Privacy Policy

(Version July 2025)

At Illizeo, the confidentiality of your data is essential. This privacy policy aims to inform you transparently about how we collect, use, store, transfer and protect your personal data in the context of our commercial and digital activities, in accordance with applicable laws, including the General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act (FADP) and, where applicable, other international laws.

Your data is in good hands with Illizeo – Why and how

This policy is addressed to anyone visiting our website, interacting with us through forms, email, telephone or participating in our events or informational content. It does not cover internal HR processing or processing carried out by our clients via our platform.

Our commitment is based on the following principles:

• Complete transparency: we clearly inform you about the processing of your data.
• Data minimization: only strictly necessary data is collected.
• Legitimate purpose: each processing is based on a clear and justified legal basis.
• Technical and organizational protection: we implement robust measures to protect your data against unauthorized access.
• Shared responsibility: we select compliant processors and require contractual guarantees.
• Limited duration: data is kept only as long as necessary for the purpose.
• Respect for minors’ privacy: our site and services are not intended for persons under 16 years of age.
• No use of sensitive data: we do not collect information about your religion, ethnic origin, political opinions, etc.
• No automated profiling: we do not make decisions with legal impact based exclusively on automated processing.

When and how we collect your personal data

Website visit

When you access our sites, we automatically collect certain technical data necessary for its proper functioning and security:

Data collected: IP address, browser information (type, version, extensions), operating system, time zone, language, pages visited, cookies, browsing behavior, traffic origin (referrer), third-party services used (e.g.: embedded videos).

Purposes:

• Ensure site security and protection against attacks
• Improve user experience (speed, browser compatibility)
• Perform statistical audience analyses (number of visitors, visit duration, clicks)
• Display relevant content (maps, videos, dynamic forms)

Legal basis:

• Legitimate interest (security and proper site functioning)
• Explicit consent (for marketing and analytical cookies)

Retention period: from session to 30 days depending on cookie type (see our Cookie Policy).

Contact via form, email or telephone

When you contact us, we process the information you provide to respond to your request:

Data collected: last name, first name, company, professional email address, telephone number, subject and message content.

Purposes:

• Respond to your questions or requests
• Organize a meeting or demonstration
• Contact you again if necessary

Legal basis: execution of pre-contractual measures or our contract with you.

Retention period: until complete processing of the request + 1 year for monitoring and traceability purposes.

Access to free or informational content

We regularly offer freely accessible content (white papers, webinars, online events). To access this content, we may ask for your contact details and marketing consent.

Data collected: last name, first name, company, email, position, telephone number (optional).

Purposes:

• Allow you to access content
• Send you commercial communications related to your interests

Legal basis:

• Content provision: implicit contract
• Marketing communication: explicit consent (withdrawal possible at any time)

Retention period: 2 years or until consent withdrawal.

Expression of interest in our services (demonstration, trial, quote)

When you wish to test our platform or receive a personalized demonstration, we collect the information necessary to organize this presentation and ensure commercial follow-up.

Data collected: last name, first name, email, company, telephone, position, availability, content of exchanges, billing data if customer conversion.

Purposes:

• Meeting organization
• Illizeo demonstration
• Customer relations
• Marketing
• Sending quotes or offers
• Commercial conversion (quote, purchase order, billing)

Legal basis: legitimate interest and pre-contractual measures, then contract execution in case of conversion.

Retention period:

• Prospects: 2 years from last contact
• Customers: contract duration + legal periods (archiving, tax obligations)

Participation in the Illizeo Community (forum, events)

Illizeo plans to offer a community space for its users and partners.

Data collected: last name, first name, email, username, password, published content (posts, comments, likes).

Purposes:

• Create member account
• Enable peer exchange
• Facilitate HR and HRIS community

Legal basis: execution of community membership contract.

Retention period: until your unsubscription or account deletion. Some anonymized messages may be kept for historical purposes.

Exercise of your GDPR / FADP rights

For any request related to your rights (access, objection, rectification…), we must verify your identity and process your request within legal deadlines.

Data collected: last name, first name, email address, copy of identity document (in case of doubt), request content.

Purposes:

• Verify your identity
• Process your request in compliance with law

Legal basis: legal obligation (articles 12 to 22 of GDPR).

Retention period: 2 years from request closure.

