Privacy Policy

What is the purpose of our Confidentiality Policy?

YSEOP, which manages the yseop.com website and the Yseop Copilot platform, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of our reliability and trustworthiness.

As such, our Personal Data Privacy Policy clearly demonstrates our commitment to ensuring compliance within YSEOP with the applicable rules on personal data protection, and in particular those of the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.

Who is our Privacy Policy intended for?

Our Privacy Policy applies to you, regardless of your place of residence, as long as you are at least 15 years old and are a user of our services.

If you are under the legal age specified above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at privacy@yseop.com.

If you believe that we hold personal data about your children without your consent, please contact us at the dedicated address above.

Why do we process your personal data and on what basis?

In the context of using the platform

Purpose of processing	Legal basis/foundation
Use and benefit from the generative AI platform for the creation of regulatory documents and its features (capacity building, retention, improved reporting)	Terms and conditions of use
User account management (creation, access, deletion)	Terms and conditions of use
Receipt of technical emails (e.g., password change)	Terms and conditions
Location tracking to offer personalized service	Consent
Downloading and importing documents to the platform	Terms and conditions
Ensuring the security, quality, and proper functioning of services (statistics, data security, etc.)	Legal obligations, terms and conditions of use, legitimate interest

In the context of using the website

Purpose of processing	Legal basis/foundation
Browsing, use of services, and responding to your requests (e.g., contact form, complaints)	Terms and conditions of use, legitimate interest
Distribution of videos on the website	Legitimate interest
Downloading documents	Terms and conditions of use

As part of our HR and marketing activities

Purpose of processing	Legal basis/foundation
Customer service management	Contract performance, legitimate interest
Information about our offers and events by email	Legitimate interest (customer loyalty, prospecting)
Billing and payment management	Legitimate interest, terms and conditions
Interaction on social media (monitoring, comments)	Legitimate interest
Sending newsletters (service news)	Legitimate interest (customer loyalty)
Sending satisfaction surveys	Legitimate interest (continuous improvement)
Job application (recruitment, selection)	Discussions during the recruitment process, legitimate interest

What personal data do we process and for how long?

We have summarized below the categories of personal data and their respective retention periods:

Use of the platform	Use of the website	HR and marketing activities
Professional identification data (e.g., last name, first name, position, company, etc.) and contact details (e.g., email address and work phone number, etc.) are retained for the entire duration of the service provision, plus the legal limitation periods, which are generally five years.	Statistical data relating to the viewing of our videos, which is anonymized and stored indefinitely.	Professional identification data (e.g., last name, first name, position, company, etc.) and contact details (e.g., email address and work phone number, etc.) are kept for the entire duration of the service provision, plus the legal limitation periods, which are generally five years.
Email address for receiving our technical messages, stored until your account is deleted.	Connection data (e.g., logs, IP address, etc.) stored for a period of one year.	Email address, stored for a maximum period of 3 years from the last contact we had with you as part of our email prospecting campaigns, and stored until the end of your subscription to the newsletter to receive our newsletter
Connection data (e.g., logs, IP address, etc.) stored for a period of 1 year.	Cookies, which are generally stored for a maximum period of 13 months. For more details on how we use your cookies, you can consult our cookie policy, which is available at any time on our website.	Data provided in your resume and cover letter is kept for the duration of the recruitment process and then for 2 years from the date of your application.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we can only retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are required to retain all data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge in order to control how we use your data.

Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality, or the secrecy of correspondence.
Right to rectify personal data that is inaccurate, obsolete, or incomplete.
Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
Right to restrict your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
Right to data portability, which allows you to retrieve some of your personal data in order to store it or easily transfer it from one information system to another.
Right to give instructions on the fate of your data in the event of death, either through you, a trusted third party, or a beneficiary.

For a request to be considered, it must be made directly by you at privacy@yseop.com. Any request that is not made in this way cannot be processed.

Requests cannot be made by anyone other than you. We may therefore ask you to provide proof of identity if we have doubts about the identity of the requester.

We will respond to your request as soon as possible, within a maximum of three months from receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who can access your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.

We would like to point out that we check all our technical service providers before recruiting them to ensure that they strictly comply with the applicable rules on personal data protection.

We guarantee that your data will never be sold or shared with commercial partners. It may only be shared with trusted service providers (subcontractors) for the sole purpose of providing our services, always within the framework of appropriate contractual guarantees.

Can your personal data be transferred outside the European Union?

The personal data processed by our YSEOP services is hosted exclusively on servers located within the European Union.

Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we take great care to ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement the following technical and organizational measures to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Technical security measures	Organizational security measures
Encryption of user passwords (back end), Identity Provider Delegate (SSO), Encryption of the “users” database at rest and in transit, HTTPS protocol, Regular intrusion tests, Access traceability, Complex passwords for YSEOP team terminals	Information systems charter, Password management policy, Information systems security policy, Data breach management procedure, Personal rights management procedure, Internal regulations, Rules of conduct, Team awareness and training twice a year

Do we use cookies when you browse our platform?

We inform you that we use cookies when you browse our website. For more information, please see our Cookie Policy.

However, we guarantee that we do not use any advertising or statistical cookies in the operation of our platform. These are only technical cookies necessary for the proper functioning of the platform and do not require a cookie banner. If you still wish to object to their use, you can use your browser settings by following the instructions below: Chrome, Microsoft Edge, Safari, Firefox, and Opera.

Who can you contact for more information about the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) to our supervisory authority.

You can contact our DPO at any time, free of charge, at privacy@yseop.com to obtain more information or details about how we process your data.

How can you contact the CNIL?

You can contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at any time at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be changed?

We may modify our Privacy Policy at any time to adapt it to new legal requirements and to new processing methods that we may implement in the future.

Certified compliant by Dipeeo ®