PERSONAL DATA PROTECTION POLICY
PREAMBLE
This document " Personal Data Protection Policy " concerns any natural person (hereinafter referred to as " Natural Persons ") whose Personal Data may be processed by Formality, in accordance with the provisions of the General Data Protection Regulation (GDPR) adopted on April 27, 2016, by the European Parliament and the Council.
As part of your visit to our website and/or our platform, Formality (hereinafter referred to as " we ") collects your Personal Data to use it in various automated processes.
The processing of your Personal Data
Definitions
Personal data (hereinafter referred to as " Personal Data ") means any information that relates to an identified or identifiable natural person, directly or indirectly.
DPO : The Data Protection Officer (DPO) is responsible for implementing compliance with the European Data Protection Regulation within the organization that designated them, concerning all the processing carried out by this organization.
You can contact our DPO at any time : dpo@datae-consulting.com
Data controller : The data controller is the legal or natural person who determines the purposes and means of processing. In practice and generally, it is the legal person represented by its legal representative.
The data controller is : Formality.
Our commitments
We process your Personal Data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter referred to as " GDPR ".
We are committed to working towards the protection of your personal data. Only our authorized and trained staff in respect of confidentiality rules participates in the operation of the site https://www.formality.com and the Formality platform https://app.eu1.formality.com/
Furthermore, Formality implements appropriate technical and organizational measures to prevent the loss, misuse, alteration, and deletion of your Personal Data.
These measures are adapted according to the sensitivity level of the processed data and the risk level presented by the processing or its implementation.
If a data security breach concerning you occurs, Formality will inform you within the time frames and according to the terms specified by the applicable legal and regulatory provisions.
Article 13 of the said regulation requires us to inform you about the following elements :
The identity and contact details of the data controller and, if applicable, the representative of the data controller ;
The purposes of the processing for which the Personal Data are intended as well as the legal basis for the processing;
The recipients or categories of recipients of the Personal Data, if they exist; ;
The retention period of the Personal Data or, when this is not possible, the criteria used to determine this period;
THE PERSONAL DATA WE PROCESS
We collect and process the following Personal Data:
III. THE RECIPIENTS OF PERSONAL DATA
The Personal Data collected on the site https://www.formality.com and the platform https://app.eu1.formality.com/ is intended primarily for Formality; however, it may be shared with our partners.
In order to carry out maintenance of the site, cookie management, data hosting, or providing our services, some of your data may also be shared with our subcontractors.
The list of our partners, service providers, and subcontractors likely to process your personal data is available in the table below.
We ensure that all our partners and subcontractors are subject to appropriate mechanisms for the protection of Personal Data that are compliant with the GDPR and that the data will be processed only by authorized personnel bound by a confidentiality clause or any other equivalent contractual document.
IV. EXERCISING YOUR GDPR RIGHTS
Right of access and rectification of your data :
You have the right to obtain confirmation from the data controller as to whether or not personal data concerning you is being processed and, when it is, the right to access it and/or to have it rectified. (See Articles 15 and 16 of the GDPR.)
Right to erasure of your data.
In accordance with Article 17 of the GDPR, you have the right to request the erasure, without undue delay, of your Personal Data ; for certain reasons/conditions that you can consult in that article/ in the cases provided for by the article.
Right to restriction of data processing.
You have the right to request the restriction of the processing of your Personal Data in the cases provided for by Article 18 of the GDPR.
Right to object to data processing.
In accordance with Article 21 of the GDPR, you have the right to object to the processing of Personal Data concerning you when the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject requiring protection of Personal Data prevail, particularly where the data subject is a child.
Right to data portability.
You have the right to data portability of your Personal Data, which gives you the ability to receive the Personal Data you have provided us, in a structured, commonly used, and machine-readable format, as well as the ability to transmit this data to another data controller. The exercise of this right will be subject to the conditions set out in Article 20 of the GDPR.
Right to withdraw your consent.
In accordance with Article 7 of the GDPR, in cases where the processing is based on consent, you have the right to withdraw your consent at any time. This will end the processing of your data.
Right to define post-mortem directives.
You have the option to set directives regarding the retention, erasure, and communication of your Personal Data after your death and this with a trusted third party, certified and tasked with ensuring the deceased’s wishes in accordance with the requirements of the applicable legal framework (Article 85 of Law No. 78-17 of January 6, 1978, relating to data processing, files, and liberties.)
You can exercise your rights as follows :
By sending your request to the following email address : dpo@datae-consulting.com or by mail accompanied by a copy of an identity document addressed to the company Formality at the following address : 6 rue du Bois Sauvage, 91000 Evry-Courcouronnes. You can also file a complaint with the CNIL.
Update
In order to comply with regulatory changes and reflect our practices, we reserve the right to modify this policy.
We will publish changes in this document; we advise you to regularly consult our privacy policy.
Date of last update : 18/06/2025
