Privacy Policy
EASYPICKY WEBSITE
Last updated: June 2025
We place great importance on the protection of your Personal Data and ensure strict compliance with privacy regulations, in particular Regulation (EU) 2016/679 of April 26, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), as well as French Law No. 78-17 of January 6, 1978, known as the “Data Protection Act”, as amended in 2018 (the “Applicable Legislation”).
We encourage you to read this Privacy Policy (the “Policy”) carefully, as it contains important information about how we collect, use, and disclose certain Personal Data in order to meet your needs and improve the quality of the services we offer. This Policy applies to all types of Personal Data, regardless of their format (e.g., electronic, paper, etc.) and to all types of processing, whether manual or automated. Its scope includes the Personal Data of our partners, subcontractors, consultants, clients, users, prospects, suppliers, and more generally any third party whose Personal Data we process in the course of our business activities.
The Policy is divided into two parts, as it includes:
- La politique de confidentialité relative à la collecte et au traitement des Données Personnelles lorsque EASYPICKY est Responsable de Traitement, et plus précisément :
- La collecte et le traitement des Données Personnelles effectués de manière générale dans le cadre de l’activité d’EASYPICKY (ci-dessous) ;
- The collection and processing of Personal Data carried out on the website accessible at https://easypicky.com/en (the “Site”). This policy applies to you when you browse the Site (see below).
- The privacy policy relating to the collection and processing of Personal Data when EASYPICKY acts as a Processor, meaning those carried out through the EASYPICKY solution (the “Solution”). This policy applies to you when you are a User of the Solution (see below).
Who are we?
The Solution and the Site are provided to you by EASYPICKY, a simplified joint-stock company registered with the Montpellier Trade and Companies Register under number 831 341 549, with its registered office at 72 Boulevard Pénélope, 34000 Montpellier (“we,” “our,” or “us”).
You can contact our Data Protection Officer at the following email address: [email protected]
Definitions
To help you better understand the Policy, please refer to the definitions below, which will be used throughout this Policy:
Explicit Consent means any freely given, specific, and informed indication of the Data Subject’s agreement to the processing of their Personal Data.
Personal Data means any information relating to an identified or identifiable natural person.
Sensitive Data or Special Categories of Data include Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data intended to identify a natural person, data concerning health, or data relating to a person’s sex life or sexual orientation.
Purpose of Processing means the main objective for which we collect and process Personal Data.
Data Subject means an identified or identifiable natural person.
Data Controller means the person who determines the purposes and means of processing.
Processing (to process or processing) means any operation or set of operations performed on Personal Data, whether automated or not, including but not limited to collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, restriction, erasure, or destruction.
Third Party means a third party or business partner who, in the context of your current or potential use of the Solution, provides us with Personal Data on your behalf or receives or accesses Personal Data on our behalf, such as suppliers, subcontractors, and other service providers.
You, you, or User means the natural person whose Personal Data is collected and processed under this Policy, and who qualifies as a Data Subject under the Applicable Legislation.
We collect your Personal Data through various means:
- When you visit the Site;
- When you contact us on the Site (for example, via the “Contact Us” or “Contact” tab) to inquire about the Solution;
- When you schedule an appointment with us on the Site via the “Book an Appointment” tab;
- When we wish to contact you to provide information about the Solution and present our business;
- When you subscribe to our newsletter;
- When you participate in one of our webinars;
- When you request the delivery of one of our white papers;
- When you wish to submit your application by sending your CV via the contact form on the Site.
- What Personal Data do we collect?
| The Personal Data we collect on the Site are as follows: * When you contact us: identification data (first name, last name, professional email, and optionally, phone number). Technical data (timestamp, subject of the request, follow-up actions, statistics). We may also collect and process other Personal Data through the message you leave in the free text field; * When you book an appointment with us: first name, last name, and email address; * When you apply for a job: Personal Data included in your CV and cover letter, namely first name, last name, date of birth, postal address, degrees, education and professional experience, and a photograph; * When you subscribe to the newsletter: email address; * When you participate in one of our webinars: first name, last name, email address, and company affiliation; * When you request the delivery of a white paper: first name, last name, email address, and company affiliation; * For the technical management and administration of the Site: timestamp, IP address, technical data related to the equipment and browser used by Users, cookies. | Details: We adhere to the principles of data minimization and accuracy when collecting your Personal Data: Accordingly, we ensure that the Personal Data we collect is relevant, adequate, and not excessive in relation to the Purposes of Processing and their intended use. This means that only the information necessary and relevant for the intended purposes may be collected and processed. |
- What are the Purposes of Processing?
