Legal · GDPR

Privacy Policy.

MINDSEC takes privacy seriously — both yours and our clients'. This page explains what personal data we collect on mindsec.fr, why, how we handle it, and what rights you have. Plain English, no dark patterns.

1. Data controller

The data controller for personal information processed through this website is:

Company
MINDSEC (EURL)
Registered office
{{REGISTERED_OFFICE_ADDRESS}}, France
Contact
contact@mindsec.fr

2. What data we collect

We only collect the data you actively provide via our contact form, namely:

  • Your name
  • Your email address
  • Your company name (optional)
  • The topic of your enquiry
  • The content of your message

The website does not use analytics cookies, tracking pixels, fingerprinting, or any third-party advertising scripts. We do not collect your IP address for tracking purposes (it may be temporarily logged by our hosting provider for security and abuse-prevention reasons — see section 7).

3. Why we process your data (purpose & legal basis)

Personal data submitted through the contact form is processed for the following purposes:

  • To respond to your enquiry and engage in pre-contractual discussions
  • To send you a follow-up if relevant to your initial request
  • If a commercial relationship is initiated, to manage the engagement

The legal basis for this processing is your consent (you actively submit the form) and the execution of pre-contractual measures taken at your request (Article 6.1.a and 6.1.b of the GDPR).

4. Who has access to your data

Your personal data is accessed only by MINDSEC. We do not sell, rent, or share your information with third parties for marketing purposes.

The contact form is processed directly on our own server hosted by OVH SAS — no third-party form processor is involved. Submitted data is forwarded to our internal email address and is not stored on the website server beyond the temporary processing required to send the email and a short-lived rate-limit log (hashed IP addresses, retained for one hour).

OVH SAS, as our hosting provider, acts as a sub-processor strictly for hosting infrastructure and email transit. OVH is GDPR-compliant and operates infrastructure within the European Union.

5. How long we keep your data

  • If your enquiry does not lead to a commercial relationship: data retained for up to 3 years after the last contact, then deleted
  • If your enquiry leads to a commercial relationship: data retained for the duration of the relationship plus the legal retention period (up to 10 years for accounting records, as required by French law)

6. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — to obtain confirmation that your data is being processed and a copy of it
  • Right of rectification — to have inaccurate data corrected
  • Right of erasure ("right to be forgotten") — to have your data deleted, subject to legal retention requirements
  • Right to restrict processing — to limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to the processing of your data
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please email contact@mindsec.fr. We will respond within one month.

7. Hosting & security

The website is hosted by OVH SAS (2 rue Kellermann, 59100 Roubaix, France). The hosting provider may process technical logs (including IP addresses, timestamps, user-agent strings) for the strict purposes of security, fraud prevention, and operational stability. These logs are retained for a limited period as defined by OVH's own policy.

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. The website is served over HTTPS exclusively, with HSTS enforced. However, no transmission over the internet can be guaranteed 100% secure.

8. Cookies

This website does not use cookies for analytics, tracking, advertising, or personalisation. The only cookies that may be set are strictly technical cookies required for the website to function (e.g. session cookies for the contact form anti-bot protection). These are exempt from the requirement of prior consent.

9. International data transfers

If our service providers process data outside of the European Economic Area (EEA), such transfers are framed by appropriate safeguards (Standard Contractual Clauses or adequacy decisions) as required by Articles 44 to 50 of the GDPR.

10. Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the French data protection authority (CNIL):

Authority
Commission Nationale de l'Informatique et des Libertés (CNIL)
Address
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Website
www.cnil.fr

11. Changes to this policy

This privacy policy may be updated from time to time to reflect changes in our practices or in applicable regulation. Significant changes will be flagged on the website. The date of last update is shown below.

Last updated: 1 May 2026.