English

Privacy Policy

Privacy Policy

SUMMARY

  • Preamble

  • Who is responsible for processing?

  • What data do we collect?

  • On what occasions do we collect your data?

  • On what legal bases and for what purposes is your personal data processed?

  • How long is your personal data kept for?

  • Recipients of your personal data

  • Data transfers outside the European Union

  • Third-party integrations

  • Technical and organizational security measures

  • Your rights over your personal data

  • Point of contact for personal data

  • Policy changes

PREAMBLE

LOCALISTA (hereinafter “LOCALISTA” or “We”) places the protection of your privacy and personal data at the center of its commitments.

This Privacy Policy applies to the collection and processing of personal data carried out by LOCALISTA in its capacity as data controller. It is therefore addressed to all persons likely to send Us personal data via our website accessible at the address <www.localista.ai> (hereinafter the “Site”) and the platform <hello.localista.ai> (hereinafter the “Platform”), in particular users with an account on the Platform, customers, prospects, job applicants (hereinafter “You”).

This Privacy Policy informs You of the terms and conditions under which We collect and process this data in accordance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to processing of personal data and on the free movement of such data (hereinafter “GDPR”) and Law No. 78-17 of January 6, 1978, known as the “Data Protection Act”.

LOCALISTA's data protection officer (“DPO”) can be contacted at the following email address <COMPLETE> or at the address of LOCALISTA's registered office as shown in the Legal Notice of the Site.

We invite you to read this Privacy Policy carefully before using our services and the Platform.

For more information about our services, please consult our General Terms and Conditions of Service.

For more information about the data processing that we carry out in our capacity as a subcontractor, within the meaning of the GDPR, on behalf of our clients who are data controllers, please consult our Data Processing Agreement (DPA).

Who is the data controller?

LOCALISTA, Société par Actions Simplifiée registered in the PARIS Trade and Companies Register under number 930 152 004, whose registered office is located at 3, rue du Dragon - 75006 PARIS, is the data controller, within the meaning of Article 4, point 7 of the GDPR, for the collection and processing of your personal data.

LOCALISTA is your main point of contact for dealing with any request relating to your personal data. To do so, you can write to us at the addresses indicated in the article “Point of contact for personal data” in this Privacy Policy.

What data do we collect?

In accordance with Article 4, point 1 of the GDPR, personal data is understood as any information relating to an identified or identifiable natural person, allowing identification directly or by cross-referencing with other data.

In the context of your use of the Site, the Platform and our services, when you contact us or we contact you, we collect personal data that falls into the following categories:

  • Identification data concerning You: surname, first name, e-mail address, postal address, telephone number.

  • Data relating to your professional situation: position held, place of work, work situation, professional background, professional contact details.

  • Payment data, in particular data relating to your bank cards and your financial information.

  • Connection data to your customer account on the Platform (IP address; connection logs).

On what occasions do We collect your data?

The personal data mentioned in the article “What data do We collect?” is collected directly from You, in particular:

  • Via the contact form accessible on the Site, which allows You to submit any questions or requests for information to Us.

  • Via the waiting list registration form that You fill in in order to subscribe to our services, and the demo request form, which allows You to request a demonstration of our services.

  • When You browse and use the Site, You may send Us information, some of which may be of a nature to identify You, and which therefore constitutes personal data. This information is transmitted in particular when you register or log in to the Platform, or may be collected when you browse the Site. For more information on this last point, please consult our Cookie Management Policy.

  • When you create your account and access the Platform, to enable you to access our services, in accordance with the contract that binds us.

  • We may collect data relating to our interactions, in particular to record videoconference exchanges between LOCALISTA representatives, employees or affiliates and our customers and prospects through the use of intelligent summary features of these exchanges using artificial intelligence processes.

When collecting your personal data, you will be informed in advance if certain data is mandatory or optional. Mandatory data is marked with an asterisk at the time of collection, for the purposes listed in the article “On what legal basis and for what purposes is your personal data processed?” below.

In all cases, LOCALISTA respects the principle of data minimization provided for in Article 5, point 1, under c) of the GDPR, according to which only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed will be collected.

On what legal basis and for what purposes is your personal data processed?

Purposes

Legal bases: Processing your information when you contact us to obtain information about our services or to ask us any questions. Performance of a contract: taking steps at your request prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR. Processing your information when you contact us to access our services or request a demonstration of our services. To enable us to assess the compatibility of your situation and your needs with our services, to contact you again to enable you to finalize your subscription. Execution of pre-contractual measures taken at your request in accordance with Article 6 (1) (b) of the GDPR. To provide our services, to carry out customer management operations in accordance with the contract concluded. Management and monitoring of customer relations. Performance of a contract to which you have subscribed in accordance with Article 6 (1) (b) of the GDPR. Creation of your account on the Platform and allowing you to access it. Performance of a contract to which you have subscribed in accordance with Article 6 (1) (b) of the GDPR. Sending you promotional messages by email. - Our legitimate interest in developing and promoting our business to professionals in accordance with Article 6 (1) (f) of the GDPR. You are informed in advance and at the time of collection of your data that it will be used for prospecting purposes. When we send You promotional emails, particularly in the context of your professional activity, an unsubscribe link is provided, allowing You to unsubscribe easily and free of charge as soon as You receive these communications.

