Privacy Notice
Last updated 08/08/2025
1. Recitals
Root-Me PRO (hereinafter “the Company”) attaches the utmost importance to privacy and the protection of personal data processed as part of its activities.
Such data is processed in accordance with French Law No. 78-17 of January 6, 1978, as amended, and Regulation (EU) 2016/679 of April 27, 2016 on data protection (the “GDPR”).
This policy applies when personal information (Data) is processed on our websites, platforms, or in the course of business relationships with our clients, suppliers, and partners.
Any change of this policy will be updated on the Company's website.
2. Definitions
The following terms are defined in accordance with Article 4 of Regulation (EU) 2016/679 (“GDPR”).
• Personal data or Data: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, etc.
• Data processing or Processing: any operation or set of operations performed on Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, etc.
• Data controller: the legal entity that determines the purposes and means of processing. Root-Me PRO acts as Data Controller when processing Data of its prospects, clients, users, and business partners.
3. Data Controller
Regarding the processing activities described herein, the Company acts as Data Controller. Root-Me PRO, 29b chemin de Grave - 69450 Saint-Cyr-au-Mont-d'Or - France, RCS LYON 878 403 906, contact@root-me.pro.
4. Purpose of the data Processing
The Company may process the following Data depending for the following purposes:
• Dealing with contact request on the website or via phone: identity information (title, first name, last name), professional contact details (email, postal address, phone number), company, position;
• Managing a pre-contractual or contractual relationship: data linked to business exchanges, including identity (title, first name, last name), position, and professional contact details;
• Marketing purposes: identity information (title, first name, last name), professional contact details, represented company, position;
• Recruitment purposes: candidate identity (title, first name, last name), personal contact details, and career/professional background;
• Providing services and operating Root-Me PRO Platform: identity (title, first name, last name, username, password), usage data (challenges viewed and completed, group memberships, scores/results), professional contact details (email), company, position;
• Proving functionality, analyze performance and fix errors of the website: browsing data, including IP address, screen resolution, browser used, browsing time, search history, operating system, language, and pages viewed;
• Operating the Company's social networks: username or pseudonym and other information voluntarily provided by the user;
Data is collected directly from data subjects via the website, during pre-contractual and contractual relationships, through social networks, or at events organized by the Company.
The Company may also obtain Data through third-party companies or business partners.
Only data that are strictly necessary for fulfilling the purposes to be achieved are collected.
5. Lawful bases for the collection and use of Data
Under GDPR act we must have a “lawful basis” for collecting and using personal information. There is a list of possible lawful bases we may rely on:
• Contract: we have to collect or use the information so we can enter into or carry out a contract with the data subject (Art. 6(1)(b) GDPR)
• Legal and regulatory obligations: we have to collect or use personal information so we can comply with the law (Art. 6(1)(c) GDPR)
• Legitimate interest: we're collecting or using your information because it benefits the data subject, our organization or someone else, without causing an undue risk of harm to anyone. (Art. 6(1)(f) GDPR)
Some processing may also rely on Data subject's consent (Art. 6(1)(a) GDPR).
6. Who we share Data with
Data is mainly processed by our employees. It may also be shared with third-party service providers and subcontractors for specific tasks. These third parties are bound by strict security and confidentiality obligations under their contracts with the Company, in accordance with Article 28 GDPR.
To operate “Complete my Team” service, applicants data is shared with recruiters.
Where legally required, our Company may share Data with authorized authorities (including judicial or administrative authorities).
Data may also be transferred in the event of a sale, restructuring, or reorganization of the Company.
7. Data retention periods
We keep personal information for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, as may be required by law such as for tax and accounting purposes, or as otherwise communicated.
Retention periods are summarized below:
| Purpose of Processing | Legal Basis | Data Retention Period |
|---|---|---|
| Management of contact requests | Contract performance | Time required to process the request |
| Management of contractual relationships | Contract performance | Duration of the contractual relationship plus 5 years thereafter |
| Operation of RMP platform services | Contract performance | Duration of User subscription plus 5 years after deregistration |
| Marketing communications | Legitimate interest | 3 years from last client/prospect contact |
| Newsletter distribution | Contract performance | Duration of subscription |
| Recruitment | Contract performance | 2 years from application submission, unless opposed, renewable with candidate consent |
| Tracking data access requests | Legal obligation | 5 years from request |
| Social networks | Legitimate interest | For the duration of User subscription to Company profiles |
8. Data protection rights
Which lawful basis we rely on may affect Data protection rights which are set out in brief below. More information can be found the CNIL 's website:
• Right of access - meaning the right to ask us for copies of personal information.
• Right to rectification - meaning the right to ask us to correct or delete inaccurate or incomplete personal information.
Subject to applicable conditions:
• Right to erasure - meaning the right to ask us to delete personal information.
• Right to restriction of processing - meaning the right to ask us to limit how we can use personal information.
• Right to object to processing - meaning the right to object to the processing of personal data.
• Right to data portability - meaning the right to ask that we transfer the personal information to another organization.
Right to withdraw consent - When we use consent as our lawful basis, data subjects right to withdraw consent at any time.
To make a data protection rights request, please contact us at: contact@root-me.pro.
Data subjects also have the right to complaint to CNIL (https://www.cnil.fr/en).
9. Security measures and transfers outside the EU
The Company maintains physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. Data security also depends on individual vigilance. Data is hosted in France.
Whenever we transfer personal Data outside of the European Economic Area or t UK, we ensure that information is transferred as permitted by the applicable laws on data protection either via adequacy decision or contractual safeguards under Art. 46 GDPR.
10. Contact and DPO
The Company has appointed a Data Protection Officer (DPO) to assist with all personal data protection matters. Contact: Sébastien DARTIGALONGUE (rgpd@root-me.pro).
© 2025 Root-Me PRO. All rights reserved.