1. Purpose

• This Policy sets out the periods for which that Personal Data processed by Random Team is to be retained.

2. Scope

• This policy applies to Personal Data processed on behalf of its customers, excluding data about Random Team employees or other activities

3. Definitions

TermDefinition :

Confidential Information means non-public information that derives independent value from not being generally known to the public, but does not include any information that :

(i) was or subsequently becomes publicly available without breach of any confidentiality obligations,

(ii) was known prior to the disclosure of such information,

(iii) was or is subsequently obtained from another source without breach of any confidentiality obligation, or

(iv) is independently developed without reference to any Sensitive and/or Confidential Information.

Data Controller means the person or organization that determines the purpose and means of the Processing of Personal Data.

Data Subject means a living, identified or identifiable individual for whom Random Team holds Confidential Information.

Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.

Employees means who are employees of Random Team’ customers and for whom Random Team holds and processes Personal Data.

GDPR means the Regulation (EU) 2016/679 on the protection of natural persons with regard to Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”)

4. Type of data processed

• Random Team processes information on behalf of its customers (the Data Controllers). The type of information generally processed by Random Team includes the following categories of data.

• Personal Data uploaded onto the platform containing nominative data such as first names, last names or emails

• Data generated following the use of the platform RandomCoffee

4.1 Personal Data

• Random Team processes Personal Data as defined by the EU GDPR on behalf of its customers. It includes:

Type of Data Example

First Name : John

Last Name : Doe

Professional Email: john.doe@acme.com

Work-related Information(e.g.: Team, floor, department or any work-related information that may be used to use the product) : Marketing, 3rd Floor

4.2 Data generated following the use of RandomCoffee

• The use of RandomCoffee by Random Team’s customers generates data that is processed by Random Team. It includes:

Type of Data Example :

Acceptance Information (i.e.: employees who accepted to meet a colleague) : John Doe accepted to meet a new colleague for Session #2

History of the matches (i.e.: groups of employees matched together thanks to Random Coffee) : John Doe & Jane Doe matched for Session #2

4.3 Sensitive Personal Information

• Random Team does not process Sensitive Personal Information as defined by the EU GDPR.

5. Data retention

• Under the GDPR, personal data shall be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

• In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes (subject to the implementation of the appropriate technical and organisational measures required by the GDPR to protect that data).

Type of Personal Data Category of Data Subject,Nature of Processing Carried Out Purpose(s) of Processing, Duration of the Processing :

First Name, Last Name, Professional Email

Work-related Information (e.g.: Team, Department, Building)

IP Addresses, Employees Storage, Communication by email, creating targeted connections between Employees & Communicating targeted, connections to concerned employees, Duration of the Service Agreement + 30 Days.

Acceptance information and history of the matches.

Analysis of connections created : Enable the Data Controller to have a deeper understanding of the connections created.