Who are we ?

Areas of business & Expertises

Challenges & Solutions

Blog & News

Nos publications

Contact us

1.   Introduction

Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), of 27 April 2016 and valid from 25 May 2018, is the European reference text when it comes to the protection of privacy. It consolidates and standardises within the European Union the protection of natural persons with regard to processing their personal data. Furthermore, this personal data is also subject to the provisions of French Act no. 78-17 of 6 January 1978, concerning data-processing, data files and individual liberties as subsequently amended.

Ellisphere, which sets the benchmark in France for the provision of information about companies, offers support and a secure basis for its customers to make decisions about their business partners by supplying them with suitable business intelligence (BI) solutions. Particularly with this in mind, Ellisphere publishes and hosts a database containing data about 8.6 million companies in France, comprising B2B data, some of which can be described as “personal data” according to the GDPR, thereby putting Ellisphere in the position of being a data controller. In addition, Ellisphere is a data controller for the personal data concerning its customers, which it processes to meet the requirements of managing the contractual relationship.

As a data controller and in compliance with the regulation, Ellisphere adopts the measures required to ensure the protection, confidentiality and security of the personal data which it is involved in processing as part of its business, as well as ensuring that data subjects can exercise their rights.

In this regard, Ellisphere has appointed a data protection officer (DPO) who will be the dedicated point of contact for any privacy-related queries.

The purpose of the GDPR policy is to inform data subjects about the commitments undertaken by Ellisphere with regard to collecting, processing and ensuring the security of their personal data.

Ellisphere also complies with the Code of best practice of Figec members concerning company information.




2.        Identity and contact details of the data controller and his/her representative

ELLISPHERE Managing Director – 55 place Nelson Mandela 92000 NANTERRE


3.     Contact details of the data protection officer

ELLISPHERE – DPO – 55 place Nelson Mandela 92000 NANTERRE Email address: dpo@ellisphere.com



4.      Scope of application

The commitments undertaken as part of this policy apply to all operations involving the processing of personal data carried out by Ellisphere, both as part of its business relations with customers, prospects, suppliers and partners, and as part of building up and updating its B2B database.



5.     Definitions according to GDPR

Personal data

Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a surname, first name, telephone number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.


The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation […].


6.     Categories and sources of personal data processed

Categories of data Categories of data Sources of data







Data relating to prospects – customers and to any natural person who has completed a form online


Surnames, first names




Postal addresses




Personal email addresses




Telephone numbers




Connection ID




IP address















Data processed as part of building up and updating the B2B database


Statutory managers (ID, position, contact details)


Public sources


Operational managers (ID, position, contact details)


Private sources


Personal matters (IDs, contact details)


Public sources


Collective procedures (IDs, positions, contact details)


Public sources


Capital structure and beneficial owners (IDs, positions, contact details)


Public and private sources


Legal announcements (IDs, positions, contact details)


Public sources



  1. Purposes and legal basis for processing of personal data carried out by Ellisphere

Categories of data Purpose Legal basis








Personal data about prospects – customers and registered persons


Management of subscriptions


Contract/Pre-contractual measures

Management of those signed up to the Transparency Charter and or website Ellisphere.fr  



Tracking and processing of requests by the customer relations department


Contract/Pre-contractual measures


Information via newsletters


Contract/Pre-contractual measures

Providing information about the development of offerings, new products and services being offered by Ellisphere and its partners, as appropriate  

Ellisphere’s legitimate interest




Personal data processed as part of building up and updating Ellisphere’s B2B database

Marketing the offering

“Risk management”

Ellisphere’s legitimate interest
Marketing the offering

“Marketing solutions”

Ellisphere’s legitimate interest
Marketing the offering


Ellisphere’s legitimate interest


8.     Legitimate interest pursued by Ellisphere

Ellisphere markets to its customers products and services relating to its “Risk Management”, “Marketing solutions” and “Compliance” offerings, which requires it to build up and update its Companies database.

In this regard, Ellisphere may become involved in processing personal data, which has mostly originated from public sources and which data subjects could reasonably expect to undergo the processing operations mentioned.

The legal basis for the processing operations carried out is characterised by the legitimate interest which Ellisphere has in contributing to the sustainable economic development of its customers by enabling them to manage their customer risks and their transactions better and, therefore, to develop their business in a sustainable manner and with peace of mind, as well as in enabling its customers to comply with certain legal and regulatory obligations.

According to the relevant regulation, Ellisphere is permanently involved in striking a balance between its legitimate interest in carrying out the necessary, commensurate processing operations and the interest, rights and fundamental liberties of the data subjects affected by these processing operations.


