Personal data protection policy

Last update: [03/06/2026]

At Optimistik, protecting your personal data is a top priority. This policy explains how we collect, use, share, and secure your information when you use our website or services.

We comply with the General Data Protection Regulation (GDPR) and the French Data Protection Act (“Loi Informatique et Libertés”).

Data controller

Optimistik, represented by Mr. Mathieu Cura (president)

Address: 536 rue Costa de Beauregard 73000 Chambéry, France
Email: info@optimistik.com
Phone: +33 4 58 14 06 18

Data we collect

We collect personal data when you:

Browse our website;
Complete a form;
Download a resource.

The categories of data we collect include:

Identification data: first name, last name, email address, phone number;
Professional data: company, job title;
Preference data: subscriptions, communication preferences;
Browsing data: browser type, pages visited.

If third-party tools (e.g., analysis tools) collect data about you during your visit, this data is also subject to this policy. See the Cookies management policy for more details.

Purposes of processing

Your data is used to:

Process your requests submitted through forms;
Send you commercial or marketing communications (with your prior consent);
Improve user experience and site navigation;
Analyze website traffic;
Comply with legal obligations.

Legal bases for processing

Data processing is based on:

Your consent: direct marketing, non-essential cookies;
Performance of a contract or pre-contractual measures: handling your requests via forms;
Our legitimate interest: ensuring site security, improving our services;
Legal obligations.

Data retention period

Personal data is stored only for the time necessary to fulfill the purposes for which it was collected:

Contact data: 3 years from collection or from your last interaction;
Prospecting data: 3 years from your last contact;
Contract-related data: for the duration of the contract and the applicable statutory limitation period.

Data sharing and transfers

Your data may be shared with:

Our service providers (hosting, maintenance, marketing tools);
Competent authorities when required by law.

For information purposes, the categories of service providers we use include: cloud hosting providers (server infrastructure), CRM/marketing automation tools, audience analysis tools (analytics), and form management tools. These service providers are bound by subcontracting agreements in accordance with Article 28 of the GDPR.

Transfers outside the European Union:

If data is transferred outside the European Economic Area (EEA), we apply GDPR-compliant safeguards (adequacy decisions, Standard Contractual Clauses, etc.).

Your rights

In accordance with the GDPR and French law, you have the following rights:

Right of access: get a copy of your personal data.
Right to correction: correct inaccurate or incomplete data
Right to erasure: request the deletion of your data, except where legally required;
Right to restriction: limit processing in certain circumstances;
Right to object: oppose processing, particularly for direct marketing;
Right to data portability: receive your data in a structured, machine-readable format;
Right to withdraw consent: at any time for processing based on consent;
Right to define post-mortem instructions: regarding the fate of your data after your death.

To exercise your rights: dpo@optimistik.com

In accordance with Article 12 of the GDPR, we undertake to respond to any request to exercise your rights within one (1) month of receiving your request. This period may be extended by two additional months in the event of complexity or a large number of requests, with prior notification to you.

You may also contact the French Data Protection Authority (CNIL) (www.cnil.fr).

Cookies and similar technologies

We use several types of cookies:

Essential cookies: essential for the functioning of the site, they do not require consent;
Analytics cookies: allow us to measure audience numbers and improve our content (subject to consent);
Marketing cookies: used for advertising and retargeting purposes (subject to consent).

See the Cookie management policy

You can manage your preferences via the dedicated banner or your browser settings. In accordance with CNIL recommendations, refusing cookies must be as easy as accepting them.

The consent banner must allow users to refuse non-essential cookies with a single click, without scrolling or additional manipulation. No non-essential cookies may be stored before explicit consent has been obtained.

Data security

We implement appropriate technical and organizational measures to ensure the security of your personal data, including:

Encryption of data in transit (HTTPS/TLS) and at rest;
Regular updates to our systems and security patches;
Restricted access to authorized persons, according to the principle of least privilege;
Data hosting within the European Union;
Optimistik is ISO 27001 certified, attesting to an information security management system that complies with international standards.

En cas de violation de données à caractère personnel susceptible d'engendrer un risque élevé pour vos droits et libertés, nous nous engageons à vous en informer dans les meilleurs délais, conformément à l'article 34 du RGPD.

Data Protection Officer (DPO)

Optimistik has appointed a Data Protection Officer (DPO) in accordance with the requirements of the GDPR.

DPO contact details:

Name: Barbara Ridel
Email: dpo@optimistik.com
Address: 536 rue Costa de Beauregard, 73000 Chambéry, France

The DPO is your point of contact for any questions relating to data protection.

Changes to this policy

This policy may be updated to reflect legal, technical, or organizational changes.In the event of significant modifications, a revised version will be published on this page.

For any additional questions or information, please contact: info@optimistik.com