Privacy Policy

Last updated: December 14, 2024

1. Introduction

This privacy policy (the "Policy") describes how Open Referral SAS (hereinafter "we", "our" or "the Company"), a simplified joint stock company (SAS) with its registered office located in Paris, France, collects, uses and protects your personal data when you use our Open Referral platform (the "Service").

We are committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and French Data Protection Act No. 78-17 of January 6, 1978, as amended.

2. Data Collected

2.1. Data Collected Directly

We collect personal data that you provide directly to us when:

• Creating your account (full name, email address, company name, job title)
f
• Using the Service (data relating to referrals, recommendations, candidates)
• Communicating with our customer service
• Subscribing to our waitlist or newsletter

2.2. Automatically Collected Data

When you use the Service, we automatically collect certain technical data:

• IP address
• Browser type and operating system
• Pages visited and visit duration
• Connection and Service usage data
• Cookies and similar technologies

3. Purposes of Processing

We use your personal data for the following purposes:

• Contract performance: Provision of the Service, account management, processing of recommendations and referrals
• Service improvement: Usage analysis, development of new features, performance optimization
• Communication: Sending Service-related information, responding to your requests, important notifications
• Legal obligations: Compliance with accounting, tax and legal obligations
• Marketing: Sending marketing communications (with your consent), only if you have agreed to receive such communications

4. Legal Basis for Processing

The processing of your personal data is based on:

• Contract performance: For the provision of the Service you have requested
• Your consent: For marketing communications and the use of certain cookies
• Legitimate interest: For Service improvement and security
• Legal obligations: For compliance with our accounting and tax obligations

5. Data Retention

We retain your personal data only for the period necessary for the purposes for which it was collected:

• Account data: For the duration of your subscription and 3 years after account closure
• Billing data: 10 years in accordance with legal obligations
• Navigation data: Maximum 13 months
• Marketing data: Until withdrawal of your consent

6. Data Sharing

6.1. Service Providers

We may share your data with service providers who assist us in operating the Service:

• Hosting and cloud infrastructure providers
• Payment and billing services
• Analytics and marketing tools
• Customer support services

All our service providers are subject to strict confidentiality and security obligations.

6.2. International Transfers

Some of our service providers may be located outside the European Union. In such cases, we ensure that appropriate safeguards are in place, in accordance with the GDPR.

6.3. Legal Obligations

We may be required to disclose your data if required by law or in response to a judicial or administrative request.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration:

• Encryption of data in transit and at rest
• Strong authentication and access control
• Security incident monitoring and detection
• Regular backups
• Staff training on data protection

8. Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

• Right of access: You can obtain a copy of your personal data
• Right to rectification: You can correct your inaccurate or incomplete data
• Right to erasure: You can request the deletion of your data in certain cases
• Right to restriction: You can request the restriction of processing of your data
• Right to data portability: You can retrieve your data in a structured format
• Right to object: You can object to the processing of your data for legitimate reasons
• Right to withdraw your consent: For processing based on consent

To exercise these rights, you can contact us at: contact@openreferral.io or by mail at the address indicated above.

You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) if you believe that the processing of your data constitutes a violation of the GDPR.

9. Cookies

We use cookies and similar technologies to improve your experience on the Service. Cookies are small text files stored on your device.

Types of cookies used:

• Strictly necessary cookies: Essential for the Service to function
• Performance cookies: To analyze Service usage and improve its performance
• Functionality cookies: To remember your preferences (language, theme)
• Marketing cookies: To personalize advertisements (only with your consent)

You can manage your cookie preferences via your browser settings or our preference center.

10. Candidate and Referral Data

As a B2B platform, we also process data relating to candidates and referred individuals. This data is processed in accordance with the GDPR and only in the context of providing the Service. User companies are responsible for processing this data and must ensure they have obtained the necessary consents.

11. Policy Modifications

We reserve the right to modify this Policy at any time. Modifications take effect upon publication on the Service. We will inform you of significant changes by email or via a notification in the Service.