Privacy Policy

Privacy Policy

This privacy policy aims to explain why we collect your data and how we are committed to protecting it.

STAIRWAY is committed to protecting your personal data and your privacy.

In this regard, and in accordance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), we hereby inform you of the conditions under which your personal data is processed by us.

What personal data do we process?

Purposes:

We may collect and store your personal data, especially for the following purposes:

Processing and responding to your messages, Creating and managing access to your accounts, Establishing and maintaining the business relationship that may result from your messages, Processing your job application, Ensuring accounting and management, Improving our customer service and support, Managing the proper functioning and customization of services, Sending you commercial and promotional information based on your preferences, Detecting attacks and taking legal action against fraud, Remembering your choices regarding the use of cookies, Processing and responding to your requests to exercise your rights, Complying with current or future regulatory requirements.

Categories of data:

Contact details (e.g., name, first name, phone number, email); Personal information (e.g., date of birth, nationality, marital status, occupation), Technical and location information generated during the use of our services.

Legal basis for processing

The processing of personal data is based on:

• • Either on the consent of the data subject (Article 6.1.a of the GDPR) for all processing that requires prior consent. In online forms, mandatory fields are marked with an asterisk. If you fail to respond to the mandatory questions, we will not be able to provide the requested services.
  • Or for the performance of a contract or pre-contractual measures,
  • Or for the pursuit of a legitimate interest (Article 6.1.e of the GDPR).
  • Or for compliance with a legal or regulatory obligation;

Your data is retained for the duration necessary to achieve the purposes mentioned above.

The retention period for Client personal data depends on the relevant purpose. In this context, Client personal data is retained for the time necessary to fulfill their request. If no action is taken, personal data is deleted within the recommended deadlines by the National Commission for Computing and Liberties (CNIL), after a period of three years from their collection, subject to legal archiving possibilities and obligations, data retention obligations for evidentiary purposes, and/or anonymization of this data.

Client personal data collected and processed for the execution of offers is retained for the duration necessary to manage the contractual relationship.

By exception, personal data required to establish proof of a right or contract is archived in accordance with legal provisions (5 or 10 years after the end of the business relationship, depending on the case).

Who are the recipients of your data?

Your personal data is intended for STAIRWAY.

Our internal services: It is processed by staff from our various departments, such as the sales department or the department in charge of IT security., Trusted companies or individuals: They process your information for us for the purposes set out above, in accordance with our instructions as described in our Privacy Policy and any other appropriate cases regarding confidentiality and security.

Traffic analysis (such as Google Analytics), CRM provider (like Hubspot), Email provider (like Mailjet or Sendgrid).

Sometimes, we must allow our partners to process, on our behalf, the personal information we hold about you for the purposes stated in this policy or for any other reason required by law.

Client personal data collected is hosted in France.

If a service provider located outside the European Union is used, we undertake to ensure that appropriate measures are in place so that personal data benefits from an adequate level of protection.

How does STAIRWAY ensure the security of your data?

We implement all organizational and technical measures to ensure an appropriate level of security for your personal data, in particular to avoid any loss of confidentiality, integrity, or accessibility.

We regularly back up data, Physically protect premises and control access, Whenever possible, we limit access to personal information to only those who need to process it, Implement technical and organizational measures to ensure that the retention of Client personal data is secure for the duration necessary for the purposes pursued.

What are your rights regarding your personal data?

In accordance with Applicable Regulations, you have the following rights:

Right to rectification: You have the right to obtain the correction of inaccurate data concerning you. You also have the right to complete incomplete data concerning you by providing a supplementary statement. If this right is exercised, we undertake to communicate any correction to all recipients of your data.

Right to erasure: In some cases, you have the right to obtain the deletion of your data. However, this is not an absolute right, and we may retain this data for legal or legitimate reasons.

Right to restriction of processing: In certain cases, you have the right to obtain the restriction of processing on your data.

Right to data portability: You have the right to receive the data that you have provided to us, in a structured, commonly used, and machine-readable format, for your personal use or to transmit it to a third party of your choice. This right only applies when the processing of your data is based on your consent, on a contract, or when such processing is carried out by automated means.

Right to object to processing: You have the right to object at any time to the processing of your data for processing based on our legitimate interest, a public interest mission, and those for commercial marketing purposes. This is not an absolute right, and we may refuse your objection request for legal or legitimate reasons.

