PRIVACY POLICY

Updated to 29 November 2024

PREAMBLE

Skello ("Skello", "We", "Us" or "Our") publishes a website (the "Site") and a SaaS HR Management solution (the "Solution") which it markets in order to provide several services ("the Services"). When prospects ("Prospects"), customers ("Customers") or users ("Users") (hereinafter collectively "You") browse our Site or access our Solution, we collect, process and store your personal data (hereinafter "Personal Data") in order to provide you with our Services. 

This Privacy Policy sets out the manner in which Skello collects, processes, stores and protects your Personal Data (hereinafter "the Privacy Policy") in accordance with the provisions of French law no. 78-17 of 6 January 1978 as amended ("Loi Informatique et Libertés") and the General Data Protection Regulation, EU 2016/679 ("GDPR"). 

For the purposes of the Privacy Policy : 

  • a Customer is a person who uses our Solution after accepting our General Terms and Conditions of Service and as part of a subscription,
  • a User is an employee of the Customer who has access to our Solution at the invitation of the Customer, 
  • a Prospect is a person who browses the Site out of interest in the Services and/or who registers for a demonstration of our Solution and Services.

  1. Data controller and sub-contractor

The data controller is the person who determines the purposes and means of a processing operation, i.e. the objective and the way in which it is to be carried out.

The processor is the natural or legal person who processes personal data on behalf of the controller.

1.1 Skello is the data controller: 

  • the Customer's Personal Data as part of the management of our contractual relationship;
  • the Personal Data of Prospects who visit our Site and are in contact with us as part of our commercial prospecting activity.

1.2. The Customer is the data controller when it uses our Solution and our Services: our Customers manage their human resources via our Solution and our Services and thus the Users' Personal Data. When Clients use our Solution and Services, we act as a subcontractor for them because all Personal Data processing is carried out on behalf of our Clients. As such, Skello undertakes to comply with the obligations arising from Article 28 of the GDPR.

As data controllers, the Clients must respond to Users to enable them to exercise their rights of access, rectification or oblivion. Skello provides reasonable assistance.

  1. Processing of Personal Data

2.1. In its capacity as data controller, Skello collects and processes the Personal Data of the following Customers, Prospects and Users for various purposes:

Category of person
Personal data processed
Purpose of processing
Legal basis
Customer
Identification details (surname, first name, job title, company, e-mail address, postal address, telephone numbers, IP address, etc.).

BANK DETAILS.

All data communicated with us as part of the support service.
Creation of a customer account on the Solution.
Assistance via our after-sales service (online technical support, management of your requests).

Management of our contractual relationship with you.
Management of invoicing and outstanding payments.

Audience and usage statistics for our Solution and Services.
The execution of your subscription to our services (Order Form and General Terms and Conditions of Services).

Our legal obligations.

Our legitimate interests.
Identification data (surname, first name, e-mail address, postal address, telephone numbers, IP address, etc.).
Emailings, newsletters, satisfaction surveys, invitations to webinars.

Competitions, lotteries and all promotional operations excluding online gambling and games of chance subject to approval by the Autorité de Régulation des Jeux en Ligne.
Your consent.
Brochure
Identification data (surname, first name, job title, company, e-mail address, postal address, telephone numbers, IP address, etc.).
Organisation of the requested demonstration.

Telephone prospecting.

Email marketing.
Your consent: by filling in the "request a demo" form, you expressly authorise Skello to contact you, or if you have given your consent for a third party to pass on your data to its commercial partners, of which Skello is one.


Our legitimate interest in finding new customers.

Users

Personal Data and any data entered into the Solution by the Customer.
Research and development.

 Improving the use of the platform and developing new functionalities.
Our legitimate interest: we minimise the use of such data and aggregate or anonymise it.

2.2 In its capacity as Personal Data Processor, Skello receives the following Personal Data from the Customer: 

  • identification data 
  • employment data 
  • contractual data 
  • data relating to payroll and working time.

