VenduSys
Home/Legal·Privacy
Legal · Privacy

Privacy policy.

How VenduSys handles personal data — what we collect, why, how long, who else processes it, and what rights you have under GDPR and equivalent regimes.

Version
2026.04
Effective
April 18, 2026
Entity
VenduSys SAS · 75002 Paris · France · SIREN 9XX XXX XXX
Contact
legal@vendusys.com

1. About this policy

This Privacy Policy explains how VenduSys SAS ("VenduSys") processes personal data as a controller in relation to our websites, sales activity and prospective customers. When we process personal data on behalf of a customer using the Services, we act as a processor — see the Data Processing Addendum for that role.

2. Data we collect (as controller)

  • Identity & contact: name, business email, role, company.
  • Usage: pages visited, referrer, device type, country.
  • Communications: emails to / from us, support chats, calls (with consent).
  • Recruitment: CVs and application data, only if you apply.

We do not knowingly collect data from children. We do not buy personal data from brokers.

3. Why we process it

  • Legitimate interest: operating the website, responding to inbound contact, evaluating prospective customers, internal analytics.
  • Contract: negotiating and concluding agreements with you or your organization.
  • Consent: marketing emails (where required), optional cookies.
  • Legal obligation: accounting, tax, compliance with regulators.

4. Cookies and analytics

We use a small number of strictly-necessary cookies for session state and language. We use privacy-preserving analytics that do not set cross-site identifiers. We do not operate third-party advertising trackers on our properties.

5. Recipients and sub-processors

We share personal data with infrastructure providers (hosting, email), CRM, analytics and payment partners — each under written agreement and with documented safeguards. The current list of sub-processors is maintained in the DPA.

6. International transfers

We store personal data in the EU by default. Where transfers outside the EEA are necessary, we rely on Standard Contractual Clauses and supplementary measures as required by Schrems II.

7. Retention

  • Marketing & sales: up to 24 months after last contact.
  • Contracts: for the contract duration plus 5 years (commercial law).
  • Accounting: 10 years (tax law).
  • Recruitment: deleted after 2 years unless you ask us to retain longer.

8. Your rights

Under GDPR (and equivalent regimes), you have the right to access, rectify, erase, restrict, port and object to processing of your personal data. Exercise any of these by writing to privacy@vendusys.com. We respond within 30 days.

You also have the right to lodge a complaint with the French CNIL or your local data protection authority.

9. Security

We protect personal data with TLS in transit, AES-256 at rest, SSO + MFA for staff, least-privilege access controls and continuous monitoring. See the Security page for the full posture.

10. Changes

We may update this policy. Material changes will be notified by email to active customers and announced on the website at least 30 days in advance.

11. Contact

Data Protection contact: privacy@vendusys.com. Registered office: VenduSys SAS, 75002 Paris, France.

Version 2026.04 · Effective April 18, 2026 · VenduSys SAS · 75002 Paris · France

Questions about this document?

Our legal team responds within 5 business days.
legal@vendusys.com →