Privacy Notice

v. EU-2024-01
The protection and confidentiality of personal data is of paramount importance to Figures. With this Privacy Notice, we inform you about how we handle your personal data in accordance with applicable laws and regulations on data protection.
CONTACT
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address:
privacy@figures.hr
OVERVIEW
Our data processing activities and our responsibilities with respect to personal data differ depending on the context in which these data are processed.
In order to allow you to select those areas of data processing that you consider relevant, we have divided our privacy notice into the following parts:
  • PART I
    provides information on our processing activities in connection with our website https://figures.hr, where such website is accessed by internet users only for informational purposes
  • PART II
    provides our cookie notice. Our cookie notice applies both for internet users visiting our website for informational purposes and for users of our application software Figures.hr made available for use by our customers via the internet (the "Figures Application")
  • PART III
    provides information on our processing activities in connection with the Figures Application
  • PART IV
    provides information on your rights as data subject pursuant to applicable laws and regulations on data protection. This information applies with respect to all of our data processing activities under the foregoing parts I up to III.
PART I: DATA PROCESSING RELATED TO USE OF OUR WEBSITE
1 - Name and Address of responsible Data Controller
Figures SAS of 5 Boulevard des Bouvets, 92000 Nanterre, France (Figures)

If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@figures.hr
2 - Nature of Data Processing, Persons affected by Data Processing
When you visit our website for information purposes, we collect data about your access to our server on which our website is stored for retrieval via the Internet (so-called server log files). This access data includes
  • the name of the website accessed
  • File, date and time of access
  • Amount of data transferred
  • Message about successful retrieval
  • browser type and version
  • the user's operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider.
The persons affected by our processing of the aforementioned categories of data are internet users accessing our website.
3 - Purposes and legal Basis of Data Processing
The purposes of the processing of the data mentioned above is to make our website work properly, to optimize marketing activities and to adjust our offer and our information on the websites accordingly. The legal basis for our processing of access data is our legitimate interest which corresponds with the mentioned purposes (legitimate interest pursuant to Art. 6(1)(f) GDPR).
4 - Use of Sub-Processors
We engage the following sub-processor for hosting our website:

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg

All personal data hosted by Amazon Web Services EMEA SARL will be stored on servers located in the European Union and in accordance with their privacy policies.
We may engage other third parties to process personal data in connection with our Application. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Article 28 of GDPR.
5 - International Transfers
5.1 Figures does not transfer any Customer Employee Data outside the EU/EEA, or engage a Sub-Processor to process Customer Employee Data outside of the EU/EEA.

5.2 Figures may use tools to process Customer Contact Data that imply transfer of such Data outside the EU/EEA, in particular tools that are hosted in the USA. This is limited to Customer Contact Data and any transfer of such Data outside the EU/EEA or engagement of Sub-Processors to process such Data outside of the EU/EEA will only be carried out if the receiving country has an adequate level of protection of personal data as decided by the European Commission, or if the transfer is subject to the European Commission’s then current Standard Contractual Clauses (SCCs) for transfer of personal data to third countries.
6 - Data Retention
The personal data collected during your visit of our website is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum period of seven days and then deleted. Data that must be retained for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.
7 - Recipients
The recipients of your personal data is limited to authorised staff members of Figures and, where required, of our sub processors. They only have access to your personal data on a need-to-know basis. If legally required, your personal data may also be provided to government authorities and law enforcement authorities. Last, we may share your personal data with any third party that would act as our successor in title and to whom we transfer all or substantially of our assets and business.
PART II: OUR COOKIE NOTICE
1 - Name and Address of responsible Data Controller
Figures SAS of 5 Boulevard des Bouvets, 92000 Nanterre, France (Figures)
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@figures.hr
2 - Nature of Data Processing, Data subjects affected by Data Processing
Cookies are small files or other types of stored information that are transmitted from our web server or third party web servers to the web browser you are using and deployed on your device (smartphone, computer, etc.) stored there for later retrieval.
Cookies serve different purposes depending on their type. We use the following types of cookies:
  • Strictly necessary cookies are used to make our website usable by enabling basic functions such as page navigation and access to protected areas of the website. Without these cookies, the website cannot function properly.
  • Session cookies are only stored for the duration of your current visit to our website, e.g. to allow your login status to be saved. A randomly generated unique identification number is stored in a session cookie (so-called session ID). In addition, a session cookie contains information about its origin and the duration of storage, but does not store any other data. Session cookies are deleted when you stop using our website and log out or close the browser.
  • Functionality cookies store your preferences for our website, such as the language setting or your user name.
  • Performance cookies collect website and app usage data at an abstract level and are used to provide analytics and metrics such as number of visitors and most viewed pages. These cookies include Google Analytics (see also below).
  • Statistics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Marketing or advertising cookies are used by us to collect information about browsing habits and may be used to tailor advertising and marketing. These cookies are in most cases third party cookies.
The cookies used on our website are listed in the chart below:
The data subjects affected by our processing of the aforementioned cookies are Internet users accessing our website.
3 - Legal Basis of Data Processing and Management of Cookie-Settings
We may store cookies on your device only if they are absolutely necessary for the operation of this site. The legal basis for the processing of essential cookies is our legitimate interest in presenting our range of services on the internet (legitimate interest pursuant to Art. 6(1)(f) GDPR). For all other types of cookies, we rely on your consent.
When you visit our website, we display a “cookie banner” in which you can declare your consent or your refusal to the use of cookies on our website by clicking on a button.We also store your consent in the form of a cookie (“opt-in cookie”) on your end device in order to determine whether you have granted your consent when you visit the website again.
Strictly necessary cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.
You can also manage cookies using your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this by accessing the following link: https://www.allaboutcookies.org/manage-cookiesPlease note that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.
4 - Cookie Data Retention
The cookies used by us on our website remain active for different periods depending on whether they are transient or persistent cookies. Transient cookies, also called "session cookies" - are automatically deleted when you close your browser. Persistent cookies remain stored on your end device for a certain period of time after the browser is closed.The cookies used on our website fall into the categories listed below:

Cookie name: figures.hr
Category of Cookie: Session
Storage Time / Expiry: 6 hours
5 - Specific Third-Party Cookies
PART III: Data Processing Related to Use of Application
1 - Introduction
The Application is made available to our customers on a subscription basis by means of customer contracts for software application services. A key feature of our service offering related to the Application is that our customers are granted the opportunity to enter specific data regarding their employees and their business on dedicated dashboards displayed exclusively to the respective customer via the Application. Further, our customers are provided the opportunity to compare their employee data with statistical market benchmarking data generated by us in connection with the Application. The specific employees and business data provided by our customers are used by us as basis for creating further statistical and market benchmarking data, always on an anonymised basis – without identifying any of our customers or their employees.
2 - Names and Addresses of Data Controllers
Figures SAS of 5 Boulevard des Bouvets, 92000 Nanterre, France (Figures),
and customers of Figures that have signed a customer contract for use of the Application.
If you have any questions about the processing of your personal data by us, you can contact us by e-mail at the following address: privacy@figures.hr
3 - Terms and Conditions
Under the contract we conclude with our customers, we provide for specific terms and conditions regarding the processing of personal data . The key provisions are summarised below.
(i) We only process personal data of employees of our customers that has been collected and submitted to us by the respective customer under the customer contract. Our customers take the responsibility for ensuring that all such personal data is collected and transferred to us on a legal basis in accordance with applicable laws and regulations on data protection.

(ii) We only process personal data of customer employees for the specific purposes agreed with the customer in the customer contract. These purposes are described in more detail under item 5 below.

