Privacy Policy

Last updated: 10 June 2021

Privacy policy for personal data

Critizr is aware of the importance of ensuring the confidentiality of personal data and thus Critizr is committed, within the framework of its activities and in accordance with the legislation in force in France and in Europe (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), to ensure the protection, confidentiality and security of personal data, as well as respect for privacy.

This external Privacy Policy (“Privacy Policy”) describes how Critizr, its subcontractors and partners, collect and process the personal data of website visitors, prospects and customers, and more generally from any person whose data it may possess, in accordance with the General Data Protection Regulation (“GDPR”).

It also describes the legal basis on which we process personal data, with whom we share it and how it is stored.

Critizr is a data controller. This means that we decide how we store and use your personal data. We are required under the GDPR to provide you with all of the information in the Privacy Policy.

It is important that you read this Privacy Policy, as well as any other information we may provide on specific occasions when we collect or process your personal data, so that you know how and why we use that data.

1. How is your personal data collected?

Your data is collected when you contact us or download content via forms or by subscribing to newsletters. Technical information (e.g., IP address, browser information, etc.) is also transmitted to Critizr by your terminal when you use the Website.

2. Type of personal data, purposes and legal basis

By personal data, we mean any information about a person from which that person can be identified. This does not include data for which the identity has been deleted (anonymous data).

Below is an overview of the different categories of persons covered by this Privacy Policy and the:

  • Type of personal data about you that we use and store;
  • Purposes for which personal data is collected;
  • Legal bases on which the processing is based.

Critizr also processes your data to meet its legal or regulatory obligations. To this end, the purposes pursued by Critizr are the following:

  • Retain the data required to meet legal obligations
  • Manage data requests from authorised authorities

2.1 Type of people involved:

VISITEURS DU SITE (sans compte utilisateur)

Site visitors (without a user account)

Types of personal data

  • Last name, First name
  • Email address
  • IP address
  • Connection data (cookies)
  • Any information you may have included in the contact form

Purposes & Legal basis for processing

  • To enable the proper functioning of the Website (including processing questions and requests sent via our contact form)
    Our legitimate interest: management of the service
  • To enable you to access or use the Website (cookies or third-party analysis services such as Google Analytics)
    Our legitimate interest: cookies strictly necessary to provide the service you have expressly requested
  • To store information about your preferences, and allow us to customise the Website according to your interests (cookies)
    Your consent (cookies)
  • To prepare reports or compile statistics to improve our goods and services (cookies)
    Your consent (cookies)
  • Sending marketing communications about our products or services (such as newsletters about Critizr news)
    Our legitimate interest: to develop our business

3. If you fail to provide personal data

If you choose not to provide the personal data we request, we may not be able to provide you with the products and/or services you have requested or fulfil the purposes for which we have requested the personal data.

4. What are the flows of personal data

4.1 How do we share your data?

Access to your personal data is strictly limited to:

  • Authorised Critizr employees by virtue of their position and bound by a duty of confidentiality;
  • Critizr’s subcontractors, who are contractually responsible for performing the tasks necessary for the proper functioning of the Website and its services, namely the cloud storage of the Website and your personal data.

In performing their services, Critizr’s subcontractors comply with the provisions of the GDPR.

Critizr may share your personal data with judicial authorities, independent administrative authorities or any other organisation if required by law.

The third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for the specific purposes we have identified. We will always make every effort to ensure that the third parties with whom we share your personal data are subject to confidentiality and security obligations consistent with this Privacy Policy and applicable laws. We only allow them to process your personal data for specific purposes and in accordance with our instructions.

Except as expressly stated above, we will never share, sell or rent your personal information to a third party without notifying you and/or obtaining your consent. If you have given us your consent to use your information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5. Data processing outside the European Union

Where the processing of your data involves a transfer outside the European Union, such transfers are made in return for appropriate safeguards, and in full compliance with applicable regulations. When the sharing of such information involves a transfer to the United States, such transfer is made on the basis of Privacy Shield certification.

Transfers outside the European Union are based on standard contractual clauses, in compliance with the standard clauses validated by the European Commission.

6. What are cookies used for and why are they collected?

Cookies are text files containing small amounts of information that are downloaded to your device when you visit a web page or use an application. Cookies are then sent back to the original web page or application on each subsequent visit, or to another web page or application that recognizes that cookie.

Subject to your consent, Critizr uses cookies to:

  • Measure the performance and audience of the Website, including analysis of the types of Internet browsers (e.g. Firefox, Chrome or Internet Explorer) and operating systems (e.g. Windows or Mac OS) used.
  • You have the right to choose whether or not to accept these cookies and Critizr explains how you can exercise this right below. However, please note that if you refuse cookies, you may not be able to use all the features of the Website.

Most browsers allow you to change your cookie settings. These settings can be found in the “options” or “preferences” menu of your browser. To better understand these settings, the following links may be helpful, otherwise please use the “Help” option of your browser for more details:

Critizr uses cookies, independently of your consent and for its legitimate interest to:

  • Improve the functioning of the Website;
  • Detect, prevent and resolve fraud, spam, abuse, security incidents and other harmful activities;
  • Identify the user (in case of user reporting and for moderation of reported comments);
  • Improve the user experience;
  • Enable and facilitate communication by electronic means on the Website.


