Last updated on 28 february 2024
In accordance with the best practices of EU Regulation No. 2016/679 of April 27, 2016, also known as the GDPR (General Data Protection Regulation), MADTECH provides you with all the necessary information on this page to help you understand the management of your personal data. Here are the details of MADTECH and the Publisher of the Klara application:
- Company Name: MADTECH, a Simplified Joint-Stock Company (SAS) with a capital of €30,000, registered with the Paris Trade and Companies Register under number 854076205
- Registered Office: 2, rue du Sentier, 75002 PARIS
- Publisher: Nazim Chibane
- Contact: n.chibane@klarahr.com
All data collected and processed is done so at the decision of the Data Controller. Here are their details:
- Name: Victor GOYA
- Position: CTO
- Contact: v.goya@klarahr.com
The Data Protection Officer (DPO) has an informational, advisory, and oversight role with respect to the Data Controller. They ensure the protection of your personal data and compliance with the GDPR. Here are their details:
- Name: Nathan HIMPENS
- Position: Cyber Security Engineer
- Contact: n.himpens@klarahr.com
The CNIL (National Commission for Computing and Liberties) is the French supervisory authority responsible for ensuring the proper application of the GDPR. They can provide advice and assistance on any questions you may have regarding your personal data, either through their website or by contacting them directly.
For each personal data you provide to MADTECH, you can exercise at any time any or all of the rights you retain over your data, in accordance with the GDPR, by contacting us via email at support@klarahr.com. We will respond to you within a maximum period of one month, whenever possible.
Right to withdraw consent: You may withdraw your consent for the use of your data at any time. We will then cease using your data, but any processing carried out before we had your consent will remain valid.
Right of access: You can ask us if any data is held about you and request that we provide you with this information to verify its content. For more information, you can consult this article from the CNIL.
Right of rectification: You can ask us to correct any inaccurate or incomplete information about you. This will ensure that we do not use incorrect information. For more information, you can consult this article from the CNIL.
Right to erasure, also known as the right to be forgotten: You can ask us to delete your personal data. For more information, you can consult this article from the CNIL.
Right to restriction of processing You can ask us to temporarily suspend the use of certain data. For more information, you can consult this article from the CNIL.
Right to object: You can object to all or part of the processing of your data. For more information, you can consult this article from the CNIL.
Right to data portability: You can ask us to retrieve the data you provided to us in an easily usable format. For more information, you can consult this article from the CNIL.
You also have the right to lodge a complaint with the CNIL (National Commission for Computing and Liberties), as well as the right to take legal action if you believe that your rights have not been respected.
As part of our services, including training and SaaS solutions, we collect and process certain personal data (name, surname, email address, IP address, logs, etc.) related to employees and participants. This data may be used for administrative management purposes, customer relationship management (sending invitations, providing materials, gathering evaluations), and tracking activity indicators. No sensitive data is processed.
In compliance with the French Data Protection Act (Law No. 78-17 of January 6, 1978) and the General Data Protection Regulation (EU Regulation No. 2016/679), we ensure:
- The use of data solely for the purposes for which it was collected, specifically within the framework of a secure private SaaS cloud.
- Transparency regarding the nature of the data processed, its purpose, its organization, and the duration of its retention, which is limited to the duration of the service, plus any applicable legal retention periods.
- The right to access, rectify, or delete data for participants, and at the end of the service, the destruction or anonymization of this data upon request from the data controller, with a certificate of destruction provided if applicable.
We also commit to sharing the collected information only with authorized judicial or administrative authorities, within the strict legal and regulatory framework.
| Identification of Subsequent Subcontractors | Purpose of Processing | Description of Processing | Processing Duration | Third Countries to Which Personal Data is Transferred | Categories and Format of Transferred Personal Data | Transfer Mechanism |
|
Company Name: SCALEWAY Registered Office Address and Country: 8 rue de la ville l'Évêque – 75008 Paris Economic Sector: Rental and leasing of office machinery and IT equipment Registration Number (in France, RCS): PARIS B 433 115 904 General Contact Address: http://www.scaleway.com/ DPO or Privacy Contact: privacy@scaleway.com |
Data Hosting Database Management |
Provision | The processing duration corresponds to the duration of the service provided by the subcontractor | Netherlands (Data Replication) |
Sensitive Data Processing: [No] Categories of Personal Data: [Civil status] Personal Data Format: [Database] |
N/A |
To ensure the proper functioning and security of our website, certain browsing data is collected in cookies (some of which are exempt from consent, while others require your agreement) and in log files.
These include cookies used to:
- Identify a user, with a lifetime limited to the session duration.
