Corporate | SAS | Privacy Policy

Transparency in the handling of personal data is a fundamental value for Powens

The purpose of this Privacy Policy is to inform you about the processing of data concerning you.

For any questions regarding the processing of your personal data, please feel free to contact us via email at dpo(@)powens.com.

Who are we?

All information is collected and recorded by Powens, acting as the Data Controller.

Powens is a French payment institution authorized by the Autorité de Contrôle Prudentiel et de Résolution (ACPR), whose main activities include the provision of banking and financial services, as well as document aggregation services.

Powens places the utmost importance on respecting privacy and, in this regard, complies with the provisions of the French Data Protection Act No. 78-17 of January 6, 1978, as amended, and with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such personal data (GDPR).

Categories of Personal Data Processed

We may collect different types of personal data concerning you, including:

  • Identification and contact data: first name, last name, telephone number, email address;
  • Professional data: first name, last name, job title, company name;
  • Financial data: bank account details, transaction history, and other financial information;
  • Authentication data: login credentials and information used for account access and authentication;
  • Job application data: first name, last name, email address, telephone number, professional experience, as well as any information you provide through your job application, curriculum vitae (CV), and/or interviews (such as photograph, skills, education level, languages spoken, salary expectations, home address, hobbies, and family status);
  • Technical data: IP address, information provided by your browser regarding the operating system and browser used, cookies, and tracking technologies;
  • Browsing data: information about how you use our services, such as website navigation patterns, clickstream data, and preferences;
  • Marketing and communication data: your preferences regarding the receipt of marketing materials and communications from us;
  • Other data: any other personal data that you voluntarily provide to us or that is necessary for the provision of our services.

Sources of Personal Data

Most of the personal data we process is provided directly by you for one of the following reasons:

  • You have browsed the Powens website (hereinafter the “Website”), accessible at: https://www.powens.com/;
  • You have completed a contact form on our Website;
  • You have interacted with the Powens chatbot available on the Website or with our advisors;
  • You have submitted a business inquiry to us;
  • You have provided us with your contact information during meetings or events organized by Powens (either in-person events or online events such as webinars);
  • You have subscribed to our newsletter;
  • You have created a user account on the Console, accessible at: https://console.powens.com/;

@You are a Powens partner;

  • You have submitted a job application to us.

Personal Data Collected Indirectly

We may also receive personal data indirectly from the following sources and in the following circumstances:

  • Public contact information obtained from open-data databases;
  • Referrals or introductions made by third parties or partners;
  • Information provided by your browser regarding the operating system and browser used;
  • Cookies and tracking technologies (please refer to our Cookie Policy below for more information).

Use of Your Data

We use the information we collect for the following purposes:

  • Conducting commercial prospecting and business development activities;
  • Responding to requests for information and/or contact;
  • Producing statistics relating to our Website;
  • Improving and ensuring the security of our Website;
  • Enabling the download of our white papers;
  • Managing our customers and partnerships;
  • Carrying out pre-contractual activities, entering into contracts, and performing contractual obligations;
  • Managing job applications received;
  • Managing newsletter subscriptions;
  • Managing webinars and other events organized by Powens.

Legal Bases for Processing

The legal bases on which we rely for processing this information are as follows:

  • Your consent (which you may withdraw at any time);
  • The performance of our contractual obligations;
  • Compliance with our legal obligations;
  • The pursuit of our legitimate interests, provided that such interests do not override your fundamental rights and freedoms.

Sharing and Retention of Your Data

→ Recipients

Your Personal Data may only be disclosed to natural or legal persons who are legitimately authorized to process it, namely:

  • Authorized Powens employees, strictly within the scope of their duties and responsibilities;
  • Powens’ subcontractors/processors for the purposes described herein;
  • Any entities or persons designated by applicable laws and regulations, as well as any persons to whom you have expressly authorized disclosure.

→ Data Retention Period

Powens retains your Personal Data only for as long as necessary to fulfill the purposes for which it is processed and in accordance with applicable legislation. Therefore, the retention period for your Personal Data depends on the purpose of each processing activity.

