Privacy Policy

At MATR, respecting your privacy and protecting your personal data is our priority.

This privacy policy is intended to inform you about how your personal data is processed in connection with the use of the site https://itmatr.tech/  (the “Site”) and the Matr platform (the “Platform”) in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and French Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties in its latest version in force (together, the “Applicable Regulations”).

This privacy policy does not describe how your data is collected via cookies and other trackers (“Cookies”) on the Site and the Platform. To find out more, please refer to our Cookie Policy.

1. Who is the data controller ?

When you browse and/or register on our Site or, more generally, in the context of managing our contractual relationship with you, the data controller is MATR, a simplified joint-stock company (société par actions simplifiée) registered with the Rennes Trade and Companies Register under No. 941 367 799 and whose registered office is located at 20 rue du Sapeur Michel Jouan, 35000 Rennes (“We”, “Our”, “Us”).

Conversely, when our services are used by client companies, we collect and process personal data in their name and on their behalf. Our client companies are therefore the data controllers and we act as a data processor.

2. What data do we collect ?

Personal data is data that makes it possible to identify an individual directly or by cross-referencing with other data.

We collect personal data falling within the following categories:

  • Identification data (surname, first name, age, gender, socio-professional category, email and postal address, telephone number);
  • Data relating to your lifestyle;
  • Data relating to your professional life (company name);
  • Connection data (connection logs, encrypted passwords);
  • Browsing data (IP address, pages viewed, date and time of connection, browser used, operating system, user ID, MAID);
  • Data from recordings of telephone calls between you and our customer service (the content of the calls, their dates);
  • Economic and financial data (bank details, data relating to your payment cards);
  • Any information you wish to provide us in connection with your contact request.

3. How do we collect your personal data ?

We may collect your personal data in two ways :

  • directly, when you have provided them to us (for example, by filling in a contact request form on our Site or by creating an account on our Platform and our Site);
  • indirectly, via database enrichment tools (for example: Clay, FullEnrich).

4. Details on the processing of your personal data

Purposes

Legal bases

Retention periods

Providing our services available on our Site and our Platform through your account

Performance of the contract that you or your company entered into with Us

Where you have created an account: your data is retained for the entire duration of your account.

Your connection logs are retained for 1 year.

In addition, your data may be archived for evidentiary purposes for a period of 5 years.

Carrying out operations relating to the management of our clients regarding quotes and ensuring the follow-up of the contractual relationship with our clients

Performance of the contract that you or your company entered into with Us

Personal data is retained for the entire duration of the contractual relationship.

In addition, your data (with the exception of your bank details) is archived for evidentiary purposes for a period of 5 years.

Data relating to the visual cryptogram or CVV2 shown on your payment card is not stored.

Analysing your use of the services, understanding your expectations and improving the features offered (in particular by analysing exchanges or compiling browsing and audience statistics for the Site)

Our legitimate interest in improving our services
OR
Your consent

Recordings of telephone calls are retained for 6 months from their collection.

Documents analysing the content of telephone calls are retained for 6 months from the recording.

Personal data collected via cookies used to improve the user experience is retained for 6 months.

Building a prospect database

Our legitimate interest in developing and promoting our business

Your data is retained for a period of 3 years from your last contact with us.

Sending newsletters, solicitations and promotional messages by email

Your legitimate interest in retaining and informing our clients and prospects of our latest news

Data is retained for 3 years from your last contact with us.

Carrying out telephone canvassing

Our legitimate interest in developing and promoting our business

Data is retained for 3 years from your last contact.

Responding to your requests for information, contact and/or a demonstration

The performance of pre-contractual measures taken at your request

Data is retained for a period of 3 years from your last contact.

Retaining administrative information and documents related to our business

Complying with our legal and regulatory obligations

Invoices are archived for a period of 10 years.

Data relating to your transactions (with the exception of bank data) is retained for 5 years.

Data relating to your contract and the items relating to the signing of the contract are retained for 5 years.

Responding to requests to exercise their rights by data subjects

Complying with our legal and regulatory obligations

If we ask you for proof of identity: we retain it only for the time necessary to verify your identity. Once the verification has been carried out, the proof of identity is deleted.

If you exercise your right to object to receiving marketing: we retain this information for 3 years.

5. Who are the recipients of your data ?

The following will have access to your personal data:

Our company's staff;
Our processors: hosting provider, LLM providers, scraping tools, secure payment provider, invoicing tool, log management tool, user behaviour analysis tool;
Our partners acting as independent data controllers. We disclaim any liability with regard to the processing of personal data carried out by our partners and we invite you to consult their general terms of use as well as their privacy policy;
Any authority legally entitled to access it, in particular judicial, police or administrative authorities, if they so request.

6. Is your data likely to be transferred outside the European Union ?

Your data is retained and stored throughout the duration of the processing on the servers of Google Cloud Platform, located in the European Union.

As part of the tools we use (see the section on recipients concerning our processors), your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured by means of the following mechanisms:

  • either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, that country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
  • or the data is transferred to a country whose level of data protection has not been recognised as adequate to the GDPR: in this case, these transfers are based on appropriate safeguards set out in Article 46 of the GDPR, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or pursuant to an approved certification mechanism;
  • or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

You may obtain a copy of the mechanisms enabling the transfer of your data outside the European Union by contacting us using the details indicated in the section “What are your rights over your data?” below.

7. What are your rights over your data ?

You have the following rights with regard to your personal data :

  • Right to information : this is precisely why we have drafted this privacy policy. This right is provided for by Articles 13 and 14 of the GDPR.
  • Right of access : you have the right to access all of your personal data at any time, under Article 15 of the GDPR.
  • Right to rectification : you have the right to rectify at any time your personal data that is inaccurate, incomplete or out of date, in accordance with Article 16 of the GDPR.
  • Right to restriction : you have the right to obtain the restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure :  you have the right to require that your personal data be erased, and to prohibit any future collection of it on the grounds set out in Article 17 of the GDPR.
  • Right to set guidelines regarding the retention, erasure and communication of your personal data after your death.
  • Right to withdraw your consent at any time : for purposes based on consent, Article 7 of the GDPR states that you may withdraw your consent at any time. This withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
  • Right to portability : subject to certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require its transfer to the recipient of your choice.
  • Right to object : under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue their processing despite this objection, on legitimate grounds or for the establishment, exercise or defence of legal claims.

You may exercise these rights by writing to us at the following address: support@itmatr.tech
Postal address: 20 rue du Sapeur Michel Jouan, 35000 Rennes.

On this occasion, we may ask you to provide us with additional information in the event of reasonable doubt, or even any document capable of proving your identity if the doubt persists.

For any question or request that has remained unresolved, you are entitled to lodge a complaint with the competent supervisory authority, in France the Commission Nationale de l'Informatique et des Libertés (“CNIL”), located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

8. Modifications

We may modify this privacy policy at any time, in particular in order to comply with any regulatory, case-law, editorial or technical developments.

These modifications will apply as of the effective date of the modified version. You are therefore invited to consult the latest version of this policy regularly.

Nevertheless, we will keep you informed of any significant modification to this privacy policy.

Effective date: 01/06/2026