Privacy Policy

ACS DATASOLUTIONS, mindful of individuals' rights, particularly with regard to automated processing and in a spirit of transparency with its customers, has implemented this policy covering all such processing, the purposes pursued by them and the means of action available to individuals so that they can best exercise their rights.

For any additional information on the protection of personal data, we invite you to visit the CNIL website: https://www.cnil.fr/

Article 1 - Data Controller Identity

1.1 Company Name

ACS DATASOLUTIONS SARL with a capital of €500

1.2 Registered Office

6 rue de Cambrai, 75019 PARIS, France

1.3 Registration

Paris Trade and Companies Register 882 731 375

1.7 Hosting

Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, United States — https://vercel.com

Article 2 - Legal Framework

This privacy policy is established in compliance with:

The General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016
The French Data Protection Act No. 78-17 of January 6, 1978, as amended
The ePrivacy Directive 2002/58/EC, as amended
The recommendations of the French Data Protection Authority (CNIL)

Article 3 - Definitions

3.1 Personal Data

Any information relating to an identified or identifiable natural person.

3.2 Processing

Any operation or set of operations performed or not using automated processes and applied to personal data.

3.3 Data Controller

The person who determines the purposes and means of processing.

3.4 Processor

The person who processes personal data on behalf of the data controller.

3.5 User

Any natural person using the website https://www.acs-powerdata.com

Article 4 - General Principles of Data Processing

In accordance with the GDPR, personal data are:

Processed lawfully, fairly and transparently (lawfulness, fairness, transparency)
Collected for specified, explicit and legitimate purposes (purpose limitation)
Adequate, relevant and limited to what is necessary (data minimization)
Accurate and, where necessary, kept up to date (accuracy)
Kept in a form which permits identification for no longer than necessary (storage limitation)
Processed in a manner that ensures appropriate security (integrity and confidentiality)

Article 5 - Personal Data Collected

5.1 Data Collected via Contact Form

When using the contact form on our website, we collect:

First and last name
Email address
Phone number (optional)
Message or inquiry

5.2 Data Collected via Google OAuth 2.0 (Administrator Area)

For administrator authentication, we collect via Google OAuth 2.0:

Google account email address
Full name
Profile picture

IMPORTANT: We do NOT collect any other data from your Google account. We do not access your emails, contacts, Drive files or any other personal information beyond what is explicitly listed above.

5.3 Browsing Data (Cookies)

During your browsing on the website, we automatically collect:

IP address
Browser type and version
Operating system
Pages visited and viewing duration
Connection date and time
Approximate geolocation data

Article 6 - Purposes of Processing and Legal Basis

6.1 Processing Contact Requests

Purpose: Respond to information and contact requests
Legal basis: Consent of the data subject (Article 6.1.a of GDPR)
Retention period: 3 years from last interaction

6.2 Administrator Authentication

Purpose: Authenticate and authorize access to the administrator dashboard
Legal basis: Legitimate interest of the data controller (Article 6.1.f of GDPR)
Retention period: Session token valid for a maximum of 30 days, automatically deleted upon expiration or logout

6.3 Audience Analysis and Website Improvement

Purpose: Analyze website usage, improve user experience and optimize performance
Legal basis: Consent of the data subject (Article 6.1.a of GDPR)
Retention period: 13 months for analytical cookies

6.4 Security and Fraud Prevention

Purpose: Ensure website security, prevent fraud attempts and cyberattacks
Legal basis: Legitimate interest of the data controller (Article 6.1.f of GDPR)
Retention period: 1 year from collection

Article 7 - Data Recipients

The personal data collected is intended for:

ACS DATASOLUTIONS and its authorized employees
Technical service providers for website hosting and maintenance (Vercel Inc.)
Google LLC for OAuth authentication (administrators only)

Your personal data is NOT:

Sold or rented to third parties
Used for advertising, profiling or marketing purposes without your explicit consent
Shared with business partners without your prior authorization

Article 8 - Data Transfers Outside the European Union

Some of your data may be transferred to countries outside the European Union:

8.1 Hosting (Vercel Inc. - United States)

Transfer mechanism: Standard Contractual Clauses (SCCs) of the European Commission
Appropriate safeguards: Contractual commitment from Vercel Inc. in accordance with Article 46 of GDPR

8.2 Authentication (Google LLC - United States)

Transfer mechanism: EU-US Data Privacy Framework adequacy decision
Google LLC is certified under the EU-US Data Privacy Framework

These transfers are governed by appropriate safeguards in accordance with Articles 44 to 50 of the GDPR.

