RandomCoffee is an online solution created by Random Team that facilitates connections between coworkers within an organisation (the “Service“).

This Privacy Policy describes how your information is processed, used and shared when you use the Service.

The Service is intended for use by organisations and in accordance with their instructions and is provided to you by your employer or other organisation that has authorised your access to, and use of, the Service (your “Organisation”).

The Service is provided by your Organisation and is governed by this Privacy Policy and the Terms of Service. Your Organisation may provide additional Terms of Service or policies.

Your Organisation is responsible for and administers your RandomCoffee account (“Your Account“). Your Organisation is also responsible for the collection and use of any data that you submit or provide through the Service and such use is governed by the terms your Organisation has in place with Random Team.

In addition to this Privacy Policy, your Organisation may have additional policies or codes of conduct which will apply in relation to your use of the Service.

If you have any questions about your use of the Service, please contact your Organisation.

The following kinds of information is processed when you, your colleagues or other users access the Service:

• your contact information, such as full name and email address;

• your work title, department information and other information related to your work or Organisation;

• information that you provide when you or your Organisation contact or engage platform support regarding the Service.

We also automatically collect certain information provided by your browser or operating system through the Service, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about your activities and actions (such as the links that you click and pages that you view) within the Services and other standard server log information.

Your Organisation will share the information that it collects with Random Team, as provider of the platform, in order to allow Random Team to provide and support the Service for your Organisation and other users and in accordance with any other instructions from your Organisation. Examples of such use include:

• enhancing the security and safety of the Service for your Organisation and other users, such as by investigating suspicious activity or violations of applicable terms or policies;

• developing new tools, products or services within the Service for your Organisation;

• to identify and fix bugs that may be present;

• and conducting data and system analytics, including research to improve the Service.

Your Organisation discloses the information collected in the following ways:

• in connection with a substantial corporate transaction, such as the transfer of the Service, a merger, consolidation, asset sale or in the unlikely event of bankruptcy or insolvency;

• to protect the safety of any person; to address fraud, security or technical issues;

• and in connection with a subpoena, warrant, discovery order or other request or order from a law enforcement agency.

You and your Organisation may access, correct or delete information that you have submitted to the Service using the tools within the Service (for example, editing your profile information). If you are not able to do so using the tools provided in the Service, you should contact your Organisation directly to access or modify your information, or send an email to contact@random-coffee.com

If you would like to stop using the Service, you should click on the unsubscribe link provided in every email sent by the platform, or you can contact your Organisation. Similarly, if you stop working for or with the Organisation, the Organisation may suspend your Account and/or delete any information associated with your Account.

This Privacy Policy may be updated from time to time. When updated the effective date will be amended and the new Privacy Policy will be posted online.

If you have any questions about this Privacy Policy, please send us an email at contact@random-coffee.com or contact your Organisation.

These Terms of Service (the “Terms of Service”) govern your use of RandomCoffee websites & platform that we operate and that link to these Terms of Service (the “Service”).

RandomCoffee is an online solution that facilitates connections & interactions between coworkers within an organisation (the “Users”)..

RandomCoffee regularly suggests users to connect with one or more coworkers, and matches them based on matching rules set by their organisation.

Your organisation (your “Organisation”) has decided to use RandomCoffee to make it easier for you to connect, meet & interact with your coworkers.

In order to access RandomCoffee, you must be connected to the Internet.

You can connect to RandomCoffee by going to https://www.random-coffee.com. Your Organisation must have subscribed to RandomCoffee for you to be able to connect to RandomCoffee.

• To sign up for RandomCoffee, you must click on the sign-up link shared by your Organisation to access the sign-up form & create your account.

• In order to create your account, you will have to submit a certain number of information about yourself (hereinafter “the Information”), enabling RandomCoffee to create relevant connections between you & your coworkers.

• The Information includes professional information about yourself such as your team, your department or your floor.

• You may have been automatically added to RandomCoffee by your Organisation, which, in this case, creates your profile with your Information. You are directly informed by your Organisation of the creation of your account and the launch of RandomCoffee at your Organisation.

