Privacy Policy

Last update : 29/10/2018


Sutter Mills is an independent Data Consulting Platform. We help our clients to think and implement the digital age, with a specific focus on unleashing the potential of technology to improve customer knowledge, user experience, and marketing RoI.

This privacy policy (hereinafter “Privacy Policy”) applies to the data collected on our website (hereinafter the “Website”) as well as the data collected on social networks.

Privacy of individuals is a major concern for Sutter Mills. We commit ourselves to respect the provisions of the law n° 78-17 of January 6th, 1978 modified ”Informatique et Libertés”, as well as those of the Regulation 679/2016 of April 27th, 2016 relating to personal data protection (hereinafter the “GDPR”).


Table of content

1. What is a Personal Data?
2. Which role has Sutter Mills regarding Personal Data?
3. Who is the Data Protection Officer at Sutter Mills?
4. What kind of Personal Data does Sutter Mills collect and for which purpose those data are collected?
5. Who are the recipients of your Personal Data?
6. For how long do we retain your Personal Data?
7. Where do we store your Personal Data?
8. Do we realize data transfers outside the European Economic Area?
9. What are your rights upon your Personal Data?


1. What is a Personal Data?

In accordance with the Regulation 679/2016 of 27 April, 2016 on data protection, personal data (“Personal Data”) is defined as “any information relating to a natural person identified or identifiable directly or indirectly“. A Personal Data can be a name, an identification number, a location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

Sutter Mills may collect your Personal Data, or receive it from you, through its Website or its dedicated pages on social media.

2. Which role has Sutter Mills regarding Personal Data?

By collecting your Personal Data through its Website and pages dedicated to Sutter Mills on social networks, Sutter Mills is considered as a data controller under GDPR. Consequently, Sutter Mills is in charge to protect your Personal Data by implementing all appropriate measures to keep your data safe.

3. Who is the Data Protection Officer at Sutter Mills?

Sutter Mills has appointed a Data Protection Officer to better protect your data. His role is to ensure that Sutter Mills respects its obligations in term of data protection.

If you have any question regarding the processing of your data, you can reach him at the following address: or DPO Sutter Mills – 9 Boulevard Gouvion Saint-Cyr – 75017 Paris

4. What kind of Personal Data does Sutter Mills collect and for which purpose?

All Personal Data collected by Sutter Mills remain confidential.

a) Data collected on our website – cookies

In connection with the use of the Website, Sutter Mills proceeds to the collection and processing of your Personal Data by using cookies. We collect information for measurements analysis, to monitor and improve the quality of our website and adapt its presentation to the display preferences of your device. You can find more information about how we use cookies on our Cookies Policy.

b) Data collected by email contact

Some of your Personal Data are collected when you send us an email through our contact page to get more information about our services and/or our company. This can include last name, first name, email address, phone number, country and any other Personal Data your may disclose to us.

Processing of your Personal Data by Sutter Mills is based on your consent as you intentionally get in touch with us and it is in our both legitimate interest to answer your request in order to resolve any problem you may encounter or give you any information asked.

c) Data collected for a job application

Sutter Mills may process the following categories of personal information for its recruitment activities:

  • name and contact details
  • educational background
  • employment background
  • job qualifications and work eligibility, including your nationality, country of residence
  • jobs in which you have expressed an interest or for which you would like to submit an application
  • CV, resume or transcripts, and any supporting documentation attached to your resume such as copies of certificates and diplomas
  • employment references
  • compensation information, such as your current salary

Sutter Mills collect your Personal Data on the basis of legitimate interest for the following purposes :

  • to communicate with you and respond to your requests or application
  • for recruitment, evaluation and hiring purposes
  • to enable your use of welcome to the jungle platform
  • to analyze, develop and improve our recruiting activities
  • to comply with applicable laws and regulations and to operate our business

5. Who are the recipients of your Personal Data?

Your Personal Data is processed by the authorized persons appointed by Sutter Mills to manage the user experience on the website, customer relationship, and recruitment.

Your Personal Data may be stored by third parties which are our technology partners and subcontractors as defined by GDPR. They contractually commit themselves to respect article 28 of GDPR.

We can share your Personal Data with third parties if we are obliged to do so by virtue of our legal obligations or by public authorities (eg judicial authorities).

6. How long do we retain your Personal Data?

In accordance with Regulation 2016/679 of 27 April 2016, Personal Data collected are retained, by Sutter Mills, in a form allowing the identification of the persons concerned for a period not exceeding the one necessary for the purposes for which they are processed:

  • Data from our prospecting database are retained for a maximum of 3 years from the last contact.
  • Customer data are retained for 3 years after the end of the contractual relationship.
  • In the event that your application for a job is not accepted, your data are retained for a maximum period of 2 years from our last contact with you.
  • Data which are necessary to comply with legal obligation are stored in accordance with the regulations in force (in particular, but not exclusively those provided by the Commercial Code, the Civil Code, and the Consumer Code).

8. Do we realize data transfers outside the European Economic Area?

We carry out our processings within the European Economic Area (“EEA”) but we may transmit your data to recipients outside the EEA.

Some of our technical service providers may receive your Personal Data and may be located outside the EEA. As a result, your Personal Data may be processed in countries that are not recognized as providing an adequate level of Personal Data protection in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and the free movement of such data.

Sutter Mills requires the same level of protection towards your Personal Data as it is required by all laws and regulations applicable in EEA and ensures that these providers are either bound by the standard clauses of the European Commission, or committed by BCR (binding corporate rules) within their international group and have been duly authorized by a data protection supervisory authority established on the territory of the EEA, or have adhered to any program allowing the recognition of equivalent protection within their country (eg Privacy Shield in the United States).

9. What are your rights on your Personal Data?

In accordance with the regulations, you have different rights over your data:

  • the right of access: you can obtain information about the processing of your data and a copy of it;
  • the right of rectification: if you consider that your Personal Data are inaccurate or incomplete, you have the right to have the data modified accordingly;
  • the right of deletion: you can request the deletion of your Personal Data, to the extent permitted by law;
  • the right to limit the processing of your data: you can ask us to limit our use of it (for example, if the information about you is inaccurate) ;
  • the right to organize the management of your data after your death;
  • the right of opposition: you can for reasons related to your particular situation, oppose the processing of your Personal Data. You have the right to oppose, at any time, the processing of your data for prospecting purposes.
  • the right to withdraw your consent: when the processing of your data has been submitted with your consent, you have the right to withdraw that consent at any time;
  • the right to portability: where applicable, you have the right to request to recover the data you have provided to us or that they are transmitted to a third party if it is technically possible.

If you wish to exercise your rights listed above, please send a written request to the following address: Sutter Mills, 9 Boulevard Gouvion Saint-Cyr, 75017 Paris – by enclosing a copy of your identity document in order to enable us to identify you.

In accordance with the regulations in force, and in addition to the rights mentioned above, you also have the possibility to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés).