Privacy Policy
Last update: October 12th, 2023
DataGalaxy (hereinafter referred to as “DataGalaxy,” “we,” or “us”) is committed to the protection of personal data (hereinafter referred to as “PII”) and privacy of the users of its web site, software solution, and services (hereinafter referred to as “Services.”)
In this respect, and in compliance with the legislation in force regarding the processing and protection of personal data and, in particular, the modified law n°78-17 of January 6, 1978 regarding data processing, files, and liberties and the European General Regulation on the Protection of Personal Data of April 27, 2016 (hereinafter the “GDPR,”) DataGalaxy commits itself to respecting the confidentiality, the integrity and the security of your PII.
The following is a collection of information and resources to help you answer questions about your experience with DataGalaxy. We appreciate your interest and are proud to have you as a member of our community!
Therefore, we inform you in this privacy policy (hereinafter the “Privacy Policy”) of the conditions under which your PII may be processed by us, as data controller, when:
We may amend this Privacy Policy at any time to ensure transparency in the processing of your PII. We therefore invite you to consult it regularly.
By using the DataGalaxy Services, you consent to our collection and processing of the following PII:
| Types of PII | Purpose | Legal basis |
|---|---|---|
| Identification data (name, surname, civil status), Billing and financial data (company’s bank details, payments, etc.), Data related to professional life (function, company, professional e-mail address, professional telephone number), Data shared with DataGalaxy teams including the support service, Browsing data on the DataGalaxy platform. | Execute the services requested in the contract (creation, configuration and maintenance of your DataGalaxy account, billing management…), Ensure a quality and available support, Ensure a quality commercial relationship, Manage product evolutions to improve the customer experience, Manage marketing events. | The necessity to pursue the legitimate objectives of DataGalaxy, namely: The execution of the contract to which you are party. The fulfillment of our legal obligations. The respect of your consent, if granted, to receive our marketing emails or the legitimate interest of DataGalaxy to send marketing emails. |
| Types of PII | Purpose | Legal basis |
|---|---|---|
| Identification data (surname, first name, civil status), Data related to professional life (function, company, professional e-mail address, professional telephone number). | Contact you to arrange a demonstration to show you the product, and/or to send you marketing communications, Marketing Event Management. | The necessity to pursue the legitimate objectives of DataGalaxy, namely: The development and follow-up of its prospect base. The promotion of its product, especially through commercial prospecting. |
| Types of PII | Purpose | Legal basis |
|---|---|---|
| Internet data/browsing data (cookies, logs, nature of the terminal, pages consulted, etc.). | To enable the website and navigation to function properly, to offer appropriate advertising. | The necessity to pursue the legitimate objectives of DataGalaxy, namely: To develop a functional website. To establish statistics concerning the use of the Website in order to improve it. |
| Types of PII | Purpose | Legal basis |
|---|---|---|
| Internet data/browsing data Data shared with DataGalaxy teams including the recruitment service (CV, test results, etc.). | To enable the website and navigation to function properly To know the interests according to the pages consulted. | The necessity to pursue the legitimate objectives of DataGalaxy, namely: The development and monitoring of its candidate base. The promotion of its product in order to develop its attractiveness to potential candidates. For all other PII collected by any other means, the PII collection form will describe the rules that apply if they are different from the rules in the Privacy Policy. |
DataGalaxy keeps the collected PII for the time strictly necessary to achieve the purpose of each processing, except for the exceptions provided for by the Law. These retention periods are indicated in the table below.
| Types of PII | Duration of retention | Why? |
|---|---|---|
| Identification data, Work-related data. | Duration of the contract, then 3 years after its end. | For statistical and more general evidential purposes. |
| Billing and financial data. | Duration of the contract, then 10 years after its end. | For the recovery of unpaid debts and more generally for evidential purposes in accordance with the law. |
| Data shared with DataGalaxy teams including the support service. | Duration of the contract. | To ensure continuous monitoring of exchanges, incidents and requests. |
| Types of PII | Duration of retention | Why? |
|---|---|---|
| Identification data, Work-related data. | 3 years after their first collection, unless you request their deletion. | To enable the website and navigation to function properly. |
| Types of PII | Duration of retention | Why? |
|---|---|---|
| Internet data/Browsing data. | 13 months after their first installation on your terminal. | To enable the website and navigation to function properly. |
| Types of PII | Duration of retention | Why? |
|---|---|---|
| Internet data/Browsing data, Data shared with DataGalaxy teams including the recruitment service (CV, tests results…). | 13 months after their first installation on your terminal (cookies), and 2 years from the last contact with DataGalaxy, unless you request their deletion. | Allow us to keep your contact details and profile data for possible future opportunities. |
According to GDPR, your PII may be kept by us until the limitation periods for legal action have been reached. In this case, only the persons in charge of the litigation within the company have access to it. At the end of these periods, your PII are either deleted or irreversibly anonymised.
When we no longer have a legitimate business need to process your PII, we will delete it as soon as technically possible.
