Lac 3 · Le Kram · Tunis · contact@polycall.tn · +216 58 554 061
Let's talk
GDPR · Tunisian Law 2004-63

Privacy policy

Version 3.0
Last updated
15 January 2026

At PolyCall, personal data protection is not an administrative obligation — it is a condition of the trust our clients and candidates place in us. This policy describes, in plain terms, how we collect, use and protect your data.

01Our commitment

We apply by default the principles of the General Data Protection Regulation (EU 2016/679), as well as the requirements of Tunisian Law 2004-63 on the protection of personal data. Both frameworks converge on the essentials: minimisation, purpose limitation, security, individual rights.

In practice, our operational commitments:

  • We collect only data strictly necessary for each purpose.
  • We document every processing activity in an up-to-date register.
  • We never sell or rent your data to third parties.
  • We encrypt sensitive data at rest and in transit.
  • We train our teams on data protection from onboarding.

02Data controller

Data controller
POLYCALL SARL — 40 rue Socrate, Les Berges du Lac 3, Cité Kheireddine, 2060 Tunis · Le Kram, Tunisia
Data Protection Officer (DPO)
A DPO is appointed in-house. For any request regarding your personal data: contact@polycall.tn

When PolyCall processes data on behalf of its clients in the course of customer-relations services, it acts as a processor within the meaning of GDPR Article 28. The terms of the processing are then governed by a separate processor agreement signed with the client.

03Data collected via this site

On this site, we collect the following data:

Contact form / quote request

  • Identity: first name, last name, role
  • Contact details: email, phone number
  • Company: name, sector, size
  • Message content: project nature, estimated volume, constraints

Job applications (Careers page)

  • Identity: first name, last name, date of birth, photo (optional)
  • Contact details
  • Background: CV, cover letter, experience, education, languages
  • Availability, salary expectations (optional)

Browsing

  • IP address (anonymised after aggregation)
  • Device type, browser, operating system
  • Pages visited, visit duration, traffic source
  • See our Cookie policy for details.

04Purposes

We process your data for the following purposes:

  • Reply to your commercial enquiries and prepare proposals tailored to your need.
  • Manage recruitment processes and build a talent pool.
  • Improve the site through aggregated statistical measurement.
  • Meet our legal obligations (accounting, archiving, judicial requests).
  • Send you our updates only after your explicit consent.

05Legal basis

Each processing activity relies on one of the legal bases set out in GDPR Article 6:

ProcessingLegal basis
Quote requestPre-contractual measures at the request of the data subject (Art. 6.1.b)
Spontaneous applicationPre-contractual measures + legitimate interest in maintaining a talent pool
NewsletterConsent (Art. 6.1.a) — revocable at any time
Anonymous audience measurementLegitimate interest (Art. 6.1.f) — no tracking cookie
Non-essential cookiesConsent (Art. 6.1.a)
Accounting retentionLegal obligation (Art. 6.1.c)

06Recipients

Your data is accessible only to authorised staff within PolyCall, within the limits of their duties:

  • Sales team (quote requests)
  • HR team (job applications)
  • Information Security / DPO
  • Senior management (only in case of escalation)

We rely on a small number of technical sub-processors, all contractually bound to GDPR compliance:

  • OVH (web hosting, France) — data hosted in the EU
  • Microsoft 365 (mail, France/EU) — TLS encryption, GDPR DPA in place
  • In-house HR tools (application management, hosted Tunisia + EU depending on the module)

Your data is never shared with third parties for commercial purposes.

07Retention periods

Data typeDuration
Commercial enquiry (no follow-up)3 years from last contact
Active clientContract duration + 5 years (statute of limitations)
Accounting records10 years (legal obligation)
Successful application → hireDuration of employment contract + statutory periods
Unsuccessful application2 years with your consent, otherwise 3 months
NewsletterUntil consent is withdrawn
Anonymised browsing logs13 months maximum

08Transfers outside the EU

As PolyCall is established in Tunisia, some data may be processed outside the European Union when delivering services to European clients. In that case:

  • Tunisia is not recognised as offering an adequate level of protection within the meaning of GDPR Article 45.
  • All our client contracts include the European Commission's Standard Contractual Clauses (Decision 2021/914).
  • We apply complementary technical measures: TLS 1.3 in transit, AES-256 at rest, strict role-based access (RBAC), traceability.
  • A Data Protection Impact Assessment (DPIA) is carried out for each new high-risk processing.

09Your rights

Pursuant to GDPR Articles 15 to 22 and Chapter IV of Tunisian Law 2004-63, you have at any time the following rights:

Right of access
Obtain a copy of all data concerning you.
Right to rectification
Correct inaccurate or incomplete data.
Right to erasure
Have your data deleted under the conditions set by law.
Right to object
Object to processing on legitimate grounds.
Right to restriction
Suspend the use of your data during a dispute.
Right to portability
Retrieve your data in a structured format.
Right to withdraw consent
Without retroactive effect, at any time.
Post-mortem instructions
Define the fate of your data after your death.

To exercise a right: write to contact@polycall.tn with proof of identity (copy of ID). We respond within 30 days maximum (extendable by two months for complex requests, with prior notice).

If you believe your rights have not been respected, you may lodge a complaint with the competent supervisory authority:

  • In France: CNIL — www.cnil.fr
  • In Tunisia: National Authority for Personal Data Protection (INPDP) — www.inpdp.nat.tn
  • In the EU: the authority of the country where you live or where the breach occurred.

10Security

We implement appropriate technical and organisational measures to ensure the security of your data:

  • Encryption TLS 1.3 in transit, AES-256 at rest for sensitive data.
  • Role-based access (RBAC), strong authentication, logging.
  • Segregation of client environments (sealed zones).
  • Encrypted backups, business continuity plan (BCP) tested annually.
  • Annual ISO 27001 audit by a certified body.
  • Notification to the supervisory authority and affected individuals within 72h in case of high-risk breach.

11Minors

This site is not intended for minors under 16. No targeted collection takes place for this group. If you are a parent or guardian and discover that a minor has submitted data without authorisation, contact us: we will delete it as soon as possible.

12Changes

This policy may evolve in line with legislative or case-law developments, or with our practices. The last update date appears at the top of the page. For substantial changes affecting your rights, we will inform you via a notice on the site and, where relevant, by email.

13Contact DPO

For any question, exercise of rights or complaint:

Data Protection Officer
contact@polycall.tn
POLYCALL SARL — DPO
40 rue Socrate, Les Berges du Lac 3
Cité Kheireddine, 2060 Tunis · Le Kram, Tunisia