Privacy Policy

What is the purpose of our Privacy Policy ?

Nooco, which manages the Nooco platform, places great importance on the protection and confidentiality of your personal data, which represents, for us, a guarantee of seriousness and trust.

In this regard, our personal data Privacy Policy precisely demonstrates our commitment to ensuring compliance, within Nooco, with the applicable rules regarding personal data protection and, more particularly, those of the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.

Who is our Privacy Policy addressed to ?

Our Privacy Policy is addressed to you, regardless of your place of residence, if you are at least 15 years old, whether you are one of our clients, a user of the Nooco platform, a third party or simply a visitor to the Nooco.com website.

If you are under the legal age detailed above, you are not authorized to use our services.

If you believe that we hold personal data about your children without your consent, please contact us at privacy@nooco.com.

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.

Does our Privacy Policy apply to job candidates ?

If you are a candidate for a position within Nooco, you must consult our “privacy policy for candidates,” accessible at any time on our dedicated page on Deepki.com, careers section, which details the processing carried out as part of our recruitment process.

How did we obtain your personal data ?

Your data is collected directly from you if you are a client of our services, a B2B third party whose energy consumption data is collected by Nooco, or simply a visitor to our Nooco.com website, and we commit to processing your data only for the purposes described below.

However, we may also obtain your personal data directly from partners if you have given your prior consent to them.

Your personal data may also be processed indirectly through trade shows or social networks (e.g., LinkedIn).

However, when you voluntarily publish content on our social media pages, you acknowledge being fully responsible for the personal information you might transmit, regardless of the nature and origin of the information provided.

Why do we process your personal data and on what legal basis ?

1. For platform users

We process your personal data essentially for the following reasons:

  • To use and benefit from our service and all its features based on our terms of use.
  • To manage user accounts (e.g., account creation, service access, and account deletion) based on our terms of use.
  • To receive our technical emails (e.g., password changes, etc.) essential for the proper functioning of our service based on our terms of use.
  • To download and import documents on our platform based on our terms of use.
  • To contact us through the contact form based on our terms of use (chatbot, contact form, etc.).
  • To guarantee and strengthen the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on the legal obligations incumbent upon us, our terms of use, and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you when you are a user of our Nooco platform, and we commit to processing your data only for the reasons described above.

However, we may also obtain your personal data indirectly from partners if you have previously consented to this with them.

2. For simple visitors to the showcase website, clients, and prospects

We process your personal data essentially for the following reasons:

  • To navigate our website, benefit from our services and so that we can respond to your requests, particularly through our customer service (e.g., information requests, complaints, etc.) based on our terms of use and our legitimate interest in providing you with the best possible service.
  • To stay informed of our latest offers and events by email or via social networks based on our legitimate interest in retaining our clients and prospecting new potential clients.
  • To receive our newsletter, which informs you about our services based on your consent.

Certain sensitive data may be processed with the explicit consent of the client. Data is used proportionately, confidentially, and only for the duration necessary for each purpose.

Your data is collected directly from you, and we commit to processing your data only for the reasons described above.

How is your personal data collected ?

Your data is directly collected from you when you visit our website and accept the use of our cookies. Your data is also collected directly from you if you are a user of our Nooco platform, a client, a B2B third party whose energy consumption data is collected by Nooco, or an industrial partner with whom we collaborate to obtain relevant data – we commit to processing it only within the framework of the purposes previously indicated.

However, we may also obtain your personal data indirectly from partners if you have previously consented to this with them.

Your personal data may also be processed indirectly through professional trade shows or social networks (for example LinkedIn).

Nevertheless, when you voluntarily publish content on our social media pages, you acknowledge being fully responsible for any personal information you might transmit, regardless of its nature and origin.

What personal data do we process and for how long ?

We have summarized below the categories of personal data as well as their respective retention periods :

  • Professional identification data (e.g., name, first name, position, company, etc.) and contact details (e.g., professional email address and phone number, etc.) retained for the entire duration of service provision to which are added legal prescription periods which are generally 5 years.
  • In case of confusion between your organization name and your personal name (e.g., sole proprietor, small business, etc.), economic and financial data (e.g., bank account number, verification code, etc.) are retained for the duration necessary for the transaction and management of billing and payments, increased by legal prescription periods, which are generally 5 to 10 years.
  • Email address to receive our technical messages retained until deletion of your account.
  • Email address intended for our commercial prospecting campaigns by electronic mail, retained for a maximum of 3 years from the last contact we had with you.
  • Email address to receive our newsletter retained until the end of your newsletter subscription.
  • Statistical data related to viewing our videos, which are anonymized and retained indefinitely.
  • Connection data(e.g., logs, IP address, browser language, etc.) retained for a period of 1 year.
  • Cookies generally retained for a maximum of 13 months. For more information on our use of cookies, you can consult our cookie policy, accessible at any time on our website.