Skello carries out the following processing on behalf of and on the instructions of the Customer: 

  • storage on its servers ;
  • provision of Services ;
  • transmission of the necessary Personal Data to the Customer's service providers ;
  • notification to Users.

3. Length of time Personal Data is kept 

The following Personal Data are kept for the periods defined below: 

Category of person
Personal data processed
Shelf life
Customer
Identification data (surname, first name, job title, company, e-mail address, postal address, telephone numbers, IP address, etc.).

 Bank details (RIB) and billing details.

 All data communicated with us as part of the support service.
All Personal Data is kept for the duration of the relationship and 6 years after the end of the contractual relationship.

Banking and billing data is kept for 10 years after the end of the financial year.
Brochure
Identification data (surname, first name, job title, company, e-mail address, postal address, telephone numbers, IP address, etc.).
For 3 years from the last contact.
Users
Identification data (first name, surname and e-mail address, IP address)

Data relating to the use of our Services entered by the Customer (schedules, working hours, absences, employment contract, etc.)
For the duration of the contractual relationship with the Customer and up to 3 years after expiry of the contractual relationship with the Customer (period of limitation for wage claims).

4. Cookies used by Skello

Cookies are text files, often encrypted, stored in your browser and generated by Skello or third parties. They are created when a user's browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website's server.

Skello uses several types of cookies.

4.1. The different types of cookies

Type of cookies
Description 
Technical cookies
They are used throughout your browsing on our Site or on our Solution, in order to facilitate it and to carry out certain functions. They may be necessary or functional.They can be used, for example, to memorise the answers given in a form or the user's preferences regarding the language or presentation of a website, where such options are available.
Advertising cookies
They may be created by Skello or by other websites displaying advertisements, announcements, widgets or other elements on the page displayed.
In particular, these cookies may be used for targeted advertising, i.e. advertising based on the user's browsing habits.
Analytical and statistical cookies
They enable us to monitor the use and performance of our Site and Solution so that we can improve their operation. These cookies may be placed by Skello or third-party service providers.  

4.2 How to manage your cookies

You have several options for deleting and managing cookies.

By refusing cookies, certain functions, pages and areas of our Site or Solution that require the use of cookies will not be accessible: that's a shame for your experience!

i. Cookie management module

The first time you browse our Site or Solution, a cookie management module appears, allowing you to configure your choices. 

ii. Setting up the navigation software

You can configure your browser software so that cookies are stored on your terminal or rejected, either systematically or depending on the sender.

You can also regularly delete cookies from your terminal via your browser.

However, don't forget to configure all the browsers on your various terminals.

Each browser has a different configuration for managing cookies and your choices. This is described in your browser's help menu, which will tell you how to modify your choices regarding cookies. 

For example:

  • for Internet Explorer™: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies ;
  • for Safari™: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac ;
  • for Chrome™: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en ;
  • for Firefox™: https://support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur?redirectlocale=fr&redirectslug=Activer+and+d%C3%A9disable+the+cookies ;
  • for Opera™: https://help.opera.com/en/latest/web-preferences/#cookies.

For more information, please visit the website of the Commission nationale de l'informatique et des libertés: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.

5. Recipients of the Personal Data collected

5.1. Our employees 

At Skello, only certain authorised employees have access to your Personal Data, in particular to assist you with support functions. 

5.2. Our subcontractors 

We may share your Personal Data with our subcontractors, where this is necessary to provide you with the Solution and our Services. 

We ensure that we only work with service providers who protect your Personal Data in accordance with applicable law. 

Our subcontractors : 

  • only receive information that is strictly necessary for the performance of the service; 
  • are under no circumstances authorised to use your Personal Data for any other purpose provided for by the service in question. 

