Personal Data
Protection and processing of your personal data in accordance with the GDPR.
Preamble
At Skyfall Protection (SAS VADOR), the protection of your personal data is our absolute priority. This privacy policy explains in a transparent manner how we collect, process, store and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and French legislation.
This policy complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
Our sovereignty commitment: All your data is hosted under European jurisdiction and subject to French and European data protection laws.
Table of Contents
- Data Controller
- Data Collected
- Purposes and Legal Basis
- Data Recipients
- Data Retention Period
- Your Rights
- Data Security
- Cookies and Trackers
- Amendments
- Contact
1. DATA CONTROLLER
Company: SAS VADOR
Trade name: Skyfall Protection
Share capital: 1 282 euros
Registered office: 20 Rue du Clos Romain - 37390 SAINT-ROCH
RCS: Tours B 988 533 527
SIRET: 988 533 527 00012
Intra-community VAT: FR 96 988 533 527
DPO Contact: contact@skyfall-protection.fr
Phone: +33 (0)2 49 23 01 47
2. PERSONAL DATA COLLECTED
2.1 Data collected directly
We collect data that you provide to us directly, in particular when:
- Creating a customer account
- Subscribing to a plan
- Requesting a quote or demonstration
- Signing up for our newsletter
- Any contact with our customer service
Types of data collected:
Category | Data Collected |
Identity | Last name, first name, title |
Contact | Email, phone, postal address |
Professional | Company, position, company size, industry sector |
Billing | Bank details (IBAN), order history |
Technical | Network configuration (for SKYFALL BOX installation) |
2.2 Data collected automatically
When you browse our website, we automatically collect:
- Connection data: IP address, browser type, operating system
- Browsing data: pages visited, visit duration, traffic source
- Location data: country, region (without precise geolocation)
- Cookies: see section 8 below
2.3 Sensitive data
Important: We do not collect any sensitive data within the meaning of the GDPR (Article 9): racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.
3. PURPOSES OF PROCESSING AND LEGAL BASIS
In accordance with Article 6 of the GDPR, your personal data is processed for the following purposes:
Purpose | Legal Basis | Data Concerned |
Customer relationship management | Contract (Art. 6.1.b) | Identity, contact, professional |
Billing | Contract + Legal obligation | Identity, billing |
Technical support | Contract (Art. 6.1.b) | Identity, contact, technical |
Marketing (customers) | Legitimate interest (Art. 6.1.f) | Contact, professional |
Marketing (prospects) | Consent (Art. 6.1.a) | Contact, professional |
Security / Fraud prevention | Legitimate interest (Art. 6.1.f) | Connection, browsing |
4. DATA RECIPIENTS
4.1 Internal access
Your data is accessible only to authorised personnel within Skyfall Protection:
- Sales department
- Customer service and technical support
- Accounting department
- IT department (system administrators)
4.2 Service providers and partners
We may share your data with:
- Web host: LWS (France) - website hosting
- Payment providers: banking institutions (under PCI-DSS)
- Technical providers: maintenance (under confidentiality agreement)
- Chartered accountant: for accounting obligations
- Authorities: upon judicial request only
Guarantee: We NEVER sell, rent or share your personal data with third parties for commercial purposes.
4.3 Transfers outside the EU
Your data is stored in France and within the European Union. No transfer outside the EU is carried out except where duly governed by:
- Standard contractual clauses of the European Commission
- Adequacy decision
- Appropriate safeguards (Article 46 GDPR)
5. DATA RETENTION PERIOD
Data Type | Retention Period |
Active customer data | Duration of the relationship + 3 years |
Billing data | 10 years (legal obligation L.123-22 Commercial Code) |
Prospect data | 3 years from last contact |
Cookies | 13 months maximum (CNIL) |
Security logs | 1 year (legal obligation) |
Technical support | 5 years after resolution |
Upon expiry of these periods, your data is either deleted or irreversibly anonymised.
6. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
In accordance with the GDPR (Articles 15 to 22), you have the following rights:
6.1 Right of access (Article 15 GDPR)
Obtain confirmation of the processing and a copy of your personal data.
6.2 Right to rectification (Article 16 GDPR)
Correct inaccurate or incomplete data concerning you.
6.3 Right to erasure "right to be forgotten" (Article 17 GDPR)
Request the deletion of your data in cases provided for by law.
6.4 Right to restriction (Article 18 GDPR)
Restrict the processing of your data in certain circumstances.
6.5 Right to data portability (Article 20 GDPR)
Receive your data in a structured format and transmit it to another controller.
6.6 Right to object (Article 21 GDPR)
Object to the processing of your data, in particular for marketing purposes.
6.7 Withdrawal of consent
Withdraw your consent at any time for processing based thereon.
6.8 How to exercise your rights?
Email: contact@skyfall-protection.fr
Post: SAS VADOR - DPO, 20 Rue du Clos Romain, 37390 SAINT-ROCH
Proof of identity: Enclose a copy of your identity document
Response time: 1 month (extendable by 2 months if complex)
6.9 Right to lodge a complaint
If you believe that your rights are not being respected, you may lodge a complaint with the CNIL:
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
Tel: 01 53 73 22 22
www.cnil.fr
7. DATA SECURITY
As a cybersecurity expert, we implement state-of-the-art security measures (Article 32 GDPR):
7.1 Technical measures
- Encryption: SSL/TLS for transmissions, AES-256 for storage
- Authentication: Two-factor authentication (2FA) for sensitive access
- Protection: Firewall, IDS/IPS against intrusions
- Backups: Daily encrypted backups
- Monitoring: 24/7 monitoring of suspicious activities
7.2 Organisational measures
- Principle of least privilege for access
- Ongoing staff training
- Confidentiality agreements
- Incident management procedures
- Regular security audits
7.3 Breach notification
Commitment: In the event of a personal data breach posing a risk to your rights and freedoms, we will notify you as soon as possible and within 72 hours at most (Article 33-34 GDPR).
8. COOKIE AND TRACKER POLICY
8.1 Types of cookies used
Strictly necessary cookies (no consent required):
- session_id: Session maintenance (duration: session)
- cookie_consent: Consent memorisation (duration: 13 months)
- security_token: CSRF protection (duration: session)
Analytical cookies (consent required):
- Google Analytics (_ga, _gid): Audience analysis (duration: 13 months)
8.2 Cookie management
You can manage your cookie preferences via:
- Our consent banner
- Your browser settings
- The platform: www.youronlinechoices.com
9. AMENDMENTS TO THIS POLICY
We reserve the right to amend this policy in order to:
- Comply with legal developments
- Reflect changes in our practices
- Incorporate new services
In the event of a substantial amendment, we will inform you by email and/or notification in your customer area.
10. CONTACT
Data Protection Officer (DPO)
Email: dpo@skyfall-protection.fr
Post: SAS VADOR - DPO Department
20 Rue du Clos Romain
37390 SAINT-ROCH
Phone: +33 (0)2 49 23 01 47
Hours: Monday to Friday, 9am-6pm
A question about your data ?
Our team is at your disposal to answer all your questions about the protection of your data.