- Your explicit and prior consent when You are an individual, in accordance with the provisions of Article 6(1)(a) of the GDPR. Sending You promotional messages by telephone. Our legitimate interest in developing and promoting our business in accordance with Article 6 (1) (f) of the GDPR. In all cases, You are informed in advance of the use of your data for these purposes, and You can object to this processing prior to the collection of your data, and refuse to receive further solicitations by any means. Responding to your requests for information. Execution of pre-contractual measures taken at your request for prospects, in accordance with Article 6 (1) (b) of the GDPR. Execution of a contract to which you have subscribed when you are a customer, in accordance with Article 6 (1) (b) of the GDPR. Recording of videoconferences in order to improve the monitoring of pre-contractual exchanges or contractual relations with our prospects and customers, promote the training of our employees and affiliates. Execution of pre-contractual measures taken at your request for prospects, in accordance with Article 6 (1) (b) of the GDPR. Performance of a contract to which you are a party when you are a customer, in accordance with Article 6 (1) (b) of the GDPR. Manage requests to exercise rights. Legal and regulatory obligations in accordance with Article 6 (1) (c) of the GDPR.




Retention periods for your personal data

LOCALISTA establishes retention periods for your data for each of the personal data processing operations implemented. In order to define them, we rely on the purpose of the processing in question, as well as on the deliberations of the CNIL (French Data Protection Authority) and the guidelines of the European Data Protection Board (EDPB).

In all cases, LOCALISTA only keeps your personal data for a limited period of time that does not exceed the time required for the intended purposes.

Depending on the case, your data may be subject to intermediate archiving, particularly in the event that it is no longer used to achieve the intended purpose but is of administrative interest to LOCALISTA, or must be retained in order to meet a legal obligation. In this case, we inform you that the data may only be consulted on an ad hoc basis and with justification by certain specifically authorized persons.

  • The data of Site visitors, prospects or customers of LOCALISTA are kept for the time strictly necessary for the management of the commercial relationship and the processing of their request, and for a period of three (3) years from their collection or the last contact from them, unless agreed for a longer period. At the end of this period, they will be subject to intermediate archiving for a period of five (5) years before being permanently destroyed.

  • Personal data collected for commercial prospecting purposes may be kept for a period of three (3) years from our last contact. At the end of this period, they are subject to intermediate archiving for a period of five (5) years before being permanently destroyed.

  • The personal data of LOCALISTA customers collected for the purposes of executing the contract entered into is kept for the duration of the contractual relationship and for a period of three (3) years from the end of the relationship. At the end of this three (3) year period, your data is subject to intermediate archiving for a period of five (5) years before being permanently destroyed.

All data that can be used to establish proof of a right or a contract, or that is stored for the purpose of complying with a legal and/or regulatory obligation, may be subject to an archiving policy, and be stored for these purposes in accordance with the legal and/or regulatory provisions in force.

Recipients of your personal data

The personal data that We collect is intended exclusively for:

  • To LOCALISTA personnel duly authorized for this purpose and meeting the same obligations as Us with regard to the processing of your data and the application of security and confidentiality measures for your data.

  • To service providers that LOCALISTA may use in connection with the subscription to our services.

  • The subcontractors that LOCALISTA uses for specific purposes. The list of our subcontractors is available on our Website and in the Appendix to our Data Processing Agreement (DPA).

  • Financial and accounting management tools.

  • The departments responsible for control, public bodies such as regulatory authorities, exclusively to meet our legal obligations, officers of the court, ministerial officers and organizations responsible for debt collection.

Data transfers outside the European Union

Your data is kept and stored for the duration of the processing listed in this Privacy Policy, within the European Union.

In the context of the tools that We use, and the subcontractors that We engage, your data may be transferred outside the European Union, and in particular to the United States.

The transfer of your data in this context is secured by means of the following tools:

  • Either this data is transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission.

  • Either We have entered into a specific agreement with our subcontractors governing the transfer of your data outside the European Union, based on standard contractual clauses between a data controller and a data processor, as approved by the European Commission.

  • Or We use the appropriate safeguards provided for by the applicable regulations.

In all cases, only the data that is strictly necessary is transferred outside the European Union to persons with a strict need to know for the purposes detailed in this Policy.

Integration of third parties

LOCALISTA's services allow you to integrate third-party tools and applications to transmit or receive personal data from the LOCALISTA solution or in connection with our services. It is your responsibility to ensure the compliance of the collection and transmission of personal data that you authorize between these third-party tools and our services.

Technical and organizational security measures

LOCALISTA attaches particular importance to the security of your data.