Right to withdraw consent at any time: You can withdraw your consent to the processing of your data when the processing is based on your consent. Withdrawing consent does not compromise the lawfulness of the processing based on consent before such withdrawal.

Right to lodge a complaint with a supervisory authority: You have the right to contact your data protection authority to complain about our personal data protection practices.

In accordance with the GDPR, the conditions for exercising these rights may vary depending on the legal basis for the processing mentioned in the first paragraph.
We will respond to any exercise of rights as soon as possible and in any case within 30 days from receipt of the request.

We reserve the right to:

• • Request proof of the applicant’s identity in case of reasonable doubt about it, to respect our confidentiality obligation,
  • To extend the response time by two months, informing the applicant of this extension and the reasons for the delay within one month of receiving the request,
  • To refuse to respond to a request to exercise a right if it is deemed abusive (due to its number, repetitive or systematic nature).

Who to contact for GDPR-related requests?

To exercise your rights, you can contact us at STAIRWAY:

French SARL with a capital of €90,000
Registered in the Paris Trade and Companies Register under number 518 399 969. VAT number: FR83518399969. SIRET: 51839996900089.
Address: Headquarters: 64 Avenue Parmentier, 75011 Paris, France
Publication Director: Alexandre Sabouret

If, despite our efforts and commitments, you believe that your rights concerning your personal data are not being respected, you can submit a complaint to the National Commission for Computing and Liberties: CNIL 3 Place de Fontenoy TSA 80715 75334 Paris Cedex 07

Reservation of the right to modify the Data Protection Policy

This Personal Data Protection Policy may evolve. As we continuously develop our services, we reserve the right to modify this Privacy Policy in accordance with the applicable legal provisions. Any changes will be published in this document in due time. We recommend that you regularly check this page to stay informed of any changes or updates to our privacy policy.

Cookie Policy

What is a “cookie”?

Cookies are small text files that a website saves on your computer or mobile device when you visit the site.

They make your online experience easier by saving browsing information. Thanks to cookies, websites can keep you logged in, remember your site preferences, and offer you personalized content. Cookies can also be used to generate statistics on browsing experience and to display targeted advertisements.

In general, cookies can be classified by:

Domain:

• First-party cookies are issued by a website that a user is visiting directly.
• Third-party cookies are not created by the website being visited, but by a third party such as Google Analytics, DoubleClick, Facebook, Twitter, LinkedIn, YouTube, Vimeo, etc.

Purpose:

• Strictly necessary cookies are required for the website to function properly.
• Preference cookies allow a website to remember the choices you’ve made in the past.
• Statistics cookies help the website owner collect statistical data and understand how visitors interact with the website.
• Marketing cookies track the user’s online activity to help advertisers deliver more relevant ads.

Duration:

• Session cookies that are deleted when the user closes the browser.
• Persistent cookies that remain on the user’s device for a certain period of time.

What cookies and trackers do we use?

Strictly Necessary cookies

Cookie key Domain Path Cookie type Expiration Description

PHPSESSID
First-party Session Cookie generated by applications based on the PHP language. This is a general-purpose identifier used to maintain user session variables. It is normally a randomly generated number—how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.

Performance cookies

_gid
First-party 1 day This cookie is set by Google Analytics. It stores and updates a unique value for each page visited and is used to count and track pageviews.

_gat
First-party 1 minute This cookie name is associated with Google Universal Analytics. According to documentation, it is used to throttle the request rate—limiting the collection of data on high traffic sites.
_ga
First-party 2 years This cookie name is associated with Google Universal Analytics—a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request on a site and used to calculate visitor, session, and campaign data for the site’s analytics reports.

Targeting cookies

Cookie key Domain Path Cookie type Expiration Description
YSC
More info .youtube.com / Third-party Session This cookie is set by YouTube to track views of embedded videos.

VISITOR_INFO1_LIVE
More info .youtube.com / Third-party 6 months This cookie is set by YouTube to keep track of user preferences for YouTube videos embedded in sites; it can also determine whether the website visitor is using the new or old version of the YouTube interface.

Your cookie preferences

When you first arrive on the site, a cookie banner will ask you to accept or refuse cookies that are not essential for the site’s operation. You can refuse/disable cookies at any time, except for cookies necessary for the stable operation of the site. You have the option to modify your cookie management preferences at any time.