Privacy Notice

The protection and confidentiality of personal data is of particular importance to Figures SAS (“Figures”, We or “Us”). With this privacy notice, we inform you how we handle your personal data in accordance with applicable laws and regulations on data protection.
CONTACT
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address:
privacy@figures.hr
OVERVIEW
Our data processing activities and our responsibilities with respect to personal data differ depending on the context in which these data are processed.
In order to allow you to select those areas of data processing that you consider relevant, we have divided our privacy notice into the following parts:
  • PART I
    provides information on our processing activities in connection with our website https://figures.hr, where such website is accessed by internet users only for informational purposes
  • PART II
    provides our cookie notice. Our cookie notice applies both for internet users visiting our website for informational purposes and for users of our application software Figures.hr made available for use by our customers via the internet (the "Figures Application")
  • PART III
    provides information on our processing activities in connection with the Figures Application
  • PART IV
    provides information on your rights as data subject pursuant to applicable laws and regulations on data protection. This information applies with respect to all of our data processing activities under the foregoing parts I up to III.
PART I: DATA PROCESSING RELATED TO USE OF OUR WEBSITE
1 - Name and Address of responsible Data Controller
Figures  SAS
5, rue Gallieni,
92100 Boulogne-Billancourt
FRANCE

Contact : contact@figures.hr
2 - Nature of Data Processing, Persons affected by Data Processing
When you visit our website for information purposes, we collect data about your access to our server on which our website is stored for retrieval via the Internet (so-called server log files). This access data includes
  • the name of the website accessed
  • File, date and time of access
  • Amount of data transferred
  • Message about successful retrieval
  • browser type and version
  • the user's operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider.
The persons affected by our processing of the aforementioned categories of data are internet users accessing our website.
3 - Purposes and legal Basis of Data Processing
The purposes of the processing of the data mentioned above is to make our website work properly, to optimize marketing activities and to adjust our offer and our information on the websites accordingly. The legal basis for our processing of access data is our legitimate interest which corresponds with the mentioned purposes (legitimate interest pursuant to Art. 6(1)(f) GDPR).
4 - Use of Sub-Processors
We engage the following sub-processor for hosting our website:

Digital Ocean ____ 101 Avenue of the Americas (Grand St.)
New York, NY 10013
United States of America

All personal data hosted by Digital Ocean will be stored on servers located in the European Union and in accordance with the following privacy policies:

Privacy policies of Digital Ocean: https://www.digitalocean.com/legal/privacy-policy/

We may engage other third parties to process personal data in connection with our website. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Art. 28 of GDPR.
5 - International Transfers
We do not transfer any personal data outside the EU/EEA, or engage sub-processor to process personal data outside of the EU/EEA.
6 - Data Retention
The access data is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum period of seven days and will then be deleted. Data that must be retained for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.
PART II: OUR COOKIE NOTICE
1 - Name and Address of responsible Data Controller
Figures SAS
5, rue Gallieni,
92100 Boulogne-Billancourt
FRANCE

Contact : contact@figures.hr
2 - Nature of Cookies, Processing Purposes and Persons affected by Data Processing
Cookies are small files or other types of stored information that are transmitted from our web server or third party web servers to the web browser you are using and stored there for later retrieval. When we place and read cookies, your personal data will be processed.
Cookies serve different purposes depending on their type. We use the following types of cookies:
  • Necessary cookies are used to make our website usable by enabling basic functions such as page navigation and access to protected areas of the website. Without these cookies, the website cannot function properly.
  • Session cookies are only stored for the duration of your current visit to our website, e.g. to allow your login status to be saved. A randomly generated unique identification number is stored in a session cookie (so-called session ID). In addition, a session cookie contains information about its origin and the duration of storage, but does not store any other data. Session cookies are deleted when you stop using our website and log out or close the browser.
  • Functionality cookies store your preferences for our website, such as the language setting or your user name.
  • Performance cookies collect website and app usage data at an abstract level and are used to provide analytics and metrics such as number of visitors and most viewed pages. These cookies include Google Analytics (see also below).
  • Statistics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Marketing or advertising cookies are used by us to collect information about browsing habits and may be used to tailor advertising and marketing. These cookies are in most cases third party cookies.
The cookies used on our website are listed in the chart below:
Operator Name Description Expiry duration Type
First party
Figures.hr figures.hr Session cookies used to authenticate users 15 days Session
Third party
Amplitude amp_def8b0 Set by Amplitude to identify and track user interactions for analytics purposes. Transient Statistics
Intercom interphone-session-fzbshzfq Set by Intercom to identify users interacting with our chat widget. 6 months Statistics
Google Analytics _gid Set by Google Analytics. This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day Performance
Google Analytics _ga Set by Google Analytics. This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. Transient Performance
Hotjar _hjSession_2683206 Set by Hotjar. This cookie helps to identify how users interact with our site and to replicate any issues users may encounter. 1 year Statistics
The persons affected by our processing of the aforementioned cookies are internet users accessing our website.

