ODITY GROUP PRIVACY POLICY

hese Legal Notice and General Terms and Conditions of Use apply to the company SNEC, which owns the websites www.odity.com and www.areyounet.com, as well as the platforms pp-www.cxplatform.fr and extranet.surveyminer.com (hereinafter “the Odity Group”).

This Privacy Policy is intended to inform you of how the Odity Group processes the personal information you provide, through its websites or by any other means.

The Odity Group is committed to processing your personal data in a transparent, confidential and secure manner.

In the context of processing your personal data, the Odity Group recognises the importance of protecting and securing your privacy and personal data, and has established this Privacy Policy in compliance with the strictest standards of personal data protection, as well as all applicable regulations, in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

This Privacy Policy is therefore important to you, as someone who wishes to have a positive and trusted experience with the Odity Group’s offerings and services, and to the Odity Group, which wishes to respond to your questions precisely and comprehensively.

Accordingly, in compliance with the GDPR adopted by the European Parliament on 14 April 2016 and the French Data Protection Act of 6 January 1978 as amended, the Odity Group informs you of the following:

1. INFORMATION COLLECTED AND USE OF YOUR PERSONAL DATA

The Odity Group only collects information that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.

Your personal data may be collected on various occasions:

  • When browsing the Odity Group’s websites: This data, which does not allow Odity to directly identify you, includes information relating to your browsing activity on Odity’s websites, such as the pages you have visited, the dates and times you accessed those pages, your search results on the Odity Group’s websites, information about your device (hardware type, operating system, unique device identifier, IP address used, device configuration, browser used, browser language) and the address that led you to the Odity Group’s websites. You are not required to provide personal data if you simply wish to visit the Odity Group’s websites.

The Odity Group may use cookies when you visit its websites in order to enable content sharing on social networks, to offer you advertising tailored to your interests, and to track which pages are visited and how frequently, so as to make the sites more user-friendly and offer you personalised services on your next visit. In particular, the Odity Group uses essential cookies required for the functioning of its websites and their features, performance cookies to optimise the websites, detect potential technical issues and understand how you visit the Odity Group’s websites (number of visits per page, number of error messages displayed, time spent on a page, number of clicks on a section of a site, etc.), and personalisation cookies to remember your choices and preferences. Please note that while disabling personalisation cookies is possible, certain pages of the Odity Group’s websites may no longer display correctly, the level of online assistance offered by the Odity Group will be limited, and your preferences will not be saved.

For this purpose, the Odity Group may collect information about your browsing path, the duration of your visit to the site or page, the page from which you left the site, the country, region or city from which the site was accessed, and the frequency of your visits.

You may refuse the installation of cookies by adjusting your browser settings accordingly (for more information, please refer to the “Help” section of your browser). However, please note that refusing cookies may affect your browsing experience on the Odity Group’s websites.

Upon your first visit, a banner will inform you of the use of cookies and allow you to accept or refuse non-essential cookies. Your consent is obtained before any consent-based cookies are placed, in accordance with the CNIL recommendations of 17 September 2020.

Information collected through cookies does not allow you to be identified by name. For more information on cookies, please visit the CNIL website.

  • When placing an order for services as a Client: When registering for your personal account, the Odity Group collects the following mandatory data: title, surname and first name, postal address, phone number, email address, password and, where applicable, payment information (cardholder name, credit card number, expiry date and security code). This data is collected in order to provide direct, password-protected access to your personal data stored in our system and to your history related, where applicable, to previous services.

The Odity Group uses your personal data in accordance with applicable laws and regulations, for the purposes of properly performing the contract. This use is based on your consent and the legitimate interest of the Odity Group, namely the processing of your request.

The Odity Group also uses your personal data to provide you with the best possible experience when browsing its websites, to count the number of end users visiting the sites, and to analyse navigation statistics and improve said sites.

The Odity Group is committed to retaining personal data only for as long as necessary for the purposes of the processing.