| Site Management | Preparation of content publication Publishing contact forms Management of the Site’s operation and security Technical administration in collaboration with service providers (maintenance, hosting, domain name registrar) Production of audience statistics | Details: Personal Data will not be further processed in a manner incompatible with these Purposes of Processing. | |
| Recruitment | Receipt and recording of applications sent to EASYPICKY via the Site Management of recruitment procedures Responses to candidates Creation of a CV database | ||
| Sales prospecting | Commercial communications Responses to inquiries on the Site Establishing contact Tracking prospects | ||
| Newsletter management | Content preparation Subscription management Management of electronic mailings | ||
| Webinar management | Sending information and replay to participants Sending information about upcoming webinars (E1) (MB2) (EL3) | ||
| Sending white papers | Sending white papers by email to individuals who request them | ||
| Management of requests received via the contact form and appointment booking form on the Website | Reception of requests via the Site’s contact form and appointment requests Management of responses and appointment requests with the relevant EASYPICKY departments Integration of the person’s contact details into HubSpot Contacting the person |
- What is the legal basis that allows us to process your Personal Data?
We only process Personal Data based on a clearly identified legal basis.
For the processing carried out through the Site, this includes:
- Your explicit consent that you have given for us to collect and process your Personal Data (for example, for sending the newsletter or a white paper);
- Our legitimate interests in processing your Personal Data (for managing the Site and conducting commercial prospecting on the Site);
- The performance of pre-contractual measures (for recruitment conducted through the Site);
- Compliance with a legal obligation (for handling requests to exercise your rights under the GDPR).
- What security and privacy measures do we implement to protect your Personal Data?
| Technical and organizational measures implemented | We protect the Personal Data collected, used, stored, and disclosed by implementing the necessary technical and organizational measures to ensure the highest level of security, integrity, and confidentiality. Technical and organizational measures compliant with applicable standards are put in place to prevent any accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other form of unlawful or unauthorized processing. We implement these measures from the earliest stages of designing processing operations to protect privacy and data protection principles from the outset (“Privacy by design”). By default, we ensure that Personal Data is processed to protect privacy (for example, by limiting access only to those who need it), so that Personal Data is not accessible to an indefinite or excessive number of people (“Privacy by default”). |
| Selection of service providers and partners | We select service providers and partners who offer sufficient guarantees to implement technical and organizational measures that are at least equally protective. |
| Documentation | We establish and maintain the necessary documentation to demonstrate compliance with all our obligations under the Applicable Legislation. |
| Personal Data Breach | When required by applicable law, we notify the User, any affected Data Subject, and the competent supervisory authority of any Personal Data breach within the legally mandated timeframes after becoming aware of it. We commit to implementing technical and organizational security measures to limit the impact of any Personal Data breach and to prevent its recurrence. |
| Impact Assessment | Before collecting, using, storing, or disclosing Personal Data in a new system or as part of a new project, we carefully define the Processing Purposes and assess the privacy risks. When the processing of Personal Data is likely to result in a high risk to the rights and freedoms of Data Subjects, we conduct a privacy impact assessment prior to implementation and refrain from processing if this assessment reveals incompatibility with the principles of the Applicable Legislation. |
- How long do we keep your Personal Data?
