Privacy Policy

1. Purpose and Scope of the Policy

APIDAY greatly cares about the protection of privacy and personal data, whether for its customers, partners or employees, and about compliance with the relevant legal provisions.The European Regulation on the protection of personal data states that personal data must be processed lawfully, fairly and transparently. This privacy policy (hereinafter "Policy") aims to provide you with simple, clear information on the processing of personal data concerning you, in the context of your browsing and the operations carried out on our website.

2. Definitions

All terms relating to the protection of personal data used in this document and identified by capital letters, used in the singular or plural, must be interpreted in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 repealing Directive 95/46/EC (hereinafter "the European Regulation").The term "Data", used in the singular or plural, refers to Personal Data whose processing is carried out by APIDAY in its capacity as Data Controller and Subcontractor.The User who is the Data Subject within the meaning of the European Regulation is the natural person who consults the site and who creates a user account, if applicable, in order to use the service for the needs of his or her business.

  • Login credentials: identifiers and passwords to access the User's online accounts;
  • Service: All services provided by APIDAY to Users, in particular the processing of ESG questionnaires;
3. Person responsible for the processing

Within the framework of your activity on the website or on our user path, the APIDAY Service is provided by the APIDAY Company, a simplified joint stock company with a capital of 1,000 Euros, registered with the PARIS Trade and Companies Register under number 314 503 996, whose head office is located at 112 Avenue de Paris 94306 VINCENNES CEDEX. APIDAY assumes the role of data controller for part of the processing and the role of subcontractor for another part.The capacity of data controller applies to processing related to consultation, navigation on the site as well as processing related to the user path. On the other hand, the status of subcontractor applies to the service itself, which is the subject of the contract between APIDAY and the User when the latter decides to create an account. Indeed, APIDAY provides its customers with a tool and expertise to ensure their compliance with ESG requirements.

4. What data do we collect and how?

When you use our site or our Service, you provide us with information about yourself, some of which may identify you ("Personal Information"). This is the case when you browse our site or use our Service.The nature and quality of the Personal Data collected about you varies. It mainly consists of:

  • Identification data : Name, First name, Professional email address, Company
  • Connection data: User name, password
  • User Data: means the data of the User and of the Company for which he/she works (including personal and sensitive Data), mentioned by the User in his/her User Account, shared by the User with the APIDAY Company on any medium whatsoever, processed by APIDAY, for the purpose of providing the Services and/or any document of any nature whatsoever, uploaded, distributed, collected or posted by a User on the APIDAY Platform.
5. Why do we collect your personal data and how?

We collect your personal data for specific purposes and on different legal grounds.

6. Cookie management

A "cookie" is a small file stored on your computer that allows you to move from one web page to another while retaining your browsing settings.

The APIDAY website only uses functional cookies that are strictly necessary for its operation. However, it is possible to configure and block these cookies directly via your Internet browser. To find out more about the configuration to follow, consult the dedicated page on the CNIL website (

However, blocking these functional cookies could considerably limit or even prevent your navigation on the site and access to the Service.

7. Do we share your personal data?

For certain processing purposes, we may share your data with service providers we use to perform a range of operations and tasks:

  • Hosting service provider for Webflow
  • Service Provider for Google Cloud Platform (servers are located in Belgium)

Only the information they need to carry out the Service is communicated to these service providers. They are prohibited from using the data for purposes other than those originally intended. We make every effort to ensure that these third parties preserve the confidentiality and security of your data.

All the operating and support activities are conducted in France by Apiday staff.

Finally, your data may also be transmitted to legal or regulatory authorities in order to comply with our legal obligations. In this case, only the necessary data is provided. We make every effort to keep your data confidential and secure.We do not sell your data.

8. Is your data transferred to third countries?

The APIDAY platform that processes Personal Data for the purposes of the Service is hosted on servers in Europe.
Furthermore, Apiday does not transfer any data to countries outside the European Union do not provide an adequate level of protection.

In case of such a transfer, we guarantee that the transfer is carried out :

  • Or to a country providing an adequate level of protection, i.e. a level of protection equivalent to that required by European regulations;
  • Or that it is governed by standard contractual clauses.
9. How long do we keep your data?

We only keep your personal data for as long as is necessary to fulfill the purpose for which we hold it, to meet your needs or to fulfill our legal obligations.

Retention times vary depending on several factors, such as:

  • The needs of APIDAY's activities
  • Contractual requirements
  • Legal obligations
  • Recommendations of the supervisory authorities
  • See the table in Section 5 for details on retention periods by data type.
10. How do we ensure the security of your data?

APIDAY is committed to protecting the personal data we collect, or that we process, from loss, destruction, alteration, disclosure or unauthorised access.

Thus, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing them. These measures are designed to maintain the security and confidentiality of your personal data. These measures may include practices such as limited access to personal data by persons authorised by virtue of their functions.

In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, backup, software, etc.) are regularly reviewed and updated as necessary.

In case of an anonymous session (i.e. without creating an APIDAY account), personal data are automatically deleted after a maximum of 1 hour.

The APIDAY platform is hosted by a leading cloud provider. All components of the platform are individually secured by an authentication and network filtering layer. The platform is regularly audited by a renowned player in information systems security. Network exchanges are protected by an SSL certificate based on a 2048-bit RSA key.

11. What are your rights?

On the personal data we collect/process, you can exercise the following rights:

  • A right of access: you have the right to request access to the personal data we hold about you, and you may request a copy of it;
  • A right of rectification: you can request a rectification of any inaccurate data concerning you;
  • A right of deletion: you can request the deletion of your personal data in certain circumstances;
  • A right to portability: under certain conditions you can receive all the personal data you have provided to us in a structured format. You also have the right to request that we transfer it, where possible, to another controller;
  • A right to object to processing in certain cases;
  • A right to withdraw consent at any time;
  • A right to restrict processing: you have the right to restrict the processing of your data if:

You dispute the accuracy of your data, until we verify its accuracy;

The processing is illegal but you do not want us to delete your data;

We no longer need your personal data for the purpose of processing, but you need your data in order to bring, assert or defend against legal claims;

You object to the processing on the basis of related grounds pending verification of whether our compelling legitimate grounds for continuing the processing override those interests ;

If such personal data is subject to such limitations, we will only process your data with your consent, or for the purpose of bringing, enforcing or defending against legal claims;

A right to determine what happens to your personal data after your death.

To exercise your rights, you may contact APIDAY's Data Protection Officer (DPO) at or DPO Consulting, Service DPO externalisé, 18 rue Pasquier, 75008 Paris.

When you send us a request to exercise a right, you are asked to specify as far as possible the scope of the request, the type of right exercised, the personal data processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, you may be asked to prove your identity.

In any case, you have the right to make a complaint to the CNIL via the following link:

12. Updating of this Policy

This policy may be regularly updated to take into account changes in regulations relating to personal data.

Date of last update : 13/12/23