Privacy Policy & GDPR Information (Article 13) – Website and Online Services

Summary of key points

  • Access data (logs) processed for the operation and security of the website (legitimate interest).

  • Cookies and trackers: consent required for non-essential trackers via a consent management platform (CMP – Usercentrics).

  • Contact forms: data processed to respond to requests and, where applicable, to prepare or perform a contract; data deleted after processing, subject to legal obligations.

  • Third-party services (Google Maps, Google reCAPTCHA, LinkedIn) may involve transfers of data to the United States, subject to appropriate safeguards (DPF and/or SCCs).

1. Access data, hosting and CDN

Each time you visit the website, technical logs may be recorded by our servers (IP address, date and time of the request, accessed resources, data volume transferred, browser and internet service provider information).
These data are processed to ensure the proper functioning, security and improvement of the website.

Website hosting and content delivery (CDN) may be provided by service providers acting as data processors within the meaning of Article 28 GDPR.

2. Cookies and other technologies (CMP)

We use a consent management platform (CMP – Usercentrics) to collect, manage and document your consent regarding cookies and other tracking technologies.

The categories of cookies used may include:

  • essential cookies (website operation);

  • analytics or performance cookies (audience measurement);

  • functional and marketing cookies (personalization and advertising).

The placement of non-essential cookies is subject to your prior consent, which you may withdraw at any time via the CMP or your browser settings.

3. Contact forms and communications

Data provided via contact forms are processed in order to respond to your requests and, where applicable, to prepare or perform a contract.
The legal basis for this processing is the performance of pre-contractual or contractual measures (Article 6(1)(b) GDPR) or, where applicable, your consent (Article 6(1)(a)).

Data are deleted once the request has been processed, subject to applicable legal obligations, in particular commercial or tax requirements.

4. Third-party services (Google, LinkedIn)

The use of third-party services such as Google Maps (map display) and Google reCAPTCHA (protection against automated submissions) may involve the processing of technical data and the placement of cookies.

Our presence on LinkedIn may also result in data processing for audience measurement and advertising purposes, based on pseudonymized profiling mechanisms specific to the platform.

5. Transfers outside the European Union (United States)

Where the use of third-party services involves transfers of data to the United States, such transfers are governed by:

  • the relevant service providers’ adherence to the Data Privacy Framework (DPF), where applicable;

  • and/or the implementation of Standard Contractual Clauses, supplemented where necessary by additional safeguards.

6. Legal bases and data retention

Processing activities are based on the following legal grounds:

  • legitimate interest (operation and security of the website);

  • consent (non-essential cookies and trackers);

  • performance of pre-contractual or contractual measures (forms).

Technical logs are retained for a period strictly necessary for the purposes pursued.
Proofs of consent collected via the CMP are retained in order to demonstrate GDPR compliance (Article 7).
Messages submitted via contact forms are retained for the duration of the request processing and then deleted, unless a legal obligation requires otherwise.

7. Mandatory nature of data and consequences

Essential cookies are required for the proper functioning of the website.
Refusal or withdrawal of consent for non-essential cookies may limit certain functionalities without preventing access to the website.

8. Automated decision-making

No fully automated decision-making producing legal or similarly significant effects is implemented.

9. Your GDPR rights and how to exercise them

You have the following rights:

  • right of access to your data (Article 15);

  • right to rectification (Article 16);

  • right to erasure (Article 17);

  • right to restriction of processing (Article 18);

  • right to object (Article 21), including to direct marketing;

  • right to data portability (Article 20, where applicable);

  • right to withdraw your consent at any time (without retroactive effect).

To exercise your rights, you may contact the Data Protection Officer (DPO) or the data controller.
The response time is one month and may be extended by two months in the event of a complex request.