GDPR Policy
Data protection notice under the EU General Data Protection Regulation (GDPR)
Last updated: 4.06.2026 · Version 1.0
1. Introduction
Pleias is committed to protecting the privacy and personal data of everyone who visits our website and interacts with us. This Privacy Policy explains what personal data we collect when you use our website at pleias.ai (the “Site”), why we collect it, how we use and protect it, and the rights you have over your data.
This policy is issued in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, or “GDPR”) and the French Data Protection Act (Loi Informatique et Libertés). It applies to personal data we process as a data controller in connection with our website, contact channels, newsletter, and recruitment activities. It does not cover third-party websites that we may link to.
2. Who we are (Data Controller)
The data controller responsible for your personal data is:
| Entity | Pleias SAS |
|---|---|
| Registered address | 91 rue des Maraîchers 75020 Paris |
| Contact email | contact@pleias.fr |
3. What personal data we collect
We limit the personal data we collect to what is necessary for the purposes described in this policy. Depending on how you interact with us, we may process the following categories of data:
3.1 Data you provide to us
-
Contact and enquiry data: your name, email address, organisation, and the content of any message when you contact us through a form, by email, or via our channels.
-
Newsletter and mailing data: your email address (and optionally name) when you subscribe to updates.
-
Recruitment data: your CV, cover letter, contact details, and any information you choose to share when applying for a role.
3.2 Data collected automatically
-
Technical and usage data: your IP address, browser type and version, device information, operating system, referring pages, and pages visited, collected through server logs and, where consented, analytics.
-
Cookies and similar technologies: small files stored on your device. See Section 7 for details.
We do not knowingly collect special categories of personal data (such as health, religion, or political opinions) through our website, and we ask that you do not submit such information to us.
4. How we use your data and our legal bases
Under the GDPR, we must have a valid legal basis for each processing activity. The table below sets out our main purposes and the corresponding legal bases.
| Purpose | Legal basis |
|---|---|
| Responding to your enquiries and providing requested information | Our legitimate interest in communicating with you, or steps taken at your request prior to a contract (Art. 6(1)(b) and (f)) |
| Sending newsletters and updates | Your consent (Art. 6(1)(a)), which you may withdraw at any time |
| Operating, securing, and improving the Site | Our legitimate interest in maintaining a safe and functional website (Art. 6(1)(f)) |
| Analytics and audience measurement | Your consent where required (Art. 6(1)(a)); otherwise our legitimate interest (Art. 6(1)(f)) |
| Managing job applications | Steps prior to a possible employment contract and our legitimate interest in recruitment (Art. 6(1)(b) and (f)) |
| Complying with legal obligations | Compliance with a legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to such processing as described in Section 9.
5. How we share your data
We do not sell your personal data. We share it only where necessary and with appropriate safeguards, including with:
-
Service providers and processors who act on our behalf (for example hosting, email delivery, analytics, and recruitment tools), bound by data processing agreements;
-
Professional advisers such as legal, accounting, and IT advisers where necessary;
-
Public authorities where we are legally required to disclose data.
Each processor is contractually required to process personal data only on our instructions and to implement appropriate security measures.
6. International data transfers
We aim to keep your personal data within the European Economic Area (EEA). Where a service provider processes data outside the EEA, we ensure an adequate level of protection through one of the safeguards permitted by the GDPR, such as an European Commission adequacy decision or Standard Contractual Clauses, supplemented by additional measures where appropriate. You may request a copy of the relevant safeguards using the contact details in Section 2.
7. How long we keep your data
We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, or reporting obligations. As a general guide:
-
Enquiry and contact data: kept for the duration of our correspondence and up to 1 year thereafter;
-
Recruitment data: kept for the duration of the recruitment process and up to 2 years thereafter, where lawful, unless you ask us to delete it sooner;
-
Server logs and analytics data: kept for 1 year before deletion or anonymisation.
8. Your rights
Subject to the conditions set out in the GDPR, you have the following rights over your personal data:
-
Right of access — to obtain confirmation of whether we process your data and a copy of it.
-
Right to rectification — to have inaccurate or incomplete data corrected.
-
Right to erasure — to have your data deleted in certain circumstances.
-
Right to restriction — to limit how we process your data in certain circumstances.
-
Right to data portability — to receive data you provided in a structured, commonly used, machine-readable format.
-
Right to object — to object to processing based on legitimate interests, and to direct marketing at any time.
-
Right to withdraw consent — to withdraw consent at any time, without affecting prior lawful processing.
To exercise any of these rights, contact us using the details in Section 2. We will respond within one month, as required by the GDPR. We may need to verify your identity before acting on your request.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, 75007 Paris — www.cnil.fr.
9. How we protect your data
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include access controls, encryption in transit, secure hosting, and limiting access to personal data to those who need it. While no system can be guaranteed fully secure, we regularly review our safeguards to keep them appropriate to the risk.
10. Children’s privacy
Our Site is not directed at children and we do not knowingly collect personal data from children under the age of 15. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you. We encourage you to review this page periodically.
12. Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at contact@pleias.fr or by writing to the registered address in Section 2.