Privacy Policy
What is the purpose of our Privacy Policy?
Deepki and its subsidiaries, which manages the Deepki Ready platform, places great importance on the protection and confidentiality of your personal data, which represents, for us, a guarantee of seriousness and trust.
As such, our personal data Privacy Policy precisely demonstrates our commitment to ensuring compliance within Deepki with the applicable rules regarding personal data protection and, more particularly, those of the General Data Protection Regulation (“GDPR”).
In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.
Who is our Privacy Policy addressed to?
Our Privacy Policy is addressed to you, regardless of your place of residence, if you are at least 15 years old, whether you are one of our clients, a user of the Deepki Ready platform, a third party, a B2B third party whose energy consumption data is collected by Deepki on behalf of the owner, or simply a visitor to the Deepki.com website.
If you are under the legal age detailed above, you are not authorized to use our services. If you believe that we hold personal data about your children without your consent, please contact us at privacy@deepki.com.
In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.
Does our Privacy Policy apply to job applicants?
If you are a candidate for a position at Deepki, you should consult our “Privacy Policy for Candidates”, accessible at any time on our dedicated page on Deepki.com, in the careers section, which details the processing carried out as part of our recruitment process.
How did we obtain your personal data?
Your data is collected directly from you if you are:
- A client of our services
- A B2B third party whose energy consumption data is collected by Deepki
- Simply a visitor to our Deepki.com website
We commit to processing your data only for the purposes described below. However, we may also obtain your personal data indirectly from partners if you have given your prior consent to them.
Your personal data may also be processed indirectly through:
- Trade shows or exhibitions
- Social networks (e.g., LinkedIn)
However, when you voluntarily publish content on our social media pages, you acknowledge being entirely responsible for the personal information you might transmit, regardless of the nature and origin of the information provided.
Why do we process your personal data and on what legal basis?
1. For platform users
We process your personal data essentially for the following reasons:
- To use and benefit from our service and all its features based on our terms of use
- To manage user accounts (e.g., account creation, service access, and account deletion) based on our
- terms of use
- To receive our technical emails (e.g., password changes, etc.) essential for the proper functioning of
- our service based on our terms of use
- To download and import documents on our platform based on our terms of use
- To contact us through the contact form based on our terms of use (chatbot, contact form, etc.)
- To guarantee and strengthen the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on legal obligations incumbent upon us, our terms of use, and our legitimate interest in ensuring the proper functioning of our services
Your data is collected directly from you when you are a user of our Deepki Ready platform, and we commit to processing your data only for the reasons described above.
However, we may also obtain your personal data indirectly from partners if you have previously consented to this with them.
2. For third parties whose consumption data is collected
We process your personal data essentially for the execution of the Deepki Ready service based on your consent materialized in the mandates authorizing Deepki to collect your energy consumption data on behalf of the owner.
Your data is collected directly from you, and we commit to processing your data only for the reasons described above.
3. For simple visitors to the showcase website, clients, and prospects
We process your personal data essentially for the following reasons:
- To navigate our website, benefit from our services, and so we can respond to your requests, particularly through our customer service (e.g., information requests, complaints, etc.) based on our terms of use and our legitimate interest in providing you with the best possible service
- To stay informed of our latest offers and events by email or via social networks based on our legitimate interest in retaining our clients and prospecting new potential clients
- To receive our newsletter, which informs you about our services based on your consent
Sensitive data may be processed with the explicit consent of the client. Data is used proportionately, confidentially, and only for the duration necessary for each purpose.
Your data is collected directly from you, and we commit to processing your data only for the reasons described above.
How is your personal data collected?
Your data is directly collected from you when you visit our website and accept the use of our cookies. If you are a user of our Deepki Ready platform, your data is also collected directly. We commit to processing it only within the framework of the purposes previously indicated.
However, we may also obtain your personal data indirectly from partners if you have previously consented to this with them.
What personal data do we process and for how long?
We have summarized below the categories of personal data as well as their respective retention periods:
- Professional identification data (e.g., name, first name, position, company, etc.) and contact details (e.g., professional email address and phone number, etc.) retained for the entire duration of service provision plus legal prescription periods which are generally 5 years.
- In case of confusion between your organization’s name and your personal name (e.g., sole proprietor, small business, etc.), economic and financial data (e.g., bank account number, verification code, etc.) are retained for the duration necessary for the transaction and billing and payment management, plus legal prescription periods, which are generally 5 to 10 years.
- Email address to receive our technical messages retained until your account is deleted.
- Email address intended for our commercial prospecting campaigns by electronic mail, retained for a maximum of 3 years from the last contact we had with you.
- Email address to receive our newsletter retained until the end of your newsletter subscription.
- Statistical data related to viewing our videos, which are anonymized and retained indefinitely.
- Connection data (e.g., logs, IP address, browser language, etc.) retained for a period of 1 year.