Upon expiration of applicable retention periods, deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this deadline. At most, we can only retain anonymous data for statistical purposes.

Please also note that in case of litigation, we are obligated to retain all data concerning you for the entire duration of case processing even after expiration of their retention periods described previously.

What rights do you have to control the use of your personal data ?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge, in order to control the use we make of your data.

  • Right of access and copy of your personal data provided that this request is not in contradiction with business secrecy, confidentiality, or correspondence secrecy.
  • Right of rectification of personal data that would be erroneous, obsolete or incomplete.
  • Right to request erasure(“right to be forgotten”) of your personal data that would not be essential to the proper functioning of our services.
  • Right to limitation of your personal data which allows to freeze the use of your data in case of dispute over the legitimacy of a processing.
  • Right to portability of your data which allows you to recover part of your personal data in order to store or transmit them easily from one information system to another.
  • Right to give directives on the fate of your data in case of death either through you, or through a trusted third party or beneficiary.

For a request to be taken into account, it is imperative that it be made directly by you to the address

privacy@nooco.com. Any request that is not made in this manner cannot be processed.

Requests cannot come from another person than you. We may therefore ask you to provide proof of identity in case of doubt about the identity of the requester. The elements communicated to us only allow us to verify your identity and are not retained.

We will respond to your request as soon as possible with a maximum deadline of three months from its receipt in the case where the request is technically complex or if we receive numerous requests at the same time.

Please note that we may always refuse to respond to any excessive or unfounded request, particularly with regard to its repetitive nature.

Who can have access to your personal data ?

Your personal data is processed by our teams and by our technical service providers under strict contracts, for the sole purpose of operating our service.

We specify that we control all our technical service providers before recruiting them to ensure that they scrupulously respect the applicable rules regarding personal data protection.

FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

We will only share personal information without the client’s agreement in cases where: this is required or authorized by law; this is necessary to provide the services requested by the client, in which case consent will be presumed.

If the company Nooco suspects illegal activity, the company reserves the right to transmit its findings or suspicions to the police or any other law enforcement body.

Can your personal data be transferred outside the European Union ?

The personal data processed by our Nooco platform is exclusively hosted on servers located within the European Union.

Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. If however this were not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data ?

We implement the following technical and organizational measures to guarantee the security of your personal data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure.

Technical security measuresOrganizational security measure
Anti-bot, Antivirus on Nooco teams’ terminals, Anti-spam for Nooco teams’ terminals, Password database separated from user identifiers (Front side), User password database (Back side) separated from identifiers, Encryption of “users” database in transit, Encryption of user passwords (Front side), Encryption of passwords (Back side), ISO 27001 Certification, Double authentication of users (Front side), Fingerprints for Nooco teams, User passwords (Front side) frequently modified, Complex user passwords (Front side) imposed at connection, User passwords (Back side) frequently modified, Complex user passwords (Back side) imposed at connection, Password of Nooco teams’ terminals frequently modified, Complex passwords of Nooco teams’ terminals, HTTPS Protocol, BCP / DRP for Nooco teams, Penetration tests, Access traceability, VPN for Nooco teamsAccess badge, Offices locked with key, Information systems charter, Password management policy, Information systems security policy, Data breach management procedure, Individual rights management procedure, Internal regulations, Good conduct rules, Team awareness and training 2 times per year, Video surveillance in the premises

Who can you contact to obtain more information on the use of your personal data ?

To best guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) with our supervisory authority.

You can at any time and free of charge contact our DPO at the address privacy@nooco.com in order to obtain more information or details on the way we process your data.

How can you contact the CNIL ?

You can at any time contact the “National Commission for Information Technology and Civil Liberties” or “CNIL” at the following coordinates: CNIL Complaints Service, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone at 01.53.73.22.22.

Can the policy be modified ?

We are likely to modify our privacy policy at any time to adapt it to new legal requirements as well as to new processing that we could implement in the future. You will obviously be informed of any modification of this policy.