Article 9 - Security and Confidentiality

ACS DATASOLUTIONS implements all appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Article 32 of GDPR):

9.1 Technical Measures

Encryption of data in transit (HTTPS/TLS)
Secure authentication via Google OAuth 2.0
Encrypted JWT session tokens with HttpOnly and SameSite=Lax
Secure hosting with redundant infrastructure
Regular backups and business continuity plan

9.2 Organizational Measures

Limited data access based on need-to-know principle
Staff training on GDPR requirements
Security incident management procedures
Regular security audits

9.3 Data Breach Notification

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, ACS DATASOLUTIONS undertakes to:

Notify the CNIL within 72 hours of discovering the breach (Article 33 of GDPR)
Inform you as soon as possible if the breach presents a high risk to your rights (Article 34 of GDPR)

Article 10 - Data Retention Periods

Personal data is kept for a period not exceeding that necessary for the purposes for which it is processed:

Data Type	Purpose	Retention Period
Contact form	Request management	3 years
Google OAuth (Admin)	Authentication	30 days max (session)
Analytical cookies	Audience analysis	13 months
Security logs	Website security	1 year

At the end of these periods, the data is either deleted or archived with restricted access in accordance with legal retention obligations.

Article 11 - Your Rights Regarding Your Personal Data

11.1 Right of Access (Article 15 of GDPR)

You have the right to obtain confirmation as to whether data concerning you is being processed, and when it is, access to that data as well as information concerning the processing.

11.2 Right to Rectification (Article 16 of GDPR)

You have the right to obtain the rectification of inaccurate data concerning you and/or to complete incomplete data.

11.3 Right to Erasure (Article 17 of GDPR)

You have the right to obtain the erasure of your data as soon as possible, subject to legal retention obligations.

11.4 Right to Restriction of Processing (Article 18 of GDPR)

You have the right to obtain restriction of processing of your data in certain cases provided by regulation.

11.5 Right to Data Portability (Article 20 of GDPR)

You have the right to receive the data concerning you in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller.

11.6 Right to Object (Article 21 of GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of data based on the legitimate interest of the data controller.

11.7 Right to Withdraw Consent

When processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

11.8 Right to Define Post-Mortem Directives

You have the right to define directives relating to the retention, erasure and communication of your data after your death.

Article 12 - How to Exercise Your Rights

12.1 By Postal Mail

ACS DATASOLUTIONS — Attention: DPO — 6 rue de Cambrai, 75019 PARIS, France

12.2 By Email

contact@acs-dataformation.fr or achille.segnou@acs-dataformation.fr (DPO)

12.3 Required Information

Your first and last name
Your email address
The nature of your request (access, rectification, erasure, etc.)
A copy of proof of identity for verification (only if necessary)

12.4 Response Time

We undertake to respond to your request within 1 month of receipt. This period may be extended by 2 months due to the complexity and number of requests.

12.5 Free of Charge

Exercising your rights is free of charge. However, in the case of manifestly unfounded or excessive requests, we may require payment of reasonable fees or refuse to act on the request.

Article 13 - Right to Lodge a Complaint

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07, France
Phone: +33 1 53 73 22 22
Website: https://www.cnil.fr
Online form: https://www.cnil.fr/fr/plaintes

Article 14 - Cookie Management Policy

14.1 What is a Cookie?

A cookie is a small text file placed on your device (computer, tablet, smartphone) when visiting a website. It allows the website to remember information about your browsing.

14.2 Types of Cookies Used

14.2.1 Strictly Necessary Cookies

Purpose: Essential website operation and security
Examples: Session cookies, administrator authentication
Legal basis: Legitimate interest (no consent required)
Duration: Session or 30 days maximum

14.2.2 Analytical Cookies

Purpose: Audience measurement and website improvement
Examples: Traffic statistics
Legal basis: Prior consent required
Duration: 13 months maximum

14.3 Managing Your Cookie Preferences

You can at any time:

Accept or refuse cookies via our cookie management banner
Change your preferences in your browser settings
Delete cookies already stored on your device

Article 15 - Revoking Google OAuth Access

15.1 Log Out of the Dashboard

Click the "Logout" button in the administrator dashboard. This immediately invalidates your active session.

15.2 Revoke Access from Your Google Account

Access your Google account security settings:

Go to https://myaccount.google.com/security
Click on "Third-party apps with account access"
Search for "ACS PowerData" or our application
Click "Remove access"

15.3 Request Deletion of Your Data

Article 16 - Privacy Policy Modifications

ACS DATASOLUTIONS reserves the right to modify this privacy policy at any time, particularly to:

Comply with legislative and regulatory developments
Reflect changes in our data processing practices
Improve the transparency and clarity of our commitments

Any substantial modification will be brought to your attention by notification on our website and/or by email. The date of last update is indicated at the beginning of the document.

Article 17 - Contact and Questions

For any questions regarding this privacy policy or the processing of your personal data:

Email: contact@acs-dataformation.fr

Mail: ACS DATASOLUTIONS - 6 rue de Cambrai, 75019 PARIS, France

DPO: Achille Segnou Tadzong — achille.segnou@acs-dataformation.fr