Privacy Policy and Personal Data Management

This policy became effective on June 2, 2025. It was last updated on June 2, 2025.

‍

Purpose of This Policy

‍

The purpose of this policy is to inform you about the methods we employ to collect your personal data, in strict compliance with your rights.

‍

All information received and/or collected is processed in accordance with applicable laws and regulations.

‍

Revoptim, in its collection and management of your personal data, complies with Law No. 78-17 of January 6, 1978, concerning data processing, files, and freedoms, in its current version, known as "Informatique et Libertés," and Regulation (EU) 2016/679 of April 27, 2016, as soon as it becomes applicable (hereinafter: the "GDPR").

‍

Identity of the Data Controller

‍

The data controller for the collection of your personal data is the company REVOPTIM, a simplified joint-stock company (SASU) registered with the Paris Trade and Companies Register under number 945 007 458, with its registered office at 10 RUE DE PENTHIÈVRE 75008 PARIS France (referred to herein as: "We").

‍

Data Protection Officer

‍

We have appointed a Data Protection Officer (DPO). To contact them, please complete the following form: https://www.revoptim.com/en/contact

‍

Our Collection Methods

‍

The personal data we collect and process depends on how you interact with us, including:

‍

• As a "Visitor" when you visit the website https://www.revoptim.com, participate in our webinars and other digital events, contact us directly (via our website forms, by email, or during physical events, for example), download a white paper, or interact with us in any way without being a Creditor.

‍

What We Collect

‍

Depending on how you interact with us, the data we may collect is as follows.

‍

When you are a Visitor, the following categories of personal data may be collected:

‍

• Identification data, for example, your first name, last name, email address.
• Device data, for example, the model of the device used, the browser version, screen resolution.
• Browsing data, for example, the pages you visit on the website https://www.revoptim.com.
• Your IP address.
• Location data.
• Chat data, if you use the chat feature on https://www.revoptim.com.
• Additional third-party information related to your professional activity.

‍

Revoptim is a debt collection company. Our clients engage us to recover their outstanding debts. For this purpose, certain information about you may be transferred to us by our clients, such as your first name, last name, postal address, email address, and phone number. By virtue of our contract with our clients, we are authorized to use this data to fulfill our mission.

‍

When collecting your personal data, we inform you whether certain data must be provided mandatorily or if it is optional. Mandatory data is necessary for the operation of our services. Regarding optional data, you are entirely free to provide it or not. We also inform you of the potential consequences of a failure to respond.

‍

Source of Collection

‍

We may collect personal data in two different ways:

‍

• Directly from you:
  
  • Voluntarily, when you fill out data collection fields.
  • Automatically, when you use the Platform or browse the websites.
• Indirectly:
  
  • From other users of our services.
  • From our technical partners providing an integration service.
  • From third parties (especially if you use the Single Sign-On feature to connect to the Platform).
  • From our commercial partners.
  • From our marketing partners, when you download a white paper from a third-party site (for example, from a social network).

‍

In the event that partners or third parties collect other personal data, they shall be solely responsible for complying with their legal and regulatory obligations regarding such collection and processing, which they perform independently, using their own means, and for their sole purposes.

‍

For What Purposes Do We Collect Your Data?

‍

Depending on how you interact with us, our processing activities pursue the following purposes, each associated with its legal basis for collection.

‍

Here’s the information from the table restructured into bullet points:

‍

• Purpose: Respond to a request from contact forms, emails, or during digital/physical events or other channels

‍

• Legal Basis: The processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at their request.

‍

• Purpose: Aggregation and analysis of data related to browsing on revoptim.com to establish frequently visited statistics

‍

• Legal Basis: The processing is necessary for the legitimate interests pursued by the data controller or a third party.

‍

• Purpose: Adapt the content of revoptim.com to your characteristics (e.g., site language), where revoptim may have prior knowledge of your browsing

‍

• Purpose: Establishment and management of a prospect database

‍

• Purpose: Management of marketing communication and business development

‍

• Legal Basis: The data subject has given consent to the processing of their personal data for one or more specific purposes.

‍

• Purpose: Sending communications related to our offers, services, new content, and event organization

‍

• Legal Basis: The data subject has given consent to the processing of their personal data for one or more specific purposes.