- Cookies generally retained for a maximum of 13 months. For more information on our use of cookies, you can consult our cookie policy, accessible at any time on our website.
- Energy consumption data (e.g., electricity, gas, etc.) Energy data is retained for a maximum period of 10 years, or for any other duration that may be imposed by regulation or local energy codes, and only as long as it is necessary for our services and compliant with data protection regulations.
- Company activity data (opening hours, staff numbers, etc.) for the entire duration of service provision.
Upon expiration of applicable retention periods, deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this deadline. At most, we can only retain anonymous data for statistical purposes.
Please also note that in case of litigation, we are obligated to retain all data concerning you throughout the entire duration of case processing even after the expiration of their retention periods described above.
What rights do you have to control the use of your personal data?
The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge, in order to control the use we make of your data:
- Right of access and copy of your personal data provided that this request is not in contradiction with business secrecy, confidentiality, or correspondence secrecy.
- Right to rectification of personal data that would be erroneous, obsolete or incomplete.
- Right to request erasure (“right to be forgotten”) of your personal data that would not be essential to the proper functioning of our services.
- Right to limitation of your personal data which allows you to freeze the use of your data in case of dispute over the legitimacy of processing.
- Right to portability of your data which allows you to recover part of your personal data in order to store or transmit it easily from one information system to another.
- Right to give directives on the fate of your data in case of death either through yourself, or through a trusted third party or beneficiary.
For a request to be taken into account, it is imperative that it be made directly by you to the address privacy@deepki.com. Any request that is not made in this manner cannot be processed.
Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity in case of doubt about the identity of the requester. The elements communicated to us only allow us to verify your identity and are not retained.
We will respond to your request as soon as possible with a maximum deadline of three months from its receipt in the case where the request is technically complex or if we receive numerous requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, particularly with regard to its repetitive nature.
Who can access your personal data?
Your personal data is processed by our teams and by our technical service providers under strict contracts, for the sole purpose of operating our service.
We specify that we control all our technical service providers before recruiting them to ensure that they scrupulously respect the applicable rules regarding personal data protection.
For example, as a subcontractor of Deepki, PERSE Technology Ltd (Perse.io – Energy Insights Platform), responsible for collecting your energy data, has undergone prior verification to ensure its compliance with GDPR requirements.
FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.
We will only share personal information without the client’s agreement in cases where: this is required or authorized by law; this is necessary to provide the services requested by the client, in which case consent will be presumed.
If Deepki company suspects illegal activity, the company reserves the right to transmit its findings or suspicions to the police or any other law enforcement body.
Can your personal data be transferred outside the European Union?
The personal data processed by our Deepki ready platform is exclusively hosted on servers located within the European Union.
Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. If however this were not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data..
How do we protect your personal data?
We implement the following technical and organizational measures to guarantee the security of your personal data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure.
| Technical security measures | Organizational security measures |
|---|---|
| ➔ Anti-bot protection ➔ Antivirus on Deepki team terminals ➔ Anti-spam for Deepki team terminals ➔ Password database separated from user identifiers (Front-end side) ➔ User password database (Back-end side) separated from identifiers ➔ Encryption of “users” database in transit ➔ Encryption of user passwords (Front-end side) ➔ Password encryption (Back-end side) ➔ ISO 27001 certification ➔ Two-factor authentication for users (Front-end side) ➔ Fingerprints for Deepki teams ➔ User passwords (Front-end side) frequently changed ➔ Complex user passwords (Front-end side) enforced at login ➔ User passwords (Back-end side) frequently changed ➔ Complex user passwords (Back-end side) enforced at login ➔ Deepki team terminal passwords frequently changed ➔ Complex passwords for Deepki team terminals ➔ HTTPS protocol ➔ BCP / DRP for Deepki teams ➔ Penetration testing ➔ Access traceability ➔ VPN for Deepki teams | ➔ Access badges ➔ Offices locked with keys ➔ Information systems charter ➔ Password management policy ➔ Information systems security policy ➔ Data breach management procedure ➔ Individual rights management procedure ➔ Internal regulations ➔ Code of conduct rules ➔ Team awareness and training sessions twice a year ➔ Video surveillance in the premises |
Who can you contact for more information about the use of your personal data?
To best guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) with our supervisory authority.
You can contact our DPO at any time and free of charge at the email address privacy@deepki.com to obtain more information or details about how we process your data.
How can you contact the CNIL?
You can contact the “Commission nationale de l’informatique et des libertés” or “CNIL” (French Data Protection Authority) at any time using the following contact details:
CNIL Complaints Service
- Address: 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07
- Phone: 01.53.73.22.22
Can the policy be modified?
We may modify our privacy policy at any time to adapt it to new legal requirements as well as new processing activities that we might implement in the future. You will obviously be informed of any modification to this policy.