The cookies used by us on our website remain active for different periods depending on whether they are transient or persistent cookies. Transient cookies, also called "session cookies" - are automatically deleted when you close your browser. Persistent cookies remain stored on your end device for a certain period of time after the browser is closed.

This privacy notice does not apply to the use of the cookies by third parties. We cannot guarantee that these third parties will use your (personal) data in the most reliable and secure manner. For more information about how these third parties use your (personal) data, we refer to the privacy policy of these third parties.
3 - Legal Basis of Data Processing and Management of Cookie-Settings
The legal basis for the processing of necessary and functionality  cookies is our legitimate interest , to make our website work properly (legitimate interest pursuant to Art. 6(1)(f) GDPR). For all other types of cookies, we will ask your permission.
When you visit our website, we display a “cookie banner” in which you can provide  your consent to the use of cookies on our website by clicking on a button. You can also decline cookies.
We also store your consent in the form of a cookie (“opt-in cookie”) on your end device in order to determine whether you have granted your consent when you visit the website again.
Strictly necessary cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.
You can also manage cookies using your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this by accessing the following link: https://www.allaboutcookies.org/manage-cookies.
Please note that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.
PART III: DATA PROCESSING RELATED TO USE OF OUR FIGURES APPLICATION
1 - Introduction
Our Figures Application is made available to our customers – essentially start-up and scale-up companies – on a subscription basis by means of customer contracts for software application services. In respect of customer contact data, Figures acts as a controller.
A key feature of our service offering related to the Figures Application is that our customers are granted the opportunity to enter specific data regarding their employees and their business on dedicated dashboards displayed exclusively to the respective customer via the Figures Application. For this processing activity, Figures acts as a processor.
Further, our customers are provided the opportunity to compare their employee data with statistical market benchmarking data generated by us in connection with the Figures Application. The specific employee and business data provided by our customers are used by us as basis for creating further statistical and market benchmarking data, always on a pseudonymized basis – without identifying any of our customers or their employees. For this processing activity, Figures acts as a controller.
2 - Names and Addresses of responsible Data Controllers
In respect of the first processing activity mentioned under item 1, the controller is:

Figures SAS ("Figures")
5, rue Gallieni
92100 Boulogne-Billancourt
FRANCE

Contact : contact@figures.hr
In respect of the second processing activity, the controller is the customer of Figures that has signed a customer contract for the use of the Figures Application.In respect of the third processing activity, the controller is:

Figures SAS ("Figures")
5, rue Gallieni
92100 Boulogne-Billancourt
FRANCE

Contact : contact@figures.hr
and the customer of Figures that has signed a customer contract for use of the Figures Application
3 - Terms and Conditions of Joint Controllership
Under the customer contract, we provide for specific Data Processing Terms regarding the processing of personal data. The key provisions are summarised below.
  • We only process personal data of employees of our customers that has been collected and submitted to us by the respective customer under the customer contract. Our customers take the responsibility for ensuring that all such personal data is collected and transferred to us on a legal basis in accordance with applicable laws and regulations on data protection.
  • We only process personal data of customer employees for the specific purposes agreed with the customer in the customer contract. These purposes are described in more detail under item 5 below.
  • We agree with all of our customers that we and the respective customer will ensure that all relevant provisions of applicable laws and regulations of data protection law are complied with, and that the rights of data subjects under applicable data protection law are safeguarded.
4 - Nature of Data Processing, Persons affected by Data Processing
The categories of personal data processed by us in connection with the Figures Application are the following:
Personal data of contact persons of our customers (hereinafter: "Customer Contact Data"):
- Name, surname and email address of contact persons for contract administration
- Name, surname and email address of contact persons for invoicing
Personal data of employees of our customers (hereinafter: "Customer Employee Data"):
  • Name, surname or combination of characters or numbers chosen by our customers to identify the employee
  • Gender
  • Job title
  • Type of job (chosen by our customers from types provided by us)
  • Seniority
  • Annual base salary
  • Annual bonus
  • Annual collective bonus
  • Equity hire grant
  • Equity hire grant type
  • Employee’s potential status as a founder
  • Work Location
The data subjects affected by the data processing activities in connection with the Figures Application are the following:
Customer Contact Data:
Employees of our customers designated for administration of the Customer Contract-
Employees of our customer designated invoicing related to the Customer Contract
Customer Employee Data:
Employees of our customer reported by our customer to us for purposes of using the Figures Application.
5 - Purposes and legal Basis of Data Processing
We process the aforementioned categories of personal data exclusively for the following purposes:
Customer Contact Data:
for the purpose of administration and execution of the respective customer contract,including receipt of the remuneration owed by our customers under such contracts;
Customer Employee Data:
for the purpose of generating overviews and reports made available exclusively to our respective customer by means of dashboards displayed as part of the Figures Application and
only in pseudonymized form - without identification of our customers or any of their employees - for the purpose of generating aggregated statistical benchmarking data; such data are stored by us on separate databases which are accessed by the Figures Application for display of aggregated market benchmarks to our customers.
We process your personal data on the following legal bases:
Purpose A – processing is necessary for the performance of a contract to which the data subject is party (Art. 6(1)(b) GDPR);

