Privacy Policy

                                                                   

LAST UPDATED: MAY 01, 2024

This Data Privacy Policy (“Privacy Policy” or this “Policy”) represents the minimum standards that DataXali (“DataXali”, “we”, “us”) have established regarding data privacy, to ensure that we collect, use, store and disclose Personal Data in a fair, transparent and secure manner.

This Policy complies with (and in some cases exceeds) the main requirements of applicable laws and regulations. It is also aligned with other specific DataXali policies relating to the collection and use of Personal Data information implemented by each entity of the DataXali Group to cover the specific processing needs of Personal Data necessary for the activity daily (e.g. cookie policy, specific local policies such as employee privacy policies, specific customer information notices, etc.). This Policy recognizes that some DataXali subsidiaries are located in countries with varying legal and cultural approaches to privacy and data protection. This Privacy Policy may therefore be supplemented by other policies and procedures in certain geographic regions, as may be appropriate to comply with applicable laws and meet cultural norms.

In the event of a conflict between this Privacy Policy and applicable local privacy policies and/or applicable local law from time to time, or in the event of inapplicability of the provisions of this Privacy Policy, applicable local policy and law local authorities will prevail.

Some useful definitions are provided in section 2 of this Privacy Policy for your ease of reference.


1.1 The Policy covers all Personal Data in any form, including but not limited to electronic data, disks and paper documents and all types of processing, manual or automated, which are in the possession of DataXali or under the control control of DataXali, in all geographic areas where DataXali operates. This includes information held about DataXali members, partners, employees, contractors, consultants, customers, consumers, suppliers, business contacts and any third parties.

1.2 This Policy also applies to any Third Party that performs services for or on behalf of DataXali and who are expected to adopt standards of conduct consistent with the principles set out in this Privacy Policy.


2.1 DataXali means the relevant DataXali entity processing Personal Data and the various subsidiaries of DataXali.

2.2 Third Party means a third party or Business Partner who receives from DataXali or is granted access to or who is otherwise entrusted with Personal Data on behalf of DataXali, for example suppliers, contractors, subcontractors and other providers Services.

2.3 Data Subject means an identified or identifiable natural person whose Personal Data is processed by DataXali.

2.4 Informed Consent means any freely given, specific and informed indication of the Data Subject's agreement to the processing of their Personal Data, when this is required.

2.5 Personal Data means any information allowing a natural person to be directly or indirectly identified, in particular by reference to an identification number or to one or more elements specific to their physical, physiological, mental, economic, cultural or social identity. Data is considered Personal Data when it allows anyone to link that data to a natural person, even if the person or entity holding that information cannot make that link.

2.6 Application Data means any Personal Data that is Processed by the DataXali Services, whether by DataXali or by Third Parties who perform services for or on behalf of DataXali. For greater clarity, Personal Data Processed via DataXali marketing websites is not Application Data.

2.7 Sensitive Data (or Special Category of Data) includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identify a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person.

2.8 Personal Data relating to criminal convictions and offenses constitutes a subset of Personal Data, which by its nature has been classified by law or applicable policy as deserving additional privacy and security protections .

2.9 Process / Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to collection, recording, organization, storage , access, adaptation, modification, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deletion, erasure or through other means, such as DataXali marketing websites (“Process” will be construed accordingly).

2.10 DataXali Services means the services used by you in accordance with the applicable agreement, which may include DataUniX or DataXrop), including any updates or replacements thereto and technical support provided by DataXali from time to time .*


Personal Data is processed on legal grounds with the informed knowledge of the Data Subjects.

3.1 We will only use Personal Data on a legal basis:

If necessary to perform a contract (for example, with our employees, contractors, customers using DataXali Services, suppliers); in particular, we will use the Application Data only for the purpose of providing the DataXali Services as provided for in this contract; Or

If required to comply with a legal obligation (for example, where we need to meet our obligations as an employer); Or

When we have a legitimate business need or legitimate business reason to use Personal Data in the course of our commercial activities (for example, when carrying out processing to better know our customers and send them promotional offers), except that this does not apply to Application Data; Or

When we have obtained Informed Consent from the Data Subject where it is specifically required by law or applicable policy. This may in particular be the case when none of the other legal bases described above are applicable and to the extent permitted by applicable law.

