Privacy Policy

How we protect your personal data

Last updated: 2026-01-16

1. Data Controller

The controller of your personal data is:

Open HR SASU

60 rue François Ier

75008 Paris, France

RCS Paris B 994 927 242

Email: privacy@open-hr.fr

2. Data We Collect

We collect the following categories of data:

  • Identity Data: Name, date of birth, ID document during verification.
  • Contact Data: Email address, phone number, postal address.
  • Professional Data: Employment history, skills, reference evaluations.
  • Account Data: Login ID, encrypted password, preferences.
  • Technical Data: IP address, browser type, login logs.

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract Performance: To provide our reference verification services.
  • Consent: For marketing communications (withdrawable at any time).
  • Legitimate Interest: Platform security, fraud prevention.
  • Legal Obligation: Accounting and tax data retention.

4. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Verify your identity through our certified partner
  • Collect and aggregate evaluations from your references
  • Generate your professional reference score
  • Share your verified information with authorized employers
  • Send you important notifications
  • Improve security and prevent fraud

5. Data Sharing

❌ We never sell your personal data.

We share your data only in the following cases:

  • Authorized Employers: Only with your explicit consent.
  • Verification Partners: IDnow for identity verification.
  • Technical Providers: Hosting, payments (contractually bound to protect your data).
  • Authorities: If required by law.

6. Data Retention

We retain your data for the following periods:

Data TypeDuration
Account dataWhile account is active
Professional referencesWhile account is active
Billing data10 years (legal requirement)
Security logs1 year

7. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Access: Know what data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data.
  • Portability: Receive your data in a machine-readable format.
  • Object: Object to certain processing.
  • Restriction: Limit processing in certain cases.

How to Exercise Your Rights

Send your request to privacy@open-hr.fr with a copy of ID. We respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: Request what personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: Opt out of the sale of your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

We do not sell your personal information. To exercise your rights, contact privacy@open-hr.fr.

9. Data Security

We implement appropriate security measures:

  • Encryption: Sensitive data encrypted at rest (CSFLE) and in transit (TLS 1.3).
  • Identity Verification: Via IDnow, certified eIDAS and KYC/AML compliant.
  • Access Control: Limited, authenticated and logged access.
  • Secure Hosting: Certified cloud infrastructure with backups.

10. International Transfers

Your data is hosted within the European Union.

Any transfer outside the EU is governed by adequacy decisions, standard contractual clauses (SCCs), or the EU-US Data Privacy Framework (DPF).

11. Contact & Complaints

For any questions about your personal data:

Email: privacy@open-hr.fr

Supervisory Authority:

CNIL - Commission Nationale de l'Informatique et des Libertés

https://www.cnil.fr

Privacy Policy | Open HR