In view of the purpose of each processing, DataGalaxy implements the necessary means to ensure that PII are only accessible by its internal departments that need to know them, if this is strictly necessary for the proper execution of the processing.
PII are therefore transferred to the competent DataGalaxy departments, depending on the type of data and the purpose.
In the course of its business and for the provision of its Services, DataGalaxy may share your PII with third party service providers.
These service providers act, according to article 4.8 of the GDPR, as personal data processors. In such a case, DataGalaxy undertakes to constantly ensure that :
| Name | Type of PII | Why? |
|---|---|---|
| Amazon Web Services, Microsoft AZURE, OVH, Google Cloud Platform | All types of data. | For hosting and backup purposes. |
| Google Suite | Identification data, Work-related data, and any other PII you may share with us when you contact us by email. | To manage our email and daily operations. |
| Pack office | Identification data, Work-related data and any other PII you may share with us when we have a contractual negotiation. | To manage daily operations and contractual negociations. |
| Notion | Identification data, Work-related data and any other PII you may share with us when we have a contractual negotiation and/or when you contact us. | For the purposes of management and documentation of tasks, processes and projects. |
| Name | Type of PII | Why? |
|---|---|---|
| Google Analytics | Internet data/Browsing data, unless you haven’t given your prior consent. | To improve your user experience on our Site, perform statistics and measure activity. |
| Axeptio | Cookies, unless you haven’t given your prior consent. | For the purpose of managing the collection of visitors’ consent to the collection of cookies. |
| Event service providers (audiovisual service providers, etc.) | Identification data (when necessary). | For promotional event management purposes.For the purpose of managing the collection of visitors’ consent to the collection of cookies. |
| Name | Type of PII | Why? |
|---|---|---|
| Docusign | Identification data and Work-related data (Client and Candidates). | For contract signing purposes. |
| Hubspot | Identifying and Work-related data, and any other PII that Clients and/or prospects share with us. | For Customer Relationship Management purposes. |
| Pendo | Any PII that you may share with us when reporting an incident or seeking support. | To improve your user experience on our Site, perform statistics and measure activity. |
| Freshdesk | Any PII that you may share with us when reporting an incident or seeking support. | To manage customer support, incident resolution and follow-up on your requests. |
| Workable | Any PII transmitted by the Candidates when applying for a DataGalaxy job offer. | For application management and recruitment purposes. |
Your PII may be shared with other types of third parties :
| Type of provider | Type of PII | Why? |
|---|---|---|
| Independent contractors (providers) | Data strictly necessary for the performance of their duties. | To run some of the services. |
| Accountants | Billing and financial data, Work-related data (if necessary) | For accounting purposes. |
| Law firm | The data provided by the Client in the context of the contract. | For dispute resolution purposes. |
We may also share your PII in the following specific cases:
All PII collected concerning Visitors, Prospects and Candidates are hosted in Europe, regardless of the hosting provider. For Customers, the location of storage depends on the subscription chosen:
Our hosting providers have numerous security certifications, a list of which is publicly accessible on their websites.
DataGalaxy does not currently transfer any PII outside the European Union. In the event that we make such transfers, they will only take place indirectly through our subcontractors.
DataGalaxy being subject to the GDPR, if it intends to engage any subcontractor for activities that imply a transfer of PII from the Customer to any country outside the European Union, then it undertakes to ensure that the security and confidentiality of said PII are preserved and this in particular through:
Data protection agreements in place between the EU and destination countries.
Standard contractual clauses issued by the European Commission or a Supervisory Authority in accordance with Article 46 of the GDPR.
Contracts for the outsourcing of Personal Data in accordance with Article 28 of the GDPR.
If a transfer of PII to countries not recognized by the European Commission as having an adequate level of protection is envisaged, DataGalaxy will systematically inform you.
DataGalaxy makes its best efforts to limit the transfer of PII outside the United States. When such a transfer is envisaged, it must be linked to support and the improvement of the user experience.
In order to facilitate the management of support and the resulting user experience, we transfer certain PII (surname, first name, email address and message content) relating to users of the Solution at the Customer’s site from the United States to France. The PII are temporarily replicated in France while the issue that led to the support contact is resolved.
As such French support is subject to the RGPD, the security and confidentiality of PII is ensured by local legal provisions, which are very protective.
In order to ensure the security of the PII you send us, we have put in place a number of appropriate technical and organizational measures. In particular, the security of your PII is ensured by:
In order to reinforce the protection of your PII, we strongly recommend that you use a long password with several special characters, which you should change regularly and keep confidential.
In accordance with the GDPR, you have the following rights:
To exercise your rights, we invite you to send us your request directly :
In accordance with the applicable legislation, we will ask you to prove your identity. Therefore, we thank you in advance for specifying when sending your request :
DataGalaxy will have a maximum of one (1) month to respond to your request, which may be extended up to 2 (two) months depending on the complexity of the request. If we do not respond to your request, we will inform you of the reasons and of the possibility to lodge a complaint with a supervisory authority and to seek legal redress.
