1. Who is the data controller?
Hyperionfr SAS, registered with the Paris Trade and Companies Register under number 921 456 789, with headquarters at 25 avenue des Champs-Élysées, 75008 Paris (France), is the data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.
2. Which data do we collect?
We collect only the data strictly necessary: first and last name, email address, optional phone number, declared family and tax situation. No banking data or social-security number is ever requested through our public form.
3. Purposes of processing
Your data is used to: (i) verify your eligibility to support schemes, (ii) allow a dedicated advisor to call you back, (iii) improve our content and newsletters. We never sell or rent your data to commercial partners.
4. Legal basis
We process your data on the basis of your consent (Article 6.1.a GDPR) and, where applicable, the performance of an advisory contract (Article 6.1.b GDPR).
5. Retention period
Prospect data is kept for 36 months from the last active contact. Contract data is kept for 10 years in accordance with accounting obligations.
6. Your rights
You have the right to access, rectify, erase, restrict, port, object and to set post-mortem directives. To exercise them: dpo@hyperionfr.com. You may also lodge a complaint with the CNIL (www.cnil.fr).
7. Security
Your data is hosted in the European Union (Paris) on ISO 27001 and HDS certified infrastructure. TLS 1.3 encryption in transit, AES-256 at rest.