3.2 We consider it important to assess the privacy risks before collecting, using, retaining or disclosing Personal Data, such as in a new system or as part of a new project.

3.3 DataXali will only process Personal Data in the manner described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject.

3.4 DataXali will not carry out profiling activities based on automated decision-making, unless this is legally based on a requirement of applicable law or the performance of a contract or the consent of the Data Subject, and provided that appropriate safeguards are implemented to protect the rights of Data Subjects.

3.5 We use cookie technologies on our websites to enable us to evaluate and improve the functionality of our websites. We may also use cookies for advertising or analytical purposes, subject to your consent and according to your choice using our cookie settings tool. For more information on DataXali's use of cookies, please read our online Cookie Policy.

3.6 Where required by law, we will ensure that Data Subjects are provided with relevant information regarding the processing of their Personal Data, unless it is impossible to provide such information or it would require disproportionate effort to do so. provide such information. This information will include in particular the purposes of the processing of Personal Data, the types of Personal Data collected (if the Personal Data has not been obtained directly from the data subject), the categories of recipients, the list of rights that can be exercised by the Data Subjects, the consequences of failure to respond or provide Personal Data, the conditions for the transfer of Personal Data outside the European Economic Area (“EEA”), if applicable, and the mechanism used to protect Personal Data in the event of transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the time Personal Data is initially collected from them. Privacy notices should be written in language that provides Data Subjects with a clear understanding of how their Personal Data will be used.

Personal Data will only be collected and processed for specified, explicit and legitimate purposes (which could be multiple), in accordance with the principle of minimizing Personal Data and ensuring the accuracy of the Personal Data processed.

4.1 Personal Data will not be further processed in a manner incompatible with these purposes.

4.2 We carefully evaluate and define the purposes of any processing of Personal Data before launching a project (for example, management of HR data, management of recruitment data, payroll objectives, financial and accounting management, allocation of IT tools and all other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, customer relationship management, offer management, sales and marketing, supply management, communication management internal and external, compliance with anti-money laundering and anti-corruption obligations or any other legal requirements, data analysis operations, implementation of compliance processes).

4.3 We ensure that the Personal Data we collect is relevant, adequate and not excessive in relation to the purpose of the Processing and its possible use (e.g. insights, marketing, promotions). This means that only Personal Data necessary and relevant for the intended purpose can be collected and processed.

4.4 When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offenses, unless required by applicable law or where permitted by applicable law with the express prior consent of the Data Subject.

4.5 Every reasonable step will be taken to ensure that Personal Data is maintained accurately and up to date at each stage of Personal Data Processing (i.e. collection, transfer, storage and retrieval).

4.6 We encourage Data Subjects to help us keep your Personal Data up to date by exercising your rights, including those of access and rectification.

These principles ensure that the processing of Personal Data at DataXali not only complies with regulatory requirements, but also respects the fundamental rights of individuals to confidentiality and the protection of their personal information.


Since employees, contractors, customers, suppliers, consumers and business partners entrust us with their Personal Data, DataXali ensures the security and confidentiality of the Personal Data it processes.

5.1 Data Protection: We protect any Personal Data collected, used, stored and disclosed to support our business activities by following relevant customary, technical and organizational policies, standards and processes.

5.2 Technical and organizational measures: Industry standard technical and organizational measures are implemented to prevent accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access to Personal Data, or any other form of illicit or unauthorized processing.

5.3 Selection of service providers: When the processing must be carried out on behalf of DataXali, the latter will select service providers offering sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the laws on applicable data protection and ensures the protection of the rights of Data Subjects.

