Charter for the protection of personal data

by the company Impact Positif & Co

What is the purpose of this charter?

This charter is intended to inform you of the methods by which your personal data are processed by Impact Positif & Co (“we,” “us,” “our”).

This charter describes how we collect, use, store, and if necessary share information collected from users (“users,” “you,” “your”) of the Website, and from interaction with our services, whether by email, telephone, or visit to our location at 4-6-8 rue François Miron, 75004 Paris.

The term “Personal Data” refers to any information related to a directly or indirectly identified or identifiable individual, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or several factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

We invite you to read this charter carefully, as well as any other document we may provide related to the processing of your Personal Data.

Impact Positif & Co, data controller

Impact Positif & Co determines the purposes and means of processing of your Personal Data and is thus responsible for their processing in its capacity as data controller.

he regulations applicable to the processing of Personal Data cover all national and European legislative and regulatory provisions currently in effect, particularly (i) European Regulation 2016/679 on data protection of April 27, 2016 (“GDPR”); (ii) the French provisions of law No. 78-17 of January 6, 1978 as amended by law No. 2018-493 of June 20, 2018; (iii) the European Directive 2002/58/CE of July 12, 2002; and (iv) the guidelines, recommendations, opinions of the supervisory authorities, and certifications, approvals, or final court decisions (collectively the “Regulations”).

What data do we collect?

We collect the Personal Data that you communicate to us directly, particularly through the contact forms on our Website or based on our written or oral exchanges.

The Personal Data we are required to collect are, in particular, the following:

  • your first and last name;
  • your email address;
  • your postal address;
  • your mobile phone number;
  • in some cases, your payment information.

On what grounds and for what purposes do we collect and process your Personal Data?

We collect and process your Personal Data to the extent strictly necessary to fulfill the purposes detailed hereafter and on the following legal grounds:

legal grounds


Your consent

Review of your project to evaluate its potential realization in our space

Communication and contact with customers (newsletters or commercial offers related to our activity; event invitations, etc.)

Realization of prospection, marketing, and publicity operations, solicitations personalized to your needs

Execution of the contract

Proper execution of contractual relationship

Proposal of service in accordance with your expectations

Our legitimate interest in recruiting suitable profiles

Processing your application and proposing an offer adapted to your profile

We will use your Personal Data only for the aforementioned purposes, unless we reasonably consider that those Personal Data should be processed for other purposes compatible with the original purposes.

Who are the recipients of your Personal Data?

We share your Personal Data with a limited list of people, only for the purposes stated above and the tasks entrusted to them.

Thus, the only recipients of your Personal Data are our internal personnel in charge of communication or recruitment and our possible subcontractors.

We ensure that these recipients are required to take appropriate security and confidentiality measures in order to comply with this charter. Our subcontractors are in no way authorized to process your Personal Data for other purposes than those set forth above.

These Data may also be transmitted to relevant authorities in order to respond to a judicial or administrative decision.

What security measures are in place?

We implement appropriate technical and organizational measures to protect your Personal Data against accidental or unauthorized destruction, alteration, loss, or disclosure.

These measures evolve in order to ensure the best protection, security, integrity, and confidentiality of your personal data.


Our Website,, may use Cookies (“Cookie(s)”). A Cookie is a small file embedded in your electronic device that allows us to recognize and remember you. We may use Cookies to improve user experience and ensure the proper functioning of our services. Unless the Cookie is strictly necessary, you may withdraw your consent to our Cookies at any moment, even if you have previously consented. If you do not consent to our functional Cookies, some of our services may not work.

How long are your Personal Data kept?

We keep your Personal Data only for the time strictly necessary to fulfill the purposes set forth above.
However, any data making it possible to establish proof of a right or a contract and having to be preserved in order to respect a legal obligation will be kept for the duration specified by the law in effect.
We may retain your Personal Data for a period of three (3) years from the end of our business relationship or your last contact with us.
Collected information obtained through Cookies will be kept for a period of twelve (12) months from your last contact with us, provided that during this period you have not entered into a new relationship with us.

What are your rights and how do you exercise them?

You have the following rights concerning our processing of your Personal Data:

  1. Access and be informed: you have the right to be informed in a concise, transparent, comprehensible, and easily accessible manner of how your Personal Data are processed. You also have the right to obtain (i) confirmation as to whether or not your Personal Data are being processed by us and, if necessary, (ii) access to and a copy of all of your Personal Data.
  2. Rectify: n the event that you deem your Personal Data incomplete or inaccurate, you may ask us to correct them, which we will do promptly.
  3. Delete: in some cases, you may ask us to delete your Personal Data (“right to be forgotten”); however, this is not an absolute right and we may in certain cases have legal or legitimate reasons to keep your Personal Data.
  4. Limit: n certain cases set forth in article 18 of the GDPR, you may ask us to limit the processing of your Personal Data.
  5. Transfer: you have the right to the portability of your Personal Data in a structured, commonly used, machine-readable form. You are therefore free to transfer your Personal Data to a recipient of your choice without our objection. However, this right applies only if the processing of your Personal Data is based on your consent or on the execution of a contract, and if the processing is carried out using automated procedures.
  6. Object: in accordance with applicable rules, you may at any time and for any reason related to your personal situation object to the processing of your Personal Data collected by us when such processing is based on legitimate interests. In that case we will stop processing your Personal Data, unless there is a legitimate reason for their processing. You also have the right to object at any time to the processing of your Personal Data for commercial prospection purposes.
  7. File a complaint: ou always have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).
  8. Define directives after your death: hese directives, revocable at any time, may concern the conservation, deletion, or communication of your Personal Data by designating a person in charge of their execution:
    • in the case of general directives, you may transmit them to a trusted digital third party certified by the CNIL;
    • in the case of specific directives, you may send them directly to

If you wish to exercise all or part of your rights or to receive additional information, you may send a request at any time to Impact Positif & Co, along with a copy of a proof of identity allowing us to verify your identity:

    • by email to:
    • by mail to Wilde, 4 rue François Miron, 75001 Paris.

A response will be addressed to you within one (1) month from receipt of your request.


For all questions about our commitment to privacy and the protection of Personal Data, please contact us at the following address:

Modification of the charter

We reserve the right to modify this charter at any time, based in particular on the legal and regulatory context and the recommendations, opinions, and decisions of the CNIL, the European Data Protection Committee, and French and European courts.