Aller au contenu
FRENFR-CAEN-CA
Contact
Legal · GDPR

Privacy policy

What we collect, why, how long, and what you can do about it — no jargon.

Last updated 19 May 2026

1. Data controller

The controller for your personal data is Hexceos SARL, SIRET 919 321 182 00017, registered office at 76 rue du Trou Grillon, 91280 Saint-Pierre-du-Perray.

2. What data we collect

2.1 Data collected via forms

When you use our forms (contact, quote, cybersecurity audit request), we collect:

  • Identifiers — first and last name
  • Business contact details — email, phone, company, role
  • Message content — what you freely tell us
  • Technical metadata — submission timestamp, source IP for anti-spam

2.2 Data collected automatically

During your browsing we collect limited technical data (anonymised IP, browser type, pages viewed, visit duration). This data comes from our self-hosted audience tool in France and is not shared with third parties.

2.3 Data collected during an engagement

If you become a client, we collect and process data necessary to deliver our services — contact details for designated contract contacts, technical data of your IT estate (within the agreed scope), security telemetry for SOC and EDR/XDR missions. These processings are subject to a specific contract defining purposes, durations and access rights.

3. Purposes and legal bases

Purpose Legal basis (GDPR art. 6) Duration
Reply to a contact form Pre-contractual measures (art. 6.1.b) 3 years after last contact
Client contract management Contractual performance (art. 6.1.b) Contract duration + 5 years
Accounting and tax obligations Legal obligation (art. 6.1.c) 10 years
Website audience measurement Legitimate interest (art. 6.1.f) 13 months
Targeted commercial prospecting Consent (art. 6.1.a) 3 years or consent withdrawal

4. Data recipients

Your data is accessible to:

  • Authorised Hexceos staff according to their roles (sales, engineers, SOC team, administrative team).
  • Our technical processors — website host, payroll and accounting providers, CRM and ticketing tools. The full list and their guarantees are available on request at [email protected].
  • Competent public authorities in case of legal obligation (judicial requisition, CNIL audit, etc.).

We never sell or rent your data to third parties. No transfer takes place outside the European Union for data collected via the website.

5. Data security

Collected data is hosted in our sovereign datacenter in France (Île-de-France and Occitanie), certified Health Data Host (HDS). It is subject to reinforced technical and organisational measures — encryption at rest and in transit, strict access control, access logging, 24/7 monitoring by our SOC.

6. Your rights

Under the GDPR and the French Data Protection Act, you have the following rights:

  • Right of access — confirm whether your data is processed and receive a copy.
  • Right of rectification — correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — subject to legal retention obligations.
  • Right to restriction — suspend a contested processing during its verification.
  • Right to object — for processings based on legitimate interest or prospecting.
  • Right to data portability — retrieve your data in a structured, machine-readable format.
  • Right to withdraw your consent at any time when processing rests on it.
  • Right to define post-mortem instructions on what happens to your data after your death.

7. How to exercise your rights

To exercise your rights, contact our Data Protection Officer (DPO) at [email protected] or by post at:

Hexceos SARL — DPO
76 rue du Trou Grillon
91280 Saint-Pierre-du-Perray
France

We respond within one month of receipt of a complete request. We may require proof of identity if there is reasonable doubt about the origin of the request.

8. Complaint to the CNIL

If, after contacting us, you consider your rights are not respected, you may file a complaint with the French Data Protection Authority (CNIL):

  • Address — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • Phone — +33 1 53 73 22 22
  • Website — www.cnil.fr

9. Changes to this policy

This policy may be updated to reflect regulatory changes or our practices. The update date appears at the top of the page. In case of substantial modification, we inform concerned persons by an appropriate means.