Privacy Policy

1. Introduction

Resilis is committed to protecting the confidentiality and security of your personal data. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

By using our service, you agree to the practices described in this policy. If you have any questions, please do not hesitate to contact us.

2. Data Controller

Data Controller : RESILIS
Legal form : Simplified joint-stock company (SAS)
Registered office address : 12 Rue de la Part Dieu, 69003 Lyon, France
Email : team@resilis.com

Data Protection Officer (DPO) :
Hugues Lajoie
Email : h.lajoie@resilis.com

3. Data Collected

We collect and process the following personal data:

Identification data:

Last name, first name
Professional email address
Professional phone number (optional)

Organizational data:

Organizational structure of your company
Business continuity processes and plans
Roles and responsibilities
Professional contact details of your organization's members

Technical data:

IP address and connection logs
Browsing data (with your consent for analytics cookies)
Information about your device and browser

Important note: Resilis does not process sensitive data within the meaning of Article 9 of the GDPR (health data, biometric data, data relating to political opinions, etc.).

4. Purposes of Processing

Your personal data is processed for the following purposes:

Provision and management of the Resilis service (creation and management of user accounts, platform access)
Account management and authentication
Customer support and technical assistance
Improvement of our services and development of new features
Compliance with our legal and regulatory obligations
Fraud prevention and platform security
Communication with you regarding the service (notifications, updates, maintenance)

5. Legal Basis for Processing

The processing of your personal data is based on:

Performance of a contract: processing necessary for the provision of the Resilis service
Your consent: for analytics cookies and marketing communications (if applicable)
Legitimate interest: service improvement, security, fraud prevention
Legal obligation: compliance with accounting, tax, and regulatory obligations

6. Data Sharing

Your personal data may be shared with:

Authorized members of your organization with access to your Resilis account
Our technical subcontractors (hosting, monitoring, analytics) in the course of providing the service
Competent authorities if required by law

All our subcontractors are subject to strict confidentiality and security obligations in compliance with the GDPR. For the full list of our subcontractors, visit our page Subcontractors.

We never sell your personal data to third parties.

7. Data Retention Period

Your personal data is retained for the following periods:

Account data: for the duration of your contract and 3 years after the end of the contract
Browsing data (analytics cookies): 180 days (6 months)
Connection logs: 12 months
Accounting and tax data: according to legal obligations (generally 10 years)

Upon expiration of these periods, your data is securely deleted or irreversibly anonymized.

8. Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

Right of access : You can obtain a copy of your personal data
Right to rectification : You can correct inaccurate or incomplete data
Right to erasure : You can request the deletion of your data in certain cases
Right to restriction of processing : You can request the restriction of processing of your data
Right to data portability : You can retrieve your data in a structured format
Right to object : You can object to the processing of your data in certain cases
Right to withdraw consent : You can withdraw your consent at any time

To exercise these rights, you can contact us:

By email at : h.lajoie@resilis.com (DPO)
By mail to our registered office: 12 Rue de la Part Dieu, 69003 Lyon, France

You also have the right to file a complaint with the French Data Protection Authority (CNIL) if you believe that the processing of your personal data constitutes a violation of the GDPR.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Data encryption in transit (HTTPS/TLS) and at rest
Strict access control with strong authentication
Data isolation between clients (multi-tenant architecture)
Regular and secure backups
Monitoring and detection of security incidents
Staff training on data protection

For more information on our security measures, visit our page Security.

10. International Transfers

Your personal data is primarily hosted in the European Union. Some of our subcontractors may be located outside the EU (particularly in the United States).

In such cases, we implement appropriate safeguards in compliance with the GDPR:

Standard Contractual Clauses (SCC) approved by the European Commission
Data Protection Impact Assessments (DPIA) when necessary
Verification of our subcontractors' GDPR compliance

For more details on our subcontractors and their locations, visit our page Subcontractors.

11. Cookies

We use cookies to improve your experience and analyze the usage of our site. For more information on the cookies we use and how to manage them, see our Cookie Policy.

12. Changes to This Policy

We may modify this privacy policy to reflect changes in our practices or for other operational, legal, or regulatory reasons.

In case of significant changes, we will inform you by email or via a notification on the platform.

13. Contact

For any questions regarding this privacy policy or the processing of your personal data: