Privacy Policy
Altrium Consulting places great importance on the protection of your privacy and personal data. This policy explains how we collect, use and protect your information in compliance with the EU General Data Protection Regulation (GDPR) and the French Data Protection Act.
1. Data controller
Altrium Consulting — represented by Sophia Hammiche, Founder & CEO.
E-mail: sophia@altrium-consulting.com
2. Data collected
We only collect data that you voluntarily provide via:
- Contact form: first name, last name, e-mail, company (optional), subject, message.
- Direct communications: e-mails you send to sophia@altrium-consulting.com.
We do not collect any data classified as sensitive under the GDPR (ethnic origin, political opinions, religion, health, etc.).
3. Purposes and legal bases
| Purpose | Legal basis | Retention period |
|---|---|---|
| Responding to your contact request | Consent (art. 6.1.a GDPR) | 3 years from last contact |
| Managing commercial and contractual relationships | Pre-contractual measures / contract (art. 6.1.b) | Duration of the relationship + 5 years |
| Legal and accounting obligations | Legal obligation (art. 6.1.c) | 10 years (accounting obligations) |
4. Recipients
Your data is intended exclusively for Altrium Consulting. It is neither sold, transferred nor rented to any third party.
It may be transmitted to our technical sub-processors, solely for the purposes of the service:
- Cloudflare, Inc. (website hosting and contact form processing — USA, with appropriate contractual safeguards).
- Google Workspace (Google Ireland Limited) (professional mailbox sophia@altrium-consulting.com and transmission of the contact form via SMTP).
5. Transfers outside the European Union
As some of our service providers are located in the United States, a transfer of data outside the EU may take place. Such transfers are framed by the Standard Contractual Clauses of the European Commission and/or the EU-US Data Privacy Framework, ensuring an adequate level of protection.
6. Your rights
Under the GDPR, you have the following rights regarding your data:
- Right of access: obtain a copy of the data we hold about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”).
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing.
- Right to withdraw your consent at any time.
- Right to define post-mortem directives regarding your data.
To exercise these rights, write to us at: sophia@altrium-consulting.com. We will respond within a maximum of one month.
If you believe that the processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.
7. Cookies
The altrium-consulting.com website does not use any tracking, analytics or advertising cookies. Only strictly technical cookies required for the site's operation may be set by our host (Cloudflare) for security purposes (anti-bot, anti-DDoS protection). These cookies do not require your consent.
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction: encryption of exchanges (HTTPS/TLS), restricted access, regular backups, GDPR-compliant providers.
9. Changes
This policy may be updated from time to time to reflect legal, technical or organisational changes. The date of the last update is shown at the top of this page.
10. Contact
For any question relating to the protection of your data: sophia@altrium-consulting.com.