Privacy Policy

This Privacy Policy applies to all websites and platforms published by SMAPPEN, registered with the Toulouse Trade and Companies Register under number 843086562 (hereinafter “the Company” or “SMAPPEN“), and notably the website accessible at the following URL: https://www.smappen.com/ (hereinafter “the Site“).

The Company offers various services via the Site, as presented in the standard license agreement (hereinafter “the Services“).

As part of managing its website and providing its services, SMAPPEN is required to collect personal data regarding website visitors. The Company, committed to individual rights—particularly concerning automated processing—and striving for transparency with its users, has implemented a policy outlining all such processing, the purposes pursued, and the means of action available to individuals to best exercise their rights.

SMAPPEN undertakes to implement adequate measures for the protection, confidentiality, and security of Personal Data in accordance with the regulations in force in France and the European Union, specifically the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the national laws enacted for its application.

For any additional information on the protection of personal data, we invite you to consult the website: https://www.cnil.fr/

SMAPPEN invites you to read this Policy carefully to know and understand the processing of Personal Data.

In any event, we are committed to respecting the following two essential principles:

• The individual remains in control of their personal data;
• Data is processed in a transparent, confidential, and secure manner.

Before detailing how SMAPPEN processes your data, please find below some definitions of essential terms addressed by the General Data Protection Regulation.

1. Definitions

The General Data Protection Regulation provides the following definitions, which will be useful for a proper understanding of this Policy:

• Personal Data: Any information relating to an identified or identifiable natural person (referred to as the “data subject”). Examples of personal data include:
  • Surnames and first names
  • Postal home addresses
  • Email addresses
  • Personal telephone numbers, etc.
• Data Protection Officer (DPO): The person responsible for ensuring the protection of personal data within SMAPPEN.
• Data Subject: An individual to whom the Personal Data relates and who can be identified or is identifiable, directly or indirectly, through their Personal Data. This includes patients, members, customers, prospects, and former and current employees.
• General Data Protection Regulation (GDPR): The regulation applicable to private and public bodies processing personal data.
• Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing.
• Processor: The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.
• Data Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, access, recording, copying, transfer, preservation, storage, cross-referencing, modification, structuring, making available, communication, recording, and destruction, whether automatic, semi-automatic, or otherwise. This list is not exhaustive.

These definitions are taken directly from the General Data Protection Regulation.

In addition to these definitions, the following contacts will be useful to you, notably for obtaining further information.

2. Identity of the Data Controller

Within the scope of its activities, SMAPPEN acts as the Data Controller in accordance with the definition provided above.

3. Contact details of our DPO

Our Data Protection Officer (hereinafter “DPO“) is available to answer all requests, including the exercise of rights relating to your personal data.

You may contact them:

• By email at the following address: [email protected]
• By mail at:
  SMAPPEN
  30 rue des teinturiers
  31300 Toulouse France

4. Data Collection & Origin

As part of its activities, SMAPPEN collects and processes your personal data in a fair, lawful, and transparent manner, in compliance with the General Data Protection Regulation.

Through our website, SMAPPEN and its partners process personal data concerning you that you have provided to us, notably when contacting us, registering for a service, or using the tools provided.

Furthermore, we also automatically collect information regarding the use of our website and the pages consulted through our cookies. This information does not reveal your specific identity (such as your name or contact details) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information on how and when you use our services, and other technical information. This information is primarily necessary to maintain the security and operation of our services, as well as for internal analysis and reporting purposes.

For every piece of data we process about you, information is provided regarding the purposes for which your data is collected, either via the various online data collection forms or through our Cookie Policy.

In addition, only data strictly necessary for the specified, explicit, and legitimate purposes of the processing are collected, and their origin is systematically documented to guarantee traceability and compliance of the processing with the GDPR and CNIL guidelines.

5. Purposes of Processing and Legal Bases

In accordance with the General Data Protection Regulation, SMAPPEN has determined a specific purpose prior to each instance of personal data processing. To provide you with clear and precise information regarding each processing activity, the Company provides the details thereof in the following paragraph/table.

