Interested in our services?

Make an appointment with a member of our team today.

Make an appointment
X
🌱 IT SYSTEMES is committed to CSR!

Privacy policy

Updated on: April 28, 2026

Privacy policy

1. Preamble

IT SYSTEMES SAS (hereinafter “IT SYSTEMES” or “we”), the publisher of the websiteitsystemes, places particular importance on the protection of personal data. The purpose of this privacy policy is to inform users of the website (hereinafter “you”) about the methods used to collect, process, and protect their personal data, in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended Law No. 78-17 of January 6, 1978.

2. Data Controller

The data controller is IT SYSTEMES SAS, with its registered office at 58-60 rue Etienne Dolet, 92240 Malakoff, registered with the Nanterre Trade and Companies Register under number 521 984 112.

IT SYSTEMES SAS is represented by its President, SARL 1640 RIVERSIDE, which is in turn represented by its manager, Mr. Samir AMARA.

3. Data Protection Officer (DPO)

IT SYSTEMES has appointed a Data Protection Officer in accordance with its GDPR compliance policy:

Name: Mr. Anthony FERNANDES

Email: dpo@it-systemes.fr

Mail: IT SYSTEMES — Attention: DPO — 58-60 Rue Etienne Dolet, 92240 Malakoff

4. Data Collected and Purposes

IT SYSTEMES collects only the data strictly necessary for the purposes described below, in accordance with the principle of data minimization (GDPR Art. 5.1.c).

4.1. Response to a contact request submitted via the form

  • Data collected: last name, first name, company, work email, phone number, message.
  • Legal basis: pre-contractual measures at the individual’s request (GDPR Art. 6.1.b).
  • Retention period: 3 years from the date of the last contact if no contractual relationship is established.

4.2. Customer Relationship Management (quotes, orders, invoices)

  • Data collected: last name, first name, business contact information, billing information.
  • Legal basis: performance of the contract (GDPR Art. 6.1.b).
  • Retention period: duration of the contract plus 5 years (statute of limitations for commercial matters, Art. L.110-4 of the Commercial Code); 10 years for accounting records.

4.3. B2B Sales Prospecting

  • Data collected: last name, first name, work email address, company, job title.
  • Legal basis: IT SYSTEMES’ legitimate interest in promoting its services to professionals (GDPR Art. 6.1.f).
  • Retention period: 3 years from the date of the last contact.

4.4. Handling Unsolicited Applications

  • Information collected: last name, first name, contact information, resume, cover letter.
  • Legal basis: pre-contractual measures at the individual’s request (GDPR Art. 6.1.b).
  • Retention period: 2 years after the last contact if no hiring takes place.

4.5. Website Traffic Measurement (Google Analytics)

  • Data collected: IP address (anonymized), pages visited, duration of visit, browser type.
  • Legal basis: consent (GDPR Art. 6.1.a).
  • Retention period: cookies for up to 13 months, data for up to 25 months.

4.6. Compliance with legal obligations (data protection, tax, and labor)

  • Data collected: transaction data, supporting documents.
  • Legal basis: legal obligation (GDPR Art. 6.1.c).
  • Retention period: in accordance with applicable legal requirements.

5. Recipients and subcontractors

The collected data is accessible only to the relevant departments at IT SYSTEMES (sales, support, accounting, and HR, depending on the purpose) and, where applicable, to the following subcontractors:

5.1. Webflow, Inc.

  • Service provided: website hosting.
  • Location: United States.
  • Legal framework: EU Standard Contractual Clauses (SCCs) and/or the Data Privacy Framework.

5.2. Microsoft Ireland Operations Ltd. (Microsoft 365)

  • Service provided: Receiving and processing emails submitted via forms.
  • Location: European Union (Ireland), with possible outsourcing to the United States.
  • Legal framework: EU Standard Contractual Clauses (SCCs) and the Data Privacy Framework.

5.3. Google Ireland Ltd. (Google Analytics)

  • Service provided: website traffic measurement.
  • Location: European Union (Ireland), with possible outsourcing to the United States.
  • Legal framework: EU Standard Contractual Clauses (SCCs) and the Data Privacy Framework.

IT SYSTEMES does not sell or rent personal data to third parties for commercial purposes.

