ArtimIS Privacy Policy

ArtimIS attaches the utmost importance to the confidentiality of your personal data and is committed to preserving all information entrusted to it.

The purpose of this privacy statement is to explain, in a clear and transparent manner, how and why we collect and use your personal data. It was last updated on April 24, 2026.

Note on Current Regulations

The General Data Protection Regulation (GDPR) is a European legal framework aimed at strengthening and unifying the protection of personal data for European Union citizens. It grants individuals more control over their data and imposes strict new obligations on organizations that collect and process it. Having come into effect on May 25, 2018, the GDPR sets a rigorous framework where non-compliance can lead to heavy sanctions.

Under this regulation, ArtimIS is committed to the rigorous application of this privacy policy.

Below is a detailed list of the data collected and processed by ArtimIS, as well as the specific uses associated with them.

Data Collection

There are two scopes of application for the collection of personal data:

  1. As a Data Controller;
  2. As a Data Processor.

As a Data Controller

Regarding the processing of your personal data collected via our website artimis.fr, the data controller is ArtimIS, a French public limited company (Société Anonyme), with its registered office located at: 11 Rue des Halles, 75001 Paris, France.

Data Collected:

Depending on the nature and purpose of the processing, ArtimIS collects various types of personal data, strictly adhering to the principle of minimization (collection limited to what is strictly necessary).

The personal data collected for identification purposes primarily includes information transmitted during contact via messaging or present on a CV (surname, first name, e-mail address, postal address, telephone number).

In the context of recruitment, ArtimIS also collects data related to the candidate’s career path. This includes professional information (excluding identification data). Although distinct from pure identification data, this information concerns education, diplomas, and professional experience, used to evaluate the profile’s suitability for the proposed position.

Purposes of Processing:

Personal data collected by ArtimIS is used only to respond to your requests (commercial inquiries, contact requests), unless we obtain your specific consent, or if the law or professional standards allow or require it.

Information regarding the use and retention period of personal data is specified in the ArtimIS GDPR Compliance Procedure. Activities carried out as a Data Controller are listed in the ArtimIS Record of Processing Activities.

As a Data Processor

ArtimIS consultants commit to meeting client needs while respecting:

  • Current regulations;
  • Contractual clauses binding ArtimIS to its clients;
  • Contractual clauses binding consultants to ArtimIS;
  • The ArtimIS GDPR Compliance Procedure;
  • The ArtimIS Tunis INPDP (National Authority for the Protection of Personal Data) Compliance Procedure.

The types of data collected during these missions are detailed in the Client Processing Register, with one entry per mission.

Processing of Personal Data

The sharing of personal data and international transfers are recorded in:

  • The Internal Client Processing Register kept at ArtimIS.
  • The Recruitment Data Processing Register. For this purpose, ArtimIS maintains a tracking file for the exercise of data subjects’ rights (subject of the request, processing time, etc.).

Sharing of Personal Data

To ensure the optimal execution of our missions, ArtimIS may share certain personal data with its partners or subcontractors. This sharing occurs only in cases of proven necessity and involves service providers directly involved in the established processing purposes.

Data Transfers Abroad

ArtimIS transfers personal data to:

  • Its own entities, such as “ArtimIS Tunis”;
  • The international entities of the oXya Group.

Limited to the strict minimum, these transfers are governed by ArtimIS’s Binding Corporate Rules (BCR), in alignment with oXya Group directives.

Rights of Data Subjects

In accordance with the GDPR, you have the following rights:

  • Right of Access: providing a copy of all data held on the data subject;
  • Right of Rectification: if the data held is inaccurate or incomplete;
  • Right to Erasure: or the “right to be forgotten”;
  • Right to Restriction of Processing;
  • Right to Data Portability: if data subjects wish to reuse their data for their own purposes or other services;
  • Right to Object.

Your personal data is processed based on your consent, and you may withdraw this consent at any time. You can exercise your rights by contacting us at: rgpd@artimis.fr

Retention and Security

Access to your personal data is limited to individuals who strictly need to know it. Your data is processed confidentially and is only kept for the duration necessary to comply with legal, regulatory, or professional obligations; to process your requests; or until you request its deletion.

Security measures for data collection are detailed in:

  • The internal Client Processing Register (for mission-related data);
  • The Recruitment Processing Register.

Policy Updates

We update this policy to clarify points, reflect changes on our website, or comply with legal obligations. The effective date is indicated at the top of this document.

Disclosure to Third Parties

By default, your personal data is not sold, exchanged, or transferred to other parties. Any exception would be expressly mentioned.

In case of data breach, we commit to notifying the CNIL within 72 hours of becoming aware of it. If this breach presents a high risk to your rights and freedoms, we will inform you personally as soon as possible so that you can take the necessary measures.

Contact

For any comments, questions, or complaints regarding this Privacy Statement, please contact us at rgpd@artimis.fr.

For deletion requests, please fill out and sign the request template and return it to us via email in PDF format. Our team will acknowledge receipt within 5 working days, and in any event, no later than 15 working days.