Let’s Dream – Performance With Impact

Kisaco wheel - black on clear

General Data Protection (GDPR)

Last updated: July 2025

At Kisaco SAS, the protection of your personal data is at the core of our commitments. Our mission is to help companies reduce their environmental impact, and we apply the same principles of transparency and responsibility when handling your data.

Personal data” refers to any information that can identify you, either directly (e.g., your name) or indirectly (e.g., your IP address).
This Privacy Policy explains how we collect, use, and protect your data when you browse our website www.kisaco.io (the “Site”).

We encourage you to read it carefully.

1. Sources of Data Collected

1.1 Data you provide directly

These are the data you share with us when interacting with the Site, for example:

  • requesting a demo,

  • subscribing to our newsletter,

  • downloading a resource from the “Resources” section,

  • using the contact form or live chat.

1.2 Data collected indirectly

After these retention periods, data may be archived for a limited time (e.g., to comply with legal, accounting, or tax obligations, or for evidentiary purposes). Beyond that, they are permanently deleted from our active databases.

2. Purposes and Legal Bases for Processing

PROCESSING
PURPOSE

DATA
SUBJECTS

DATA
COLLECTED

LEGAL
BASIS

RETENTION
PERIOD

Managing demo requests

Prospects

Identity, contact details, professional information (role, company, sector)

Kisaco’s legitimate interest

3 years after last contact, or end of contractual relationship if a contract is signed

Resource downloads

Prospects

Identity, contact details, professional information

Kisaco’s legitimate interest

3 years after last contact, or end of contractual relationship

Responding to contact forms / inquiries

Prospects

Message content, contact details (email, phone if provided)

Kisaco’s legitimate interest

3 years after collection or last interaction

Sending newsletters

Prospects

Identity, contact details, professional information

Consent

Until unsubscribed, or 3 years after last contact

Audience measurement (analytics cookies)

Website
visitors

IP address, browsing data

Legitimate interest

Anonymized data – up to 25 months

Targeted advertising via third parties (YouTube, LinkedIn)

Visitors, prospects

Connection identifier (IP), browsing journey

Consent

6 months after consent choice

After these retention periods, data may be archived for a limited time (e.g., to comply with legal, accounting, or tax obligations, or for evidentiary purposes). Beyond that, they are permanently deleted from our active databases.

3. Data Sharing

Your personal data are never sold or shared with commercial partners for marketing purposes.

We only share your information in the following cases:

  • Trusted technical providers: hosting, maintenance, technical support (e.g., Infomaniak, based in Switzerland – a country recognized by the EU as providing adequate protection).

  • Kisaco internal teams: mainly our marketing and technical departments, based in France.

  • Third-party platforms activated by the user: YouTube (embedded videos), LinkedIn (performance analytics of professional campaigns).

  • Legal obligations: if required by law, judicial authorities, or to defend our rights.

For more details about cookies and trackers used, please consult our Cookie Policy.

4. Hosting and Transfers Outside the EU

The hosting subcontractor for Kisaco’s infrastructure and data is:

Infomaniak network SA

Address: 25 Rue Eugène Marziano, 1227 Geneva, Switzerland

Phone : +41 (0) 22 820 35 44

Switzerland is subject to a GDPR adequacy decision by the European Commission.

nfomaniak Network SA was selected by Kisaco for its environmental commitments:
https://www.infomaniak.com/fr/hebergeur-ecologique

As the subcontractor responsible for the infrastructure, Infomaniak Network SA is committed to full compliance with the European General Data Protection Regulation (GDPR):

https://www.infomaniak.com/fr/cgv/reglement-general-protection-donnees

https://manager.infomaniak.com/pdfcgu.php/fr_FR/52/dpa.pdf

If a transfer were to take place outside the EEA or Switzerland, we would ensure that such transfer is governed either by:

  • an adequacy decision of the European Commission, or

  • the implementation of Standard Contractual Clauses (SCCs) and additional security measures, in accordance with the GDPR.

5. Your Rights

In accordance with the GDPR and applicable data protection laws, you have the following rights:

  • Access: obtain information about the data we hold and receive a copy.

  • Rectification: correct or update inaccurate or incomplete data.

  • Erasure: request deletion of your data (“right to be forgotten”).

  • Restriction: temporarily limit the use of your data.

  • Objection: object to processing based on your specific situation, and at any time against the use of your data for direct marketing purposes.

  • Portability: receive your data in a structured, commonly used, machine-readable format and transmit them to another controller.

  • Withdrawal of consent: withdraw your consent at any time when processing is based on consent.

  • Post-mortem directives: define instructions regarding the handling of your data after your death (where applicable).

  • Lodge a complaint: with the relevant supervisory authority. In France, this is the CNIL (www.cnil.fr).

6. Exercising Your Rights

You can exercise your rights at any time by contacting us:

  • by email: legal at kisaco.io

  • by mail: Kisaco – Data Protection Officer, 6 rue Mouton-Duvernet, 75014 PARIS

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure.

8. Updates to This Policy

This Privacy Policy may be updated from time to time. The latest version is always indicated by the “Last updated” date at the top. If we make significant changes (e.g., new purposes for processing), we will notify you before they take effect.