SMAPPEN acts as the Data Controller for the following activities:

1. Management of contact requests
2. Management of the newsletter
3. Management of recruitment
4. Cookies
5. Management of billing services
6. Management of user accounts

5.1 Management of contact requests

On our website, you have the option to fill out a form allowing you to be contacted at your request. Each of the personal data points collected for this purpose is essential for processing your request. The data transmitted on your initiative will be processed for the following purposes:

• Establishing contact
• Responding to requests received via the website form

The processing of your personal data for the performance of the aforementioned activities is based on your consent. Your consent may be withdrawn at any time by making a request to our DPO, referring to section 3 of this Privacy Policy.

5.2 Management of the newsletter

On our website, you have the option to subscribe to our Newsletter. Each piece of personal data collected for this purpose is essential for processing your subscription. The data transmitted on your initiative will be processed for the following purposes:

• Sending newsletters to clients
• Sending newsletters to prospects
• Managing newsletter subscriptions

The processing of your personal data for the performance of the aforementioned activities is based on your consent. Your consent may be withdrawn at any time by making a request to our DPO, referring to section 3 of this Privacy Policy.

5.3 Management of recruitment

As part of its recruitment management, SMAPPEN processes the personal data of each candidate for the position to be filled. Each piece of personal data collected for this purpose is essential for processing your application. The data transmitted on your initiative will be processed for the following purposes:

• Recruitment of staff and interns
• Receipt and recording of applications
• Responding to candidates for employment or internships

The processing of your personal data for the performance of the aforementioned activities is based on your consent. Your consent may be withdrawn at any time by making a request to our DPO, referring to section 3 of this Privacy Policy.

5.4 Cookies

Our website uses cookies. A cookie is a small file sent with the pages of this website and stored by your browser on the hard drive of your computer, phone, or tablet. The information stored therein may be sent back to our servers during a subsequent visit.

The use of cookies is important for the proper functioning of our website. Thus, your personal data is processed for the following purposes:

• Monitoring website navigation;
• Audience measurement;
• Carrying out or facilitating the transmission of a communication via an electronic communications network;
• Providing an information society service expressly requested by the subscriber or user.

“Universal Analytics” data is collected via IP addresses by Google Analytics. This allows us to measure the Site’s audience, consultations, and potential errors in order to improve the browsing experience.

We use functional cookies that allow us to improve the operation of our website. SMAPPEN processes your data within the framework of these cookies based on its legitimate interest in improving website functionality and user experience.

The processing of your data concerning other types of cookies is based on your consent. This consent may be withdrawn at any time.

5.5 Management of billing services

As part of billing management, SMAPPEN processes the personal data of its clients. Each piece of personal data collected for this purpose is essential to ensure billing services. The data collected will be processed for the following purposes:

• Receipt and processing of billing

The processing of your personal data for the performance of the aforementioned activities is based on the performance of a contract.

5.6. User account management

On our website, you have the possibility to create a user account. Each piece of personal data collected for this purpose is essential for the proper functioning of the requested services. The transmitted data will be processed for the following purposes:

• Creation and management of the user account

The processing of your personal data for the performance of the aforementioned activities is based on the performance of a contract, specifically through the acceptance of the license agreement accessible here.

6. Categories of Data Collected

As part of its activities, SMAPPEN collects only personal data that is relevant to the identified purposes.

You may find below the details of the personal data we may process within the framework of the processing activities described above. (The mandatory or optional nature of the personal data collected, as well as the potential consequences of a failure to respond, are indicated at the time of collection on the associated forms.)

NB: The lists of data provided below are not intended to be exhaustive and are primarily aimed at informing you about the categories of data that SMAPPEN is likely to process.

You provide us with some of this data when:

• You fill out contact and registration forms on the Site;
• You use the various means of contact available on the Site (telephone, email, chat);
• You browse the Site;
• You use the Services.