- Track user interactions with the application, with a longer lifetime as these cookies identify the same user across different sessions over time.
MADTECH uses the data collected from its users solely for its own purposes. However, the data may be shared with technical service providers that MADTECH may engage to optimize the website and services.
Where applicable, personal information about users may be accessible to the service provider, but only within the strict framework of the services provided. MADTECH ensures that its providers and subcontractors comply with the provisions of Regulation (EU) 2016/679 of April 27, 2016, and do not use the data for any purpose other than performing the necessary technical services to enable the use of the Services.
We use the Ahoy solution to collect and analyze data related to platform usage (pages viewed, on-screen interactions, etc.).
The data collected by this tool is hosted in a database that we manage and, as a result, is stored in France. It is not subject to any specific processing and is not shared with any other company. The same data management policy applies to this data.
Our application relies on the use of HubSpot to enhance your user experience and automate certain marketing and sales actions. During your first visit, HubSpot may place cookies, some of which help track interactions (prospects, businesses, sales opportunities) and automate the sending of targeted communications as well as manage customer support tickets.
HubSpot also stores certain technical data related to your connections, ensuring compliance with current regulations, including partial anonymization of IP addresses, as per CNIL recommendations. This processing does not require prior consent. For more information, refer to the following document: Hubspot Privacy Policy
MADTECH also uses the following services to collect additional data and enhance its visibility:
- LinkedIn Ads
- Meta Ads
- Sales Navigator
- Teams
- Google Ads
- Zoom
- Aircall
The client retains exclusive ownership of all data they provide or generate in the course of the services. We only have temporary access and usage rights to this data, strictly limited to performing the agreed-upon services, in accordance with the scope of our processing.
Personal data collected by MADTECH is retained throughout the duration of the service provided, plus any applicable legal retention periods.
At the end of the service or earlier if requested by the data controller, we may:
- Erase all personal data processed on their behalf and provide proof through a certificate of destruction, or
- Anonymize all personal data processed on their behalf.
Cookies will expire naturally after a period of 4 months if the site is not visited.
MADTECH is committed to ensuring the confidentiality of the data collected and implementing all necessary technical and organizational measures to preserve its security and integrity, especially against accidental loss, alteration, dissemination, or unauthorized access. The measures taken can be consulted in the Information Systems Security Policy (PSSI).
In general, MADTECH is committed to using the collected data in strict compliance with applicable laws, particularly with the General Data Protection Regulation (GDPR) (EU) 2016/679 of the European Parliament and Council of April 27, 2016, regarding the protection of individuals concerning the processing of personal data and the free movement of such data.
As such, MADTECH specifically commits to:
- Hosting data within the European Union;
- Not using the data for purposes other than those specified herein;
- Not disclosing the data to third parties, whether private or public, natural or legal persons, outside of the aforementioned technical service providers;
- Informing users of any breach or security vulnerability with direct or indirect consequences on data and/or that could accidentally lead to unauthorized disclosure or access to data.
To ensure data minimization, we maintain an up-to-date data processing register. This register is immediately updated whenever a new piece of information is requested. Additionally, we ensure that only the data strictly necessary for the intended purpose is collected, in compliance with applicable regulations and data protection principles.
We have implemented a data retention policy that clearly defines the retention periods for all types of data, based on their purpose and legal requirements. Data is securely deleted or anonymized when it is no longer needed for the specified purposes. Regular audits are conducted to ensure compliance with retention schedules, and any unnecessary or obsolete data is quickly deleted.
We ensure the quality of data by validating the information during collection, using reliable sources, and implementing automated checks to detect errors or inconsistencies. Regular reviews of stored data are conducted to verify their accuracy, and any outdated, incomplete, or incorrect information is promptly updated or deleted.
To maintain high standards, employees are trained in best practices for data management and accuracy. We also provide mechanisms for individuals to review and correct their personal data when necessary. Furthermore, our data management systems are equipped with tools to detect duplicates and ensure the integrity of information.
We ensure accountability by maintaining a detailed and regularly updated record of processing activities. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing operations and have appointed a Data Protection Officer (DPO) to oversee compliance efforts.
Employees receive ongoing training on their responsibilities regarding data protection so that they are aware of their obligations. We also implement internal controls and auditing mechanisms to monitor compliance with data protection laws and organizational policies. This approach ensures that accountability is integrated into all data management processes.
To enable data portability, we have established processes to provide individuals with their personal data in a structured, commonly used, and machine-readable format. We also facilitate the secure transfer of data to third parties at the individual’s request, when technically feasible.
For data deletion, we have set up clear procedures to process requests in compliance with legal requirements. We verify the identity of the requester to ensure security and quickly delete the requested data from all systems and backups.