BlogTarifsDemander une démoTester Eli

Privacy laws compliance

Executive Summary

Eli operates as a global SaaS platform designed for privacy compliance across major international jurisdictions. Our privacy-by-design architecture works within GDPR, CCPA, and regional privacy law frameworks across Europe, Americas, Asia-Pacific, and the Middle East.

GDPR Compliance (EU/EEA Operations)

Legal Basis for Processing

Multi-Basis Compliance Approach: We operate on stable legal bases with targeted consent for specific features.

  • Contract (Article 6(1)(b)) - Core platform functionality and service delivery

  • Legitimate Interest (Article 6(1)(f)) - Platform security, service improvement, and analytics

  • Consent (Article 6(1)(a)) - Portable user accounts across organizations

Portable User Accounts: Users consent to maintaining their profile across different organizations, enabling seamless transitions between employers while using Eli. Users can withdraw consent and delete their account at any time.

Data Subject Rights

We fully support all GDPR data subject rights:

  • Right to Access (Article 15)

  • Right to Rectification (Article 16)

  • Right to Erasure (Article 17)

  • Right to Data Portability (Article 20)

  • Right to Object (Article 21)

  • Right to Restrict Processing (Article 18)

To exercise any of these rights, contact: [email protected] Response time: Maximum 48 hours

Data Protection Impact Assessments (DPIA)

Our processing activities are designed to minimize privacy risks. DPIAs will be conducted if and when high-risk processing is identified.

Data Retention Framework

Two-Tier Data Retention:

  • User Account Data: Retained until user deletion request (portable across organizations)

  • Organizational Data: Deleted when business account closes (campaigns, team-specific analytics)

Enterprise Flexibility: Organizations can request user account deletion upon contract termination through specific contractual arrangements, while respecting individual user rights where applicable.

French Data Protection (CNIL)

  • Full GDPR compliance automatically ensures French data protection compliance

  • French language support available for all privacy notices

  • CNIL registration will be completed when required for specific processing activities

International Privacy Law Compliance

Europe (EU/EEA):

  • GDPR compliance covers all EU member states including Germany, Spain, Portugal, Netherlands, and others

  • UK GDPR and DPA 2018 for United Kingdom operations

Americas:

  • United States: State privacy laws (California CCPA/CPRA, Virginia CDPA, Colorado CPA)

  • Canada: Federal and provincial privacy legislation

Asia-Pacific:

  • China: Personal Information Protection Law (PIPL) framework

  • Australia: Privacy Act 1988 principles

Middle East:

  • Regional data protection law frameworks for UAE, Saudi Arabia, Qatar operations

Cross-Border Data Transfers

We ensure lawful international data transfers through:

  • EU Adequacy Decisions for adequate countries (UK, Canada, Japan, South Korea)

  • Standard Contractual Clauses (SCCs) for non-adequate countries

  • Transfer Impact Assessments conducted when required for high-risk transfers

  • Technical safeguards including encryption and access controls

Automated Decision-Making

Our platform includes automated systems (trust scores, content recommendations) with:

  • Human oversight available for all automated decisions

  • Right to explanation - users can request information about automated processing

  • Appeal process - users can contest automated decisions

Important: Eli scores are never used for employment decisions and are contractually prohibited from HR use.

Privacy Contact

Data Protection Officer: [email protected] Response Time: Maximum 48 hours Languages: French, English

For all privacy-related questions, data subject rights requests, or compliance inquiries.

For privacy-related questions or compliance inquiries, contact: [email protected]

Last Updated: August 2025

PrécédentData privacySuivantWhat data we handle

Mis à jour