Menu Close
Close
Get in Touch

Privacy Policy
Xmotion

XMOTION is committed to protecting your personal data. We continuously work to improve our compliance with the General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016, and the French Data Protection Act (“Informatique et Libertés”) No. 78-17 of January 6, 1978.

This Privacy Policy (hereinafter referred to as “this Policy”) describes how we collect, use, disclose, protect, store, and transfer the personal data of users of this website.

For general information on personal data protection, you may also consult the website of the French Data Protection Authority (CNIL): www.cnil.fr.

This Policy applies to B2B customers who have subscribed to our services, to our partners seeking further information on data processing, and more generally to any individuals who are or have been in contact with us.

The personal data processing described in this Privacy Policy is carried out by XMOTION SAS, with share capital of 4 000 000 €, registered with the Trade and Companies Register of Nanterre under number 503 481 244, and whose registered office is located at 25 rue de Ponthieu 75008 PARIS, acting as the data controller.

1. Introduction

a. Key definitions from the GDPR

The following definitions are derived from the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the French Data Protection Act No. 78-17 of January 6, 1978.

  • Supervisory authority: Refers to the French Data Protection Authority (CNIL), an independent public authority responsible for regulating data protection in France.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Recipient: A natural or legal person, public authority, agency, or any other body authorized to receive communication of data recorded in a file or processing system as part of its duties.
  • Personal data: Any information relating to an identified or identifiable natural person. A person may be identified directly (e.g., name) or indirectly (e.g., phone number, license plate, social security number, postal address, voice, or image), either through a single piece of data or by combining several data points.
  • DPO: The Data Protection Officer designated by the data controller, responsible for assisting data subjects in exercising their rights.
  • File: A structured set of data organized in a stable manner, where data is accessible according to specific criteria.
  • Data controller: The legal or natural person who determines the purposes and means of processing personal data. In practice, this is generally the legal entity represented by its legal representative.
  • Processor: A party that processes personal data on behalf of the data controller and under its instructions.
  • Processing: Any operation or set of operations performed on personal data, regardless of the method used (collection, recording, organization, storage, consultation, modification, extraction, use, transmission, dissemination, or alignment). Processing is not necessarily automated; paper files are also included.

2. Data collection methods and types of data collected

XMOTION may use your personal data for the following purpose:

Responding to your contact requests submitted via the website XXX

  • The processing of your personal data for this purpose is based solely on your consent, which you may withdraw at any time.

The personal data we collect as data controller through the website XXX is strictly necessary for the purposes for which it is collected. We strive to minimize data collection, keep it up to date, and facilitate the exercise of your rights. We do not collect personal data without your knowledge and apply principles of proportionality and relevance.

Personal data may be collected when:

  • You establish a business relationship with XMOTION
  • You contact us via our contact form
  • You browse our website

We collect and process only the following data:

  • Name
  • Email address
  • Phone number
  • Messages exchanged
  • Internet connection data (e.g., IP address)
  • Browsing data (cookies, audience measurement, consent records, products added to cart, etc.

3. Details of personal data processing

Purpose

Data

Legal basis

Retention period

Commercial relationship management (prospecting)

Name, phone number, email, message

Consent

3 years from last contact

Website security and improvement

IP address, browsing data

Legitimate interest

13 months

Website analytics and personalized advertising

IP address, browsing data, consent data

Consent

13 months

4. Recipients of personal data

Within XMOTION, your personal data is accessed only by authorized personnel within the scope of their duties, including customer service, sales/administration, marketing, and IT departments.

Your personal data may be shared in the following cases:

1/ With your consent
 After obtaining your consent, XMOTION may share your data with specified third parties.

2/ With partners
 Certain products or services are provided by partners who may use your data to deliver requested services.

3/ With service providers
 XMOTION may share data with providers acting on its behalf (e.g., IT providers, hosting services), strictly for service delivery.

4/ Legal obligations
 XMOTION may disclose data when required by law or in response to legal or regulatory requests.

5. Protection of personal data

XMOTION implements industry-standard security measures to protect your personal data against unauthorized access, disclosure, alteration, or loss. These include:

  • Limiting data collection to what is necessary
  • Retaining data only as long as required
  • Using encryption technologies
  • Restricting access to authorized personnel
  • Securing IT systems with passwords and antivirus tools
  • Secure storage of physical documents
  • Regular staff awareness training
  • Confidentiality obligations for employees
  • Access control and authorization management
  • Careful selection and monitoring of partners and providers

Despite these measures, no system is entirely secure.

In the event of a personal data breach, XMOTION will comply with applicable legal requirements, including notifying affected individuals and the CNIL where necessary.

6. International transfers of personal data

Your personal data may be transferred outside the European Union when services or providers are located in third countries.

In such cases, XMOTION ensures that appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)

For more information, please contact us using the details below.

7. Your rights regarding your personal data

You have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to define instructions regarding your data after death

1/ Right of access
You may obtain confirmation that your data is being processed and access related information (purposes, categories, recipients, retention period, etc.).

2/ Right to rectification
You may request correction of inaccurate or incomplete data.

3/ Right to erasure
You may request deletion of your data under certain conditions (e.g., withdrawal of consent, unlawful processing).

4/ Right to restriction
You may request limitation of processing in specific cases (e.g., dispute over accuracy).

5/ Right to data portability
You may receive your data in a structured, commonly used format and request its transfer.

6/ Right to object
You may object to processing based on legitimate interest or for marketing purposes.

7/ Post-mortem data instructions
You may define how your data should be handled after your death.

8. How to exercise your rights

To exercise your rights or obtain information, contact XMOTION :

  • By email: pierre.asseo@xmotion.fr
  • By post: 25 rue Ponthieu, 75008 Paris, France

Proof of identity may be required. A response will be provided within one month, extendable by two months if necessary.

If you are not satisfied, you may lodge a complaint with the CNIL:
 https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment

9. Changes to this Privacy Policy

We may update this Policy from time to time. Any changes will be indicated by updating the date below. We encourage you to review this Policy regularly.

Last updated: March 2026