Logo Mr Suricate
Request a demo
Connection

Privacy and Data Protection Policy

Updated: February 14, 2026

 

Introduction

MR SURICATE particular emphasis on the protection of personal data and respect for the privacy of the individuals concerned.

As part of its business operations, MR SURICATE collects and processes personal data, including data relating to:

  • its prospects and business customers
  • users of its SaaS platform
  • its suppliers and partners
  • job applicants
  • visitors to its websites

MR SURICATE that the collection and processing of this data are carried out in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended French Data Protection Act.

Committed to building lasting relationships based on trust and transparency, MR SURICATE appropriate technical and organizational measures to ensure an adequate level of protection for the personal data it processes.

The purpose of this policy is to consolidate clear, precise, and accessible information regarding the data processing activities carried out by MR SURICATE into a single document.

MR SURICATE
7 Mathurin Brissonneau Street
44100 Nantes – France

 

The Role of MR SURICATE Treatments

Depending on the situation, MR SURICATE step in:

As the Data Controller

MR SURICATE as the data controller for data relating to:

  • Sales Management and B2B Prospecting
  • Customer Relationship Management
  • Administrative support
  • Recruitment
  • Compliance with legal and regulatory requirements

In this context, MR SURICATE the purposes and means of data processing.

As a subcontractor

Test scenarios generally use test data sets provided or validated by the client.

Depending on the configuration chosen by the customer, certain processing operations may, however, involve personal data for which the customer is responsible.

In this situation:

  • The Customer acts as the Data Controller
  • MR SURICATE as a subcontractor

These processing activities are governed by a specific Data Processing Agreement (DPA).

 

Categories of data processed

Depending on the situation, MR SURICATE handle the following, among other things:

  • identification information (last name, first name)
  • business contact information (email, company)
  • login credentials and technical logs
  • information regarding the use of the platform
  • application information (resumes, work experience)

 

Principles Governing Data Processing

MR SURICATE to upholding the fundamental principles of the GDPR.

Specific and legitimate purpose

Personal data is collected for specific, explicit, and legitimate purposes, including:

  • Provision and operation of the SaaS platform
  • User Account Management
  • Technical Support
  • Billing
  • System Security and Monitoring
  • B2B Marketing Communications
  • Application Management
  • Compliance with legal obligations

The data will not be further processed in a manner incompatible with these purposes.

Data minimization

MR SURICATE that it collects only the data strictly necessary for the intended purpose.

The data collected are:

  • Relevant
  • Appropriate
  • Limited to what is necessary

Accuracy and Updates

MR SURICATE reasonable steps to ensure that the data is accurate and, where necessary, kept up to date.

Limit on retention

Data is retained only for as long as necessary to fulfill the purposes of the processing, and in accordance with applicable legal obligations.

For reference:

  • prospect data: 3 years after the last contact
  • customer data: duration of the contractual relationship
  • Technical logs: 12 months
  • Application data: up to 2 years

 

Legal basis for processing

The processing activities are based on one of the following legal grounds:

  • Performance of a contract or pre-contractual measures
  • The legitimate interest of MR SURICATE
  • The consent of the data subject, where required
  • Compliance with a legal obligation

 

Hosting and Security

The MR SURICATE platform MR SURICATE hosted on Google Cloud Platform, in the europe-west1 (Belgium) region, with a multi-zone deployment.

MR SURICATE appropriate technical and organizational measures, including:

  • Data-at-rest encryption (AES-256)
  • Encryption of data in transit (TLS)
  • Access management based on the principle of least privilege
  • Multi-factor authentication for privileged accounts
  • Logging of access and security events
  • Daily backups
  • Indicative targets for RPO (24 hours) and RTO (8 business hours)

These measures are part of an Information Security Management System structured in accordance with the principles of the ISO 27001 standard.

They are subject to a heightened duty of care.

 

Subcontractors and transfers

MR SURICATE use technical service providers (cloud hosting, communication services, DNS services, device farms, etc.). The list of service providers used by MR SURICATE available in the document titled “Subprocessors List.”

These subcontractors:

  • Are selected based on appropriate security guarantees
  • Are governed by contract
  • Are subject to regular evaluation

In the event of data transfers outside the European Union, MR SURICATE that appropriate safeguards are in place (standard contractual clauses or equivalent mechanisms).

 

Incident management

MR SURICATE a formalized incident management procedure that includes:

  • Detection
  • Qualification
  • Restraint
  • Remediation
  • Notification without undue delay when necessary
  • Post-incident analysis

In the event of a personal data breach, the obligations set forth in the GDPR and contractual commitments are fulfilled.

 

Artificial Intelligence

Some features of the platform may include AI-powered assistance mechanisms.

These mechanisms:

  • Are designed as technical support tools
  • Remain under human supervision
  • Do not make automated legal decisions
  • The following are included in the WSIS risk analysis

The governance of these mechanisms is described in a separate AI Governance Statement.

 

Rights of data subjects

In accordance with the GDPR, individuals have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to object
  • Right to data portability
  • Right to withdraw consent
  • Right to file a complaint with the CNIL

Requests may be sent to: dpo@mrsuricate.com

A response will be provided within one month, unless the matter is particularly complex.

 

Safety and Shared Responsibility

The security of personal data is based on a model of shared responsibility:

  • MR SURICATE the security of its platform and infrastructure.
  • Customers and users are responsible for managing their own access and configuring their internal environments.

 

Data Protection Contact

For any questions regarding the protection of personal data or to exercise your rights under the GDPR: dpo@mrsuricate.com

 

Policy Update

This policy may be amended to reflect:

  • Regulatory changes
  • Technological developments
  • Organizational changes

The update date is shown in the header.

Mr Suricate white logo

🏢 Company

About

Contact
+33 2 53 35 83 35
suricate

Become a partner

⚖️ Legal

Legal information

Terms of use

🔏 Privacy

Privacy and Data Protection Policy

🍪 Cookies

Cookie policy

✅ Trusted Center

Security Overview

Request a demo

Mr Suricate

A 100% French solution

Mr Suricate white logo
Request a demo

🗺️ About us

Who are we?

Become a partner

Career

Mr Suricate

⚖️ Legal

Legal information

External data protection policy

Cookie policy

💬 Let's stay connected

+33 2 53 35 83 35

suricate@mrsuricate.com

A 100% French solution

Mr Suricate