5.4 Design and default of confidentiality: DataXali strives to take reasonable measures based on confidentiality by design and by default, appropriate to implement the necessary safeguards when processing Personal Data. DataXali will therefore implement technical and organizational measures, from the early stages of designing processing operations, so as to protect privacy and data protection principles from the outset ('Privacy by Design'). By default, DataXali must ensure that Personal Data is processed with privacy protection (e.g. only necessary data should be processed, short retention period, limited accessibility) so that, by default, Personal Data does not are not accessible to an indefinite number of people ('Privacy by Default').

5.5 Privacy impact assessment: Where the processing of Personal Data is likely to result in a high risk to the rights and freedoms of the Data Subjects, we will carry out a privacy impact assessment or “privacy assessment”. impact relating to Personal Data” before its implementation.

5.6 Violation Management: No violation is too small to take action. We will investigate all claims relating to any violation of this Privacy Policy or applicable data protection laws, potential or actual, which come to our attention or of which we become aware, and will take all reasonable measures to limit their impact.

5.7 Additional information on IT security measures: IT security measures are described in more detail in the DataXali Information Security Policy.


DataXali retains Personal Data only for as long as necessary for the purposes for which it was collected and processed (and for other compatible purposes), which may include:

6.1 Retention Policy: Personal Data is retained and destroyed consistently with applicable law and in accordance with DataXali's Data Retention Policy.

6.2 Review of the need for retention: Any individual or entity handling Personal Data on behalf of DataXali will periodically review the need to retain this data. If no justifiable legal or commercial reason no longer exists for their retention, they will be securely destroyed or anonymized.

6.3 Specificities according to the data:

6.4 Transfer and anonymization: When Personal Data is no longer necessary for the intended purposes or for legal reasons, and they must not be kept, they will either be transferred outside of DataXali or made anonymous to avoid any subsequent unrelated use. allowed.

6.5 Information and transparency: DataXali undertakes to inform Data Subjects of the retention period of their Personal Data and the rights associated with this data, including their right to request the deletion or modification of the stored data.


DataXali is attentive to requests or requests made by Data Subjects regarding their Personal Data and, where required by law, offers Data Subjects the ability to access, correct, restrict and erase their Personal Data as required by law. provides for applicable law. We also allow them to object to the processing of their Personal Data and to exercise their right to data portability.

7.1 Right of access: We will provide access to all Personal Data relating to a Data Subject as required by law, including the purposes of the processing, categories of Personal Data processed, categories of recipients, retention period data, the rights to rectify, delete or restrict the Personal Data accessed if applicable, etc.

7.2 Right to portability: We may also provide a copy of any Personal Data that we hold in our records in a compatible and structured format to enable the exercise of the right to data portability to the extent that this is relevant under law applicable.

7.3 Right to rectification: Data Subjects may request that we correct, amend, delete any Personal Data that is incomplete, obsolete or inaccurate.

7.4 Right to erasure: Data Subjects may request deletion of their Personal Data if:

DataXali will take reasonable steps to notify other DataXali entities of such deletion.

7.5 Right of restriction: Data Subjects may request restriction of their Personal Data if:

7.6 Right to withdraw consent: When the processing of Personal Data is based on the consent of the Data Subject, the Data Subject may withdraw this consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.

7.7 Right of opposition: The Data Subject may also indicate his opposition to the processing of his Personal Data at any time to:

7.8 Digital Legacy: Data Subjects have the right to set guidelines (general or specific) regarding the use of their personal data after their death.

To exercise these rights, please use the contact details provided below in Section 10 of this Privacy Policy. The Data Subject also has the right to file a complaint with the competent supervisory authority regarding Personal Data.


Personal Data is only disclosed outside of DataXali when there is an overriding legal justification to do so.

