Privacy Policy

Effective date: May 2021

PRIVACY POLICY

This Privacy Policy sets out the practices of Ideolys in the area of the protection of your personal data. We wish to give you clear and transparent information about the way in which we collect, use and share the information you provide us throughout our relationship, both while you browse our websites www.easilys.com and www.ideolys.com when you wish to use our services. This Policy also aims to inform you of your rights and choices in respect of your personal data.

Any reference to “Ideolys”, “us”, “our” or the “Company” shall be a reference to Ideolys, a simplified joint stock company with capital of €272,040, having its registered office at ZAC Beaupuy – 52 rue Jacques-Yves Cousteau – 85000 La Roche sur Yon, registered with the trade and companies register of La Roche-sur-Yon under number 521 295 162 B, and its subsidiaries.

DEFINITIONS – PERSONAL DATA AND GDPR

What is the GDPR?

Regulation no 2016/679, known as the General Data Protection Regulation (hereinafter “GDPR”) is a regulation of reference in respect of the protection of personal data. It sets out a regulatory framework for the protection of the data of individuals within the European Union.

Ideolys processes your personal data in accordance with the GDPR.

What, under the GDPR, are personal data?

Under the GDPR, personally identifiable data (hereinafter “Personal Data”) means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person.

What is the processing of Personal Data?

Under the GDPR, the collection, saving and use of Personal Data is referred to by the term “Processing”. Thus, whenever this Privacy Policy uses that term, it refers to all action relating to Personal Data.

Who are the Controller and the Processor?

Ideolys may act both as the Controller of your Personal Data and as the Processor. Under the GDPR, Controller means the natural or legal person which determines the purposes and means of the processing, that is to say the aim and manner of processing.  Processor means a natural or legal person which processes Personal Data on behalf of another party as part of a service.

For the purpose of the Processing of the data you provide us while using the service as a customer (see the “YOUR CUSTOMER DATA” section), Ideolys acts as a processor according to your instructions. You are then the data controller.

For the purpose of the Processing of the Personal Data of administrators and users of the service provided by Ideolys, we act as the Controller (see the “YOUR PERSONAL DATA” section).

YOUR CUSTOMER DATA

What are customer data?

Customer data refers to information about your activity as a customer of Ideolys. In such a case, Ideolys is considered to be the processor and you are the data controller.

How are your customer data collected?

Customer data are the data that are entered, submitted or processed as part of the use you make of our services. These are also the data that we collect and process on your instructions, where we do not determine the purpose of processing. Customer data may contain Personal Data. Such data may be entered directly by you in Easilys software or by Ideolys. When the data are entered by Ideolys, you submit the data of your choice to Ideolys, which incorporates them into Easilys software. For example, these may be data about your suppliers or customers or data relating to your employees.

Our commitments in respect of your customer data

In its capacity as Processor, Ideolys agrees to:

  • Only process customer data as part of the performance and execution of the services;
  • Restrict access to customer data to only those employees of Ideolys who have been duly authorised to assist you as part of their support and maintenance duties;
  • Inform you of any change in the location of the servers used for hosting customer data; at the present time, these servers are located in France;
  • Ensure that customer data are highly secure and well protected;
  • Make its employees aware of the confidentiality of Personal Data and train them, where applicable, in the regulations application to the protection of such data.
  • Inform you promptly of any breach of Personal Data. Such notification shall specify (i) the categories and numbers of data subjects affected; (ii) the categories and number of records of Personal Data affected; (iii) the likely consequences of the Personal Data breach; (iv) any measures taken to mitigate and manage the breach, and shall be sent by email to the specific email address you have given us.

If Ideolys considers that an instruction given by you goes against applicable Personal Data protection laws, it shall immediately inform you of the same.

YOUR PERSONAL DATA

What are the Personal Data processed by Ideolys?

Ideolys may also collect and process Personal Data for the purposes of:

  • managing its customers;
  • fulfilling agreements and standard terms and conditions of use;
  • supplying services;
  • managing job applications.

