IKOULA Privacy Policy

IKOULA Privacy Policy

This privacy policy describes the various data processing activities carried out by IKOULA in the context of its relationship with customers, with individuals subscribing to IKOULA’s newsletters, and for information requests made via the site’s forms such as “Contact us” or through the Customer Extranet.

IKOULA places great importance on the protection of personal data and ensures that its processing activities comply with applicable legislation and regulations, in particular Regulation 2016/679 of April 27, 2016.

This privacy policy takes effect upon its publication and applies to all personal data that IKOULA collects/has collected as part of its relationship with individuals who provide personal data or enter into a contract with the company.

This policy may change over time; we encourage you to review it regularly.

For any questions, please contact our DPO, Jean-Maxime Peyrat. Contact details are provided in section 8 of this policy.



1. Purpose of IKOULA customer and prospect data processing

As part of its services and on its website, IKOULA offers prospects and customers the ability to complete forms to request/receive information and/or commercial solicitations and/or to contract with IKOULA.

On IKOULA’s websites, data is collected through the following forms:

  • “Contact us” form
  • Newsletter subscription form
  • “Create an account / Login” form
  • Order form
  • Out-of-stock alert form
  • Ideal server configuration form.

1.1 Purposes

The data processing activities aim to:

  • Manage orders
  • Manage the contractual relationship with the customer
  • Personalize IKOULA services
  • Manage the distribution of information by IKOULA
  • Enable users to submit requests/questions to IKOULA
  • Send commercial solicitations
  • Conduct satisfaction surveys.

These activities allow IKOULA to:

  • Perform operations required to manage orders and develop commercial relations, and fulfill contracts with customers
  • Respond to questions/requests submitted via the online contact form
  • Send commercial solicitations to users who expressly consent by subscribing to the newsletter (with the option to unsubscribe at any time using the link provided in each message)
  • Conduct satisfaction surveys among its customers
  • Prevent fraud
  • Organize games or contests where applicable
  • Use data under legitimate interest to evaluate and improve products and services, and to provide the best possible service.

1.2 Legal basis

  • Article 6(1)(a) GDPR: you have given consent for the processing of your data to receive our newsletters
  • Article 6(1)(b) GDPR: you provided your data for the performance of a contract or for pre-contractual measures at your request, for example, to remind you about our services, prepare a contract for which we need your contact details, etc.
  • Article 6(1)(c) GDPR: data processing may be required for legal compliance
  • Article 6(1)(f) GDPR: data processing may be based on legitimate interests, e.g., for service improvement of our products, satisfaction surveys...

2. Processed data

Technical data
  • IP address

Examples of data processed via the “Contact us” form
  • Last name
  • First name
  • Email
  • Company
  • Phone number
  • Message

Examples of data processed via the newsletter subscription form
  • Title
  • First name
  • Last name
  • Email
  • Company
  • Preferred newsletters (you can choose one or more categories)

Examples of data processed via account creation/order form
  • Account type (individual / business / association)
  • Company
  • VAT number
  • Company registration (KBIS)
  • Last name
  • First name
  • Email address
  • Password
  • Address line 1
  • Address line 2
  • City
  • State/Region
  • Postal code
  • Country
  • Phone number

The collected data enables IKOULA to identify you, manage billing, fulfill contracts, and more broadly manage the business relationship.
Please note that for online payments, you may use third-party platforms (e.g., PayPal, Google Pay, Apple Pay). These companies are responsible for their data processing; please contact them directly for questions about your payment details and information.
If you encounter issues, please contact our DPO listed in section 8.1 of this policy.

2.1 Source of data

Data is collected directly from individuals via IKOULA’s web forms (ikoula.com, extranet.ikoula.com, shop.ikoula.com) or through contact with IKOULA’s sales teams.

2.2 Mandatory nature of data collection

Fields marked with an asterisk on the forms are mandatory. Without them, we cannot respond and/or fulfill a contract.

2.3 Automated decision-making

Automated decisions may be made in cases of suspected fraud during account creation or service ordering. The logic aims to combat fraud and secure your orders, aiming at providing you with optimal service. These measures may block account creation, suspend the order, or cancel it - if the automated decision does not guarantee the reliability of the order - with a message: “Our automated system has detected fraud. We cannot process your order.”
If your order is blocked, contact us via the contact information available here.
To learn more about your rights regarding automated decision-making, see section 8 of this policy.

3. Data Subjects

This processing concerns only individuals wishing to receive information and/or subscribe to newsletters and/or become IKOULA customers by subscribing to one of the offers available on the IKOULA website or an offer agreed with an IKOULA sales representative.

4. Data Recipients

4.1 Categories of recipients

The recipients of the data are:
Within IKOULA:

  • Marketing department
  • Online Sales department
  • Offline Sales department
  • Accounting department
  • Administrative and financial management
  • General management

External partners may include:

  • Satisfaction survey companies
  • Fraud prevention service providers
  • Data qualification and retargeting services
  • Billing and payment providers
  • Marketing tool publishers (e.g., CRM systems)

IKOULA’s parent company, SEWAN, may process client/prospect data to assist with commercial activities and customer care. See Sewan's privacy policy here.

4.2 Data transfers / Data transfers outside the EU

No data is transferred outside the EU when signing up for a contract, newsletter, or requesting information via IKOULA’s site.
However, data may occasionally be shared with third-party partners for occasional specific tasks (e.g., surveys or email campaigns).
If a partner uses other business partners in countries not recognized as providing an adequate level of protection, IKOULA requires them to comply with its privacy and security standards and to process your data only for the purposes it has determined. They have also to sign the European Commission’s standard contractual clauses.

5. Data retention

IKOULA retains data according to legal and regulatory requirements and CNIL recommendations.
Regarding contracts, data is kept for the whole duration of the contract and the limitation period (usually 5 years with some exceptions).
Subscribers may receive service updates or general information and news regarding IKOULA. They can unsubscribe via the link in each message and/or by contacting the DPO.
Client account data is retained in accordance with the rules applicable to limitation periods and the relevant legal and regulatory provisions.
Data linked to automated decisions is only kept in case of disputes or foreseeable legal action.
Newsletter data is kept until unsubscribed.

6. Security

IKOULA implements necessary measures to ensure the security and confidentiality of your data, including:

  • ISO 27001 certification
  • Secure access restricted to authorized staff members
  • Connection logging
  • Data encryption.

7. Cookies

Information on cookies is available at: https://www.ikoula.com/en/cookies.

8. Your data rights

You may access and obtain a copy of your data, request its rectification or erasure, object to its processing, and restrict processing.
In the case of automated decision-making, you may request human intervention, express your opinion, and challenge the decision.
See the CNIL website for further information on your rights.
You may also define specific or general instructions concerning your personal data after your death (including storage, deletion and communication).
Specific post-mortem instructions and the exercise of these rights must be communicated by post to the DPO, whose contact details are provided below. Requests concerning the fate of post-mortem data must be accompanied by a copy of a valid identity document in order to be processed.

8.1 Exercising your rights

The Data Protection Officer (DPO) of IKOULA is your contact for any data rights requests. You can contact the DPO by:

  • Email: [email protected]
  • Postal mail: Jean-Maxime PEYRAT
    H&P Avocats
    26 rue Saussier Leroy
    75017 PARIS, France
    Phone: +33 (0)1 86 95 08 58

8.2 Filing a complaint with the CNIL

If, after contacting us, you feel that your rights regarding your data have not been respected, you may file a complaint with the CNIL.