Privacy policy

1 / Field of application

Castelis attaches the greatest importance and care to the protection of privacy and personal data, as well as to the respect of the legal provisions on the subject.
The European Regulation on the protection of personal data states that personal data must be processed in a lawful, fair and transparent manner. Thus, this privacy policy (hereinafter “Policy”) aims to provide you with simple, clear information on the processing of personal data concerning you, in the context of your navigation and the operations carried out on our website.

2 / Data controller

Within the framework of your activity on the site, we collect and use personal data related to you, natural persons (hereafter “data subject”).
For all processing, Castelis, SAS with a share capital of 1,000,000 euros, registered with the RCS under number 429 463 987 and having its registered office at 9 rue Maurice Grandcoing, 94200 IVRY SUR SEINE, determines the means and purposes of processing. Thus, we act as a controller, within the meaning of the regulations on personal data, and in particular the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

3 / What data do we collect and how ?

When you use our website, you provide us with certain information about yourself, some of which may identify you (“personal data”). This is the case when you browse our site or when you fill out online forms.
The nature and quality of the personal data collected about you varies depending on the relationship you have with Castelis, the main ones being

  • Identification data: this includes any information that would allow us to identify you, such as your first and last name, telephone number, and e-mail address. We may also collect your company name.
  • Connection data: We collect your IP address for maintenance and statistical purposes.
  • Browsing Information: As you browse our website, you interact with it. As a result, certain navigational information is collected.
  • Data collected from third parties: data that you have agreed to share with us or on publicly accessible social networks and/or that we may collect from other publicly accessible databases.
  • Documents of different natures (PDF, Office format, Image) with titles, contents, folder names, or information related to a document, such as written comments in the documents, alert and reminder dates. These documents can be the CV and the cover letter.

4 / Why do we collect your personal data and how ?

Recruitement form
– Personal data collected : Name, First name, Phone number, Email address, CV and cover letter
– Legal basis: Pre-contractual relationship
– Retention period: 2 years

Contact form
– Personal data collected: Name, First name, Position, Company, Phone number, Email address, Nature of the exchange
– Legal basis: Legitimate interest
– Retention period: 2 years

Management of the commercial relationship
– Personal data collected: Name, First name, Company, Phone number, Email address and any information given during the exchanges
– Legal basis: Pre-contractual relationship
– Retention period: 2 years

Commercial prospecting operations
– Personal data collected: Name, First name, Company, Phone number, Email address and any information given during the exchanges
– Legal basis: Legitimate interest
– Retention period: 2 years

– Personal data collected : E-mail address
– Legal basis: Consent
– Retention period: 2 years

5 / Do we share your personal data ?

For certain processing purposes, we may share your data with our service providers, whom we use to perform a range of operations and tasks on our behalf:
– Welcome to The Jungle
– Hubspot
– Sitecore

However, this sharing of data is only done after obtaining your consent, or as necessary to fulfill our contract with you. In addition, they are only given the information they need to perform the service. They are also asked not to use the data for purposes other than those originally intended. We make every effort to ensure that these third parties maintain the confidentiality and security of your data.

Your personal data may also be shared with other Castelis departments, such as
– Sales department
– Marketing department

Finally, your data may also be transmitted to legal or regulatory authorities, in order to comply with our legal obligations.
In these last two cases, as with service providers, only the necessary data is provided. And we make every effort to keep it confidential and secure.
We do not sell your data.

6 / Is your data transferred to third countries ?

Castelis strives to keep personal data in France, or at least within the European Economic Area (EEA). However, it is possible that the data we collect when you use our platform or services may be transferred to other countries, for example if some of our service providers are located outside the European Union.
In the event of such a transfer, we guarantee that the transfer is made :
– Either to a country that ensures an adequate level of protection, i.e. a level of protection equivalent to that required by European regulations;
– Or that it is governed by standard contractual clauses;
– Or that it is governed by internal company rules.