We retain Personal Data for as long as necessary to fulfill the purposes for which they were collected and processed, after which we archive them for the applicable retention period as defined in our retention policy. The purposes of this archiving and the corresponding retention periods are detailed below:
| Site Management | Publication preparation data (orders, tracking, editorial content) are retained for five years from the date of publication. Data related to exchanges with service providers are retained for five years after the end of the contract. |
| Recruitment | 2 years for a job applicant |
| Sales prospecting | 3 years from the last active contact from the prospect |
| Newsletter management | As long as the person concerned does not unsubscribe |
| Webinar management | 3 years from the last participation |
| Sending white papers | 3 years from the date of dispatch of the white paper (E4) (MB5) (EL6) |
| Management of requests received via the contact form and appointment booking form on the Website | Data collected via web forms is stored for a maximum period of: 5 years from receipt if the person becomes a customer, 3 years for a prospect, and 2 years for a job applicant. |
Any third party processing Personal Data on our behalf will only retain it for as long as necessary for the purposes for which it was collected and processed and for other compatible purposes, which may include:
- Participation in the applicable Purpose of Processing as set out above; or
- The need to comply with a legal or regulatory requirement and applicable laws regarding prescription;
- Defense against legal or contractual actions (in this case, Personal Data may be retained until the end of the applicable statute of limitations or in accordance with applicable litigation hold policies).
All reasonable measures are taken to ensure that Personal Data is kept in a sufficiently accurate and up-to-date form at every stage of its processing.
We encourage Data Subjects to help us keep your Personal Data up to date by exercising your rights, including the right to access and rectify your data.
- What are your rights as a Data Subject?
We are responsive to requests regarding your Personal Data and, in accordance with Applicable Law, we give you the opportunity to access, correct, restrict, and delete your Personal Data. We also allow you to object to the processing of your Personal Data and to exercise your right to portability.
To exercise your rights, please use the contact details of our representative provided above. You also have the right to lodge a complaint with the competent personal data supervisory authority, the Commission Nationale de l’Informatique et des Libertés (https://www.cnil.fr/fr/plaintes), if you believe that we have not respected your rights.
| Right of access | We will provide access to all Personal Data relating to a Data Subject in accordance with Applicable Law, the Purposes of Processing, the categories of Personal Data processed, the categories of recipients, the data retention period, the rights to rectify, erase or restrict the Personal Data accessed, where applicable, etc. |
| Right to portability | We can also provide a copy of all Personal Data that we hold in a compatible and structured format to enable the exercise of the right to data portability, where relevant under applicable law. |
| Right of rectification | Data Subjects may request us to correct, amend, or delete any Personal Data that is incomplete, outdated, or inaccurate. |
| Right to erasure | Data Subjects may request the deletion of their Personal Data (i) if such Personal Data is no longer necessary for the purposes of data processing, (ii) the Data Subject has withdrawn their consent to processing based exclusively on that consent, (iii) the Data Subject has objected to the processing, (iv) the processing of Personal Data is unlawful, or (v) the Personal Data must be erased to comply with a legal obligation applicable to us. |
| Right of limitation | Data Subjects may request the restriction of their Personal Data (i) in the event of a dispute regarding the accuracy of the Personal Data, to enable us to verify its accuracy, (ii) if the Data Subject wishes to restrict the Personal Data rather than delete it, despite the fact that the processing is unlawful, (iii) if the Data Subject wishes us to retain the Personal Data because they need it for their defense in the context of claims. |
| Right to withdraw consent | When the processing of Personal Data is based on the consent of the Data Subject, the Data Subject may withdraw their consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal. |
| Right to object | The Data Subject may also object to the processing of their Personal Data at any time when their data is used for marketing purposes to send targeted advertising, or object to the sharing of their Personal Data with Third Parties, or when the processing is based on our legitimate interest, unless we can demonstrate legitimate grounds that override the rights and freedoms of the Data Subject or the establishment, exercise, or defense of legal claims. |
| Digital legacy | Data Subjects have the right to define guidelines (general or specific) regarding the use of their Personal Data after their death. |
| Profiling | We do not make fully automated decisions that have legal effects or significantly affect a data subject based on profiling activities involving that data subject, unless required or permitted by applicable law, the performance of a contract, or the consent of the data subject, and appropriate safeguards are in place to protect the rights of the data subject. |
- To whom may we disclose your Personal Data?
