ONEEX (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, transfer and store personal data on our website and in connection with our products and services. It also describes your rights under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
1. Data Controller
Name: ONEEX (SAS)
Registered office: 20, rue Auguste Audollent, 63000 Clermont‑Ferrand, France
RCS number: 831 891 320
VAT number: FR63 831891320
Email: contact@oneex.fr
Data Protection Officer (DPO): dpo@oneex.fr
2. Personal Data We Collect
We collect the following categories of personal data when you interact with our website or use our products/services:
Identity & Contact Data: Name, company name, job title, email address, telephone number, postal address.
Account Data: Login credentials, preferences, correspondence history.
Technical Data: IP address, browser type and version, time zone, operating system, device identifiers, referral URLs, and usage data collected via cookies and similar technologies.
Marketing & Communications Data: Your preferences for receiving marketing communications from us.
Customer Usage Data: Any data you upload or provide when using our products (e.g., for identity document verification).
We do not collect “special categories” of sensitive personal data (e.g., race, religion, health).
3. Purposes of Processing & Legal Bases
We process your personal data for the following purposes, under the corresponding legal bases:
Responding to Requests and Managing Orders
Data used: Identity & Contact Data, Account Data
Legal basis: Performance of contract or pre‑contractual measures
Providing, Maintaining and Improving Products and Services
Data used: All categories of personal data collected
Legal basis: Performance of contract
Processing Payments and Billing
Data used: Identity & Contact Data, any financial details you provide
Legal basis: Performance of contract and compliance with legal obligations
Sending Administrative Communications
Data used: Identity & Contact Data
Legal basis: Legal obligation
Marketing Communications (with your consent)
Data used: Identity & Contact Data, Marketing & Communications Data
Legal basis: Consent
Personalizing Your Experience and Website Content
Data used: Technical Data, Account Data
Legal basis: Legitimate interests (to improve our service)
Compliance with Legal Obligations
Data used: All categories of collected data
Legal basis: Legal obligation
Protecting Our Rights and Investigating Fraud or Abuse
Data used: All categories of collected data
Legal basis: Legitimate interests and legal obligation
4. Cookies & Tracking Technologies
We use cookies and similar technologies to operate our website, analyze usage, and deliver targeted advertising. You may encounter:
Strictly necessary cookies for core functionality (e.g., authentication).
Performance cookies that collect anonymous usage data (e.g., Google Analytics).
Functionality cookies to remember your preferences.
Targeting/Advertising cookies to tailor ads based on your browsing habits.
You can manage or disable cookies via our cookie banner or your browser settings. Note that disabling certain cookies may affect website functionality.
5. Data Recipients & International Transfers
Internal Recipients: Our sales, support, finance and IT teams.
External Recipients: Service providers for hosting, maintenance, payment processing, analytics, and email delivery; legal and regulatory authorities when required by law.
All service providers are bound by confidentiality and data protection obligations. We do not transfer personal data outside the European Economic Area (EEA). If a transfer becomes necessary, we will implement appropriate safeguards, such as Standard Contractual Clauses.
6. Data Retention
We retain personal data only as long as necessary for the purposes described and in accordance with applicable laws:
Customer Data: Kept for the duration of our contractual relationship plus five (5) years thereafter (French commercial law requirement).
Website Usage Data: Retained for up to two (2) years.
Marketing Data: Retained until you withdraw consent or unsubscribe.
After these periods, data are securely deleted or anonymized. Aggregated, anonymized data may be kept indefinitely for statistical purposes.
7. Security Measures
We implement technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, including:
Encryption in transit (HTTPS) and, where appropriate, at rest.
Access controls and authentication procedures.
Regular security assessments and staff training.
Although we use industry‑standard safeguards, no system can guarantee absolute security.
8. Your Rights
Under the GDPR, you have the right to:
Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”), subject to legal obligations.
Restrict or object to processing under certain conditions.
Portability to receive your data in a structured, machine‑readable format.
Withdraw consent at any time for marketing communications.
To exercise these rights, please contact our DPO at dpo@oneex.fr. We will respond within one month.
9. Children’s Privacy
Our website and services are not directed to children under 16. We do not knowingly collect personal data from minors. If you become aware of such data, please contact us to have it removed.
10. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. The “Last updated” date will be revised accordingly. Please review this policy periodically.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
Data Protection Officer
ONEEX DPD
20, rue Auguste Audollent
63000 Clermont‑Ferrand, France
Email: dpo@oneex.fr
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.