RandomCoffee regularly suggests you to connect with one or more coworkers from your Organisation.

Your Organisation decides to launch RandomCoffee campaigns at a defined frequency. Each campaign consists of one email suggesting you to connect with one or more coworkers, and, if you accept, another email a few days later connecting you with one or more coworkers. You are then free to choose the most appropriate way to meet, following guidance from your Organisation.

The connections are created based on a matching algorithm developed by Random Team for RandomCoffee. The algorithm is configured by your Organisation with the help of Random Team in order to create the most relevant connections. The algorithm only uses the Information that you or your Organisation has provided to Random Team.

Except for the configuration of the algorithm, your Organisation has no influence on the connections made. It cannot create specific connections between pre-determined people.

For any technical question you have regarding the use of RandomCoffee, please contact us at support@random-coffee.com.

5.1. You should refer to RandomCoffee Privacy Policy for more details on how your Information and data submitted to us or created as part of your use of the Service is managed.

5.2. We will take appropriate technical and organizational security measures against unauthorized or unlawful access to, use of, or processing of your Information.

6.1. Your Organisation may terminate your account for any reason at any time.

6.2. If your RandomCoffee account is terminated, your right to access and use the Service immediately ends.

7.1. We may, from time to time, change or modify these Terms of Service to reflect new laws or regulations.

7.2. Your continued use of the Service, following notice of the changes to our terms and policies constitutes your acceptance of our amended terms and policies.

8.1. This Agreement is written in English. To the extent any translated version of this Agreement conflicts with the English version, the French version controls.

What is the GDPR?

Organizations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR since May 25, 2018.

The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals.

Our commitment

We have been fully committed to complying with the requirements of the GDPR. We have taken these new requirements to heart and made changes to our products, contracts and policies to ensure that we were fully in compliance with the GDPR.

Have we nominated a Data Protection Officer?

Yes. His identity has been communicated to the CNIL, the independent French administrative regulatory body whose mission is to ensure that data privacy law is applied.

How can I get in touch with the DPO?

The DPO can be contacted by sending an email to privacy@random-coffee.com.

Do we ensure that our third party providers are or will be compliant in time?

Yes. We’re have been reviewing all of our third party providers’ policies regarding GDPR, notably including:

• Cloudflare

• Amazon AWS

• Mailgun

• Datadog

What is a Personal Data Breach?

A Personal Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Do we have a notification procedure in case of a Personal Data Breach?

We have specific data breach notification procedures in place, respecting the deadlines of the GDPR in communicating any breach.

What are the Rights employees can exercise?

The Rights employees can exercise are :

• Right of Access: Employees may request to access their Personal Information and obtain a copy of the Personal Information which is being processed by RandomCoffee. In the event that employees request to know what Personal Information is being processed by us, we will provide employees with the following information free of charge: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; employees’ privacy rights; and information on data transfers.

• Right of Rectification: Employees may request to change, update or complete any missing data we process about them.

• Right of Erasure: Employees may at any time withdraw their consent to our processing of their Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of their Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase the data.

• Right of Restriction of Processing: Employees may request us to restrict processing of their Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by the employee; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information.

• Right to Data Portability: Employees have the right to receive their Personal Information in a structured, commonly used and machine-readable format.

How can employees exercise their Rights?

Employees can exercise their Rights by sending an email to privacy@random-coffee.com

What type of Personal Data do we collect?

Following the Privacy by Design principle, we only collect the data that we need, which in our case is at minimum the First Name, the Last Name & the Professional Email.

Then, upon customer requests, we may collect other personal data such as the employee’ department, or any other relevant data to deliver the service.

How do we collect the Personal Data?

It depends on each customer, but the main way to collect Personal Data is through a registration form that Employees must fill themselves, therefore ensuring consent.

We also are integrated with SAP SuccessFactors & may integrate with other HRIS.

Where do we store the Personal Data we collect?

The data is stored on a RDS database on AWS (Amazon Web Services) in Francfort, Germany. The data is never replicated or copied out the region.

How long do we store the Personal Data?

We keep the data for 18 months. After our system automatically deletes the Personal Data.