| Internal use: our employees | Your Personal Data may be processed by our employees, within the limits of their respective responsibilities and exclusively for the purposes set out in this Policy. In this case, our employees undertake to respect the confidentiality of Your Personal Data. |
| Disclosure to Third Parties | Personal Data is only disclosed to Third Parties to the extent that there is a legal justification for such sharing (e.g., the data subject has given their consent, disclosure is necessary to perform a contract, pursuit of a legitimate purpose that does not infringe on the fundamental rights of the data subject, including the right to privacy). Disclosure is made on a “need-to-know” basis strictly limited to the legal basis. If disclosure is necessary to comply with a legal obligation (e.g., for a government agency or police/security service) or in the context of legal proceedings, Personal Data may generally be provided as long as the disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation. |
| Our Subcontractors | We rely on trusted service providers based in France for hosting (OVH). These hosting services offer industry-leading scalability, data availability, security, and performance, with a documented business continuity plan. For the purposes set out in this Policy, we also use the services provided by several specialist companies, including Hubspot, Google, and Microsoft. |
| Administrative and judicial authorities | We may be required to disclose Personal Data in response to legal requests from the competent administrative and judicial authorities. |
- Are your personal data transferred outside the European Union?
In order to fulfill the Processing Purposes described in this Policy, we may use service providers located outside the European Union.
If the transfer takes place to a third country in which the legislation has not been recognized as providing an adequate level of protection for Personal Data, we ensure that appropriate measures are put in place in accordance with the Legislation in Force, and in particular, where necessary, that standard contractual clauses or equivalent ad hoc clauses are included in the contract we enter into with the subsequent processor.
The list of transfers of Personal Data outside the European Union is provided below:
| Service Providers / Tools | Purposes | Country |
| MAILCHIMP | Newsletter | Etats-Unis |
| Google Analytics | Statistical analysis | Etats-Unis |
| HUBSPOT | Follow up on requests made via the Website | Etats-Unis |
| MICROSOFT | Follow up on requests made via the Website, dissemination of webinars | Etats-Unis |
| ZOOM | Webinar broadcasts | Etats-Unis |
- Links to third-party websites
| The Site may contain hypertext links to third-party websites (including social networks or our job board). Please note that if you follow these links, the websites and services provided will be governed by their own terms of use and privacy policies. We cannot be held liable in any way for the non-compliance of their terms of use and privacy policies with the Legislation in Force. | Details: We advise you to read the privacy policies and terms of use applicable to these websites before providing your Personal Data and using these websites. |
- How do we handle complaints?
| We are committed to resolving legitimate privacy concerns of Data Subjects. We will investigate all complaints regarding potential or actual violations of this Policy or Applicable Law that are brought to our attention and will take all reasonable steps to mitigate their impact. | DetailsIn the event of a complaint that is not satisfactorily resolved, we will cooperate with the appropriate data protection supervisory authorities and comply with their advice to resolve any outstanding complaints. If we or the data protection supervisory authorities determine that our company or one or more of our employees have not complied with the Policy, we will take appropriate measures to remedy the effects of such non-compliance and promote future compliance. |
- Policy Change
We may modify, supplement, or update this Policy to reflect any legal, regulatory, jurisprudential, and/or technical developments. In the event of significant changes to the terms of this Policy (i.e., relating to legal bases, Purposes of Processing, or the exercise of rights), we undertake to inform you in writing at least thirty (30) days before they take effect. Any access to the Site after this period will be subject to the terms of the new Policy. Any Data Subject whose Personal Data is subject to this Policy acknowledges that the only authoritative version of the Policy is the one available online.
BY VISITING THE SITE, CONTACTING US, SUBSCRIBING TO THE NEWSLETTER OR A WEBINAR, AND MORE GENERALLY BY USING THE FEATURES AVAILABLE ON THE SITE, YOU AGREE TO THE TERMS AND CONDITIONS SET OUT IN THIS POLICY.
- Cookies on the Website
| We use cookie technologies on the Website to enable us to evaluate and improve the functionality of the site and the Solution. We may also use cookies for advertising or analytical purposes, subject to your consent and in accordance with your choices, using our cookie settings tool. | Details: For more information on how we use cookies, please see our cookie policy available here. |