6.1 Data collected for the processing: Management of contact requests

Within the scope of this processing activity, SMAPPEN is likely to process all of the following categories of data:

• Information from non-commercial communication materials: Communication content, Information exchanges
• Identity information: Personal email, Last name, First name
• Professional life information: Professional email

6.2 Data collected for the processing: Management of the newsletter

Within the scope of this processing activity, SMAPPEN is likely to process all of the following categories of data:

• Identity information: Personal email, Birth name, Surname (used name or spouse’s name), First name
• Professional life information: Professional email

6.3 Data collected for the processing: Management of recruitment

Within the scope of this processing activity, SMAPPEN is likely to process all of the following categories of data:

• Information from non-commercial communication materials: Communication content
• Documents with legal value: CV/Resume, Cover letter
• Identity information: Personal email, Last name, First name, Private mobile phone number
• Professional life information: Job title
• Information from the recruitment process: Candidate’s interests, Candidate’s professional skills, Previous jobs and employers, Candidate’s professional experience, Information relating to internships completed, Periods of unemployment, Candidate’s studies/training/diplomas, Assessment of the use of work tools (job-specific, IT resources, etc.)

6.4 Data collected for the processing: Cookie management

Within the scope of this processing activity, SMAPPEN is likely to process all of the following categories of data:

• Electronic information: IP addresses, MAC addresses, History of pages visited

6.5 Data collected for the processing: Management of billing services

• Financial information: Bank details and subscription amount
• Identity information: Last name, First name, Phone number, Country
• Professional life information: Professional email, Name of the affiliated company, and Address of the affiliated company

6.6 Data collected for the processing: User account management

• Identity information: Personal email, Last name, First name, Private mobile phone number
• Professional life information: Professional email, Professional phone number, Name of the affiliated company

7. Recipients

Your personal data is only processed by persons authorized to know it.

The primary recipients of your data are ourselves, for the processing of your orders and customer relationship management. More specifically, recipients include the relevant internal departments and external service providers authorized to process the data.

Other recipients of your personal data may include, where applicable, our IT service provider, as well as our third-party service providers and third-party platforms.

Other organizations that may have access to your data include:

• Where applicable: the relevant courts, mediators, chartered accountants, statutory auditors, lawyers, bailiffs, and debt collection agencies; 
• Third parties likely to place cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent to it (For more details, please consult our Cookie Policy). 

Your personal data is neither communicated, exchanged, sold, nor rented without your express prior consent, in accordance with applicable legal and regulatory provisions.

8. Retention Period

In accordance with current Regulations, we do not retain your personal data beyond the period necessary for the purpose for which it was collected, as described in Article 5 of this Policy, increased where necessary by legal statute of limitations periods.

You can verify the retention periods applied to the processing activities concerning you by making a request to our Data Protection Officer by email at [email protected].

In summary: We retain your information for as long as necessary to achieve the objectives described in this Privacy Policy, unless otherwise required by law.

9. Data Transfers Outside the European Union

In certain cases, your personal information may be stored on servers located outside the EEA (European Economic Area).

This is notably the case when we transfer information to certain partners, particularly via cookies to Google, which may store data on servers in the United States. However, on July 10, 2023, a data transfer agreement was signed between the European Union and the United States (the EU-U.S. Data Privacy Framework). Consequently, the use of Google Analytics is compliant.

10. Social Media

When you visit us on social media, these platforms may process your personal data using their own cookies. We do not control these social media cookies. Furthermore, we are unable to access your accounts unless you take positive action to grant such access. We invite you to refer to the privacy policies of the relevant social media platforms for information regarding their use of your personal data.

11. Security and Confidentiality of Personal Data

SMAPPEN complies with the GDPR and the French Data Protection Act (Loi Informatique et Libertés) regarding the security and confidentiality of your data. 

We implement all necessary technical and organizational measures to ensure the security of our personal data processing and the confidentiality of the data we collect. 

