logo GEC conseil

CONFIDENTIALITY POLICY (GDPR / FRENCH DATA PROTECTION ACT)

Last updated: [18/12/2025]

1 I PURPOSE

This confidentiality policy informs users of the https://emc2-conseils.com/ site of the conditions under which GEC collects and processes their personal data, in accordance with the GDPR (obligation to provide information, in particular art. 13) and the French Data Protection Act.

 

2 I Data controller

The data controller is:

GEC, a French single-member limited liability company (SASU) with a share capital of €5,000, whose registered office is located in Paris (75015).

Registered with the Paris Trade and Companies Registry under number 829 550 441

VAT number: FR32829550441 Telephone: +33 (0)6 60 70 23 36

Email (contact): gec@emc2-conseils.com

 

3 I DPO (Data Protection Officer)

GEC has not appointed a DPO.

All requests can be addressed to the “personal data” contact above.

 

4 I Categories of data processed

Depending on the use of the site, GEC may process:

4.1 Data provided by the user:

  • Identity and contact details (surname, first name, company, job title, professional email, telephone number);
  • Message content (subject, request, information provided);
  • Attachments sent voluntarily (e.g. application document, technical elements, etc.).

4.2 Technical data:

  • Browsing and usage data (pages viewed, time stamps);
  • IP address, technical identifiers, logs required for security;
  • Cookies and tracers (see section 12).
  •  

5 I Purpose and legal basis

The site is used for the following purposes:

5.1 Management of contact/information requests:

  • Purpose: to process and respond to requests sent via form, email or telephone.
  • Legal basis: GEC’s legitimate interest in responding to requests and managing its professional relations, and/or pre-contractual measures when the request concerns a service.

5.2 B2B sales relationship management (prospects/partners):

  • Purpose: discussions, drawing up proposals, follow-up, professional follow-ups.
  • Legal basis: legitimate interest and/or pre-contractual measures.

B2B email prospecting: in the event of email prospecting to business addresses, GEC ensures that recipients are informed and can easily object (unsubscribe link/equivalent mechanism).

5.3 Recruitment (if dedicated section):

  • Purpose: receiving and processing applications, organising interviews.
  • Legal basis: pre-contractual measures / legitimate interest in recruiting.

5.4 Site security and incident prevention:

  • Purpose: ensuring security, preventing intrusions, detecting abnormal behaviour, managing incidents.
  • Legal basis: legitimate interest.

5.5 Audience measurement / operation (cookies):

  • Purpose: audience measurement, site improvement, possibly personalisation according to parameter settings.
  • Legal basis: consent when required (see § 12).
 

6 I Mandatory nature of data

Unless otherwise stated on the form, the data marked as mandatory are required for:

  • processing the contact request, or
  • processing an application, or
  • ensuring the operation/safety of the site.

Otherwise, GEC may be unable to process the request.

 

7 I Data recipients

Data can be accessed within the limits of their remit by:

  • authorised GEC staff (management, relevant teams);
  • technical service providers working for GEC (host, maintenance, security, emailing/CRM tools, audience measurement), acting as subcontractors within the meaning of the GDPR, on GEC’s instructions.
 

8 I Transfers outside the European Union

GEC prefers solutions located in the EU/EEA. If a tool or service provider involves a transfer outside the EU/EEA, this will be governed by the mechanisms of the GDPR (adequacy decision, standard contractual clauses, additional measures if necessary).

 

9 I Retention period

GEC retains data only for as long as is necessary for the purposes for which it is to be used, and then deletes or archives it in the interim when justified by an administrative/legal interest.

9.1      Contacts / requests via the website:

  • Duration of processing + storage in active database for a maximum of [12 to 36 months] from the last useful exchange, except in the case of an obligation/necessity linked to a legal dispute.

9.2     B2B prospects (non-customers):

  • Maximum retention of 3 years from the last contact from the prospect (e.g. request, click on a link in an email), then deletion/archiving as necessary.

9.3     Commercial / pre-contractual / contractual files:

  • Duration of the relationship + archiving for evidential/contentious purposes in accordance with applicable time limits (in particular the 5-year commercial statute of limitations).

9.4     Accounting/invoicing documents (if applicable via exchanges):

  • Retention of accounting and supporting documents: 10 years.

9.5     Recruitment:

  • Unsuccessful candidates: 2 years after the last contact, subject to information and (where applicable) agreement for retention in a pool; early deletion on request.

9.6     Logs / security traces:

  • Retention over a rolling period generally of between 6 months and 1 year (except in the case of a legal obligation or justified need linked to an incident or dispute).
 

10 I Safety

GEC implements appropriate technical and organisational measures to guarantee a level of security appropriate to the risks (access controls, management of authorisations, back-ups, logging, security of workstations and exchanges, etc.). Given the Defence/Energy sectors, GEC maintains a high level of vigilance, without publicly detailing its security measures.

 

11 I Your rights

You have the following rights: access, rectification, deletion, limitation, opposition and, where applicable, portability. You may also withdraw your consent at any time where it forms the basis for processing.

Exercising you rights:

GEC may request proof of identity in the event of reasonable doubt. You may lodge a complaint with the CNIL.

 

12 I Cookies / trackers

12.1      Principles:

On your first visit, a banner will inform you of the use of cookies/trackers and allow you to express your choices. Your consent is required for any tracking that is not strictly necessary.

12.2      Refusing is as easily as accepting:

The consent mechanism makes it as easy to refuse as to accept cookies (e.g. “Refuse all” button at the same level as “Accept all” or equivalent mechanism).

12.3      Duration and list of cookies:

The list of cookies (publisher, purpose, duration) can be accessed via [cookie preferences centre].

The retention period of choices (consent/refusal) and cookies is set in accordance with applicable requirements.

 

13 I No automated decision

Unless otherwise stated, GEC does not make any fully automated decisions that have legal effect on you within the meaning of the GDPR (nor does it carry out any such profiling).

 

14 I Update

This policy may be amended to take account of legal, regulatory or technical developments. The date of the update is given at the top of the document.