In that case, Ideolys shall act as the controller.

You are a customer of Ideolys

In particular, Ideolys uses the Personal Data of the administrators and users of Easilys software. These particularly include the last name, first name, telephone number, email address and position so as to communicate with them to provide them with maintenance and functional assistance services, and to send them information about Easilys developments and news.

At any time, the recipients of the messages from Ideolys can opt out of receiving such information; however, in that case, they would not be fully informed of all the functions and developments of Easilys.

– You sign up for a demo or an online service or download an online guide

When you ask for a demo of Easilys software or when you sign up for our services online or download a guide, you complete the dedicated form with the following Personal Data: Last name, first name, email, telephone.

– You apply for a job offer from Ideolys

If you wish to apply for a job offered by Ideolys, you click the Jobs tab of the website easilys.com and are automatically taken to the Taleez web page. Taleez is our service provider for the management of applications in response to our job offers.

When you apply for a job offer, you complete the corresponding form with the following Personal Data: last name, first name, email, telephone number and any other information you elect to include in your CV.

– You have been sponsored

If you have been sponsored, your sponsor has completed a dedicated form with the following Personal Data about you: last name, first name, email, telephone number. We will contact you to inform you that you have been sponsored and let you know the identity of your sponsor. Before any other communication, we will ask for your express consent to the continuing use of your Personal Data.

How are Personal Data collected?

We may collect your Personal Data in the several ways described below.

  • Personal Data supplied by the customer and users of Easilys software, and those supplied by our partners;
  • Personal Data supplied by the customer or its employees during training courses, via attendance forms, training agreements and any other documents required for organising the training;
  • Personal Data provided via forms published on our different websites. These may for instance be contact forms, sponsorship forms, job applications, or forms for signing up for online services;
  • Personal Data supplied to the employees of Ideolys by participants at events such as industry fairs or conferences. In particular, these may include business cards;
  • As part of our sales action, we may conduct online research to identify the contacts we believe could be potentially interested in our services. We only collect publicly visible Personal Data and make sure that their use for commercial purposes is consented;

What are the legal bases for the collection of Personal Data?

Ideolys collects and processes Personal Data on the following legal bases:

  • Consent of the data subject;
  • Agreement performance. When processing is necessary for performing or preparing an agreement with the data subject;
  • Legitimate interest of Ideolys;
  • Legal obligation.

What are the purposes of the processing of your Personal Data?

Ideolys processes Personal Data for the following purposes:

  • Communication and marketing. Thus, we wish to send you information about our services depending on your needs;
  • Supply of services (creation of a customer account an identifier and password), software and maintenance, and management of invoicing for the service;
  • Recruitment management;
  • Application and functional analyses, correction of bugs and errors;
  • Creation and population of the system for managing relations with customers and prospects.

Our commitments in respect of your Personal Data

As the data controller, Ideolys informs you that:

  • The collection of Personal Data is limited to strictly useful data;
  • The collected data are not used for purposes other than those for which they have been collected in accordance with the agreement between the Parties;
  • You may exercise your rights. For more information about your rights in the area of Personal Data, please refer to the YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA section.

 

YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA

What are your rights?

  • Right to access your Personal Data;
  • Right to rectification of your Personal Data if they are inaccurate;
  • Right to erasure/deletion of your Personal Data to the extent permitted by applicable data protection laws;
  • Right to portability of the Personal Data provided to us, which have been processed on the basis of consent or the performance of an agreement. By exercising that right, you can retrieve your Personal Data in a machine-readable format and thus transfer them to another controller;
  • Right to object to the processing of your Personal Data, particularly when processing is for the purpose of direct marketing. In that case, you have the right to object to such processing at any time with no need to provide a particular reason. However, please note that you may not object to Processing where there are legitimate and imperious reasons for processing the data of if these are required for the ascertainment, exercise or defence of legal rights; where you have consented to processing – you must then withdraw the consent and not object to it; where an agreement with us is being performed; where a legal obligation requires us to process such Personal Data;
  • Right to restriction of Processing of your Personal Data to the extent permitted by law;
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“automated decision”);
  • Right to redress before a competent authority. Thus, any complaint relating to non-compliance with your rights in respect of personal data may be sent to CNIL (French data protection authority).

How can you exercise your rights?

To exercise your rights, please send a message stating the subject of your request to privacy@easilys.com. We will respond by confirming the exercise of the rights and provide all the information required for that purpose, if necessary. We may also contact you if we need additional information from you in order to fulfil your request. In any event, we will reply within a month; that period may be longer if the request is complex or requires an additional study.

If we process your Personal Data for the purpose of sending you marketing messages, you may manage the receipt of such messages by clicking on the Unsubscribe link at the bottom of email messages.

Please note that unsubscribing from marketing messages does not take you off the list of recipients of important commercial messages relating to your current relationship with us, such as messages relating to your subscriptions or registration for events, service announcements or security information.

 

ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD PARTIES OUTSIDE THE EUROPEAN UNION?

Ideolys may share your Personal Data with third-party service providers for the performance of the services provided to you. That is particularly true of online registration forms, the customer database management system of Ideolys and the service provider responsible for sending out Easilys news information. These service providers use servers located in the USA and are not permitted to use the Personal Data of the Customer other than for those purposes, and are bound by an obligation of confidentiality.

 

IN NO EVENT DO WE SELL YOUR PERSONAL DATA, WHICH ARE PROCESSED SOLELY AS PROVIDED IN THIS PRIVACY POLICY.

 

WHERE ARE YOUR DATA LOCATED?

Your customer data

Your customer data, namely the data you provide us as part of your use of our services as a Customer, are hosted on OVH servers in France.

– Your Personal Data

Your Personal Data may be stored in France when the third-party service provider has its servers in France, or in the USA when the servers are located there.

 

WHAT ARE THE SAFETY MEASURES TAKEN TO PROTECT YOUR DATA?

– Security of Customer Data

The data are hosted on OVH servers located only in France, using infrastructure covered by measures that offer optimum security. Access to the servers is made secure by a key, and is restricted to a limited number of individuals (four administrators).

Ideolys uses the following technical and organisational measures: (i) user password encryption; (ii) OVH server security measures: OVH agrees to optimally secure its infrastructure, particularly through the implementation of an information systems security policy and by fulfilling the requirements of several standards and certifications (PCI-DSS certification, ISO/IEC 27001 certification, SOC 1 TYPE II and SOC 2 TYPE II attestations etc.); (iii) user access control: secure password in accordance with the recommendations of the French data protection authority; (iv) customer data backup measures.

Security of Personal Data

Before using the services of a third party, Ideolys reviews that party’s privacy policy and the security measures put in place to protect the data transmitted to it for the purposes of the performance of the service.

Where these parties are located outside the European Economic Area, Ideolys enters into standard contractual clauses with them, based on the model recommended by the European Commission, in order to adequately protect the transferred Personal Data.

 

STORAGE PERIOD OF PERSONAL DATA

Ideolys as Processor

++ Personal Data provided by the Customer in Easilys

Ideolys as Controller

++ Your Personal Data as a Customer

++ Your Personal Data as an applicant for a job


 COOKIES

This Privacy Policy does not address the issue of cookies. For more information about cookies, please refer to the COOKIES MANAGEMENT POLICY.

CONTACT

If you have any query about this Privacy Policy or the practices of Ideolys in that respect, please contact the data protection offer at the following address: privacy@easilys.com.

AMENDMENTS TO THIS PRIVACY POLICY

This Privacy Policy is updated from time to time in order to reflect any changes to our practices and technology, legal requirements, and other factors. If required, we update the “effective date” stated at the start of the Policy. If a major update is made, we may give you notice of the same before it comes into effect, for instance by publishing a visible notice on our website or by contacting you directly.

We encourage you to regularly review this Privacy Policy so as to stay informed of how we collect, process and share your Personal Data.