Privacy Policy
This Privacy Policy is intended to inform users of the trustdata.tech website and the TrustData service of how their personal data is collected, processed and protected, in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the French Data Protection Act No. 78-17 of 6 January 1978, as amended (loi Informatique et Libertés).
Data Controller: TRUSTDATA, SARL with a share capital of €1,000.00 — 7 rue Cail, 75010 Paris — SIREN: 931 119 333 — [email protected]
1. Data Protection Officer (DPO)
The Data Protection Officer may be contacted at:
Email: [email protected]
Postal address: TRUSTDATA — DPO, 7 rue Cail, 75010 Paris, France
The DPO is the point of contact for any question relating to the processing of your personal data and the exercise of your rights.
2. Data Collected
Data collected directly from you
| Category | Examples |
|---|---|
| Identification data | First name, last name, professional email address |
| Professional data | Company name, job title, industry |
| Connection data | IP address, connection logs, browser type |
| Payment data | Card details (processed exclusively by Stripe; never stored by TrustData) |
| Usage data | Pages visited, features used, configuration preferences |
| Communication data | Content of support exchanges, contact requests |
Data collected on behalf of our clients (data processing)
As part of the Service, TrustData collects and processes data on behalf of its clients (advertisers, agencies) acting as data controllers. For these processing activities, TrustData acts as a data processor within the meaning of Article 28 of the GDPR. The terms of this data processing are governed by the Data Processing Agreement (DPA).
3. Legal Bases and Purposes of Processing
| Purpose | Legal basis (Art. 6 GDPR) | Retention period |
|---|---|---|
| Client account management and provision of the Service | Performance of a contract (Art. 6.1.b) | Duration of contract + 3 years |
| Billing and accounting | Legal obligation (Art. 6.1.c) | 10 years |
| Customer support | Performance of a contract (Art. 6.1.b) | Duration of contract + 1 year |
| Marketing communications (newsletters) | Consent (Art. 6.1.a) | Until withdrawal of consent or 3 years of inactivity |
| Service improvement and statistics | Legitimate interest (Art. 6.1.f) | 26 months maximum |
| B2B commercial prospecting | Legitimate interest (Art. 6.1.f) | 3 years after last contact |
| Compliance with legal obligations | Legal obligation (Art. 6.1.c) | As required by applicable law |
| Cookie and tracker management | Consent (Art. 6.1.a) | 13 months maximum (CNIL) |
| Service security (logs, intrusion detection) | Legitimate interest (Art. 6.1.f) | 12 months |
4. Retention Periods
Personal data is retained for the period strictly necessary for the purposes for which it is processed, in accordance with the table above.
Upon expiry of these periods, data is deleted or irreversibly anonymised.
Upon termination of the contract, Client Data is retained for thirty (30) days to allow for export, then deleted.
5. Recipients of Data
Sub-processors
| Sub-processor | Role | Location | Transfer safeguards |
|---|---|---|---|
| Hetzner Online GmbH | Application hosting | Helsinki, Finland (EU) | Data within the EU |
| Cloudflare, Inc. | CDN, DDoS protection, DNS | United States | Standard Contractual Clauses (SCCs) |
| Stripe, Inc. | Payment processing | United States | Standard Contractual Clauses (SCCs) |
| Resend | Transactional email delivery | United States | Standard Contractual Clauses (SCCs) |
TrustData never sells its users' personal data to third parties.
6. International Data Transfers
Client Data (data collected through the Service on behalf of our clients) is hosted exclusively within the European Union, on Hetzner servers in Helsinki, Finland.
Certain technical sub-processors (Cloudflare, Stripe, Resend) are located in the United States. Transfers are governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission (implementing decision 2021/914 of 4 June 2021).
A Transfer Impact Assessment has been carried out for each sub-processor located outside the EU. You may obtain a copy of the safeguards by contacting our DPO at [email protected].
7. Data Security
TrustData implements appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access control (RBAC)
- Access logging and monitoring
- Regular backups
- Periodic security testing
8. Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Right of access (Art. 15) | Obtain confirmation that your data is being processed and receive a copy |
| Right to rectification (Art. 16) | Have inaccurate or incomplete data corrected |
| Right to erasure (Art. 17) | Request deletion of your data, subject to legal obligations |
| Right to restriction (Art. 18) | Request restriction of processing in certain circumstances |
| Right to data portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Right to object (Art. 21) | Object to processing based on legitimate interest |
| Withdrawal of consent | Withdraw your consent at any time |
To exercise your rights: [email protected] or by post to TRUSTDATA — DPO, 7 rue Cail, 75010 Paris.
We undertake to respond within one (1) month of receiving your request.
9. Right to Lodge a Complaint with the Supervisory Authority
If you consider that the processing of your data constitutes a breach of the GDPR, you may lodge a complaint with the CNIL (French data protection authority):
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Website: https://www.cnil.fr — Phone: +33 1 53 73 22 22
10. Cookies and Trackers
For detailed information on the cookies used and to manage your preferences, please consult our Cookie Policy.
11. Policy Changes
TrustData reserves the right to amend this Privacy Policy at any time. Any material change will be notified to users by email or via a notification within the Service. The date of last update is indicated at the top of this document.
12. Contact
For any question relating to this Privacy Policy:
Email: [email protected]
Address: TRUSTDATA — DPO, 7 rue Cail, 75010 Paris, France