<img alt="" src="https://secure.data-insight365.com/265670.png" style="display:none;visibility:hidden">

Read BALYO's 2023 Impact Report Download the report

Privacy Policy

Balyo (a company with its registered office at 3 Rue Paul Mazy, 94200 Ivry-sur-Seine, France) is committed to safeguarding and respecting your privacy in its role as data controller. This privacy policy (the “Policy”) aims to inform you, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), of how we collect, use, and share the information that you provide us via our website www.balyo.com (the “Website”).

The purpose of the Policy is to inform you of the categories of personal data that we gather or store, the people and entities we share it with, how we protect it, and the rights you have with respect to your personal data.


When you use the Website, you send us information, some of which can be used to identify you and is therefore classified as personal data (the “Data”). We receive such Data in the following cases:

  • Form Submission Data
    Our website contains different forms that are used for a variety of requests (requesting a POC, using our MyCashBox calculator, scheduling an appointment with our sales team, asking to be contacted) or to subscribe to our newsletter. When you use these forms, we may process the following Data: first name, last name, the name of your company, your company’s industry and website, your job title, email address, land line or mobile number, work address, hours of availability for appointments, and descriptions of your projects.
  • Browsing Data
    When you browse the Website, we collect Data such as the date and time of your visit, the type of browser you use, the browser’s language, your IP address, your screen resolution, the pages that you visit, the language you use to view the Website, and the type of documents you view or download.

We use the Data we collect for the following purposes:

Purpose Legal Basis
Managing our business relationship: processing requests on our website and sending messages on offers that might interest users who have previously provided us with their contact information Legitimate interest, unless this is outweighed by the interest or the freedoms and fundamental rights of the data subject
Audience measurement: analysis of traffic to the Website Consent
Targeted advertising on other websites: when you visit other websites, we may show you ads on offers that might be of interest to you Consent
Processing requests to exercise your rights: we are required to verify your identity to comply with your requests Compliance with a binding legal obligation

Whenever we collect Data, you will be informed of which Data is mandatory and which Data is optional. Data from fields marked with an asterisk on forms is mandatory. If you fail to provide it, your request might not receive a full response.


  • Data transferred to government authorities and/or public entities

In accordance with applicable law, the Data may be sent to government authorities upon request – including to government entities, court officers, ministerial officers, and debt-collection entities – solely for the purposes of complying with legal obligations or assisting with investigations into online crimes.

  • Data Transferred to Third Parties

We work closely with certain third-party companies who may be given access to your Data. These companies include:

– Google, a partner we work with for audience measurement purposes, to display targeted ads, and to conduct behavioural retargeting on other websites;
– LinkedIn, a partner we work with to enable the display of targeted advertising on other websites for visitors who have a LinkedIn profile;
– Hubspot, a partner we work with to handle the collection of your Data from the forms on the Website, analyse your click path on our Website, and send messages about offers that might interest you;
– Infostrat, a partner we work with for the MyCashBox service in which you enter your Data on your project;
– our business partners, in order to send you offers tailored to the requests you submit on the Website;
– all of our group’s subsidiaries.

We send these third parties only the Data they need to provide their services, and we require them to not use the Data for any other purposes. These third parties act solely in accordance with our instructions, and they are contractually required to treat your Data with the same level of confidentiality and security as we do, as well as to comply with all applicable data protection laws.


Your Data is stored for no longer than is strictly necessary to fulfil the purposes set out in the Policy and in accordance with the GDPR and applicable law:

  • Form Data is stored for 3 years after the last time we contact you for business purposes and receive no response;
  • Browsing Data is stored for the periods specified in our Cookie Policy;
  • Any Data used to process requests to exercise your rights is stored for the time needed to process your request, and is immediately erased afterwards.

Your Data is erased when these storage periods expire. However, in some cases, your Data may be archived for longer periods to assist in investigating, gathering evidence on, and bringing charges for criminal offences; in this case, the sole purpose of such collection is to provide judicial authorities with your Data. Once archived, your Data will no longer be accessible online, but will be extracted and stored on a distinct, secure medium.


Your Data may be transferred from an EU country to a country outside the European Union.

If we transfer your Data outside of the European Union, we will always do so in a secure and legal manner:

  • By transferring the Data to a recipient in a country that has received an “adequacy decision” from the European Commission declaring it to have an adequate level of protection;
  • By implementing European Commission model contracts approved by the European Commission to ensure an adequate level of protection for your Data;
  • By implementing Binding Corporate Rules approved by a competent data protection authority in the EU;
  • Or by providing all appropriate safeguards pursuant to GDPR art. 46.


We take adequate technological and organisational steps to prevent unauthorised access, modification, disclosure, loss, or destruction of your Data. It is important for you to ensure the confidentiality of your login credentials to prevent unauthorised use of your account.


Under applicable data protection law, you have certain rights to your Data, namely:

  • A right of access and information: you have the right to receive information on how your Data is processed in a concise, transparent, intelligible, and easily accessible form. You also have the right (i) to obtain confirmation as to whether or not your personal Data is being processed, and, if it is, (ii) access the Data and obtain a copy.
  • A right to rectification: you have the right to have inaccurate Data about you corrected. You also have the right to have incomplete Data about you completed by providing a supplementary statement. Should you exercise this right, we promise to send any corrections to all recipients of your Data.
  • A right to erasure: in some cases, you have the right to have your Data erased. However, this is not an absolute right and we can continue to store your Data for legal or legitimate purposes.
  • A right to restriction of processing: in some cases, you have the right to restrict the processing of your Data.
  • A right to Data portability: you have the right to have the Data you send to us returned to you in a structured, commonly used, and machine-readable format, for personal use or for use by a third party of your choosing. This right only applies when the processing of your Data is based on your consent or on a contract, or if the processing is carried out by automated means.
  • A right to object to processing: you have the right to object to the processing of your Data at any time whenever processing is based on our legitimate interest or on a task carried out in the public interest, as well as whenever it is for direct marketing purposes. This is not an absolute right and we are entitled to reject your request for legal or legitimate purposes.
    The right to withdraw consent at any time: you can withdraw your consent to the processing of your Data at any time for processing based on your consent. Withdrawal of consent has no effect on the legality of prior processing on the basis of consent.
  • The right to submit a complaint to a supervisory authority: you have the right to contact your data protection authority to complain about our data protection practices.
  • The right to provide instructions on what should be done with your Data after your death: you have the right to tell us what you would like to be done with your Data if you die.

You can request to exercise these rights by clicking on the following link: [Exercise your rights form – drop-down menu with the contact reasons: access, rectification, erasure, object to processing, other]. You can also use the cookie consent banner to accept or refuse Cookies.

Please note that we may require you to prove your identity when you send a request to exercise these rights.


We may occasionally modify this Policy, including, in particular, to comply with changes in applicable law, court rulings, editorial policies, and technological advances. When we do so, we will change the “last updated on” date, replacing the existing date with the one on which the changes were made. When necessary, we will inform you and/or ask for your consent. We advise you to visit this page from time to time to learn about any changes or updates that may have been made to the Policy.

If you have any questions about this Policy, you can send them to us by clicking on the following link: [Exercise your rights form – drop-down menu with the contact reasons: access, rectification, erasure, object to processing, other].

Last updated on 30 April 2010.