Privacy Policy

Last update: July 8, 2025

Introduction

Protecting the privacy of those who provide us with personal data ("Personal Data") is of paramount importance to Mayday and to the way in which we conduct our business.

You have shown us your trust by interacting with our site and app, and we appreciate that trust. To this end, we undertake to comply with data protection legislation, and in particular the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (the "GDPR") and Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms (together the "Applicable Regulations").

General provisions

When you browse mayday.fr (the "Site") or as part of the management of our contractual relations with our customers, the data controller is Mayday, a simplified joint stock company, registered with the Nanterre Trade and Companies Register under number 880915715 and whose registered office is located at 32 rue de Paris, 92100 BOULOGNE-BILLANCOURT ("We").

On the other hand, when our customers (or their staff) use our services, we collect and process personal data on their behalf and for their account. Our customers are therefore responsible for data processing in accordance with Article 4 of the RGPD. We act as a processor, as a service provider.

If we process your personal data on behalf of our customer, please refer to their privacy policy or other information they have provided to you regarding the processing they carry out in order to find out more.

Personal data collected

Personal data is data that can be used to identify an individual, either directly or by cross-referencing with other data.

We collect personal data in the following categories:

  • Identification data (surname, first name, e-mail and postal address, telephone number);
  • Data related to your contracts;
  • Connection data (connection logs, encrypted passwords) ;
  • Browsing data (IP address, pages viewed, date and time of connection, browser used, operating system, user ID, MAID);
  • Economic and financial data (for example: RIB);
  • Any information you wish to send us as part of your contact request.

Purposes, legal basis and retention periods for personal data

Recipients of personal data

Will have access to your Personal Data:

  • Our staff ;
  • Our subcontractors: hosting service provider, CRM tool, customer support tool, emailing service providers, audience measurement and analysis service provider, email service providers, secure payment service provider, billing tool, cookie management tool;
  • Where applicable: public and private bodies, exclusively to meet our legal obligations.

Data localization

The Personal Data we process is stored by our hosting provider Microsoft Azure on servers located within the European Union.

Within the framework of the tools we use (see article on the recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools:

  • or the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the RGPD: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the RGPD;
  • or the data is transferred to a country whose level of data protection has not been recognized as adequate to the RGPD: in this case such transfers are based on appropriate safeguards indicated in Article 46 of the RGPD, tailored to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
  • or the data is transferred on the basis of one of the appropriate guarantees described in Chapter V of the RGPD.

Safety measures

At Mayday, we care about the security of the personal data we process.

Accordingly, we adopt technical and organizational security measures to guarantee the security of your Personal Data by ensuring a level of security appropriate to the risks associated with the processing and nature of such Personal Data, including:

  • Data encryption:
    All data and information transmitted to our services are secured by the TLS 1.2 protocol in transit. The databases used are highly encrypted at rest and require several keys to function.
  • Backups:
    We use replication mechanisms to constantly back up your information and guarantee that our service is always available. These backups are copied to different cloud hosts.
  • Continuous monitoring:
    Monitoring and alert systems keep a close eye on accesses and modifications to your personal data. This continuous monitoring ensures that the measures taken are working properly, and that they can be improved over time.

Your rights

Unless otherwise provided for in the Applicable Regulations or any other legal provision, you may exercise the following rights:

  • Right to information: this is precisely why we have drawn up this policy. This right is provided for in Articles 13 and 14 of the RGPD.
  • Right of access: the right to be informed and to request access to your Personal Data, pursuant to Article 15 of the RGPD ;
  • Right to data portability: under certain conditions specified in Article 20 of the RGPD, the right to request a copy of your Personal Data in a structured, machine-readable format in order to hand it over to a third party ;
  • Right of rectification: the right to ask us to amend or update inaccurate or incomplete Personal Data in accordance with Article 16 of the GDPR;
  • Right to erasure (right to oblivion): the right to ask us to permanently delete Personal Data and prohibit any future collection for the reasons set out in Article 17 of the GDPR;
  • Right to limitation of processing: the right to ask us to temporarily stop or the processing of all or part of the Personal Data in certain cases defined in Article 18 of the RGPD ;
  • Right to object: pursuant to Article 21 of the GDPR, the right to object at any time, on grounds relating to the data subject's situation, to the processing of Personal Data concerning him or her that has as its legal basis the pursuit of a legitimate interest. Unless we demonstrate a legitimate and compelling interest or the defense of legal rights justifying such processing, we will no longer process any Personal Data concerned other than;
  • The right to decide what happens to your data after your death: the right to decide what happens to your Personal Data in the event of your death;
  • Right to lodge a complaint with the supervisory authority: or to obtain redress from the competent courts. In France, this authority is the Commission Nationale de l'Informatique et des Libertés(CNIL).

Contact us to exercise your rights

We have appointed a Data Protection Officer (the "DPO"), whose duties are to ensure that our processing operations comply with this Policy and, more generally, with the Applicable Regulations.

To exercise your right, please send your request directly to :

  • by e-mail to privacy@getmayday.co;
  • or by post to : Mayday, Data Protection Officer, 32 RUE DE PARIS, 92100 BOULOGNE-BILLANCOURT.

In accordance with Applicable Regulations, we may ask you to provide proof of your identity.

Changes to this privacy policy

We may amend this privacy policy from time to time to ensure transparency of all processing operations concerning you and your personal data in real time.

We may notify you of any material changes to this Privacy Policy, prior to the effective date of the changes, by sending an e-mail or in another visible manner reasonably designed to notify you.

We therefore recommend that you read this policy regularly.