PrismaSecPrivacy
Privacy policy
GDPR policy for the PrismaSec public website (B2B prospecting and pre-contractual relationship).
Controller: PrismaSec Contact address: 5 rue Pierre Curie, 66000 Perpignan, France GDPR email: contact@prismasec.fr DPO: no DPO appointed as of the update date; the GDPR contact point is the address above.
PrismaSec applies minimization, proportionality, confidentiality, and security principles. Data is processed only for the purposes described below. No third-party advertising use or resale of data is performed.
| Processing | Purpose | Legal basis | Data | Mandatory / optional | Recipients | Transfers | Retention |
|---|---|---|---|---|---|---|---|
| Contact form (inbound request) | Respond to commercial or technical requests and manage pre-contractual follow-up. | Pre-contractual measures (GDPR art. 6.1.b) and B2B legitimate interest (GDPR art. 6.1.f). | First name, last name, professional email, company size, message, submission timestamp. | Required fields: first name, last name, email, company size, message. Anti-bot field: optional. | Authorized PrismaSec team and SMTP provider for delivery. | No voluntary transfer outside the EU according to declared configuration. | 24 months after the last active exchange, then deletion or anonymization. |
| Anti-spam controls and rate limiting | Protect the contact API from automated abuse and saturation attacks. | Legitimate interest for operational security (GDPR art. 6.1.f). | IP address, submitted email, fill time, anti-bot indicators. | Required to validate and secure submission. | PrismaSec application processing only. | No voluntary transfer outside the EU according to declared configuration. | Sliding in-memory 10-minute window, without application persistence. |
| First-party audience and interaction measurement | Measure CTA and form usage to steer commercial effectiveness of the site. | B2B legitimate interest (GDPR art. 6.1.f), with non-advertising first-party trackers. | First-party technical identifiers, URL/page, referrer, CTA/form events, UTM attribution. | Enabled by default for operational first-party measurement. | Authorized PrismaSec team and technical infrastructure logs. | No voluntary transfer outside the EU according to declared configuration. | 30 days for attribution; logs according to infrastructure rotation policy. |
You have rights of access, rectification, erasure, restriction, objection, and, where applicable, portability. You can exercise your rights via contact@prismasec.fr. If disagreement persists, you may contact the CNIL (www.cnil.fr).
The site does not include third-party advertising trackers or external marketing pixels. PrismaSec only uses first-party audience measurement limited to product interactions to improve the contact journey.
PrismaSec applies technical and organizational measures adapted to risk. This policy is reviewed whenever processing or subprocessors materially change.
Last updated : May 1, 2026
For any request related to privacy and GDPR rights, use the dedicated contact address or the contact form.
Open the contact form