In this regard, we take all useful precautions, considering the nature of the data and the risks presented by the processing, to preserve its security and, in particular, to prevent data from being distorted, damaged, or accessed by unauthorized third parties (physical protection of premises, secure HTTPS protocol, logging, and traceability of connections to software deployed internally). 

12. Your Rights Regarding Your Personal Data

In accordance with the French Data Protection Act (Loi Informatique et Libertés) and the GDPR, you have several rights regarding your personal data. These rights can be exercised by contacting our DPO via email or mail, as specified in Section 3 of this Policy.

You have the following rights regarding your personal data:

• Right to Information on the Processing of Personal Data

 SMAPPEN undertakes to make its best efforts to provide concise, transparent, and accessible information on the conditions under which your Personal Data is processed. Should you wish to obtain further information regarding the processing of your personal data, you may contact our DPO by referring to Section 3 of this Policy.

• Right of Access and Rectification of Personal Data 

In accordance with current regulations, you have the right to ask SMAPPEN if it processes your data and to request the transmission of information concerning you. In this regard, you may request:

• Access to all data concerning you;
• The origin of your data as well as its recipients;
• Access to the data upon which SMAPPEN based a decision concerning you;
• To obtain a copy of your data (for any additional copies, SMAPPEN is entitled to charge a fee based on the administrative costs incurred).

Finally, you have the right to rectify your data if it is incomplete or inaccurate, particularly in the event of a change in your circumstances.

• Right to Erasure (“Right to be Forgotten”) 

Under current regulations, you may request the deletion of your personal data. You may specifically request deletion if:

• Your data is no longer necessary for the purposes for which it was originally collected;
• You withdraw your consent for the use of your data;
• You believe your data is being processed unlawfully;
• Your data must be erased to comply with a legal obligation.

In specific cases defined by law, SMAPPEN may not be able to grant your request, particularly if a legal obligation imposes a retention period for your data, or if your data is necessary for the establishment, exercise, or defense of legal claims. Once the reason justifying the retention of your data no longer exists, it will be deleted.

• Right to Object 

This right allows you to object to your data being used by SMAPPEN. To do so, you must explain the reasons justifying your objection. You may object at any time, for legitimate reasons, to the reuse of your Personal Data for processing activities other than those notified, except in cases where SMAPPEN is fulfilling a legal obligation. We would like to emphasize this right as it specifically concerns you as professionals when you no longer wish to receive commercial information from us.

• Right to Restriction of Processing 

You have the right to request that the processing of your Personal Data be restricted to what is necessary. This right applies only:

• If you contest the accuracy of your Personal Data;
• If you can establish that the processing of your Personal Data is unlawful and request a restriction of its use rather than erasure;
• If SMAPPEN no longer needs your Personal Data, but it is still necessary for you to establish, exercise, or defend legal claims;
• If you object to processing based on a legitimate interest pursued by us as Data Controller, pending verification of whether our legitimate grounds override yours.

• Right to Lodge a Complaint with a Supervisory Authority 

If you feel that the efforts made by SMAPPEN to preserve the confidentiality of Personal Data do not guarantee the respect of your rights, you have the option to lodge a complaint with the competent supervisory authority (CNIL or any other authority mentioned on the list available from the European Commission).

You may exercise all of the aforementioned rights by emailing our Data Protection Officer at [email protected].

13. Minors

The SMAPPEN website is not intended for minors. SMAPPEN does not knowingly collect personal data from minors under the age of 15.

14. Modification of this Policy

The notices and website audit were completed on 04/29/2026.

SMAPPEN reserves the right to make changes to this Policy at any time to comply with legislative and regulatory developments and/or to improve it. In the event of a modification, a new version will be updated and posted online with the date of the last update.

15. Cookies

“Cookies” (or connection trackers) are small text files of limited size that allow us to recognize your computer, tablet, or mobile device for the purpose of personalizing the services we offer.

To better inform you about the information that cookies identify, you will find below a table listing the different types of cookies likely to be used on the Website, their name, their purpose, and their retention period: