Data Privacy Policy
 

What is the purpose of this policy?

We attach great importance to the protection and confidentiality of your personal data, which for us is a testament to our reliability and trustworthiness.

The data privacy policy specifically demonstrates our commitment to enforcing applicable data protection rules, particularly those of the General Data Protection Regulation ("GDPR").

Specifically, the privacy policy aims to inform you about how and why we process your data in connection with the services we provide.

Who does this policy apply to?

This policy applies to you, regardless of your place of residence, provided you are at least 15 years old, whether you are a client or a visitor of the www.episto.fr website.

If you are a candidate for a position at Episto, you can consult the "candidate" policy, which is available on our dedicated page on standard recruitment sites (e.g., LinkedIn, Indeed, etc.).

If you are under 15 years old, you are not authorized to use our services without the prior and explicit consent of one of your parents, which must be sent in writing to dpo@episto.fr. If you believe we may hold information about one of your children under 15 without your consent, you can request that we delete it by contacting dpo@episto.fr.

Why do we process your data?

As part of the services we offer, we are necessarily required to process your personal data for the following reasons and legal bases:

  • To browse our website www.episto.fr, pay for and benefit from our services (conducting surveys and studies, launching campaigns, creating surveys, etc.), and for us to be able to respond to your requests (e.g., information requests, complaints, etc.), based on our general terms and conditions of sale, our general terms of use, and our legitimate interest in providing you with the best possible service.
  • To stay informed about our latest offers and events by phone and email, based on our legitimate interest in retaining our customer base and prospecting for new potential clients.
  • To follow us and comment on our social media publications, based on the general terms of use of the social network concerned (e.g., Facebook) and our legitimate interest in maintaining a dedicated social media page.
  • To receive our newsletter, which will inform you of all news regarding our services, based on your consent.
  • To guarantee and enhance the security and quality of our services on a daily basis (e.g., statistics, data security, etc.), based on our legal obligations, our general terms and conditions of sale, and our legitimate interest in ensuring the proper functioning of our services.
  • Finally, we may also install “Cookies” on your device. For more information on the use of “Cookies”, we invite you to consult our “Cookie Policy”.

Your data is collected directly from you when you connect to our website and use our services.

We commit to processing your data only for the reasons previously described. Furthermore, we guarantee that none of your data will ever be sold to a partner or a third party. However, by voluntarily publishing content on the pages we manage on social networks, you acknowledge that you are entirely responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

What data do we process and for how long?

We have summarised the categories of personal data we collect and their respective retention periods.

If you wish to obtain further details on the retention periods applicable to your data, you can contact us at: dpo@episto.fr.

  • Professional identification data (e.g. name, surname, title, company, etc.) and contact information (e.g. professional email address, Linkedin, etc.) kept for the entire duration of the provision of the service, plus the legal statute of limitations, which is generally 5 years.
  • When there is a confusion between the name of your structure and your personal name (e.g.: freelance, interim, etc.), economic and financial data (e.g.: bank account number, verification code, etc.) kept for the time necessary for the transaction and the management of invoicing and payments, to which are added the legal prescription periods which are generally from 5 to 10 years
  • Data for commercial prospecting, marketing, and newsletter subscription purposes (e.g., email address, etc.) retained for a maximum period of 3 years from the last contact we had with you.
  • Connection data (e.g., logs, device type, browser type, etc.) retained for a period of 1 year.
  • Cookies, which are generally retained for a maximum period of 13 months. For more details on our use of cookies, you can consult our cookie policy, accessible at any time on our website.

Upon expiration of the retention periods summarised above, we delete all of your personal data to ensure your privacy for years to come.

The deletion of your personal data is irreversible, and we will no longer be able to communicate them to you after this period. At most, we can only retain anonymous data for statistical purposes.

Please also note that in the event of litigation, we are obligated to retain all data concerning you for the entire duration of the case processing, even after the expiration of their previously described retention periods.

What rights do you have to control the use of your data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data.

  • Right of access and copy of your personal data, provided that this request does not conflict with trade secrets, confidentiality, or the secrecy of communications.
  • Right to rectification of personal data that is inaccurate, outdated, or incomplete.
  • Right to object to the processing of your personal data for commercial prospecting purposes.
  • Right to request erasure (“right to be forgotten”) of your personal data that is not essential for the proper functioning of our services.
  • Right to restriction of processing of your personal data, which allows for a snapshot of your data's use in case of a dispute regarding the legitimacy of a processing operation.
  • Right to data portability, which allows you to retrieve a portion of your personal data to store or easily transmit it from one information system to another.
  • Right to provide instructions regarding the fate of your data in the event of your death, either directly by you or through a trusted third party or legal successor.

For a request to be taken into account, it is imperative that it be made directly by you at dpo@episto.fr. Any request that is not made this way cannot be processed.

Requests can only originate from you. Therefore, we may ask you to provide proof of identity if there is any doubt regarding the applicant's identity.

We will respond to your request as soon as possible, within a maximum of three months from its receipt, should the request be technically complex or if we receive numerous requests simultaneously.

Please note that we may always refuse to respond to any excessive or unfounded request, particularly in consideration of its repetitive nature.

Who can access your data?

We only disclose your data to individuals duly authorized to use it for the implementation of our services. This may include our personnel responsible for service delivery, accounting, marketing, or even the security of our premises.

How do we protect your data?

We implement all the technical and organisationalmeansrequired to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g.: training, access control, passwords, antivirus, "https", etc.).

Can your data be transferred outside the European Union?

Unless strictly necessary and exceptionally, we never transfer your data outside the European Union, and your data is always hosted on European soil. Furthermore, we make every effort to only engage service providers who host your data within the European Union.

Should our service providers nonetheless be required to transfer your personal data outside the European Union, we meticulously ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at the following address: dpo@episto.fr.

How can you contact the CNIL (the French equivalent of the ICO - Information Commissioner Office)?

You may at any time contact the French data protection supervisory authority (the French equivalent of the ICO - Information Commissioner Office - the "Commission Nationale de l'informatique et des libertés" or "CNIL") at the following address CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by calling at 00331.53.73.22.22.

Can the policy be modified?

We may modify our privacy policy at any time to adapt it to new legal requirements as well as to new processing activities that we may implement in the future. You will, of course, be informed of any changes to this policy.

Certified compliant by Dipeeo ®

Want to know more?

Let's get to know each other

Book a meeting
TechnologyAbout usDemo
Survey types
Image and awareness survey
Practices & habits
Local survey
Satisfaction survey
Concept testing
Advertising testing and media measurement
Customers
Market research company
Brand
Retailer
Communication agency
Consulting firm
Resources
Episto blogNewsroomCase studiesOur content
Episto 2022. All rights reserved.
Legal informationPrivacy policyCookie policyTerms of use
Languages:
FR