Privacy Policy
Purpose
This Privacy Policy is established by DPO101, registered under SIREN number 841.181.175, with its headquarters located at 66 Avenue des Champs-Élysées, 75008 Paris, hereinafter referred to as the “Data Controller”.
The purpose of this policy is to inform visitors of the website: https://dpo101.com/ (hereinafter referred to as “the Website”) about how data is collected and processed by the Data Controller.
This policy aligns with the Data Controller’s commitment to transparency and compliance with national regulations and Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, concerning the protection of individuals regarding the processing of personal data and the free movement of such data (commonly known as the General Data Protection Regulation (GDPR)).
The Data Controller places great importance on protecting users’ privacy and, therefore, takes reasonable precautions to safeguard personal data from loss, theft, unauthorized disclosure, or misuse.
“Personal data” refers to any information that directly or indirectly identifies an individual.
If users wish to respond to any of the practices described below, they may contact the Data Controller at the postal or email address provided in the “Contact Information” section of this Policy.
What Data Do We Collect?
The Data Controller collects and processes personal data from users through the following methods:
- Automatically detected domain, including the dynamic IP address.
- Data collected via the Contact Form.
- Data collected via the Quote Request Form.
- Data collected via the Callback Request Option.
- Data collected via online assessments and tests.
- Email addresses provided voluntarily by users when sending messages, inquiries, or filling out forms.
- Browsing data, including the pages visited on the Website.
Additionally, the Data Controller may collect non-personal data, which cannot identify an individual directly or indirectly. This data may be used for website improvements, service enhancements, and targeted advertising.
If non-personal data is combined with personal data, making it possible to identify an individual, such data will be treated as personal data until the link is removed.
Methods of Collection and Processing
The Data Controller may process personal data through the following:
✔ Contact Form
✔ Quote Request Form
✔ Callback Request Option
✔ Online Assessments and Tests
Categories of Data, Purpose, Legal Basis, and Retention Period
| Processing | Data Collected | Purpose | Legal Basis | Retention Period |
|---|---|---|---|---|
| Contact Form | Name, Email, Phone Number, Company, Site Referral, Comments | Responding to user inquiries | Legitimate interest (providing follow-up) | 3 months from last contact (extendable upon request) |
| Quote Request | Name, Email, Phone Number, Company, Site Referral, Comments | Responding to quote requests | Legitimate interest (providing follow-up) | 3 months from last contact (extendable upon request) |
| Callback Request | Name, Phone Number | Responding to callback requests | Legitimate interest (providing follow-up) | 3 months from last contact (extendable upon request) |
| Online Tests | Test responses, Name, Company, Phone Number, Email | Providing test results and follow-up | Legitimate interest (providing follow-up) | 3 months from last contact (extendable upon request) |
| Cookies | IP Address, Login Data | Website functionality, user session maintenance, analytics, conversion tracking | User consent | Maximum 13 months |
The Data Controller may introduce additional data processing not currently covered in this Policy. In such cases, users will be contacted for consent before using their personal data.
Recipients of Data and Third-Party Disclosures
Internal Recipients:
Only authorized personnel responsible for security, business relations, and development have access to the data.
External Recipients:
| Third Party | Data Shared |
|---|---|
| OVH (Hosting Provider) | All stored data |
If data is shared with third parties for marketing or commercial purposes, users will be informed in advance to opt-in. Users can withdraw their consent at any time.
The Data Controller complies with legal and regulatory obligations and ensures that partners, subcontractors, and third parties also comply with this Policy.
If required by law, legal proceedings, or a regulatory order, the Data Controller may disclose personal data.
User Rights and Data Processing Requests
Users may request verification of their identity before exercising their rights. This verification process will be completed within one month of receiving the request.
1. Right to Access and Copy Data
Users can request a written copy of their personal data. The Data Controller may charge reasonable administrative fees for additional copies. If requested electronically, the data will be provided in a standard electronic format.
2. Right to Withdraw Consent
For data processed based on user consent (e.g., cookies), users may withdraw consent at any time by modifying preferences in emails or cookie settings.
3. Right to Rectification
Users can request corrections to any inaccurate or incomplete data, free of charge, within one month of the request.
4. Right to Object to Processing
Users may object to data processing unless:
- The processing is necessary for a public interest mission.
- The processing is necessary for the legitimate interests of the Data Controller.
Objections to direct marketing purposes will always be honored.
5. Right to Data Erasure (“Right to be Forgotten”)
Users may request data deletion if:
- Data is no longer needed for its original purpose.
- The user withdraws consent.
- The data was processed unlawfully.
- The data must be deleted for legal compliance.
Data will not be deleted if required for legal obligations, public interest, research, or defense of legal claims.
6. Right to Data Portability
Users may request their personal data in a structured, commonly used, and machine-readable format to transfer it to another data controller.
Security Measures
The Data Controller implements technical and organizational measures to ensure data security against unauthorized access, breaches, or loss.
If a data breach occurs, appropriate remediation measures will be taken, and users will be informed if required by law.
Complaints and Contact Information
If users have concerns about data processing, they can contact the Data Controller:
- Email: vosdroits@dpo101.com
- Postal Address: 66 Avenue des Champs-Élysées, 75008 Paris
Users may also file complaints with their national data protection authority, such as the CNIL (France):
Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Phone: +33 1 53 73 22 22
Modifications to This Policy
The Data Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on the Website.
Applicable Law and Jurisdiction
This Privacy Policy is governed by the national law of the Data Controller’s primary establishment. Any disputes related to its interpretation or execution will be subject to the jurisdiction of that national law.
Last Updated: 09/01/2025