This policy describes how CanaarIA collects, uses and protects your personal data in strict compliance with GDPR EU (Regulation 2016/679). Privacy by Design is our founding principle.
Data collected
We only collect the data we need:
- Contact data you provide via the form (name, email, message)
- Technical data essential to site operation (anonymized server logs)
No third-party trackers (Google Analytics, Facebook Pixel, etc.) without your explicit consent.
Purposes
- Reach back to you after your request
- Improve the quality of our service
- Meet our legal obligations
Security
Your data is encrypted in transit (modern TLS) and at rest (AES-256). Passwords are hashed with Argon2id. Access is protected by strict RBAC and audit logs.
Retention
Contact data: 3 years from last exchange, unless deletion is requested.
Server logs: 12 months maximum.
Your rights
Under GDPR, you have the following rights:
- Access to your data
- Rectification of your data
- Erasure (right to be forgotten)
- Restriction of processing
- Portability of your data
- Objection to processing
To exercise these rights: contact us via the contact form. We respond within 30 days maximum.
Complaint
If you believe your rights are not respected, you can lodge a complaint with the CNIL (France) or the data-protection authority of your country of residence.