Privacy policy

Last updated: April 2026. This document describes personal data processing carried out in connection with the website and the “diagnostic” form. For any questions, contact the publisher using the details below.

1. Data controller

The controller for the processing described here is the website publisher, a sole proprietorship operating under the trade name Proctiv, identified in particular by SIREN 949 328 892 (registration in the French national business register).

Contact for exercising your rights (personal data):
contact@proctiv.fr

No data protection officer (DPO) has been appointed for this structure; requests relating to personal data are handled directly by the controller at the address above.

2. Data collected

Depending on how you use the website, the following categories of data may be collected:

• Identification and contact data: first name, last name, organisation or company name, professional email address, phone number if you provide it;
• Data relating to your request: description of your situation and needs (free text), responses in the “diagnostic” flow (direction, details), summary or qualification produced to understand the need;
• Company identification data: when you use company lookup, public identifiers (including SIREN) and labels from public sources may be associated with your request to provide context;
• Minimal technical data: required for operation and security of the website (e.g. server logs within the limits of maintenance and security needs).

Mandatory form fields are indicated as such. Other information is optional.

3. Purposes of processing

Data is processed for the following purposes:

• Request management: analyse your message, contact you, prepare a tailored commercial proposal (quote, scope, follow-up questions);
• Commercial relationship: pre-contractual or contractual follow-up where applicable, invoicing and delivery of services if you become a client;
• Legal obligations: retention of evidence or responses to authorities when required by law;
• Security and service improvement: prevent abuse, ensure availability of the website and form, fix malfunctions (strictly as necessary).

No automated profiling producing legal effects concerning you within the meaning of the GDPR is implemented. Any qualification aids are tools to help interpret your request and do not replace human decision-making for contacting you.

4. Legal bases

In accordance with Regulation (EU) 2016/679 (GDPR) and French data protection law:

• Pre-contractual measures and legitimate interest (Article 6(1)(b) and (f) GDPR): respond to professional requests sent via the form and provide reasonably expected commercial follow-up;
• Consent (Article 6(1)(a) GDPR): when you expressly agree to be contacted to receive a proposal or information related to your request (form checkbox);
• Legal obligation (Article 6(1)(c) GDPR): where applicable, retention or disclosure required by law (accounting, tax, response to an authority).

5. Recipients and subprocessors

Data is intended primarily for the website publisher and authorised personnel within the limits of their duties.

Providers may act as subprocessors (documented instructions, confidentiality and security obligations):

• Website hosting: OVH SAS — 2 rue Kellermann, 59100 Roubaix, France (data hosted in the European Union for the static site and, where applicable, for an application API on the same infrastructure);
• Form message delivery: the Formspree service (Formspree Inc., United States) may receive form fields to forward notification email — see their privacy policy: formspree.io/legal/privacy-policy; appropriate safeguards (including EU Standard Contractual Clauses) may apply to transfers to this third country;
• Company lookup: queries to the public Recherche d’entreprises API (recherche-entreprises.api.gouv.fr) operated by the French interministerial digital directorate — open data; this consultation does not constitute hosting of your personal data by that service beyond the State’s own technical logs;
• Internal notifications: if an application server is configured (e.g. Telegram or equivalent), a minimal copy of request information may be sent to a private channel for operational alerts — only where this option is enabled on the infrastructure.

No data is sold or transferred to third parties for external commercial purposes. No behavioural advertising is carried out from the form.

6. Transfers outside the European Union

Where a subprocessor is located outside the EU (e.g. Formspree), the transfer is governed by instruments provided for in Chapter V of the GDPR (adequacy decision, Standard Contractual Clauses, or other appropriate safeguards). You may request a copy of relevant safeguards from the controller.

7. Retention periods

Data from contact and diagnostic requests is retained:

• Prospects: for the time needed to process the request, then up to three (3) years from the last contact from you or the publisher for B2B prospecting, unless you object or a different legal retention obligation applies;
• Clients: for the duration of the contract plus applicable limitation and accounting periods;
• Technical logs: short, proportionate periods (often from a few days to a few weeks depending on configuration), unless anonymised retention or a legal obligation applies.

After these periods, data is deleted or anonymised where anonymisation is possible.

8. Security

Appropriate technical and organisational measures are implemented given the state of the art, implementation costs and the nature of the data: secure connection (HTTPS when correctly deployed), limited access to mailboxes and alert channels, passwords and access secrets not exposed in public source code, reasonable component updates.

9. Cookies and trackers

The website aims to limit cookies to what is strictly necessary for operation (e.g. session preferences or equivalent technical storage). Third-party cookies or trackers may be placed by the form provider when submitting or redirecting — refer to that provider’s documentation. No targeted advertising or invasive audience measurement is used on this information page without contrary notice and an appropriate consent mechanism.

10. Your rights

Under the GDPR, you have the following rights, subject to conditions and limits provided by law:

• Right of access and rectification of inaccurate data;
• Right to erasure (“right to be forgotten”), right to restriction of processing;
• Right to object to processing based on legitimate interest, including for prospecting;
• Right to data portability where processing is automated and based on consent or contract;
• Right to define post-mortem instructions regarding your data (French framework).

To exercise your rights, send a request to the same email address as for the data controller (section 1), stating your identity and, where appropriate, reasonable proof of identity.

You may also lodge a complaint with the competent supervisory authority: in France, the CNIL (www.cnil.fr).

11. Changes to this policy

This policy may be updated to reflect changes to the website, tools used or legal obligations. The “last updated” date at the top is then revised. In case of material change, notice may be displayed on the website or at your next contact.