Privacy Policy
How Torsido Technologies collects, uses, and protects your personal data under GDPR.
Data Controller Identity
The data controller responsible for the personal data processed in connection with your use of our website and services is:
Registered office: Île-de-France, Lagny-sur-Marne, France
Company registration: [SIRET / RCS Paris]
Data Protection contact: privacy@torsido.com
Where Torsido processes personal data on behalf of its clients in the course of delivering web development services (for example, when building client-owned platforms), Torsido acts as a data processor under the relevant client's instructions. The applicable Data Processing Agreement ("DPA") governs such processing.
Data We Collect
We collect only the personal data that is strictly necessary for the purposes described in this Policy. The categories of data we may collect include:
| Category | Examples | Collection Method |
|---|---|---|
| Identity Data | First name, last name, job title, company name | Contact forms, project briefs, contracts |
| Contact Data | Email address, phone number, postal address | Forms, email correspondence, contracts |
| Technical Data | IP address, browser type, device identifiers, operating system | Automatically via website analytics |
| Usage Data | Pages visited, time on site, referral source, click paths | Analytics cookies (with consent) |
| Communication Data | Email content, meeting notes, project correspondence | Direct communication with our team |
| Financial Data | Invoice records, payment status (not card details) | Invoicing and accounting systems |
We do not collect any special category personal data (such as health, biometric, or ethnicity data), nor do we knowingly collect data from individuals under 16 years of age.
Legal Basis for Processing
Under Article 6 of the GDPR, Torsido Technologies processes personal data on the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to enter into or perform a contract with you — including delivering project services, issuing invoices, and managing the client relationship
- Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests — including website security, service improvement, fraud prevention, and direct marketing to existing clients — where these interests are not overridden by your rights
- Consent (Art. 6(1)(a)): Where you have given us clear, specific, and freely given consent — particularly for analytics cookies, marketing communications, and newsletter subscriptions. You may withdraw consent at any time.
- Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with a legal obligation under EU or French law — including tax record retention and regulatory reporting
How We Use Your Data
We use the personal data we collect for the following purposes, each of which corresponds to a lawful basis described in Section 03:
- Responding to enquiries submitted via our website contact form or by email
- Delivering contracted web development, design, and technology services
- Issuing proposals, statements of work, invoices, and managing the client account lifecycle
- Sending service-related updates, project status communications, and operational notices
- Analysing website usage patterns (with consent) to improve the user experience of our website
- Sending marketing communications, newsletters, or service announcements to existing clients where consent exists or under legitimate interests provisions
- Complying with legal obligations under French and EU law
Data Sharing & Third-Party Transfers
Torsido Technologies does not sell, rent, or trade your personal data. We share data only where necessary and only with the following categories of trusted third-party processors:
- Cloud infrastructure providers (e.g., hosting, storage) under EU Standard Contractual Clauses where applicable
- Project management and communication tools — used internally to manage client projects and deliverables
- Accounting and invoicing platforms — for processing and recording financial transactions
- Analytics providers — only where consent has been obtained and providers are GDPR-compliant
- Legal or regulatory authorities — where required to comply with applicable law, court order, or regulatory obligation
All third-party processors are subject to data processing agreements incorporating appropriate GDPR safeguards. A full list of sub-processors is available to clients on request.
Data Retention
We retain personal data only for as long as is necessary for the purposes described in this Policy, or as required by applicable law. Our standard retention periods are:
| Data Category | Retention Period | Basis |
|---|---|---|
| Client contact & identity data | Duration of relationship + 3 years | Legitimate interests / limitation periods |
| Contract & project records | 5 years post-project completion | French commercial law (L.110-4) |
| Financial & invoicing records | 10 years | French accounting law obligation |
| Website analytics data | 13 months (CNIL standard) | CNIL recommendation / consent |
| Marketing opt-in records | Until withdrawal of consent + 3 years | Consent / CNIL guidance |
At the end of the applicable retention period, personal data is securely deleted or anonymised. You may request early deletion of your data by exercising your right to erasure (see Section 07).
Your Data Rights
Under the GDPR and French data protection law (Loi Informatique et Libertés), you have the following rights with respect to your personal data. We will respond to all verified requests within 30 calendar days:
To exercise any of these rights, please submit a written request to privacy@torsido.com with sufficient information to verify your identity. If you are dissatisfied with our response, you have the right to lodge a complaint with the French data protection authority, the CNIL at www.cnil.fr.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience, measure performance, and, where consent is given, to analyse traffic patterns. For full details on the specific cookies deployed, their purpose, and duration, please refer to our Cookie Management Policy.
We operate a consent-first model aligned with CNIL guidelines and the ePrivacy Directive: no analytics or marketing cookies are set before your explicit consent. You can update your cookie preferences at any time via the Cookie Preferences panel accessible in the footer of this site.
Data Security Measures
Torsido Technologies implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- End-to-end encryption for all data in transit (TLS 1.3) and encryption at rest for sensitive datasets
- Role-based access controls ensuring personal data is accessible only to authorised personnel on a need-to-know basis
- Regular security assessments, penetration testing, and vulnerability scanning of our infrastructure
- Comprehensive staff training on data protection obligations and information security practices
- Documented incident response and data breach notification procedures aligned with GDPR Article 33 requirements
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours of becoming aware, and will inform affected individuals without undue delay where required by law.
Contact & Data Protection Officer
For all privacy-related enquiries, data subject rights requests, or concerns regarding this Policy, please contact our designated privacy team. While Torsido Technologies is not legally required to appoint a formal Data Protection Officer (DPO), we have designated a Privacy Lead responsible for overseeing compliance with this Policy.
Privacy Contact
We are committed to responding to all privacy enquiries within 30 calendar days. For urgent matters, please mark your message as "URGENT — DATA RIGHTS REQUEST".