LOCALISTA is committed to ensuring the confidentiality of the data collected and to implementing all appropriate technical and organizational measures to preserve their security and integrity, in particular against accidental loss, alteration, dissemination or unauthorized access to such data.

During the development, design or selection and use of the various tools and service providers used to process your data, LOCALISTA ensures that the latter provide an optimal level of protection for the personal data processed. LOCALISTA implements measures that respect the principles of protection by design and by default of the data processed. As such, we are able to use data pseudonymization or encryption techniques whenever possible and/or necessary.

LOCALISTA holds the Cloud Application Security Assessment (CASA) security certificate from App Defence Alliance issued by TAC Security, confirming compliance with application security recommendations and rigorous security standards that reduce the risk of flaws and vulnerabilities.

The detailed list of security measures [OPTION 1] can be sent to You upon written request [OPTION 2] is reproduced in Appendix B of our DPA.

Your rights to your personal data

We are particularly concerned with guaranteeing respect for the rights granted to You under the French Data Protection Act and the GDPR.

As such, You have:

  • A right to information in accordance with Articles 13 and 14 of the GDPR: this is the subject of this Privacy Policy.

  • A right of access to your personal data under Article 15 of the GDPR, which allows you in particular to obtain confirmation that your data is or is not being processed and, where it is, the right to request a copy of your data and information concerning the purposes of the processing, the categories of data processed, the recipients or categories of recipients of your data, the envisaged data retention period or the criteria used to determine this period.

  • The right to rectification of your data pursuant to Article 16 of the GDPR, in particular the right to ask us to rectify or complete your personal data, if necessary, if it is inaccurate, incomplete, ambiguous or out of date.

  • A right to the erasure of your data in accordance with Article 17 of the GDPR, when one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or processed;

  • You withdraw the consent given prior to the collection of your data;

  • You object to the processing of your data, when there is no compelling legitimate reason for the processing in question;

  • The processing of personal data does not comply with the provisions of the applicable legislation and regulations.


We draw your attention to the fact that the right to erasure of data is not an absolute right, and that it cannot be exercised if the situation or the processing of data having led to the request falls under the exercise of the right to freedom of expression and information, compliance with a legal obligation or the performance of a task carried out in the public interest, when the processing is necessary for archival purposes in the public interest, for scientific or historical research or for statistical purposes, or for the establishment, exercise or defense of legal claims.

  • A right to the restriction of data processing, in the cases provided for by legislation and regulations, pursuant to Article 18 of the GDPR, and in particular when You dispute the accuracy of the personal data, that the processing is unlawful but that You require the restriction rather than the erasure of your data, when We no longer need your data but You wish it to be retained in order to exercise your rights, or when You have objected to the processing during the period in which the legitimate grounds are verified.

  • The right to object at any time, on grounds relating to your particular situation, to the processing of your personal data whose legal basis is legitimate interest or the performance of a task in the public interest, in accordance with Article 21 of the GDPR. Please note, however, that we may continue to process your data despite this objection, for legitimate reasons or for the defense of legal claims. You may also verbally object, during a telephone conversation or videoconference with an employee or member of LOCALISTA staff, to the processing of your personal data recorded during this conversation. In this case, your request will be immediately fulfilled and the processing will not be implemented.

  • The right to the portability of your data, limited to processing for which the legal basis is your consent or the execution of pre-contractual measures or a contract, according to certain conditions specified in Article 20 of the GDPR.

  • You may also define guidelines on the fate of your data after your death, in accordance with Article 32, 6° of the Data Protection Act.

  • When the data processing that We carry out is based on your consent, you can withdraw it at any time in accordance with Article 7 of the GDPR. We will then cease to process your personal data without affecting the legality of previous processing operations to which you had consented.

You have the legal right to lodge any complaint with a supervisory authority, such as the CNIL, in accordance with Article 77 of the GDPR:

  • By post: CNIL, Service des plaintes, 3, Place de Fontenoy – 75007 PARIS.

  • By email: <https://www.cnil.fr/fr/plaintes>.

You can exercise all of these rights by writing to us at the address below. We may ask you to provide us with additional information or documents to prove your identity. This requirement allows us to ensure that the person making the request is the person concerned. This security measure is intended to protect you from illegitimate requests regarding your personal data.

Contact point for personal data

To exercise the rights listed in the article “Your rights over your personal data”, you can contact the Data Protection Officer (DPO) of LOCALISTA by writing to:

  • - the address of the registered office of LOCALISTA, as shown in the Legal Notice available on our Site;

  • - by email: <ADDRESS>.

Changes to the Policy

We may modify this Policy at any time, in particular in order to comply with any regulatory, jurisprudential, editorial or technical developments. These modifications will apply on the date of entry into force of the modified version. You are therefore invited to regularly consult the latest version of this Policy. Nevertheless, We will keep You informed of any significant changes to this Privacy Policy.

Effective date: February 18, 2025.