Privacy Policy

Last updated: December 31, 2024

1. Introduction

This Privacy Policy explains how we collect, use, and protect your personal information. We are committed to protecting your privacy and handling your data in an open and transparent manner.

2. Data Controller

We are the data controller responsible for your personal data. For any privacy-related questions, please contact us at dpo[at]corvushold.com.

3. Personal Data We Collect

We collect and process the following types of personal data:

3.1 Information You Provide Us

• Contact information (such as name, email address)
• Account information
• Any other information you choose to provide

3.2 Information Collected Automatically

• Usage data
• IP address
• Browser type and version
• Operating system
• Date and time of access

4. How We Use Your Data

We process your personal data for the following purposes:

• To provide and maintain our services
• To send you transactional emails and marketing communications via Brevo (formerly Sendinblue)
• To improve our services
• To comply with legal obligations
• To detect and prevent fraud

5. Legal Basis for Processing

We process your personal data based on:

• Your consent
• Performance of a contract
• Legal obligations
• Our legitimate interests, provided they don’t override your fundamental rights

6. Data Storage and Security

6.1 Data Storage Locations

• Frontend hosting: Cloudflare
• User data: AWS S3, located in France
• Email services: Brevo

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

7. Data Sharing and Third-Party Services

We share your data with:

7.1 Service Providers

• Brevo: For email communications
• Cloudflare: For website hosting
• Amazon Web Services: For data storage

7.2 Legal Requirements

We may disclose your information if required by law or to protect our rights and safety.

8. Your Rights

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

10. Cookies and Tracking

We currently do not use cookies for tracking purposes. However, we may use third-party services for similar tracking technologies on our website in anonymous form.

11. International Data Transfers

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place through:

• Standard contractual clauses
• Adequacy decisions
• Other legal transfer mechanisms

12. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website.

14. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us at:

• Email: dpo[at]corvushold.com
• Data Protection Officer: Arnaud Leherpeur

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you have concerns about how we process your personal data.