We make every effort to use subcontractors located in the European Union and the European Economic Area. Where this is not the case, we guarantee : 

  • that these subcontractors are located in a country considered by the European Commission to have an adequate level of protection
  • that these processors, when they are in the United States, comply with appropriate safeguards and that we have signed a personal data protection agreement with them that complies with Article 28 of the GDPR. 
  • Our current subcontractors are

Company Name
Purpose
Personal Data
Amazon Web Services
Software hosting (SaaS)
All
ChargeBee
Customer billing
Customer's email address, first name, surname, bank details or credit card number
Cloudflare
DNS service
IP address
Intercom
Customer support 
first name, surname, email address and telephone number of the Customer and the User
Stripe
Payment aggregator
Customer's email address, first name, surname, bank details or credit card number
Brevo
Sending emails to users 
first name, last name, email
SmsMode
Sending text messages to users 
first name, surname, telephone number
Snowflake
Data Warehouse
All
Salesforce.com SAS
CRM
first name, surname, telephone number, email address, billing details
Jira
deal with technical bugs on our Solution
those required to resolve the bug
G suite

first name, surname, email address and any Personal Data shared with us as part of the exchange.


Providing Services and our missions on a daily basis.

This list may change according to our needs, at our discretion. We will keep you informed.

5.3. Public authorities or at the request of the courts

In order to comply with our legal obligations, your Personal Data may also be sent to public bodies, court officers, public officials, auditing bodies (auditors in particular) and bodies responsible for debt collection. 

6. Communications from Skello  

You may receive communications from us by email relating mainly to new features of our Solution (news, releases of new functions, etc.). You can unsubscribe from these communications directly via the link in the email or by contacting us at privacy@skello.io.   

We may contact you by email to invite you to evaluate any services you have received from us in order to collect your feedback and improve our services. We use the services of Trustpilot A/S ("Trustpilot"), to collect your feedback, which means that we will share your name, email address and reference number with Trustpilot. If you want to know more about how Trustpilot handles your data, you can read their privacy policy

7. Transfer of Personal Data

We do not sell our Users' Personal Data, whether it has been collected on the Site or provided by you when using the Solution and our Services.

We may pass on our Customers' Personal Data to our partners. You may object to this by writing to privacy@skello.io. 

8. Security 

The security of your Personal Data is essential to us. 

We inform you that we take all necessary precautions and appropriate organisational and technical measures to protect the security, integrity and confidentiality of your Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.

In particular, and without this list being exhaustive : 

  • Procedures for managing access rights have been drawn up for access by our employees or third parties to our buildings, IT systems and elements of the data storage infrastructure and IT networks
  • we replicate and back up the data on the Solution every day to guarantee the availability of the Services;
  • the entire database of our Solution and Services is encrypted;
  • Our database and Solution are hosted by AWS, an ISO27001-certified hosting provider. 
  • our servers are multi-AZ: our database is duplicated in several datacentres in different availability zones. In the event of an incident in one datacentre, another datacentre takes over with the backed-up data. 

9. Access to your Personal Data

You have the right to obtain the communication, rectification or deletion of the Personal Data concerning you. You may, for legitimate reasons, object to the processing of the Personal Data concerning you. You may also exercise your right to the portability of your Personal Data.

To exercise these rights or if you have any questions about the processing of your Personal Data, you can contact our Data Protection Officer (DPO) using the following details: 

  • e-mail address: privacy@skello.io
  • postal address: 69 rue Beaubourg, 75003 Paris. 

In the event of exercising any of your rights, Skello reserves the right to ask you for information proving your identity or, in the event of reasonable doubt, a photocopy of your identity document. 

We remind you that you have the right to lodge a complaint with the CNIL if, after contacting us, you feel that your rights have not been respected. 

10. Changes

We reserve the right, at our sole discretion, to modify this Policy, in whole or in part, at any time. These modifications will come into force on publication of the new policy. Your use of the Site and the Solution following the entry into force of these modifications will constitute acknowledgement and acceptance of the new Policy. If this new policy is not acceptable to you, you should no longer access the Site and the Solution.