Application Privacy Policy
v. EU-2024-09
1. Introduction
This privacy policy (hereinafter: the "Privacy Policy") applies to the processing of personal data by, where applicable, Figures SAS or Figures HR UK ("Figures") in its capacity as data controller as part of its contractual relationship with its Customers, concerning the use of the https://figures.hr software solution (the "Application"), which includes data relating to you.
The parties agree that such processing of data in connection with the Application shall be carried out in accordance with applicable laws and regulations, including, but not limited to, EU Regulation 2016/679 (General Data Protection Regulation - GDPR), or where applicable the UK GDPR, and any other national data protection laws and regulations.
Personal data protection is of paramount importance to Figures. This Privacy Policy informs you about the conditions under which we process your personal data in accordance with applicable data protection laws and regulations.
2. The identity and address of the Data Controller
The data controller of the processing carried out under the conditions described in this Application Privacy Policy is Figures SAS, located at 5, Boulevard des Bouvets, 92000 Nanterre, France, or, if you are located in the UK, Figures HR UK located at 23 Copenhagen Street, London N1 0JB.If you have any questions regarding the processing of your personal data by Figures, you can contact us by e-mail at the following address: privacy@figures.hr
3. Conditions
In our contracts with customers we provide specific terms relating to personal data processing. The main provisions are summarised below.
(i) We process only personal data of our customers' employees that the relevant customer has collected and provided us with as part of this contract. Our customers are responsible for ensuring that such personal data have been collected and transferred lawfully, in accordance with data protection laws and regulations.
(ii) We process the personal data of customers' employees only for the specific purposes agreed in the contract with the customer. These purposes are described in more detail in point 5 below.
(iii) It is agreed with all our customers that Figures and the relevant customer shall ensure compliance with all relevant provisions of applicable data protection laws and regulations and the protection of the rights of data subjects pursuant to applicable data protection laws.
4. Nature and purposes of Data Processing, Data Subjects
The categories of personal data processed by Figures through the Application are as follows:
(i) Personal data of the Customer's contact persons (hereinafter: “Customer Contact Details"):
- First name, last name and business e-mail address of the contact person in charge of contract management
- First name, last name and business e-mail address of billing contact person
(ii) Personal data of the Customer's employees (hereinafter: “Customer Employee Data"):
- First name, last name or combination of characters or numbers chosen by our customers to identify the employee
- Job title
- Type of job
- Seniority
- Annual basic wage
- Annual bonusesGeographical location
(ii) Personal data of the Customer's employees identified as users of the Application (hereinafter: “User Data"):
- Business e-mail address
- Application user interaction data
The data subjects of the processing through the Application are the following:
(i) With respect to the Customer Contact Details:
- The customer's employees responsible for managing the contract with Figures;
- The customer's employees in charge of invoicing arising from the contract with Figures.
(ii) With respect to Customer Employee Data:
- The customer's employees whose data are communicated to Figures by the customer.
(iii) With respect to User Data:
- The employees of the customer which the customer has designated as users of the Application for the purposes of Figures.
5. Purposes and legal basis of Data Processing
We process the aforementioned categories of personal data exclusively for the following purposes:
(i) With respect to the Client Contact Details:
- for the purposes of the management and performance of the contract with Figures, including the collection of remuneration due from our customers under these contracts;
(ii) With respect to Client Employee Data:
- only in aggregated form - without identification of our customers or any of their employees - for the purpose of generating statistical data for comparative analysis (in compiled form);
(iii) With respect to User Data:
- for the purposes of improving the Application.
The legal basis on which we rely is our legitimate interest in providing the Application to our customers.
6. Processors
We rely on the following processors listed here: https://figures.hr/other/sub-processors
These processors will be carefully selected and provide adequate contractual undertakings that ensure their compliance with personal data protection requirements.
7. International transfer(s)
7.1 Figures does not transfer Customer Employee Data outside of the EU/EEA and does not engage a processor to process Customer Employee Data outside the EU/EEA.
7.2 Figures may use tools to process Customer Contact Details or User Data that involve the transfer of such Data outside of the EU/EEA, in particular tools hosted in the United States. This is limited to Customer Contact Details and User Data, and any transfer of such Data outside of the EU/EEA or the engagement of processors to process such Data outside of the EU/EEA shall be carried out only if the recipient country has an adequate level of personal data protection (as decided by the European Commission), or if the transfer is subject to the European Commission's Standard Contractual Clauses (SCC) in force at the time, or, where applicable, the UK IDTA or UK Addendum to the SCC, for the transfer of personal data to third countries.
8. Data security and storage
Figures takes all appropriate technical and organisational security measures to protect the data processed from the risk of manipulation, loss, destruction and access by unauthorised persons.We process and store personal data only for as long as is necessary for the purposes set out above.
(i) Customer Contact Data relating to the administration and performance of the contract shall be stored for the mandatory storage period required under the law applicable to our business activities, i.e. five (5) years from the termination or expiry of the contract. Customer Contact Data relating to accounting and invoicing are stored for a period of ten (10) years in accordance with applicable tax legislation.
(ii) Figures stores Customer Employee Data and User Data for the term of the contract and they are erased after the termination or expiry of the contract, unless the Data Subject requests their erasure before such time. Figures shall erase Customer Employee Data and User Data from its operational systems no later than 30 days after the effective date of termination or expiry of the contract. This will not affect Figures' right to store Processed Data for archiving and statistical comparative analysis purposes.
Figures reserves the right to store statistical comparative analysis data (in compiled form) generated on the basis of Customer Employee Data provided to it by its Customers for periods exceeding the storage periods set out in Clause 6.1
(ii) above; none of such statistical comparative analysis data shall identify any Customer Employee or other data subject.
9. Recipients
The recipients of your personal data are restricted to authorised members of Figures' staff and, where applicable, its processors. They have access to your personal data solely on a need-to-know basis. If required by law, your personal data may also be communicated to governmental and judicial authorities. Lastly, we may share your personal data with any third party who may act as our successor or assign, and to whom we have transferred all or a significant part of our assets and activities.
10. Your rights with regard to our Personal Data Processing activities
In accordance with the GDPR, or where applicable the UK GDPR, as a data subject, you may invoke and exercise the following data protection rights:
- You have the right to obtain information on the personal data we process.
- You have the right to request the rectification of the data we hold about you if they are inaccurate or incomplete.
- You have the right to request the erasure of the data we hold about you, unless prevented by other statutory provisions (e.g. statutory requirements of storage), or if we have an overriding interest (e.g. to defend our rights and claims).
- You have the right to ask us to restrict the processing of your data.
- You have the right to object to the processing of your data.
- If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
- If you are resident in France, you have the right to give Figures instructions on the fate of your data after your death.
- In addition, you have the right to lodge a complaint with a data protection supervisory authority, whose contact details are available on the following list: https://www.edpb.europa.eu/about-edpb/about-edpb/members_fr
11. Changes to our Application Privacy Policy
Figures reserves the right to modify or update this Application Privacy Policy in the future in order to adapt it to changes in the law or in the underlying conditions of our data processing activities.