6. Transfers outside the European Union

Some of our subcontractors may transfer personal data outside the European Union, primarily to the United States. These transfers are subject to appropriate safeguards within the meaning of Articles 44 through 49 of the GDPR:

  • Standard contractual clauses adopted by the European Commission (Decision 2021/914 of June 4, 2021).
  • European Commission Adequacy Decision of July 10, 2023, regarding the EU-U.S. Data Privacy Framework for certified U.S. processors.

You may request a copy of or access to the safeguards in place by contacting the DPO.

7. Your rights

In accordance with Articles 15 through 22 of the GDPR, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation that your personal data is being processed and to receive a copy of it.
  • Right to rectification: having inaccurate or incomplete data corrected.
  • Right to erasure: Have your data deleted in the cases provided for by the GDPR.
  • Right to restriction of processing: request that processing be suspended in certain cases.
  • Right to data portability: to receive your data in a structured format, or to transmit it to another data controller.
  • Right to object: You have the right to object to the processing of your personal data, including for marketing purposes.
  • Right to withdraw consent: at any time, when the processing is based on consent.
  • The right to establish guidelines regarding the handling of your data after your death (Data Protection Act, Art. 85).

To exercise these rights, you can contact our DPO:

  • By email: dpo@it-systemes.fr
  • By mail: IT SYSTEMES — Attention: DPO — 58-60 Etienne Dolet Street, 92240 Malakoff

We will respond within one month of receiving your request; this period may be extended by two months if the matter is complex.

You may be asked to provide proof of identity if there is reasonable doubt regarding your identity, in accordance with Article 12.6 of the GDPR.

8. Right to file a complaint with the CNIL

If, after contacting us, you feel that your rights have not been respected, you may file a complaint with the French Data Protection Authority (CNIL):

  • CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.
  • Phone: 01 53 73 22 22.
  • Website: www.cnil.fr.

9. Data Security

IT SYSTEMES implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of the data processed, in accordance with Article 32 of the GDPR:

  • Communications are encrypted using TLS (HTTPS) throughout the site.
  • Encryption of data at rest on Microsoft 365 storage.
  • Multi-factor authentication (MFA) is required for all employees.
  • A strict access management policy based on the principle of least privilege.
  • Continuous monitoring provided by an outsourced security operations center (24/7).
  • Regular backups and restore tests.
  • Commitment to pursuing ISO/IEC 27001:2022 certification, with an audit scheduled for the first half of 2026.

10. Cookies and trackers

The websiteitsystemes uses cookies. For more information about the cookies we use, their purposes, how long they are stored, and how to manage your consent, please see our Cookie Policy (in the dedicated section below, or on the page accessible from the website’s footer).

11. Policy Changes

This policy may be amended at any time, particularly to reflect changes in regulations or new data processing practices. The applicable version is the one in effect on the date of your visit. We encourage you to review it regularly.

The date of the last update is shown at the top of the page.

Cookie Policy

1. What is a cookie?

A cookie is a small file stored on your device (computer, tablet, smartphone) when you visit a website. It allows the site to remember information about your visit (preferences, browsing statistics, session identifiers).

2. Cookies used onitsystemes

The website uses two types of cookies:

2.1. Strictly necessary cookies (Webflow)

  • Purpose: website functionality, security, and saving consent preferences.
  • Maximum duration: one session or 6 months.
  • Consent: not required (exemption provided for in Article 82 of the Data Protection Act).

2.2. Audience measurement cookies (Google Analytics)

  • Purpose: traffic statistics, user journey analysis.
  • Maximum duration: 13 months.
  • Consent: required.

3. Your cookie preferences

When you first visit the site, a banner informs you about the use of cookies and allows you to:

  • Accept all cookies that are not strictly necessary.
  • Reject all cookies that are not strictly necessary.
  • Customize your selections by category.

Your selection will be saved for up to 6 months, in accordance with the CNIL’s recommendation. You can change your consent settings at any time by clicking the “Manage my cookies” link at the bottom of the page.

You can also configure your browser to block cookies. The settings vary by browser; the major browser providers offer online help guides (Chrome, Firefox, Safari, Edge).

4. Consequences of refusal

Declining audience measurement cookies will not affect your browsing experience. The site remains fully functional.

5. Legal Framework

This policy complies with:

  • Section 82 of Law No. 78-17 of January 6, 1978, as amended.
  • The CNIL’s guidelines of September 17, 2020 (Decision No. 2020-091) and its Recommendation No. 2020-092 of September 17, 2020.
  • Regulation (EU) 2016/679 (GDPR).
Contact us
Phone