  • We retain your data for the duration of our contractual relationship and then for an additional five (5) years in intermediate archives for legal limitation and compliance purposes.
  • Unless you object, we retain your data for commercial prospecting purposes for three (3) years from the date of your last interaction with us and, where applicable, from the end of the contractual relationship.
  • We retain data relating to your browsing activity on our Website for a period not exceeding thirteen (13) months from the date of collection.
  • In the context of a job application, your CV/resume and the information provided during the recruitment process will be retained for up to two (2) years after your last contact with Powens, unless you object.
  • Where we retain certain personal data to comply with a legal or regulatory obligation or to establish, exercise, or defend our legal rights, we will retain such data for the period specified by the applicable legal provisions.

→ Subcontracting and Data transfer

To provide our services, we may work with other companies.

Data processor Service Transfer outside EU
OVH Hosting No
AWS Hosting No
Gsuite Provider of office automation solutions Yes
Hubspot B2B prospecting solution Yes
Linkedin B2B prospecting solution Yes
Teamtailor Candidate management tool Yes
Jira Client service platform Yes
Signaturit Electronic signature No
Upflow Debt collection and customer billing management Yes
Netsuite ERP / financial management Yes
Dipeeo GDPR compliant No

We ensure, when selecting our partners, that they provide sufficient guarantees in terms of quality, security, reliability, and resources to implement appropriate technical and organizational measures, including those relating to the security of data processing activities.

We have entered into a Data Processing Agreement (DPA) with all of our data processors. Where necessary, we execute the Standard Contractual Clauses (SCCs) and ensure that appropriate supplementary measures have been implemented.

Finally, in response to requests made by competent public authorities, we may be required to disclose your personal data in order to comply with our legal obligations. 

Security

We are committed to taking all necessary measures to ensure the security and confidentiality of personal data, in particular by preventing it from being damaged, deleted, or accessed by unauthorized third parties.

In the event of a security incident affecting your personal data (such as destruction, loss, alteration, or unauthorized disclosure), we undertake to take all necessary measures to remedy the situation.

Should such an incident occur, we will inform you and notify the competent data protection authorities, such as the French Data Protection Authority (CNIL), in accordance with applicable laws and regulations.

We implement a variety of security measures, including technical and organizational safeguards, to protect personal data against unauthorized access, loss, or alteration. These measures include secure data storage, encryption, access controls, regular system monitoring, and employee training on data protection practices.

Please note that no method of data transmission or storage is completely secure. Nevertheless, we strive to maintain a high level of security. We continuously review and update our security practices to ensure the highest possible level of protection for your personal data.

What Rights Do You Have to Control the Use of Your Personal Data?

Applicable data protection regulations grant you specific rights that you may exercise at any time and free of charge in order to control how we use your data.

  • Right of access and to obtain a copy of your personal data, provided that such request does not conflict with business secrecy, confidentiality obligations, or the secrecy of communications.
  • Right to rectification of personal data that is inaccurate, outdated, or incomplete.
  • Right to object to the processing of your personal data when such processing is carried out for commercial prospecting or direct marketing purposes.
  • Right to request the erasure (“right to be forgotten”) of personal data that is not essential for the proper functioning of our services.
  • Right to restriction of processing, which allows you to limit the use of your personal data where the lawfulness of a processing activity is contested.
  • Right to data portability, which enables you to retrieve part of your personal data in a structured format and to store or transfer it easily from one information system to another.
  • Right to provide instructions regarding the handling of your data after your death, either directly, through a trusted third party, or through your legal heirs.

For a request to be considered, it must be submitted directly by you to dpo(@)powens.com. Any request not made in this manner cannot be processed.

Requests must originate from you personally. Therefore, if there is any doubt regarding the identity of the requester, we may ask you to provide proof of identity.

We will respond to your request as promptly as possible and, in any event, within a maximum period of three (3) months from receipt of the request where the request is technically complex or where we receive a large number of requests simultaneously.

Please note that we may refuse to respond to any request that is manifestly unfounded or excessive, particularly due to its repetitive nature.

Links to Third-Party Websites and Social Networks

The Powens Website may contain links to social media platforms or other websites operated by individuals or organizations over which Powens has no control.

We encourage you to review the personal data protection policy applicable to each third-party website that you access through our Website in order to understand how your personal data will be used.

Contact Us

Any questions, comments, or requests regarding this Privacy Policy may be sent to dpo(@)powens.com.