  • Client data: 3 years after the end of the commercial relationship
  • Browsing data / cookies: maximum 13 months
  • Billing data: 10 years

Personal data collected by the Odity Group is intended for the legal entities of the Odity Group, third-party companies or sub-processors (which may operate outside the European Union), exclusively for the purposes of providing services, in accordance with applicable legal and regulatory provisions.

Such transfers are governed by standard contractual clauses approved by the European Commission in accordance with Article 46 of the GDPR. The list of relevant sub-processors is available upon request at rgpd@odity.com.

2. PROTECTION OF YOUR PERSONAL DATA

The Odity Group implements measures to protect your personal data against unauthorised access, use or disclosure, including but not limited to:

  • Implementation and maintenance of advanced technical measures to ensure that your personal data is recorded and processed with full confidentiality and security;
  • Implementation and maintenance of appropriate restrictions on access to your personal data, and control over the access, use and transfer of personal data;
  • All Odity Group employees with access to your personal data are required to sign a confidentiality agreement or equivalent, committing them to comply with the Odity Group’s data protection and confidentiality requirements;
  • The Odity Group requires any business partner or third-party service provider to whom it may disclose your personal data to comply with all applicable data protection and confidentiality requirements;
  • The Odity Group regularly provides data protection training to its employees and to third parties with access to your personal data.

The Odity Group declares that it provides sufficient guarantees, particularly in terms of knowledge, reliability and resources, for the implementation of technical and organisational measures satisfying the applicable legal and regulatory obligations regarding data protection.

In addition, the Odity Group undertakes to:

i. Process your data solely for the purposes of providing services; ii. Process your data in accordance with your instructions; iii. Ensure the confidentiality of the data processed; iv. Train authorised personnel; v. Provide a list of sub-processors (including those outside the EU, with standard contractual clauses pursuant to Article 46 GDPR); vi. Apply privacy by design and privacy by default; vii. Notify any changes impacting data processing; viii. Comply with data retention periods; ix. Cooperate on anonymisation.

The Odity Group undertakes to notify you of any personal data breach, as defined in Article 4.12 of the GDPR, within a maximum of seventy-two (72) hours of becoming aware of it, by the following means: sending a message to your email address.

This notification will be accompanied by all documentation in its possession enabling you, if necessary, to notify this breach to the competent supervisory authority. It must, as far as possible, specify the nature and consequences of the data breach, the measures already taken or proposed to remedy it, the persons from whom additional information may be obtained, and, where possible, an estimate of the number of individuals likely to be affected by the breach.

In the event of a complaint, you may contact the Commission Nationale de l’Informatique et des Libertés (CNIL) directly.

3. YOUR RIGHTS

In accordance with the GDPR (Articles 15–22) and European Regulation No. 2016/679, you have the right to access, rectify, erase and port your personal data, as well as the right to object to processing on legitimate grounds. These rights may be exercised by contacting the data controller.

In accordance with Article 37 of the aforementioned European Regulation, the Odity Group has appointed a Data Protection Officer (DPO) in the person of Mr. Benoît VORILHON, Founder & CEO (rgpd@odity.com).

Any request relating to the communication, portability, rectification, deletion or objection to the processing of your personal data must be accompanied by a photocopy of a valid signed identity document and must include the address at which the Odity Group may contact the applicant.

The Odity Group undertakes to respond to your request for access, rectification, objection or any other request for additional information within a reasonable timeframe not exceeding 1 month from receipt of your request.

In the event of a breach of your personal data, the Odity Group undertakes to notify the CNIL under the conditions prescribed by the GDPR.

If you believe that the Odity Group is not fulfilling its obligations with regard to your personal data, you may submit a complaint or request to the competent authority. In France, the competent authority is the CNIL, which you may contact electronically by clicking the following link: https://www.cnil.fr/fr/plaintes/internet.

Last updated: 27 February 2026