Purpose B – Figures is processor and the customer acting as controller is responsible to have a legal basis in place;

Purpose C – processing is necessary for the legitimate interest of Figures (Art. 6 (1)(f) GDPR) to generate aggregated statistical benchmarking data, in order to provide customers with aggregated market benchmarks, assisting them to improve their compensation policy.
6 - Use of Sub-Processors
We engage the following sub-processors for hosting the Figures Application:
1 - Google ____GOOGLE IRELAND LIMITED : BARROW STREET, 99132 DUBLIN, IRELAND
2 - Digital Ocean ____ 101 Avenue of the Americas (Grand St.) New York, NY 10013 United States of America
All personal data hosted by Google and Digital Ocean will be stored on servers located in the European Union and in accordance with the following privacy policies:
We may engage other third parties to process personal data in connection with the Figures Application. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Art. 28 of GDPR.
7 - International Transfers
We do not transfer any personal data outside the EU/EEA, or engage sub-processor to process personal data outside of the EU/EEA.
1 - Data Security and Data Retention
We use appropriate technical and organisational security measures in order to protect your data processed by us against manipulation, loss, destruction and against access by unauthorised persons.

We process and/or store personal data for no longer than is necessary for the purposes set forth above.

Customer Contact Data related to contract administration and execution is retained for the mandatory preservation period prescribed by the laws applicable to our commercial activities, which is five (5) years from termination or expiry of the Customer Contract. Customer Contact Data related to accounting and billing is retained for a period of ten (10) years in accordance with applicable tax legislation.

Customer Employee Data is retained by us for the duration of the Customer Contract and erased after termination or expiry of the Customer Contract, unless erasure at an earlier point in time should be required upon request of a data subject, in which case Figures will act under the instruction of customer.. The right of Figures to retain Processed Data for archiving and statistical benchmarking purposes is set forth in Section 8.2 of the Data Processing Terms.

We reserve the right to retain aggregated statistical benchmarking data generated on the basis Customer Employee Data submitted to us by our customers for longer periods as the retention periods set forth in the foregoing Section 6.1(ii), it being understood that none of such statistical benchmarking data will identify any Customer employee or other data subject.
PART IV: YOUR RIGHTS IN CONNECTION WITH OUR PROCESSING OF PERSONAL DATA
n accordance with the provisions of the GDPR, you as a data subject may assert the following data protection rights against us, where we are controller:
  • Right to withdraw consent: You may revoke the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future. Revoking your consent will not affect the lawfulness of processing based on consent before the withdrawal.
  • Right of access: You have the right to obtain information about your personal data processed by us (Art. 15 GDPR).
  • Right to rectification: You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete (Art. 16 GDPR).
  • Right to erasure: You have the right to request the deletion of the data we hold about you, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims) (Art. 17 GDPR).
  • Right to restriction of processing: You may request us to (temporarily) restrict the processing of your data in accordance with Art. 18 GDPR, for example when the personal data we hold about you may be inaccurate or unnecessary.
  • Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transfer this data to another party (Art. 20 GDPR).
  • Right to object: You may object to the processing of your data in accordance with Art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
  • In addition, you have the right to lodge a complaint with the competent French data protection authority (la Commission nationale de l'informatique et des libertés, https://www.cnil.fr/) (Art. 77 GDPR).
If you wish to exercise your rights, please contact us by e-mail at the following address: privacy@figures.hr.
CHANGES TO OUR PRIVACY NOTICE
This privacy notice was last updated on [12/May/2022].
We reserve the right to amend or update this privacy notice from time to time in order to adapt it to changes in the law or changes in the framework conditions for our data processing activities. The amended version will be published on the website. We will obtain your consent for any changes or adjustments to this privacy statement that can only be implemented with your consent as a data subject.