Privacy policies

The purpose of this policy is to inform you about the procedures by which we process this data in accordance with Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (the “GDPR”).

  1. Who is the data controller?

During your navigation on our website or in the context of managing our contractual relationships with our clients, the data controller is Cleyrop, a simplified joint-stock company registered with the RCS of Paris under number 891 924 383 and headquartered at 16, rue Washington, 75016 Paris (“We”).

However, when our clients use our services via the Platform, we collect and process personal data on their behalf. Our clients are therefore responsible for processing the data in accordance with Article 4 of the GDPR. We act as a data processor, as a service provider.

  1. What data do we collect?

Personal data is data that can directly or indirectly identify an individual.

We collect personal data falling into the following categories:

  • Identification data (name, first name, email address);
  • Professional data (title, role, company);
  • Connection data (connection logs, encrypted passwords, usage data);
  • Browsing data (IP address, pages visited, date and time of connection, browser used, operating system, user ID, IFA);
  • Any information you wish to provide to us as part of your contact request or Platform demonstration.

Mandatory data is indicated when you provide us with your data. They are identified by any means.

  1. On what legal basis, for what purposes, and for how long do we retain your personal data?
  2. Who are the recipients of your data?

Access to your personal data will be granted to:

  • Our company personnel;
  • Our subcontractors: hosting providers, newsletter sending providers, audience measurement and analysis providers, email providers, secure payment providers, project management tool providers, human resources management tool providers, payroll management tool providers, billing tool providers, cookie management tool providers;
  • Our partners (consulting firms, IT solution providers);
  • If necessary, public and private entities, exclusively to fulfill our legal obligations.
  1. Are your data likely to be transferred outside the European Union?

Your data is retained and stored for the entire duration of processing on OVH servers located within the European Union.

As for the tools we use (see the section on recipients regarding our subcontractors), your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured using the following tools:

  • Either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, that country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
  • Or the data is transferred to a country whose level of data protection has not been recognized as adequate under the GDPR: in this case, these transfers are based on appropriate safeguards specified in Article 46 of the GDPR, tailored to each provider, including, but not limited to, the conclusion of standard contractual clauses approved by the European Commission, the implementation of binding corporate rules, or pursuant to an approved certification mechanism.
  • Or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

What are your rights regarding your data?

  1. Are your data likely to be transferred outside the European Union?

You have the following rights concerning your personal data:

  • Right to information: This is the reason we have prepared this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: You have the right to access all your personal data at any time, under Article 15 of the GDPR.
  • Right to rectification: You have the right to rectify your inaccurate, incomplete, or outdated personal data at any time, in accordance with Article 16 of the GDPR.
  • Right to restriction: You have the right to obtain the restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: You have the right to request the erasure of your personal data and to prohibit any future collection for the reasons stated in Article 17 of the GDPR.
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you believe that the processing of your personal data constitutes a violation of applicable laws, in accordance with Article 77 of the GDPR.
  • Right to establish directives regarding the storage, erasure, and communication of your personal data after your death.
  • Right to withdraw your consent at any time: For purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not affect the legality of the processing carried out before the withdrawal.
  • Right to data portability: Under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a machine-readable standard format and to request their transfer to a recipient of your choice.
  • Right to object: Under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note that we may continue processing despite this objection for legitimate reasons or for the defense of legal rights.

You can exercise these rights by contacting us at the following contact details. We may ask you to provide additional information or documents to justify your identity.

  1. What cookies do we use?

To learn more about cookie management, please refer to our Cookie Policy.

Contact point for exercising your rights

Contact Email: dpo@cleyrop.com

Contact Address: Cleyrop, 16 rue Washington, 75018 Paris

Changes

We reserve the right to modify this policy at any time, particularly to comply with any regulatory, jurisprudential, editorial, or technical developments. These modifications will take effect on the date of entry into force of the modified version. Therefore, you are invited to regularly consult the latest version of this privacy policy. Nevertheless, we will inform you of any significant changes to this privacy policy.

Effective Date: 04/05/2023