Privacy Policy

At Heropolis, the protection of your personal data is a priority.

When you use the website (hereinafter the “Website“), we may need to collect personal data about you.

The purpose of this policy is to inform you about the ways in which we process this data in compliance with the (EU) 2016/679 Regulation of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR“).

1. Who is the data controller?

The person in charge of processing is HEROPOLIS, a simplified joint stock company, registered at the RCS of Pontoise under the number 840 822 993 and whose head office is located at 10 Allée de la paix, 95320 Saint-Leu-la-Forêt, FRANCE (hereinafter “We“).

2. What data do we collect?

Personal data is data that can be used to identify an individual directly or by cross-referencing it with other data. 

We collect data that falls into the following categories: 

  • Identification data (in particular your last name, first name, email address, telephone number);
  • Data relative to your professional life (in particular your position, the name of your company).

Mandatory data are indicated when you provide us with your data. They are indicated by an asterisk.

3. On what legal grounds, for what purposes and for how long do we keep your personal data?


PurposesLegal groundsRetention period
Providing you with a demonstration of our services Execution of pre-contractual measures taken at your request 

Your data will be kept for [to be completed]. 

In addition, your data may be archived for evidential purposes for a period of 5 years.

Building a customers and prospects file

Our legitimate interest in developing and promoting our business

For customers: data is kept for the duration of the contractual relationship.


For prospects: the data is kept for a period of 3 years from your last contact.

Sending newsletters, solicitations and promotional messages

Our legitimate interest in retaining and informing our customers and prospects of our latest newsThe data is kept for 3 years from your last contact with us. 

Measuring and knowing the audience of the Website

Our legitimate interest in knowing the composition of our audience and the most visited sections of our site.The data is kept for [to be completed].

Responding to your requests for information, including via chat

Our legitimate interest in responding to your requestsThe data is kept for the time necessary to process your request for information and deleted once the request for information has been processed.

Managing requests to exercise rights.

Our legitimate interest in responding to your requests and keeping track of them.

If we ask you for proof of identity, we will only keep it for as long as it takes to verify your identity. Once the verification is complete, the proof of identity is deleted.


If you exercise your right to opt-out of receiving marketing communications: we keep this information for 3 years.

4. Who are the recipients of your data?

Will have access to your personal data:

  1. The staff of our company;
  2. Our subcontractors: hosting provider, CRM tool, chat, audience measurement tool;
  3. If necessary: public and private organizations, exclusively to meet our legal obligations.

5. Will your data be transferred outside the European Union?

Your data are kept and stored for the duration of the processing on the servers of the company OVH, located in France. 

In the context of the tools we use (see article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools:

  • either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
  • or the data is transferred to a country which level of data protection has not been recognized as adequate to the RGPD: in this case these transfers are based on appropriate safeguards indicated in Article 46 of the RGPD, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism;
  • or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

6. What are your rights regarding your data?

You dispose of the following rights with regard to your personal data:

  • Right to information: this is precisely the reason why we have drawn up this policy. This right is provided for in Articles 13 and 14 of the GDPR.

  • Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.

  • Right of rectification: you have the right to rectify your inaccurate, incomplete or obsolete personal data at any time pursuant to Article 16 of the GDPR

  • Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.

  • Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection of your personal data on the grounds set out in Article 17 of the GDPR

  • Right to file a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 of the GDPR)

  • Right to define directives concerning the conservation, deletion and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act.

  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. This withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.

  • Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require its transfer to the recipient of your choice.

  • Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite this objection, for legitimate reasons or to defend legal rights.

You can exercise these rights by writing to us at the address below. We may ask you on this occasion to provide us with additional information or documents to prove your identity.

7. What cookies do we use?

To learn more about cookie management, please consult our Cookie Policy.

8. Contact point for personal data

Contact email: 

Contact address: 10 Allée de la paix, 95320 Saint-Leu-la-Forêt, FRANCE

9. Modifications

We may modify this policy at any time, in particular to comply with any regulatory, legal, editorial or technical developments. These changes will apply as of the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any significant changes to this Privacy Policy.

Effective date: November 1, 2021

Heropolis SAS

1 place Martin Levasseur

93400 Saint-Ouen