‍

• Purpose: Processing with another recurring purpose with your consent

‍

• Legal Basis: The data subject has given consent to the processing of their personal data for one or more specific purposes.

‍

• Purpose: Management and processing of requests to exercise the rights of natural persons

‍

• Legal Basis: The processing is necessary to comply with a legal obligation to which the data controller is subject.

‍

• Purpose: Processing necessary to ensure compliance with applicable laws and regulations

‍

• Legal Basis: The processing is necessary to comply with a legal obligation to which the data controller is subject.

‍

Recipients of Collected Data

‍

Your personal data will be accessible to authorized and qualified personnel of our company, the control departments (including auditors), and our sub-processors.

‍

Public bodies may also be recipients of personal data, exclusively to meet our legal obligations, as well as judicial auxiliaries and ministerial officers.

‍

Organizations responsible for debt collection may be recipients of buyer payment data only.

‍

Transfer of Personal Data

‍

Your personal data will not be subject to sales, rentals, or exchanges for the benefit of third parties.

‍

Personal Data Retention Period

‍

(i) Regarding data related to client and prospect management: Your personal data will not be retained beyond the period strictly necessary for the management of our commercial relationship with you. However, data necessary to establish proof of a right or a contract, which must be retained under a legal obligation, will be kept for the duration provided by applicable law. Concerning potential marketing operations aimed at clients, their data may be retained for a period of three years from the end of the commercial relationship. Personal data relating to a prospect who is not a client may be retained for a period of 3 (three) years from its collection or the last contact from the prospect. At the end of this three-year period, we may contact you again to ascertain whether you wish to continue receiving commercial solicitations.

‍

(ii) Regarding identification documents: In the event of exercising the right of access or rectification, data relating to identification documents may be retained for the period stipulated in Article 9 of the Code of Criminal Procedure, i.e., one year. In the event of exercising the right to object, this data may be archived for the limitation period provided for by Article 8 of the Code of Criminal Procedure, i.e., three years.

‍

(iii) Regarding bank card data: Financial transactions related to the payment of purchases and fees via the Solution are entrusted to a payment service provider who ensures their proper execution and security. For the purposes of the services, this payment service provider may be a recipient of your personal data related to your bank card numbers, which they collect and retain on our behalf and for our account. We do not have access to this data. To enable you to make regular purchases or pay associated fees on the Solution, your bank card data is retained for the duration of your registration on the Solution and, at the very least, until you make your last transaction. By checking the box expressly provided for this purpose on the Solution, you give us your express consent for this retention. Data relating to the visual cryptogram or CVV2, inscribed on your bank card, is not stored. If you refuse to have your personal data related to your bank card numbers retained under the conditions specified above, we will not retain this data beyond the time necessary to enable the transaction to be carried out. In any event, such data may be retained, for evidentiary purposes in case of any transaction dispute, in intermediate archives, for the period provided by Article L 133-24 of the Monetary and Financial Code, specifically 13 months following the debit date. This period may be extended to 15 months to account for the possibility of using deferred debit payment cards.

‍

(iv) Regarding the management of opt-out lists for marketing: Information allowing us to take into account your right to object is retained for a minimum of three years from the exercise of the right to object.

‍

(v) Regarding cookies: The retention period for cookies referred to in Article 13 is 13 months.

‍

Security

‍

We inform you that we take all useful precautions and implement appropriate organizational and technical measures to preserve the security, integrity, and confidentiality of your personal data and, in particular, to prevent them from being altered, damaged, or accessed by unauthorized third parties. We also use secure payment systems that comply with industry best practices and applicable regulations.

‍

The security measures implemented by Revoptim are detailed on the dedicated page.

‍

Hosting

‍

We inform you that your data is kept and stored, for the entire duration of its retention, on the servers of Amazon Web Service. These servers are located in Ireland.

‍

Cookies

‍

Cookies are text files, often encrypted, stored in your browser. They are created when a user's browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website's server.

‍

The Solution uses different types of cookies, which have different purposes:

‍

• Technical cookies are used throughout your browsing to facilitate it and perform certain functions. A technical cookie can, for example, be used to remember the answers filled in a form or the user's preferences regarding language or website presentation when such options are available. These cookies are essential for the execution of the service. Among these technical cookies, several third-party cookies are used to offer functionalities based on external services to the Solution: for the login buttons on the homepage: Google, Microsoft; for customer support access: CRISP; for the captcha on the registration page: Google reCAPTCHA.

