Personal Data Protection Policy

Purpose and Scope of the Policy

Ragni attaches the utmost importance and care to the protection of privacy and personal data, as well as to compliance with applicable legislation.

Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) provides that personal data must be processed lawfully, fairly and in a transparent manner.

Accordingly, this Personal Data Protection Policy (hereinafter the “Policy”) aims to provide you with clear and transparent information regarding the processing of your personal data, in particular in the context of your browsing activity and operations carried out through our website.

Data Controller

The data controller of your personal data, within the meaning of applicable data protection legislation and in particular the GDPR, is:

Ragni
Société par Actions Simplifiée with a share capital of EUR 610,000
Registered office: Lieudit Le Guerard, Chemin du Vallon des Vaux, 06610 La Gaude, France

All information relating to Ragni is available on our Legal Notice page.

Why Do We Collect Your Personal Data?

This Policy applies to the collection and processing of your personal data for specified purposes and on different legal bases.

1. Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR)

Your data are processed for the following purposes:

  • Management of quotations;
  • Management of orders and purchases;
  • Management of contracts with customers and suppliers;
  • Management of complaints and after-sales service.

2. Based on your consent (Article 6(1)(a) GDPR)

  • Management of cookies requiring your consent (audience measurement cookies).

3. Based on the legitimate interests of Ragni (Article 6(1)(f) GDPR)

  • Management of information requests;
  • Management of communications;
  • Conducting satisfaction surveys;
  • Management of relationships with prospects and customers;
  • Organisation and management of commercial events;
  • Management of unsolicited applications or applications submitted in response to job offers;
  • Ensuring proper operation and continuous improvement of the website (via technical cookies);
  • Management of pre-litigation and litigation matters.

4. Compliance with legal obligations (Article 6(1)(c) GDPR)

  • Maintenance of general and subsidiary accounting records;
  • Management of your data protection rights.

Personal Data We Collect

Personal data are processed in accordance with the data minimisation principle set out in the GDPR. The nature and scope of the data processed vary depending on your relationship with Ragni.

Identification Data: This includes information enabling us to identify you, such as your surname, first name, telephone number, email address, and postal address (in particular where invoicing is required).

Professional Data: Data provided in the context of recruitment processes or professional relationships, including:

  • Curriculum vitae (CV);
  • Cover letter;
  • Diplomas;
  • Professional experience;
  • Skills;
  • Any other information necessary for evaluating an application or managing the employment relationship.

Financial Data: Banking details (e.g., bank account identification details).

Browsing Data: Information relating to your navigation on our website.

Data Collected via Our Network of Commercial Agents/Distributors: Our network of agents/distributors conducts commercial prospecting and manages ongoing customer relationships. In this context, agents may collect personal data such as:

  • Contact details (surname, first name, email address, telephone number);
  • Information relating to your commercial needs or interests.

Such information is transmitted to Ragni to ensure continuity of the commercial relationship and follow-up of your requests.

Recipients of Your Personal Data

Your data are intended for authorised employees of Ragni responsible for contract management and legal compliance, within the scope of their respective duties.

They may also be communicated, where necessary and within the limits of their responsibilities, to:

  • Entities of the Groupe Ragni where activities are outsourced within the Group (in particular for communications);
  • Our network of commercial agents/distributors;
  • Service providers acting on our behalf, including for:
    • Order transport management;
    • Data hosting;
    • Commercial prospecting;
    • Website audience analysis;
    • After-sales service management;
  • Duly authorised public authorities (judicial or supervisory authorities) in compliance with legal obligations;
  • Regulated professionals (lawyers, bailiffs, etc.) involved in guarantees, debt recovery or litigation.
  • Lorsque vos données sont communiquées à nos prestataires, il leur est également demandé de ne pas utiliser les données pour des finalités autres que celles initialement prévues. Nous mettons tout en œuvre pour nous assurer que ces tiers préservent la confidentialité et la sécurité de vos données.

Where data are communicated to service providers, they are contractually required not to use the data for purposes other than those initially defined and to ensure confidentiality and security.

Only strictly necessary data are communicated. We implement appropriate measures to ensure secure transmission.

We do not sell your personal data.

Transfers of Data Outside the European Economic Area

Ragni endeavours to store personal data in France or within the European Economic Area (EEA).

However, certain data may be transferred to countries outside the EEA, for example where service providers are located abroad.

In such cases, transfers are carried out:

  • To countries recognised by the European Commission as ensuring an adequate level of protection; or
  • Under Standard Contractual Clauses adopted by the European Commission; or
  • Under Binding Corporate Rules.

For further information regarding such transfers, you may contact us using the details provided in the “Contact” section.

Technical and Organisational Security Measures

Ragni implements appropriate technical and organisational measures to protect personal data against loss, destruction, alteration, unauthorised access or disclosure.

Such measures may include:

  • Restricted access to authorised personnel;
  • Pseudonymisation;
  • Encryption;
  • Secure authentication procedures;
  • Backup systems and regular security reviews.

Security policies and measures are regularly reviewed and updated where necessary.

Data Retention Periods

Your personal data are retained at least for the duration of our contractual relationship. Beyond this period, retention may be extended in order to comply with statutory limitation periods and legal or regulatory obligations.

Prospects: maximum retention period of three (3) years from the last contact, unless erasure is requested.

Unsuccessful candidates: data (including CVs) may be retained for a maximum of two (2) years from the last contact, unless you object.

Exercise of rights: data processed by the Data Protection Officer (identity details, copy of ID where required, nature of request, response provided) are retained for five (5) years. Copies of identity documents are retained only for the time strictly necessary for verification or legal compliance.

More detailed information on retention periods may be obtained upon request under your right of access

Your Rights

You may exercise your rights at any time by contacting Ragni.

You have the following rights:

  • Right to object;
  • Right to withdraw consent;
  • Right of access;
  • Right to rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to provide instructions regarding the fate of your personal data after your death.

If you are not satisfied with the response provided, or if no response is received, you have the right to lodge a complaint with the CNIL.

Contact

To exercise your rights or for any further information or complaint, you may contact the Data Protection Officer (DPO):

dpo@ragni.com

When submitting a request, please specify as precisely as possible the scope of your request, the right exercised, the processing concerned, and any relevant information.

Proof of identity may be requested where reasonable doubt exists.

The exercise of rights is strictly personal and may only be carried out by the data subject or their duly authorised legal representative.

Amendments to the Policy

Ragni may amend this Policy where necessary. You will be informed of any substantial modification (for example, through a specific notice on the website).

Last update: October 2025