Pappers Ch logo

General Personal Data Protection Policy of Pappers

This Personal Data Protection Policy (the "Policy") aims to inform all concerned natural persons ("You" or "Your") about:

  • how Pappers ("Pappers") processes such Personal Data as a data controller;
  • the rights you have regarding this processing.

1. Scope of the Personal Data Protection Policy

The EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data ("GDPR"), applicable as of 25 May 2018, applies to all companies that collect, store, or process personal data.

The concept of personal data ("Personal Data") refers to any information relating to an identified or identifiable natural person. An "identifiable natural person" is one who can be identified, directly or indirectly, particularly by reference to an identifier, such as a name, identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Pappers transparently processes Your Personal Data in two scenarios:

  1. If you contact Pappers via email;
  2. When you visit the website www.pappers.in (the "Site") or when Pappers legally makes public the information of the European National Business Registers on its website.

2. Processing of Your Personal Data When Sending an Email to Pappers via the Complaint Form

2.1 Purpose, Legal Basis, and Processed Personal Data

If You contact Pappers via email, certain Personal Data concerning You may be transmitted and processed, such as:

  • Your email address (mandatory);
  • Any Personal Data you may choose to share in your messages.

This Personal Data is used to process and respond to your message, as well as to improve Pappers' services. The collection and processing are based on Pappers' legitimate interest in managing public relations and responding to you, in accordance with Article 6.1.f) of the GDPR.

2.2 Data Retention Period

Pappers retains this Personal Data for the duration necessary to handle Your message and its potential follow-ups, plus an additional 5 years as evidence in compliance with applicable limitation periods. After these periods, the Personal Data is deleted.

2.3 Transfer and Recipients of Personal Data

Pappers does not intend to transfer the collected data outside the European Union.

2.4 Recipients of Personal Data

Personal Data may be communicated to Pappers employees who require it to perform their duties, to oversight bodies monitoring Pappers, as well as to legal authorities and officers when legally required or when necessary to enforce terms and conditions or protect Your or Pappers' rights or property.

2.5 Your Rights Concerning Your Personal Data

Under the GDPR, You have the right to access, rectify, erase, restrict processing, data portability, object to the processing of Your Personal Data, and determine the fate of Your data after Your death.

You can exercise Your rights by completing this form.

If You believe that the processing of Your Personal Data does not comply with the applicable regulations, You can file a complaint with the CNIL at:

CNIL – Complaints Department
3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: +33 (0)1 53 73 22 22

3. Processing of Your Personal Data Related to Public Access to RNE Information and Documents

3.1 Purpose, Legal Basis, and Processed Personal Data

The National Registers serve an official role in legal publicity by providing public access to declarations and acts filed, as well as the information included therein (e.g., concerning managers and shareholders). This data is public and contributes to the public interest.

When submitting information to commercial court registries, individuals can reasonably expect such data to be subject to further processing.

Since Law No. 2015-990 of 6 August 2015, the national register’s information can be reused by the public for commercial or non-commercial purposes.

Pappers operates within this legal framework, offering free public access to such information through its website.

Pappers processes the following Personal Data included in the National Registers :

  • Name and surname;
  • Title;
  • Date and place of birth;
  • Nationality;
  • Marital status;
  • Postal address;
  • Corporate roles.

This processing is justified under Article 6.1.f) of the GDPR as it is necessary for the legitimate interests of Pappers in making the national registers data legally available and for the public to access such information.

3.2 Data Retention Period

Personal Data is retained for the duration of the individual's involvement with the company, plus the applicable statutory limitation periods. Once these periods expire, the Personal Data is deleted.

3.3 Transfer and Recipients of Personal Data

Pappers does not intend to transfer such data outside the European Union.

3.4 Recipients of Personal Data

Personal Data may be shared with Pappers employees, oversight bodies, and legal authorities when legally required.

3.5 Your Rights Concerning Your Personal Data

You have the rights listed in Section 2.5. However, the data included in the national registers:

  • is public;
  • was not collected by Pappers but by commercial court registries;

Pappers is not legally authorized to grant your requests unless justified under specific conditions as outlined by Article 38 of the French Law of 6 January 1978 and subsequent rulings. You may still file a complaint with the CNIL.

4. Processing of Your Personal Data During Site Visits

4.1 Purpose, Legal Basis, and Processed Personal Data

When visiting the Site, certain technical data is automatically collected and stored, such as:

  • Visitor's IP address;
  • Date and time of access;
  • Name and URL of the visited page;
  • Referring website (URL);
  • Browser and operating system details.

This data is processed to ensure site functionality, security, and stability, and improve administration. Processing is justified under Article 6.1.f) of the GDPR.

4.2 Data Retention Period

Data is retained for 12 months, subject to legal retention obligations.

4.3 Transfer and Recipients of Personal Data

Data may be disclosed to third parties only under specific circumstances outlined in Section 3.3.

4.4 Your Rights

You retain the rights described in Section 2.5.

5. Data Security

Pappers implements technical and organizational measures to prevent unauthorized access, misuse, or destruction of Your Personal Data.

6. Links to Third-Party Websites

Pappers is not responsible for the Personal Data practices of third-party websites accessible via links on the Site.

7. Contact and Policy Updates

For questions or to exercise Your rights, contact us via this form.

The Policy may be updated at any time. Updates will be communicated via email or online. Regular review is advised.