Your Skills. Your Advantage.

Last updated: 15/10/2025

ISOGRAD is committed to protecting your personal data and privacy. This data protection policy informs you about how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the French Data Protection Act.

1. DATA CONTROLLER

The data controller for your personal data is:

ISOGRAD SAS
Simplified joint-stock company with share capital of €156,034
Paris Trade Register: 525 280 616
Registered office: 35 rue des Jeûneurs, 75002 Paris, France
Email: contact@isograd.com
EU VAT number: FR36525280616

Data Protection Officer (DPO):
Email: dpo@isograd.com

2. DATA COLLECTED AND PURPOSES

We collect and process the following personal data through our corporate website:

2.1. Contact Form

Data collected (all fields are mandatory):

  • Last name
  • First name
  • Email address
  • Phone number
  • Company
  • Role/Position
  • Message

Purpose: To process and respond to your information requests, questions, or contact requests regarding our products and services.

Legal basis: Explicit consent (checkbox upon registration)

Recipients: Your data is transmitted by email to members of our internal team who may process your request. Only relevant employees have access to this information.

Retention period: 1 year from the closure of your request, in order to maintain traceability in case of dispute or claim.

2.2. Newsletter

Data collected:

  • Email address

Purpose: To send you our quarterly newsletter containing information about our new certifications and features.

Legal basis: Explicit consent (checkbox upon registration).

Frequency: Quarterly (approximately 4 mailings per year).

Recipients: Your email address is processed by our marketing department and our technical service provider Pardot (Salesforce).

Retention period: As long as you remain subscribed to our newsletter.

2.3. Cookies and Navigation Data

For all information regarding cookies and navigation data collected on our site, please refer to our Cookie Management Policy.

3. SUBCONTRACTORS AND DATA TRANSFERS

To ensure the operation of our site and services, we use the following subcontractors:

3.1. Subcontractors within the European Union
  • Amazon Web Services EMEA SARL (web hosting)
    Location: Luxembourg (EU)
    Registered office: 38 Avenue John F. Kennedy, L-1855 Luxembourg
  • Pardot / Salesforce (newsletter management and sending)
    Location: European servers

We ensure that all our subcontractors provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect your data.

4. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, particularly when processing involves data transmission over a network, as well as against any other form of unlawful processing.

These measures include:

  • Encryption of data in transit (HTTPS)
  • Secure hosting with a certified provider (AWS)
  • Data access limited to authorized employees only
  • Data protection awareness training for our teams

5. YOUR RIGHTS

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:

5.1. Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether data concerning you is being processed and, when it is, access to that data as well as certain information about the processing.

5.2. Right to Rectification (Article 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data concerning you. You also have the right to complete incomplete data.

5.3. Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

You have the right to obtain the erasure of your personal data in certain cases (for example, if the data is no longer necessary for the purposes for which it was collected).

5.4. Right to Restriction of Processing (Article 18 GDPR)

You have the right to obtain restriction of processing of your data in certain cases (for example, while verifying the accuracy of data you have contested).

5.5. Right to Object (Article 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of your data based on legitimate interest.

You also have an absolute right to object to the processing of your data for direct marketing purposes.

5.6. Right to Data Portability (Article 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another data controller.

5.7. Right to Withdraw Consent

When processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

For the newsletter, you can unsubscribe at any time by clicking on the unsubscribe link in each email or by contacting us at: support@isograd.com

5.8. Right to Define Post-Mortem Directives

You have the right to define directives regarding the fate of your data after your death.

6. EXERCISING YOUR RIGHTS

To exercise any of your rights, you can contact us:

  • By email: dpo@isograd.com
  • By mail: ISOGRAD - Data Protection Officer, 35 rue des Jeûneurs, 75002 Paris, France

Your request must be accompanied by a signed copy of proof of identity to verify your identity.

Response time: We are committed to responding to your request within a maximum of 1 month from receipt of your request. This period may be extended by 2 additional months considering the complexity and number of requests. In this case, we will inform you of this extension and the reasons for the delay within 1 month of receiving the request.

7. RIGHT TO LODGE A COMPLAINT

If you believe that the processing of your personal data constitutes a violation of applicable regulations, you have the right to lodge a complaint with the competent supervisory authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Phone: +33 1 53 73 22 22
Website: https://www.cnil.fr
Online complaint form: https://www.cnil.fr/fr/plaintes

8. DATA CONCERNING MINORS

Our website and services are not specifically intended for minors. In accordance with Article 8 of the GDPR, the consent of a minor under 16 years of age is only valid if the holder of parental responsibility has given their agreement or authorized it.

If you are a parent or legal guardian and discover that your child has provided us with personal data without your consent, please contact us at dpo@isograd.com so that we can take appropriate measures.

9. POLICY MODIFICATIONS

We reserve the right to modify this data protection policy at any time, particularly to adapt it to legislative, regulatory, case law, and technical developments.

In case of substantial modification, we will inform you by any appropriate means (notification on the website, email for newsletter subscribers).

The policy in force is the one accessible on our website on the day of your visit. We encourage you to consult this page regularly.

10. CONTACT

For any questions regarding this data protection policy or the processing of your personal data, you can contact us:

Data Protection Officer
Email: dpo@isograd.com
Address: ISOGRAD SAS, 35 rue des Jeûneurs, 75002 Paris, France