data about you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

You have the right to object at any time to the processing of Personal Data about you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent

You may withdraw your consent provided to us for the purpose of processing Personal Data about you at any time, without affecting the lawfulness of processing based on your consent before its withdrawal. Please note that in a case where you will withdraw your consent, we may not be able to provide you with some of our Products and/or Services.

Right to make a complaint

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Bond commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Accordingly, you have the right to make a complaint to the relevant national data protection regulator, such the Commission nationale de l’informatique et des libertés (CNIL) in France (www.cnil.fr) or the Information Commissioner’s Office (ICO) in the UK (https://ico.org.uk/).

As part of the EU-U.S. DPF and the UK Extension, Bond is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) as well as that of the EU DPAs. Consequently, Bond will respond promptly to any inquiries and requests made by such authorities regarding compliance with the EU-U.S. DPF and the UK Extension Principles in case of investigation or resolution of complaints.

Right to arbitration

Subject to the pre-arbitration requirements set out herein, you may initiate binding arbitration by delivering Bond with a Notice. This Notice must contain a summary of the steps taken in order to resolve your claim, a description of Bond’s alleged violation and, at your choice, any supporting documents and materials relating to the alleged claim.

Arbitral procedure may only be brought about regarding residual claims, to determine whether Bond has violated its obligations according to the DPF Principles and whether said violations remain fully or partially unremedied.

The EU-U.S. Data Privacy Framework Panel has the authority to impose individual-specific, non-monetary equitable relief, such as access, correction, deletion, or return of your data, necessary to remedy the violation with respect to your information. No damages, costs, fees, or other remedies are available. You shall bear your own attorney’s fees.

In order to initial an arbitration procedure, you must demonstrate that you have raised your claimed violation directly with Bond and afforded it the opportunity to resolve the issue, and with your DPA or the FTC, acting as an independent recourse mechanism, and that your claim has not been otherwise settled, through a settlement agreement between you and Bond, a binding judgement entered in a court action or an arbitral sentence.

WHAT PERSONAL DATA CAN I ACCESS?

Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:

User name and password
Email address
User profile information
User content, including text, images and videos you have uploaded to the site

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at [email protected].

If you are a parent or guardian of a member of our Services who is under 15, you may contact us at any time to ask that (a) we stop collecting Personal Data from such Member and (b) we delete any Personal Data already collected from such member. Please contact us at [email protected] to request deletion of the account of an underage member. Be advised that we may ask for additional verification and documentation to confirm your identity and authorization to make this request.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at [email protected].

WHAT CHOICES DO I HAVE?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

You may be able to add, update, or delete the information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.

WILL BOND EVER CHANGE THIS PRIVACY POLICY?

As our Services improve, we may need to adjust this Privacy Policy from time to time. Whenever we do, we will alert you to changes by posting a notice online, notifying you by email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us, those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. The use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

WHAT IF I HAVE QUESTIONS ABOUT THIS POLICY?

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to [email protected], and we will try to resolve your concerns. You can also lodge a complaint with the relevant Data Protection Authority, (in France, the Commission nationale de l’informatique et des libertés – CNIL www.cnil.fr; in the UK, the Information Commissioner’s Office – ICO https://ico.org.uk/), which is the regulatory authority in charge of personal data protection.