7 / How long do we keep your data ? 

We retain your personal data only for as long as is necessary to fulfil the purpose for which we hold the data, to meet your needs or to fulfil our legal obligations.
Retention periods vary depending on several factors, such as:
– The needs of Castelis’ business
– Contractual requirements
– Legal obligations
– Recommendations from supervisory authorities
The retention periods are detailed in the table of treatments above.

8 / How do we guarantee the security of your data ?

Castelis is committed to protecting the personal data we collect, or that we process, against loss, destruction, alteration, unauthorized access or disclosure.
Therefore, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing them. These measures must allow us to preserve the security and confidentiality of your personal data. These measures may include practices such as limiting access to personal data to authorized persons by virtue of their position.
In addition, our practices and policies and/or physical and/or logical security measures (e.g., secure access, authentication procedures, back-up, software, etc.) will be regularly reviewed and updated as necessary.

9 / What are your rights ?

On the personal data we collect/process, you can exercise the following rights:
– A right of access: you have the right to request access to the personal data we hold about you, and you may request a copy of it;
– A right of rectification: you may request a rectification of any inaccurate data about you;
– A right of deletion: you may request the deletion of your personal data in certain circumstances;
– A right to portability: under certain conditions you can receive all the personal data about you that you have provided to us, in a structured format. You also have the right to request that we transfer it, where possible, to another controller;
– A right to object to processing on the basis of legitimate interests;
– A right to withdraw consent at any time;
– A right to restrict processing: you have the right to restrict the processing of your data if:
– You dispute the accuracy of your data, until we verify its accuracy;
– The processing is unlawful but you do not want us to delete your data;
– We no longer need your personal data for the purpose of processing but you need your data in order to bring, assert or defend against legal claims;
– You object to the processing on the basis of related grounds pending verification of whether our compelling legitimate grounds for further processing override those interests;

If such personal data is subject to such limitations, we will only process your data with your consent, or for the purpose of bringing, asserting or defending against legal claims ;
To exercise your rights, you may contact the Data Protection Officer (DPO):
– By mail to the address: CASTELIS, For the attention of the Management/DPO – 9 rue Maurice Grandcoing, 94200 IVRY SUR SEINE,
– By e-mail to the address: [email protected]

When you send us a request to exercise a right, you are asked to specify as much as possible the scope of the request, the type of right exercised, the personal data processing concerned, and any other useful element, in order to facilitate the examination of your request. In addition, you may be asked to prove your identity.

10 / What cookies are placed on your browser ?

Cookies are computer files that are automatically deposited on the hard drive of your computer, tablet or cell phone when you browse our Website. They are managed by your Internet browser (Internet Explorer, Firefox, Safari or Google Chrome).

Are cookies deposited when you browse the Castelis site?
When you first visit the Castelis website, a banner will inform you of the presence of cookies and invite you to indicate your choice. Cookies requiring your consent in accordance with the regulations are only deposited if you accept them. You may at any time inform yourself and configure your cookies to accept or refuse them by going to the [Cookie Management] banner at the bottom of each page of the Site or by configuring your browser.

What data is collected through cookies?
Cookies can be used to collect all data relating to a terminal at a given time, in particular
– One or more technical identifiers that identify your Internet box;
– The date, time and duration of connection of a terminal to a Website;
– The Internet address of the page from which the terminal accesses the Website;
– The type of operating system of the terminal (e.g. Windows, MacOs, Linux, Unix, etc.);
– The type and version of the browser software used by the terminal (Internet Explorer, Firefox, Safari, Chrome, Opera, etc.);
– The brand and model of the mobile device or tablet;
– Possible download errors;
– The language of the browser software used by the terminal;
– The characteristics of the content consulted and shared (type of page visited for example);

