Privacy Policy

The data controller for personal data collected via this website is SandiQ Global, registered in France. You can reach us via our contact form.

We collect personal data in the following circumstances:

• Contact form: name, organisation, role, message, and how you heard about us, collected only when you voluntarily submit the form.
• Email correspondence: your email address and the contents of any email you send us.
• Usage data: anonymised analytics about how visitors interact with the site (see the Cookie Policy).

We do not collect sensitive personal data (as defined under GDPR Article 9) unless you voluntarily provide it in your message.

Responding to enquiries

Processing and responding to contact form submissions and email enquiries. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

Service delivery

Delivering the consulting services you have contracted with us. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

Website analytics

Understanding how visitors use the site to improve its content, using cookieless, aggregated analytics. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

Legal compliance

Complying with applicable legal and regulatory obligations. Legal basis: legal obligation (GDPR Art. 6(1)(c)).

• Contact form data is retained for up to 3 years from submission, unless a business relationship is established.
• Client engagement data is retained for 5 years from the end of the engagement, in line with French accounting and commercial law.
• Anonymised analytics data may be retained indefinitely, as it cannot identify individuals.

We do not sell, rent, or trade your personal data. We may share data with:

• Service providers acting as data processors on our behalf (such as our hosting provider, Vercel Inc.), bound by appropriate data processing agreements.
• Legal authorities where required by applicable law or court order.

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

Under the GDPR and French data protection law (loi Informatique et Libertés), you have the rights of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent.

To exercise any of these, contact us via our contact form. We will respond within one month. You also have the right to lodge a complaint with the French data protection authority, the CNIL (Commission Nationale de l'Informatique et des Libertés).

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. All data in transit is encrypted via TLS/HTTPS.

We may update this policy from time to time. The date at the top of this page indicates when it was last revised. Material changes will be communicated via a notice on the website.