‍

• Audience analytics cookies allow us to measure the number of visits to the Solution, the number of page views, and the use of website functionalities for statistical purposes. This information base subsequently allows us to improve the product and your user experience on our site by better understanding our users' expectations. Your IP address is also collected to determine the city from which you connect. Among these audience analytics cookies, several third-party cookies are used: Google Analytics, Mixpanel, Sentry.

‍

• Marketing cookies allow us to better understand how our clients use the Solution, in order to provide them with personalized support based on their experience with the Solution and their usage of it. These cookies also allow us to adapt our communication policy to each client. Among these marketing cookies, several third-party cookies are used: LinkedIn, Facebook, Google Ads, Outbrain.

‍

We remind you, for all practical purposes, that you can object to the placement of cookies by configuring your browser. Such a refusal could, however, prevent the proper functioning of the Solution.

‍

Access to Your Personal Data

‍

In accordance with the "Informatique et Libertés" law and the GDPR, you have the right to obtain communication of, and, where applicable, the rectification or erasure of, data concerning you, through online access to your file. You may also contact us at:

‍

• Online contact form: https://www.revoptim.com/en/contact
• Postal address: 10 RUE DE PENTHIÈVRE 75008 PARIS France

‍

It is reminded to individuals whose data is collected based on our legitimate interest, as mentioned in Article 4, that they may object to the processing of their data at any time. However, we may be required to continue processing if there are legitimate grounds for the processing that override your rights and freedoms or if the processing is necessary for the establishment, exercise, or defense of legal claims.

‍

Right to Define Post-Mortem Data Directives

‍

You have the right to define directives regarding the retention, erasure, and communication of your personal data after your death.

‍

These directives can be general, meaning they apply to all personal data concerning you. In this case, they must be registered with a certified digital trusted third party recognized by the CNIL. The directives can also be specific to the data processed by our company. In that case, you should send them to us at the following contact details:

‍

• Online contact form: https://www.revoptim.com/en/contact
• Postal address: 10 RUE DE PENTHIÈVRE 75008 PARIS France

‍

By sending us such directives, you expressly give your consent for these directives to be retained, transmitted, and executed according to the terms provided herein.

‍

You may designate a person in your directives responsible for their execution. This person will then be authorized, upon your death, to review said directives and request their implementation. Failing such designation, your heirs will be authorized to review your directives upon your death and request their implementation. You may modify or revoke your directives at any time by writing to us at the above contact details.

‍

Portability of Your Personal Data

‍

You have a right to data portability for the personal data you have provided to us, understood as the data you have actively and consciously declared as part of accessing and using the services, as well as data generated by your activity when using the services. We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the performance of our contract with you.

‍

This right can be exercised free of charge, at any time, and notably when closing your account on the Platform, in order to retrieve and retain your personal data.

‍

In this context, we will send you your personal data, by any means deemed appropriate, in a commonly used and machine-readable open standard format, in accordance with industry best practices.

‍

Lodging a Complaint with a Supervisory Authority

‍

You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the French National Commission for Information Technology and Civil Liberties (CNIL) for France), in the Member State of your habitual residence, place of work, or the place where the alleged infringement of your rights occurred, if you consider that the processing of your personal data subject to this Policy constitutes a violation of applicable texts. This recourse may be exercised without prejudice to any other recourse before an administrative or judicial court. Indeed, you also have a right to an effective administrative or judicial remedy if you consider that the processing of your personal data subject to this Policy constitutes a violation of applicable texts.

‍

Restriction of Processing

‍

You have the right to obtain restriction of the processing of your personal data in the following cases:

‍

• During the verification period that we implement when you contest the accuracy of your personal data.
• When the processing of such data is unlawful, and you wish to restrict this processing rather than delete your data.
• When we no longer need your personal data, but you wish for its retention to exercise your rights.
• During the period of verification of legitimate grounds, when you have objected to the processing of your personal data.

‍

Modifications

‍

We reserve the right, at our sole discretion, to modify this policy, in whole or in part, at any time. Such modifications will become effective upon the publication of the new policy.

‍