Privacy Policy — NEO-EARTH SAS
Effective date: 27 January 2025
Company: NEO-EARTH SAS — 42 rue Clément Thomas, 33500 Libourne — SIREN 914 911 953
Data controller: Saïd IHAMMOUINE (President)
GDPR contact: Charles-Antoine BOELS — charles-a@neoearth.fr
1. Scope
This policy explains what personal data NEO-EARTH collects, why we process it, who receives it, how long it is kept, and the rights you have under the EU General Data Protection Regulation (GDPR).
2. Data we collect
We collect only the personal data necessary for the purposes below. Examples:
Employees & applicants: identity and contact details, CV, employment records, payroll data (bank details, social security).
Clients & prospects (B2B): business contact details, company, role, contractual & invoicing data, commercial correspondence.
Website visitors: form inputs (name, email, message), basic usage data (IP, pages visited, timestamps).
Suppliers: contact and invoicing information, bank details.
3. Purposes & legal bases
Employment management and payroll — performance of contract and legal obligations (Art. 6(1)(b) & (c)).
Commercial relations and B2B prospecting — performance of contract and legitimate interest (Art. 6(1)(b) & (f)).
Website operation and security — legitimate interest for essential functions; analytics/marketing only with consent (Art. 6(1)(f) & (a)).
Accounting and legal compliance — legal obligations (Art. 6(1)(c)).
4. Recipients & subprocessors
Data are accessed by internal teams (management, HR, commercial) and shared with service providers acting as processors (examples: Keobiz for accounting/payroll, Folk.app for CRM, Hostinger for hosting, Microsoft OneDrive for storage). We require subprocessors to provide adequate contractual safeguards; where needed we are in the process of obtaining / formalising Data Processing Agreements.
5. International transfers
We do not carry out routine transfers of personal data outside the EEA. If any transfer outside the EEA occurs, we will implement appropriate safeguards (standard contractual clauses or equivalent).
6. Retention periods
Employee files: duration of employment + 5 years.
Unsuccessful candidate CVs: up to 2 years.
Prospects: 3 years after last contact.
Clients: during relationship and 10 years after end of relationship (accounting).
Non-essential cookies: up to 13 months.
7. Security
We apply reasonable technical and organisational measures (HTTPS, access controls, password protection, backups). Additional measures (encryption at rest for sensitive data, mandatory multi-factor authentication for admin accounts, centralised logging) are being implemented and will be documented.
8. Cookies & tracking
Strictly necessary cookies are required for site operation. Non-essential cookies (analytics/marketing) are used only after user consent. We have enabled a cookie banner and are implementing a consent management solution to record and retain consent evidence (categories and timestamp). Non-essential cookies are not intentionally activated before consent.
9. Your rights
You have the right to request access, rectification, erasure, restriction of processing, objection, and portability of your personal data. To exercise these rights contact: charles-a@neoearth.fr. We will respond within legal deadlines.
10. Data breaches
If a personal data breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the competent supervisory authority within 72 hours and inform affected individuals as required by law.
11. Changes to this policy
We may update this policy; the effective date above shows the last update. Material changes will be published on this page.
12. Contact
For questions or to exercise your rights: Charles-Antoine BOELS — charles-a@neoearth.fr.