You can find more information about cookies and how to administer them at http://www.allaboutcookies.org/.

7. How long do we keep your personal data

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including to meet any legal or accounting requirements.

In determining the appropriate retention period for personal data, we take into account the amount, nature and sensitivity of the personal data, the potential risk of harm resulting from the unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of achieving those purposes by other means, as well as applicable legal requirements.

Processing and Retention Period

Data relating to visitors to the Platform:

  • Claims, questions, complaints: 3 years after a claim, question or complaint has been closed.
  • Cookies: 13 months from their collection, unless you consent to their use at the end of this period.
  • Contact form: We store your information for 3 years after your request.


After the set deadlines, the data are either deleted or kept after being anonymized, in particular for statistical purposes. They may be kept in case of pre-litigation and litigation. It is reminded that the deletion or the anonymisation are irreversible operations and that Critizr is not, thereafter, able to restore them.

8. Rights of the data subjects

As a data subject, you have various rights. These rights are not absolute and each of these rights is subject to certain conditions in accordance with the GDPR and applicable national laws.

  • Right of access – you have the right to obtain confirmation from us as to whether or not your personal data is being processed by us, as well as certain other information (similar to the information provided in this Privacy Policy) about how your personal data is used. You also have the right to access your personal data, by requesting a copy of your personal data. This allows you to know and verify that we are using your information in accordance with data protection laws. We may refuse to provide information where it may reveal personal data about another person or adversely affect the rights of another person.
  • The right to request the rectification – you can ask us to take steps to correct your personal data if it is inaccurate or incomplete (for example, if we have the wrong name or address).
  • The right to request the deletion – also known as the “right to be forgotten”, this right allows you, in simple terms, to request the erasure or deletion of your personal data where, for example, there is no compelling reason for us to continue using it or its use is unlawful. This is not, however, a general right to erasure and there are some exceptions, such as when we need to use the information to defend a legal claim or to be able to meet a legal obligation.
  • The right to restrict processing – you have the right to “block” or prevent further use of your personal data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we may still retain your personal data, but we may not use it further.
  • The right to data portability – you have the right to obtain and reuse certain personal data for your own purposes in different companies (which are separate data controllers). This only applies to personal data that you have provided to us, which we process with your consent and for the purpose of contract performance, which are processed by automated means. In this case, we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically possible) we may pass your data directly to another data controller.
  • The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time, provided that such processing is for the purposes of legitimate interests pursued by Critizr. We will be allowed to continue processing personal data if we can demonstrate that the processing is justified on compelling legitimate grounds that override your interests, rights and freedoms or if we need it for the establishment, exercise or defence of legal claims. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for such purposes.
  • The right to withdraw your consent – where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal.
  • The right to provide us with instructions on the use of your personal data after your death – you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time.

9. Exercise of rights

We have appointed a Data Protection Officer. If you have any questions regarding this Privacy Policy and how we process your personal data or if you wish to exercise any of your rights, please contact Souad Alia at the following address: souad.alia@critizr.com.

If you are not satisfied with our response to your complaint or if you believe that the processing of your personal data does not comply with applicable data protection laws, you may file a complaint with the relevant data protection supervisory authority. The Commission Informatique et Libertés (CNIL) is the data protection authority in France and the lead authority for Critizr.

Any request will be considered within the time limits set by applicable law. Please note, however, that certain personal data may be exempt from such requests in certain circumstances, including if Critizr needs to continue processing your personal data for its legitimate interests or to comply with a legal obligation.

There will be no charge for exercising your right of access (or any other right). In some cases, we may not be able to comply with your request if it is manifestly unfounded or excessive.

We may need to ask you for specific information to help us confirm your identity and ensure your right to access that information (or exercise your other rights). This is an appropriate security measure to ensure that personal data is not disclosed to anyone who does not have a right to receive it.

10. How is the data secured?

Critizr ensures that data is processed with complete security and confidentiality, including when certain operations are performed by subcontractors. To this end, appropriate technical and organisational measures are put in place to prevent the loss, misuse, alteration and deletion of your personal data. These measures are adapted according to the level of sensitivity of the data processed and according to the level of risk that the processing or its implementation presents. We have set procedures to deal with any suspected data breach and will notify you and any relevant supervisory authority of a suspected breach where we are legally required to do so.

Unfortunately, the security of data transmissions over the Internet or data storage systems cannot be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of an account you have with us has been compromised), please notify us immediately by contacting us using the contact information above.


11. Third party sites

The Website may contain links to other websites operated by third parties. Please note that this Privacy Policy only applies to personal data collected by Critizr. We are not responsible for the personal data that third parties may collect, store and use on their own websites. We recommend that you carefully read the privacy policy of each website you visit.

Moreover, Critizr is not responsible for hypertext links that third party websites could integrate even if Critizr would have authorised the publisher of the said third party website to place such a link.

12. Changes to this privacy policy

Critizr may change this Privacy Policy periodically to reflect our changing privacy practices. When we change this Privacy Policy, we will also change the “Last Updated” date at the top of the first page. We encourage you to regularly review this Privacy Policy to be informed of how Critizr is protecting your information.