Data Protection · RGPD / GDPR
Privacy Policy
Last updated: May 2025 · Effective date: January 2025
1. Data Controller
Aspelian SAS — 49, rue de Ponthieu, 75008 Paris, France
Email: sales.operations@aspelian.group
SIREN: 929 960 557
2. Data We Collect
We collect information you voluntarily provide, including:
Contact data: name, professional email, company name, phone number
Diagnostic data: information shared during Flash Diagnostics or consultations
Technical data: IP address, browser type, pages visited, time spent (via analytics tools)
Communication data: content of emails, messages or form submissions
3. Legal Basis & Purpose
Contractual performance
Processing related to consulting engagements, proposals and service delivery
Legitimate interest
Business development, Flash Diagnostics, responding to enquiries
Consent
Marketing communications, newsletters, non-essential cookies
Legal obligation
Invoicing, accounting, regulatory compliance requirements
4. Data Retention
We retain personal data only as long as necessary for the purposes collected. Prospect data: 3 years from last contact. Client data: duration of the engagement + 5 years (legal obligation). Financial records: 10 years (French accounting law).
5. Your Rights (GDPR Art. 15–22)
Under the GDPR and French data protection law (Loi Informatique et Libertés), you have the right to:
Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Erase your data ("right to be forgotten") (Art. 17)
Restrict processing of your data (Art. 18)
Data portability in a machine-readable format (Art. 20)
Object to processing based on legitimate interest (Art. 21)
Withdraw consent at any time without affecting prior processing
To exercise your rights: sales.operations@aspelian.group — Response within 30 days.
You may also lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr
6. Third-Party Services & Transfers
We may use trusted third-party services (CRM, email tools, analytics, Calendly for scheduling). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions). We do not sell personal data to third parties.
7. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including SSL/TLS encryption, access controls, and regular security reviews.