(iii) We agree with all of our customers that we and the respective customer will ensure that all relevant provisions of applicable laws and regulations of data protection law are complied with, and that the rights of data subjects under applicable data protection law are safeguarded.
4 - Nature of Data Processing, Data subjects affected by Data Processing
The categories of personal data processed by us in connection with the Figures Application are the following:
(i) Personal data of contact persons of our customers (hereinafter: "Customer Contact Data"):
Name, surname and email address of contact persons for contract administration
Name, surname and email address of contact persons for invoicing
Personal data of employees of our customers (hereinafter: "Customer Employee Data"):
  • Name, surname or combination of characters or numbers chosen by our customers to identify the employee
  • Gender
    Date of birth (optional)
  • Job title
  • Type of job (chosen by our customers from types provided by us)
  • Seniority
  • Annual base salary
  • Annual bonus
  • Annual collective bonus
  • Equity hire grant
  • Equity hire grant type
  • Employee’s potential status as a founder
  • Geographical location
  • Department
  • Office name or location
  • Hire date
  • Name of Manager
  • Performance ratings (optional)
  • Profile picture (optional)
  • Professional Email address (optional)
  • Any other personal data of Customer employees collected via fields introduced from time to time by the Customer on its own initiative using the Customer fields option available in the Application (optional)
The data subjects affected by the data processing activities in connection with the Figures Application are the following:
Customer Contact Data:
Employees of our customers designated for administration of the Customer Contract
Employees of our customer designated invoicing related to the Customer Contract
Customer Employee Data:
Employees of our customer reported by our customer to us for purposes of using the Figures Application.
5 - Purposes and legal Basis of Data Processing
We process the aforementioned categories of personal data exclusively for the following purposes:
Customer Contact Data:
for the purpose of administration and execution of the respective customer contract,including receipt of the remuneration owed by our customers under such contracts;
Customer Employee Data:
for the purpose of generating overviews and reports made available exclusively to our respective customer by means of dashboards displayed as part of the Figures Application and
only in anonymised form - without identification of our customers or any of their employees - for the purpose of generating aggregated statistical benchmarking data; such data are stored by us on single database which are accessed by the Application for display of aggregated market benchmarks to our customers.
The legal basis we are relying on is our legitimate interest in providing our customers with the Application (legitimate interest pursuant to Art. 6(1)(f) GDPR).
6 - Use of Sub-Processors
We engage the following sub-processors for the hosting of our Application:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855Luxembourg
All personal data hosted by Amazon Web Services EMEA SARL will be stored on servers located in the European Union and in accordance with their privacy policies.
We may engage other third parties to process personal data in connection with our Application. Any such sub-processors will be selected with due care and we will provide that such will be bound by adequate contractual arrangements in such a way as to ensure that they comply with the requirements for the protection of personal data pursuant to Article 28 of GDPR.
7 - International Transfers
7.1 Figures does not transfer any Customer Employee Data outside the EU/EEA, or engage a Sub-Processor to process Customer Employee Data outside of the EU/EEA.
7.2 Figures may use tools to process Customer Contact Data that imply transfer of such Data outside the EU/EEA, in particular tools that are hosted in the USA. This is limited to Customer Contact Data and any transfer of such Data outside the EU/EEA or engagement of Sub-Processors to process such Data outside of the EU/EEA will only be carried out if the receiving country has an adequate level of protection of personal data as decided by the European Commission, or if the transfer is subject to the European Commission’s then current Standard Contractual Clauses (SCCs) for transfer of personal data to third countries.
8 - Data Security and Data Retention
We use appropriate technical and organisational security measures in order to protect your data processed by us against manipulation, loss, destruction and against access by unauthorised persons.
We do not process and or store personal data for no longer than is necessary for the purposes set forth above.

(i) Customer Contact Data related to contract administration and execution is retained for the mandatory preservation period prescribed by the laws applicable to our commercial activities, which is five (5) years from termination or expiry of the Customer Contract. Customer Contact Data related to accounting and billing is retained for a period of ten (10) years in accordance with applicable tax legislation.

(ii) Customer Employee Data and Customer Business Data are retained by us for the duration of the Customer Contract and erased after termination or expiry of the Customer Contract, unless erasure at an earlier point of time should be required upon request of a data subject. will erase such Processed Data from its operational systems no later than 30 days after the effective date of termination or expiry of the Customer Contract. The right of Figures to retain Processed Data for archiving and statistical benchmarking purposes set forth in Section 8.1 (i) and 8.2 above.

We reserve the right to retain aggregated statistical benchmarking data generated on the basis Customer Employee Data submitted to us by our customers for longer periods as the retention periods set forth in the foregoing Section 6.1(ii), it being understood that none of such statistical benchmarking data will identify any Customer employee or other data subject.
9 - Recipients
The recipients of your personal data is limited to authorised staff members of Figures and, where required, of our sub processors. They only have access to your personal data on a need-to-know basis. If legally required, your personal data may also be provided to government authorities and law enforcement authorities. Last, we may share your personal data with any third party that would act as our successor in title and to whom we transfer all or substantially of our assets and business.
PART IV: YOUR RIGHTS IN CONNECTION WITH OUR PROCESSING OF PERSONAL DATA
In accordance with the provisions of the GDPR, you as a data subject may assert the following data protection rights against us, where we are controller:
  • Right to withdraw consent: You may revoke the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future. Revoking your consent will not affect the lawfulness of processing based on consent before the withdrawal.
  • Right of access: You have the right to obtain information about your personal data processed by us (Art. 15 GDPR).
  • Right to rectification: You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete (Art. 16 GDPR).
  • Right to erasure: You have the right to request the deletion of the data we hold about you, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims) (Art. 17 GDPR).
  • Right to restriction of processing: You may request us to (temporarily) restrict the processing of your data in accordance with Art. 18 GDPR, for example when the personal data we hold about you may be inaccurate or unnecessary.
  • Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transfer this data to another party (Art. 20 GDPR).
  • Right to object: You may object to the processing of your data in accordance with Art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
  • In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR).
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend or update this Privacy Notice from time to time in order to adapt it to changes in the law or changes in the framework conditions for our data processing activities.