politique de confidentialité
Accueil / Politique de confidentialité
politique de confidentialité
1. Introduction
Welcome to CyberShield WAF, a web application firewall service provided by SECURAS. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.
We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This policy complies with the General Data Protection Regulation (GDPR), the French Data Protection Act, and other applicable privacy laws.
By using our services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.
2. Data Controller
SECURAS (SIREN: 882 464 290) is the data controller responsible for your personal information. We determine the purposes and means of processing your personal data in connection with our CyberShield WAF services.
As the data controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organizational measures are implemented to protect your data.
3. Information We Collect
3.1 Personal Information
We may collect the following types of personal information:
- Contact Information: Name, email address, phone number, company name, job title
- Account Information: Username, password (encrypted), account preferences
- Billing Information: Billing address, payment method details (processed by secure third-party payment processors)
- Communication Data: Messages, feedback, support requests, and correspondence with us
- Professional Information: Company size, industry, technical requirements, security needs
3.2 Technical Information
We automatically collect certain technical information when you use our services:
- Log Data: IP addresses, browser type, operating system, access times, pages viewed
- Device Information: Device type, unique device identifiers, mobile network information
- Usage Data: How you interact with our services, features used, performance metrics
- Security Data: Information about security events, threats detected, and protection measures applied
3.3 Cookies and Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to enhance your experience and collect information about how you use our services. For detailed information, please see our Cookie Policy section below.
4. How We Use Your Information
We process your personal information for the following purposes, based on legitimate legal grounds:
| Purpose | Legal Basis | Data Types |
|---|---|---|
| Provide and maintain our services | Contract performance | Contact, account, technical data |
| Process payments and billing | Contract performance | Billing information, usage data |
| Customer support and communication | Contract performance, legitimate interest | Contact data, communication data |
| Security monitoring and threat detection | Legitimate interest, legal obligation | Technical data, security data |
| Service improvement and analytics | Legitimate interest | Usage data, technical data |
| Marketing communications (with consent) | Consent | Contact data, professional data |
| Legal compliance and dispute resolution | Legal obligation, legitimate interest | All relevant data types |
Marketing Communications
We will only send you marketing communications if you have given us your explicit consent. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or contacting us directly.
5. Information Sharing
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:
5.1 Service Providers
We may share your information with trusted third-party service providers who assist us in operating our business, including:
- Cloud hosting and infrastructure providers
- Payment processing services
- Customer support platforms
- Analytics and monitoring services
- Email and communication services
These service providers are contractually bound to protect your information and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required by law, regulation, or legal process, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Protect the rights, property, or safety of our users or others
- Prevent fraud or other illegal activities
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.
6. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
- Encryption: Data is encrypted in transit and at rest using industry-standard encryption protocols
- Access Controls: Strict access controls and authentication mechanisms limit access to authorized personnel only
- Network Security: Firewalls, intrusion detection systems, and network monitoring protect our infrastructure
- Regular Audits: Regular security audits and vulnerability assessments ensure ongoing protection
- Employee Training: All employees receive regular training on data protection and security best practices
- Incident Response: We have established procedures for detecting, responding to, and reporting security incidents
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR.
7. Your Rights
Under GDPR and applicable data protection laws, you have the following rights regarding your personal information:
Right of Access
You have the right to request access to your personal data and receive information about how we process it.
Right to Rectification
You can request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
You can request deletion of your personal data in certain circumstances, such as when it’s no longer necessary for the original purpose.
Right to Restrict Processing
You can request that we limit the processing of your personal data in certain situations.
Right to Data Portability
You can request to receive your personal data in a structured, commonly used format and transmit it to another controller.
Right to Object
You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within one month, unless the request is complex, in which case we may extend this period by up to two additional months.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
9.1 Retention Periods
- Account Data: Retained for the duration of your account plus 3 years after account closure
- Billing Data: Retained for 7 years after the last transaction for tax and accounting purposes
- Support Communications: Retained for 3 years after the last interaction
- Marketing Data: Retained until you withdraw consent or 3 years of inactivity
- Log Data: Retained for 12 months for security and operational purposes
- Security Incident Data: Retained for 5 years for legal and security purposes
We regularly review our data retention practices and delete or anonymize personal information that is no longer needed.
10. International Data Transfers
Your personal information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.
When we transfer your personal information internationally, we ensure appropriate safeguards are in place, including:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules
- Certification schemes and codes of conduct
We primarily process data within the European Economic Area (EEA) and ensure that any international transfers comply with applicable data protection laws.
11. Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so we can take appropriate action.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you of material changes via email or through our services
- Obtain your consent for changes that materially affect how we use your personal information
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Information
Data Protection Contact
If you have any questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal information, please contact us:
SECURAS – SIREN: 882 464 290
We will respond to your inquiry within 30 days as required by applicable data protection laws.
Supervisory Authority
You also have the right to lodge a complaint with the French data protection authority (CNIL) if you believe we have not handled your personal data in accordance with applicable laws:
CNIL
3 Place de Fontenoy – TSA 80715
75334 PARIS CEDEX 07
Website: www.cnil.fr