Sharing your data with trusted third parties

As part of our services, we use external providers for specific needs such as marketing, customer support, online surveys, chat and mapping services, multimedia content distribution, technical operation of our website (cookie management, security, hosting), or searching our community publications.

Each of these providers acts as a processor under the terms of a data processing agreement (DPA) concluded with Illizeo. When these providers are located outside the European Union, United Kingdom or Switzerland, we ensure implementation of appropriate safeguards, such as:

• transfers to countries benefiting from an adequacy decision from the European Commission or competent authorities;
• signing of standard contractual clauses (SCC) validated by said authorities;
• or, where applicable, your explicit consent.

International data transfers

Some personal data may be transmitted to entities located outside the European Union, United Kingdom or Switzerland, including our affiliated entities. However, our customers’ data is exclusively stored within the European Union.

Some third countries do not have an equivalent legal framework for data protection. Therefore, in case of transfer to such countries, we ensure that legal and technical safeguards are in place to ensure an adequate level of protection, in compliance with GDPR requirements and applicable laws. These safeguards include:

• transfer to countries recognized as adequate;
• use of standard contractual clauses (SCC);
• or obtaining your prior consent.

For additional information on mechanisms governing these transfers, you may contact us.

Participation in transatlantic data protection frameworks

Where applicable, our affiliated entities comply with the requirements of the Data Privacy Framework (DPF) between the EU and the United States, the UK extension of the DPF, and the Swiss-US DPF. Under these commitments, we remain responsible for processing your data even in case of transfer to a third party, unless we prove we are not the origin of the incident that caused damage.

Your choices regarding privacy and use of your data

We are committed to offering you enhanced control over the use and sharing of your personal data. You have the following rights, which you may exercise at any time:

a. Unsubscribe from marketing communications

You can choose to no longer receive our marketing communications. To do this, simply follow the unsubscribe link in our emails, or contact us directly.

b. Control of sharing with third parties

We only transmit your personal data to third parties in cases specifically provided for in this policy, unless otherwise required by law. You have the right to object to any other type of sharing, particularly for commercial or promotional purposes.

c. Access, update and deletion of your data

You have the possibility to view your personal data, update it, correct any inaccuracies, or request its deletion, subject to legal retention obligations.

d. Withdrawal of consent

When processing of your data is based on your consent, you may withdraw it at any time. This withdrawal will have no retroactive effect on processing already lawfully carried out.

To exercise any of these rights, we invite you to use the form available in the “Data subject rights” section below.

By offering you these options, we wish to guarantee a high level of transparency and allow you to control the use of your personal data, in accordance with the requirements of the EU-US Data Protection Framework.

In case of divergence between the provisions of this privacy policy and the Principles of the Data Privacy Framework (EU-US DPF and/or Swiss-US DPF), said Principles prevail.

For more information on the DPF program and to view our certifications, you can visit: https://www.dataprivacyframework.gov/

Cookies and similar technologies

We use different types of cookies:

• Strictly necessary cookies, essential for the proper functioning of the site (do not require consent);
• Functional, marketing cookies, or those related to displaying third-party content (maps, videos), subject to your prior consent.

You can customize your preferences at any time by clicking on the “Cookie settings” link at the bottom of each page.

Your data protection rights

As a data subject, you have a set of rights relating to your personal data. This policy aims to inform you transparently about how we collect and process your data. However, beyond the simple right to information, you can also:

• Access personal data we hold about you;
• Rectify any inaccurate or incomplete data;
• Request erasure of your data, subject to legal retention obligations;
• Temporarily or permanently limit certain processing of your data.

You also have the right to:

• Receive a copy of your data (portability) in a structured, commonly used and machine-readable format;
• Withdraw your consent at any time, when processing is based on it, without affecting the lawfulness of processing already carried out;
• Object to processing of your data, particularly in case of direct prospecting or when processing is based on our legitimate interest.

Finally, you can at any time file a complaint with a competent supervisory authority if you believe your rights have not been respected.

To exercise one or more of these rights, please use the [dedicated form] or contact us via the contact details indicated in this policy.

Data Protection Officer

Illizeo has appointed an internal data protection officer, reachable at the following address:

Wilfrid Paul Robert Dusseaux

Chemin des Saules 12A, 1260 Nyon, Switzerland

Email: dpo@illizeo.com

Legal hub

Find here detailed information concerning Illizeo’s general terms of use as well as our data processing addendum (DPA).