Privacy policy

01 / Data controller and scope

The data controller for data collected via https://datashieldconsulting.com is:

• DRC DATASHIELD RISK CONSULTING (DATASHIELD Risk Consulting)
• Form: SASU (single-member simplified joint-stock company)
• Registered office: 16 rue Cuvier, 69006 Lyon, France
• SIRET: 984 134 916 00019
• General email: contact@datashieldconsulting.com

This policy notably covers data collected through:

• website browsing (pages, cookies, technical logs),
• contact and assistance request forms,
• newsletter and whitepaper registration forms (when applicable),
• email exchanges initiated from the website.

02 / Data Protection Officer (DPO)

DATASHIELD Risk Consulting has appointed a Data Protection Officer (DPO)responsible for compliance and data subject rights.

You can contact the DPO for any question or request regarding your data:

• Email: dpo@datashieldconsulting.com
• Mail: DATASHIELD Risk Consulting – DPO, 16 rue Cuvier, 69006 Lyon, France

03 / What data do we collect?

We only collect data strictly necessary to operate the website, respond to your requests, and manage our relationship with you.

Data collected automatically during browsing:

• browsing information (pages viewed, visit duration),
• technical identifiers (truncated/pseudonymised IP address, browser type, OS, language, etc.),
• cookies and trackers subject to your consent (see Cookie Policy).

Data you provide directly:

• name, role, organisation,
• contact details (email, phone),
• content of your messages (incident description, audit context, quote request, etc.),
• communication preferences (subscription/unsubscription, marketing consent).

We do not seek “special category” (sensitive) data via this website. If a specific context requires additional safeguards, they will be implemented contractually and organisationally.

04 / Purposes of processing

Your personal data is used only for explicit, legitimate purposes, including:

• Request management: respond to your contact/assistance requests, schedule a call, prepare an offer, handle an emergency request.
• Client relationship: operational and contractual exchanges during missions.
• Information delivery: send newsletters/contents if you have consented.
• Website improvement: audience measurement, journey understanding, technical optimisation.
• Security and fraud prevention: logging, anomaly detection, rate limiting and abuse prevention.

05 / Legal bases

In accordance with the GDPR, processing relies on one or more legal bases:

• Consent (non-essential cookies and marketing communications).
• Pre-contractual measures and contract performance (handling requests and missions).
• Legitimate interests (website security, service improvements, relationship management).
• Legal obligations when applicable.

06 / Recipients and transfers

Data is accessed only by authorised personnel and, where necessary, by technical providers strictly to operate the website (hosting, security, emailing, analytics subject to consent).

Some providers may be located outside the European Economic Area depending on tooling. Where applicable, appropriate safeguards (contractual clauses and security measures) are implemented.

07 / Retention periods

We retain personal data only for the time necessary to achieve the purposes described, then archive or delete it according to legal requirements and operational constraints.

08 / Your rights

You have rights of access, rectification, deletion, restriction, objection and portability under the conditions provided by law. You can exercise them by contacting the DPO at dpo@datashieldconsulting.com.

If you believe your rights are not respected, you may lodge a complaint with the relevant supervisory authority.

09 / Security

We implement technical and organisational measures appropriate to the risks to protect data against unauthorised access, alteration, loss and disclosure.

10 / Updates

This privacy policy may be updated to reflect legal, technical or operational changes. The version date above indicates the latest update.