What are the purposes of the cookies placed on the Castelis website?
On our Site, we may deposit different types of cookies for several purposes:
– cookies necessary for the customization and operation of the Site: they allow you to use the main features of our Site and in particular to record information between two visits to the Website on the same device, such as elements of customization of the interface (choice of language or presentation). They do not require your prior consent. These cookies are essential to the proper functioning of the Website. Without these cookies, you will not be able to use our Site normally. Therefore, they cannot be deactivated.
– Analytical, statistical or audience measurement cookies that allow us to know the use and audience performance of our Site and to improve its operation for our visitors; for example, to establish statistics and volumes of traffic and use of the various elements that make up our Site (sections and content visited, path), in order to improve the interest and ergonomics of our Site;
– commercial or advertising cookies that allow us to choose in real time which advertisements to display on third-party sites, to analyze your behavior on our website, and to personalize the advertisements according to your centers of interest. Advertising cookies are deposited on your terminal only when you have given your express consent.
– Social network cookies deposited by social networks when you share content from our Website with others or let them know what you think about this content via an application button. We have no control over the process used by these social networks to collect information about your browsing on our Site and associated personal data they have. We invite you to consult their data protection policies in order to know your rights with respect to each of them, and to manage your privacy settings.

Who deposits cookies on the Website?
– The editor of the Website, which is Castelis;
– Partners, namely advertisers and advertising agencies, and any other recipient with whom Castelis has concluded a partnership contract. These cookies allow us to adjust the advertising messages to your destination. The deposit of these cookies is made only if you have given your express consent.
– Third party social network publishers, i.e. companies that publish social networks such as, for example, Facebook, Twitter, etc., which may deposit cookies for sharing purposes on social networks;

List of companies using cookies on our Site
– Facebook
– LinkedIn
– Hubspot
– Google
– Youtube

How long are the cookies stored?
Cookies deposited by Castelis, our subcontractors and our partners, as well as the data collected, are kept for a maximum of 6 months from the date of their deposit on your terminal. At the end of this period, your consent is again required and the cookie banner is displayed when you visit our Sites again.

How to manage the consent to the deposit of cookies?
The deposit of a Cookie for the purpose of audience measurement, personalization of content, social networks and targeted advertising requires your prior consent. This consent is requested through the banner that appears when you first browse the Castelis website. You can choose to accept the deposit of cookies for all the purposes listed, refuse them or personalize your choice. You may withdraw your consent at any time by clicking on the [Cookie Management] link at the bottom of each page of the Site or by configuring your browser.
This consent is valid only for the Website visited.

How to configure cookies on web browsers?
You have the choice of configuring your browser to accept or reject all cookies, delete cookies periodically, or to see when a cookie is issued, how long it is valid, and its content, and to refuse to store it on your hard drive.
You can choose to block or disable these cookies at any time by setting the internet browser on your computer, tablet or mobile device according to the instructions set by your internet browser provider and listed on the Websites below:

On Internet Explorer
Open the “Tools” menu, then select “Internet Options”; click on the “Privacy” tab and then the “Advanced” tab choose the desired level or follow the following link:

On Microsoft Edge:
Open the “Tools” menu, then select “Internet Options”; click on the “Privacy” tab and then the “Advanced” tab choose the desired level or follow the following link:

On Mozilla Firefox
Open the “Tools” menu, then select “Options”; click on the “Privacy” tab and choose the desired options or follow this link:

On Safari Mac/Iphone/Ipad
Choose “Safari > Preferences” and then click on “Security”; in the “Accept Cookies” section choose the desired options or follow this link: or

On Google Chrome
Open the configuration menu (wrench logo), then select “Options”; click on “Advanced Options” then in the “Privacy” section, click on “Content Settings”, and choose the desired options or follow this link:

On iOs

You can also type “cookies” in the “help” section of your browser to access instructions on how to set up your settings.
For more information, you can also consult the CNIL website:>

11 / Updating of this Policy

This policy may be regularly updated to take into account changes in regulations relating to personal data.

Last update date 15/06/2021.