Our privacy policy

The SQORUS Group attaches great importance to the protection of your privacy and your personal data. This privacy policy describes how your data is collected and processed when you use the sqorus.com website.

It covers only the processing related to the website: your browsing, audience measurement, the contact and quote-request form, newsletter subscription, website security, and the handling of your requests to exercise rights. Processing relating to other relationships with the Group — as an employee, job applicant, client, prospect, supplier or partner — is covered by dedicated notices to which this policy refers you (section 2).

This policy is written in plain language. For any question, the Group’s Data Protection Officer is available at dpo@sqorus.com.

1.1. Identity of the data controller

The controller of the data collected via the sqorus.com website is:

Information about the publisher, the publication director and the website host is provided in the legal notice, accessible from the website footer.

1.2. Contact details of the Data Protection Officer

The SQORUS Group has appointed a Data Protection Officer (DPO), the single point of contact for any question or request concerning your data:

1.3. Relationship with the legal notice and the cookie policy

This policy does not replace the other website documents, which it complements: the legal notice (identity of the publisher and host), the terms of use, the cookie policy and the AI licence policy, all accessible from the footer.

The sqorus.com website is published by SQORUS SAS, which is the data controller. For the processing they carry out directly, the subsidiaries SQORUS Côte d’Ivoire and SQORUS Morocco have their own notices and their respective supervisory authorities (ARTCI in Côte d’Ivoire, CNDP in Morocco).

This policy applies to you as a user of the website. If you have a relationship with the SQORUS Group in another capacity, the notice describing your processing is one of the following:

When an application is submitted via the website or our recruitment tool, detailed information is provided to you at the time of submission and is set out in the candidate notice. This policy therefore does not cover recruitment.

3.1. Overview and legal bases

This section describes each processing activity carried out in connection with the website, following a standardised structure: purpose, legal basis (Article 6 GDPR), categories of data, source and retention period. The legal bases relied upon are:

• Pre-contractual measures taken at your request (Article 6(1)(b) GDPR) — to respond to a contact or quote request;
• Your consent (Article 6(1)(a)) — for the newsletter and for non-strictly-necessary cookies;
• The Group’s legitimate interest (Article 6(1)(f)) — for website security and abuse prevention;
• Compliance with a legal obligation (Article 6(1)(c)) — for handling and documenting your requests to exercise rights.

No special-category data within the meaning of Article 9 GDPR is requested via the website. Please do not provide any such data in free-text fields (form, message).

3.2. Browsing and audience measurement

Record no. 1 — Browsing and audience measurement

3.3. Website forms (contact, quote, resources, webinars)

Record no. 2 — Website forms

3.4. Newsletter subscription

Record no. 3 — Newsletter subscription

3.5. Website security and logging

Record no. 4 — Website security and logging

3.6. Handling of requests to exercise rights

Record no. 5 — Handling of requests to exercise rights

The website uses cookies and trackers. Cookies strictly necessary for the website to operate rely on the Group’s legitimate interest; others (audience measurement, third-party features) are only placed with your prior consent, obtained via the cookie consent banner. You may change your choices at any time from this banner.
Details of the cookies used, their purposes and durations are set out in the cookie policy, accessible from the website footer. This policy does not reproduce its content in order to avoid any discrepancy.

Your data collected via the website is intended for the Group’s authorised internal services, on a need-to-know basis:

• The Marketing and Communication service (management of the website, requests and newsletter);
• The Sales service (follow-up of quote and contact requests);
• The Data Protection Officer (handling of requests to exercise rights);
• The Information Systems Department (website security and maintenance).

Your data may also be processed by processors acting on the Group’s instructions and bound by contract (Article 28 GDPR): the website host Kinsta (data centre within the European Union, in Brussels), the audience-measurement and advertising tools (Google Analytics, Google Tag Manager, Google Ads, LinkedIn Ads), the YouTube video player, the Axeptio cookie consent management solution (published by Agilitation, France), the HubSpot CRM and emailing platform, the Livestorm webinar tool and LinkedIn Lead Gen forms.

The Group does not sell your data and does not share it with third parties for their own marketing purposes. Your data may be disclosed to an administrative or judicial authority where required by law.

The website and its data are hosted within the European Union (Kinsta’s data centre in Brussels). However, certain processors may still involve a transfer of data to the United States: Google’s tools (audience measurement, advertising, YouTube player), the HubSpot platform and LinkedIn Ads, all established in the United States. Although Kinsta is a US company, it hosts the data within the European Union.

Such transfers are framed by appropriate safeguards within the meaning of Chapter V GDPR: the provider’s certification under the EU–US Data Privacy Framework (DPF) and, in addition (a “belt-and-braces” approach), the standard contractual clauses adopted by the European Commission (Decision (EU) 2021/914).

Your data is not kept longer than necessary for the purposes for which it is collected. For the website scope:

Retention periods applicable to other relationships (employment, recruitment, clients, suppliers) are set out in the dedicated notices and in the Group’s retention policy (POL-RGPD-CONSERVATION).

The Group implements appropriate technical and organisational measures to protect your data against loss, alteration and unauthorised access: encryption of communications (HTTPS/TLS), access control on a need-to-know basis, strong authentication of authorised accounts, backups, logging and monitoring.

These measures form part of the Group’s information security management system. Their details are set out in internal security documents and are not published for confidentiality reasons.

The SQORUS Group may use artificial intelligence tools in the course of its activities. These tools are used in an assistive capacity: no decision producing legal effects concerning you, or significantly affecting you, is taken solely on the basis of automated processing. Article 22 GDPR on solely automated decisions therefore does not apply to website-related processing.

The use of AI in recruitment (screening and assistance with the assessment of applications) is the subject of specific information in the candidate notice. The Group’s AI usage principles are also described in the AI licence policy accessible from the website.

In accordance with the GDPR and the French “Data Protection Act” of 6 January 1978 as amended, you have the following rights over your data:

• Right of access: obtain confirmation that your data is processed and receive a copy of it;
• Right to rectification: have inaccurate or incomplete data corrected;
• Right to erasure: have your data deleted in the cases provided for by the regulation;
• Right to restriction of processing, in the cases provided for by the regulation;
• Right to portability: receive, in a structured format, the data you have provided to us;
• Right to object: object to processing based on legitimate interest, and at any time to marketing;
• Right to withdraw your consent at any time, for the processing that relies on it (newsletter, cookies);
• Right to give instructions on the fate of your data after your death.

How to exercise your rights

You may exercise these rights by contacting the Data Protection Officer. To protect your data, a copy of an identity document may be requested in the event of reasonable doubt as to your identity. The Group responds within one month, which may be extended by two months for complex requests.

The website may contain links to third-party sites that the Group does not control. The Group cannot be held responsible for the processing of your data by these sites. We encourage you to review their own privacy policy.

This policy may be updated to reflect legal, regulatory or technical developments. The date of the last update appears at the bottom of this policy. In the event of a substantial change, appropriate information will be provided on the website.