Privacy Policy

About this policy

This privacy notice explains how KIT UNITED SAS (hereinafter “KIT UNITED” or “we”) processes your personal data, when it acts as data controller, including in all situations where we collect your data via our website

We are committed to abiding by data protection laws and to be open and transparent in how we use your personal information. We take your privacy seriously and this policy and notice has been drafted in accordance with the requirements of the General Data Protection Regulation (“GDPR”), the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK GDPR).


Data Controller

For the purpose of the Data Protection Legislation, KIT UNITED, having its headquarters 6 rue Auber, 75009, Paris, France, is the data controller (as defined in the applicable legislation) and any enquiry regarding the collection or processing of your data should be addressed to us and our Data Protection Officer, at [email protected].


Purposes, legal basis and retention periods

Your personal data may be processed by authorized KIT UNITED personnel for several purposes.

Each of these purposes is associated with a “legal basis”, which justifies our processing.

Your data is also kept for a predetermined period, which depends on the purpose of the processing. This period is expressed as an “active database”, which corresponds to the stage where your data is processed in order to achieve the purpose described in the table, and as an “intermediate archive”, which corresponds to a state of conservation of the data with restricted access. The archived data is no longer used for the purpose of the processing but is still retained in order to comply with a legal obligation and/or to enable us to defend our legal rights, if necessary.

The purposes, legal bases and retention periods are detailed in the table below:


Purpose of the processing activity

Legal basis

Data retention term

Communicating with you and managing the request you send us using the “contact” feature of our website

Our legitimate interest in responding to your requests and queries

In active database: Until the request is processed

Intermediate archive: 5 years from the date the request is processed

Commercial prospecting (including proposing a demo of our services)

To pursue our legitimate interest in growing our business

In active database: 3 years after the last contact from you

In intermediate archive: N/A

General accounting

Our legal accounting obligations

In active database: during the current fiscal year

In intermediate archive: 10 years from the end of the fiscal year


Pre-contractual measures taken at the request of a candidate if you apply to our job offer, our legitimate interest to recruit people otherwise

In active database: the duration of the recruitment process

In intermediate archive: 3 years from the end of the recruitment process

Sending our newsletter

Our legitimate interest in informing you about our activity

In active database: for the duration of your subscription

In intermediate archive: N/A

Retention of login information for security, maintenance

Our legitimate interest in ensuring the security of our website

In active database: 12 months from data recording

In intermediate archive: N/A

Management of our video surveillance system

Our legitimate interest in ensuring the security of our premises

In active database: 1 month from the recording of the images

In intermediate archive: N/A

Customer Management

The contract we have with our client

In active database: for the duration of the commercial relationship

In intermediate archive: 5 years from the end of the business relationship

Supplier management

The contract we have with our supplier

Management of access controls to the premises

Our legitimate interest to ensure the security of our premises

In active database: 3 months 

In intermediate archive: N/A

Generating metrics about the use of our services, the performance of our agreements with our customers or our prospecting activities

Our legitimate interests to benefit from the metrics we generate

Regarding customers:

For the duration specified for the “Customer Management” processing 

Regarding prospects:

For the duration specified for the “Commercial prospecting” processing

Regarding users of our services:

Until 90 days after the end of our contractual relationship with the customer

Storage of personal data to comply with our legal requirements (inter alias, under French LCEN)

Legal obligation to comply with Article 6 of French LCEN 

In active database: For the duration of the legal requirement (currently, a year from the day of the connection or creation of content).

In intermediate archive: N/A


Recipients of your personal data

There are a range of circumstances where we may disclose your data to third parties. Here are the third parties we may send your personal data to:

  • our suppliers in charge of providing IT tools, including customer relationship management tools, marketing tools, calendar management tools, videoconference recording tools, emailing tools, billing tools, ticketing tools, document hosting tool, IT monitoring tools, analytic tools (including a tool used to transform the data to facilitate the analytic on anonymized data, and a user interface used to show and study analytic data that can query personal data), chat tools, project organization tools, accounting software, banking tools for payment management;
  • our payment service providers;
  • our service providers in charge of hosting and maintaining our website and data;
  • our service provider in charge of gathering personal data of prospects;
  • our accountants.
  • our affiliates;
  • any jurisdiction or governmental authorities.


Indirect collection 

We may collect your personal data indirectly, for recruitment purposes, via social network (Linkedin, Indeed, etc.) and through our recruitment tool called “Lever”. The personal data thus collected is your name, surname, qualification, current and past jobs, diploma, and any personal data published on social networks.


Personal data transfers outside the EU/EEA

Your personal data may be transferred to third party countries, such as:

  • Australia;
  • Singapore;
  • United States of America.

When transferring personal data outside the EU/EEA, we make sure that the latest version of the standard contractual clauses of the EU Commission are signed with the recipient, unless there is an adequacy decision from the EU Commission regarding the country where the recipient is located.


Your rights

You have rights in relation to your personal data, depending on the circumstances, including:


  • the right to obtain information about the processing carried out on your personal data, as well as a copy of your personal data;
  • the right to withdraw your consent to the processing of your personal data at any time, if the processing is based on your consent;
  • the right to obtain rectification of your data;
  • the right to obtain confirmation that your personal data is or is not being processed;
  • the right to ask us to delete your data;
  • the right to ask us to restrict or object to the processing of your data.


You can exercise these rights at any time by writing to us by email to [email protected].

You also have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (“CNIL”), at the following address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris – Cedex 07 or through the dedicated website of the CNIL.


Changes to this policy

We may update this policy to reflect changes to our processing activities. Please regularly review this policy to be informed of how we are protecting your personal data.