Privacy Policy

CyberMind Consulting — 8 Rue de Berri, 75008 Paris, France

1. Introduction

CyberMind Consulting ("we", "us") protects your personal data on cybermindconsulting.com under GDPR and French data protection law (Loi Informatique et Libertés).

2. Data Controller

CyberMind Consulting, 8 Rue de Berri, 75008 Paris, France. Contact: engage@cybermindconsulting.com. We respond within 30 days per GDPR Art. 12.

3. Data We Collect

Contact information: name, email, phone, country, company, project brief when you submit forms or purchase services. Required for service delivery and communication.

Engagement materials: financial data, strategic documents, operational reports shared during consulting engagements. All materials treated as strictly confidential under NDA.

Payment data: processed by Stripe Inc. (PCI DSS Level 1). We never store card details.

Usage data: anonymised IP, browser, pages visited via Google Analytics.

4. Purpose

Deliver consulting services, process payments, communicate about engagements, improve our website, comply with French and EU legal requirements including tax and accounting obligations.

5. Legal Basis (GDPR Art. 6)

Contract (service delivery), legitimate interest (site improvement, relevant communications), consent (marketing — withdrawable), legal obligation (French tax law).

6. Sharing

Never sold. Shared only with: Stripe (payments), hosting provider, Google Analytics (anonymised). Disclosed to French authorities only when legally required.

7. Retention

Contact data: 3 years post-last interaction. Engagement materials: 2 years post-completion (or as agreed in NDA). Payment records: 10 years per French commercial law (Code de commerce, Art. L123-22). Analytics: anonymised after 26 months.

8. Your Rights

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21). Email engage@cybermindconsulting.com. Complaints to CNIL (3 Place de Fontenoy, 75334 Paris).

9. Security

TLS/SSL, 2FA on all systems, role-based access controls, encrypted backups in EU data centres, mandatory NDA for all team members, regular security audits. Client engagement materials stored in isolated, encrypted environments.

10. International Transfers

Data stored within the EEA. Where transfers outside the EEA occur (e.g. Stripe US), they are protected by EU Standard Contractual Clauses.

11. Cookies

See Cookie Policy.

12. Updates

Material changes communicated via email. Last updated: March 2026