9.     Data recipients

With regard to the purposes described in Chapter 7, Ellisphere transfers personal data to some of its service providers – partners – subcontractors and customers. The categories of recipients are as follows:

  • for data relating to prospects – customers: employees and, if appropriate, service providers and partners who need to be familiar with it.
  • for data in the B2B database: authorised employees, customers and, if appropriate, certain service providers.


10.     Data transfers to third countries

Ellisphere is likely to transfer certain personal data to third countries outside the European Union. In this case, Ellisphere will put in place the appropriate guarantees and security measures.


11.   Data retention

Data will be retained for the duration necessary to fulfil the purposes for which it has been collected.


12.         Right to access, rectify, erase, restrict, object to processing and portability of data

Any natural person whose data is processed by Ellisphere has the following rights in relation to personal data concerning them:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to object

Depending on the situation, Ellisphere will not always be legally required to give a favourable response to the requests linked to these rights.

If you with to exercise these rights, please contact our customer relations department via the email hotline- information@ellisphere.com or write to the following address: ELLISPHERE – Relation Client – Immeuble le Murano – 37 rue sergent Michel Berthet – CS 99063 – 69255 LYON Cedex 09, France.



13.    Right to lodge a complaint with the CNIL

Any natural person whose personal data is processed by Ellisphere is entitled to lodge a complaint with the CNIL (French Data Protection Authority).



14.     Rating companies

Ellisphere rates companies (economic entities) without any automated decisions.

In fact, Ellisphere evaluates all the entities listed in France by giving them a statistical score presented on a scale of 10 segments. The Ellisphere score is an indicator intended to provide a summarised estimate of the risk of failure within 12 months by an entity, with “failure” meaning in this case legal default (court-ordered settlement or liquidation). In this regard, Ellisphere is likely to award a score to individual companies and awarding this score could be considered as profiling under the GDPR.


The presentation of the Ellisphere score is available via the following link:



In addition, any evaluated entity can obtain its score from Ellisphere, along with the underlying reasons for it, by signing up for free to the Transparency Charter:




15.     Cookies

Whenever you visit this website, a cookie may be installed in your browser software.

A cookie is a text file which is likely to be saved, subject to the options you choose, in a dedicated area of your terminal’s hard disk. Its purpose is not to identify the website’s users, but to record information about where you have browsed on the site and to store your preferences (language etc.). This is necessary to ensure the website’s efficient operation. It allows the quality of the service to be improved and can measure the audience. By visiting the website, you accept the use of cookies.

You are offered several options for managing cookies.

Whenever you visit the website, cookies may be installed automatically in your browser software. You have the option to refuse them by selecting the relevant options in your browser (with the instructions varying according to the manufacturer of your terminal. They enable users of the site to manage and/or delete the embedded cookies at their discretion).

We would remind you that the parameters’ configuration is likely to change your terms and conditions for accessing our content and services requiring the use of cookies.

In order to manage cookies as closely as possible in line with your expectations, we would ask you to take into account the purpose of the cookies when configuring your browser. Failing this, deleting the cookies is likely to restrict some browsing features or options on the website.

For more information about this, go to the “Disabling cookies” section.


Categories of cookies which we issue on the website:

Our website uses different types of cookies. They are stored in your Internet browser.



These are cookies which are essential for ensuring the website’s efficient operation. They enable you to move around the website and use the relevant functions. Some of the website’s functions would not be available without these cookies. These cookies do not store any personal information in the memory, which could be used for marketing purposes.



These cookies enable the site to remember the choices you make while browsing or to offer you enhanced features, such as your username, your language of use or the region in which you are located.



The website uses Internet audience analysis tools such as Google Analytics. They enable us to improve the site’s operation and to monitor the site’s performance so that maintenance visits can be generated. The information collected by these cookies is anonymous and is only used to generate reports for statistical purposes without individual users being identified personally.


Disabling cookies

However, users of the website should be informed that most Internet browsers can refuse to have cookies saved, receive a warning message before a cookie is copied or remove cookies from their hard disk. To find out more about these features, users must access the Help menu of the browser being used.

However, if the user refuses to have the cookies installed or goes ahead and deletes them, this might alter the use of the website, even to the extent that it becomes impossible to use.

Do you want to contact us?

Do you need information about our solutions? Would you like to join us?
The Ellisphere team is available to answer your queries.

Contact us

Contact the Ellisphere team

Contact us

Transparency Charter

Do you want to know what your company’s score is?

Your score ?


Read the latest articles from our blog