8.1 Controlled Disclosure: Disclosure is made on a strictly limited “need to know” basis when the justification for transferring the Personal Data is clear – either because the Data Subject has consented to the transfer or because the disclosure is required to perform or reach an agreement, or for a legitimate purpose that does not infringe the fundamental rights of the Data Subject, including the right to privacy (for example, sharing in the context of a merger and acquisition transaction). In each case, the Data Subject will be aware that disclosure is likely to occur. Assurances will also be sought from recipients that they will use Personal Data only for legitimate/authorized purposes and will keep it secure.

8.2 Necessity and relevance: If necessary and relevant, personal data may be disclosed:

To DataXali subsidiaries for purposes described in the Policy;

To authorized employees, representatives, agents and intermediaries of DataXali for purposes described in the Policy;

To partners, agencies and service providers, including IT service providers for technical reasons, who assist DataXali in providing its products/services.

Main suppliers of DataXali, where applicable:

Google Inc. (or one of its subsidiaries), in particular for data hosting and lead sales cycle management;

Microsoft Corporation (or one of its subsidiaries), in particular for data hosting;

SalesForce, for the automation of marketing services;

HubSpot, for managing marketing, sales and customer service;

Zendesk, for customer service and customer relationship management (CRM);

Salesloft, for sales engagement management.

DataXali may also disclose Personal Data to the extent required by law and/or competent authorities.

8.3 Specific disclosure required by law: If a particular disclosure is required to meet a legal obligation (for example to a government agency or to the police/security service) or in connection with legal processes, generally Personal Data may be provided as long as that the disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation (i.e. the Data Subject has been informed of the possibility of such event in Informed Consent or is notified at the time of the request for disclosure).


Personal Data originating from DataXali entities operating within the EU will not be transferred outside the European Economic Area (EEA) to a third country that does not guarantee an adequate level of protection, unless appropriate safeguards are provided. implemented in accordance with applicable laws.

9.1 International data transfer: The international transfer of Personal Data is a very sensitive subject and is taken seriously before transferring Personal Data from its EEA country of origin to another non-EEA country, whether such transfer is for technical reasons (e.g. storage, hosting, technical support, maintenance) or for primary purposes (e.g. centralization of customer database management).

9.2 Guarantees for international transfer: We never carry out international transfers of Personal Data from an EEA country to a non-EEA country without ensuring that appropriate transfer mechanisms, as required by applicable data protection laws, are in place to ensure adequate protection of data during its transfer (e.g. adequacy decision, signing of the European Commission Standard Contractual Clauses where appropriate).

9.3 Agreements and verifications: DataXali ensures that any international transfer agreement for Personal Data includes strict confidentiality and security clauses, in accordance with international standards and specific EU regulations on data protection.

9.4 Monitoring and compliance: Regular reviews are carried out to ensure that third countries where Personal Data is transferred maintain appropriate safeguards. This includes monitoring legislative or regulatory changes that could affect the protection status of Personal Data.

9.5 Information and consent: Before completing an international transfer of Personal Data, DataXali will inform the affected Data Subjects of the details of the transfer, including the reason for the transfer, the specific data that is transferred, and the protection measures in place. Explicit consent from Data Subjects will be obtained where required by law.

9.6 Review and adjustment of practices: DataXali's transfer practices are regularly reassessed to ensure that they remain compliant with the latest legal requirements and best practices, and adjusted accordingly.


DataXali is committed to resolving legitimate privacy concerns of its staff, customers and other contacts. If any staff member believes that he/she has violated this Privacy Policy, he/she should immediately contact the DataXali Privacy Contact at: legal@dataxali.io and report the incident.

10.1 Reception and management of complaints:

10.2 Cooperation with supervisory authorities:

10.3 Internal procedures:

10.4 Response to Data Subjects:

10.5 Protection of Data Subject Rights:

10.6 Warranty Program:

As our business and regulatory environment evolves regularly, this Privacy Policy may also change. We therefore invite you to consult it regularly.

11.1 Notification of changes:

11.2 Responsibility for updating:

11.3 Update process:

11.4 Archiving of previous versions:

11.5 Communication of changes:

11.6 Entry into force of the modifications:

11.7 Consent to Changes: