Personal data & GDPR compliance

Last updated: 18 October 2025

1. Data controller

The personal data controller is Nexoris SAS, a simplified joint-stock company, with registered offices at 66, avenue des Champs-Élysées, 75008 Paris.

Contact email: privacy@nexoris.com
Legal representative: Olivier Le Coquil.

2. The data we collect

We only collect the data strictly necessary to manage our professional relationships and improve our services.

When you browse the site, we collect technical data such as your IP address (anonymized), browser type and session duration. This information is used solely to ensure site security and measure traffic.

When you fill out a form, we collect the information you choose to share: first name, last name, professional email, role, company name and message content. This data is necessary to respond to and follow up on your request.

Within a commercial relationship, we may keep information related to your contract, email exchanges, billing data or interaction history in our CRM tools (Pipedrive, Elay).

3. Purposes and legal basis of processing

Your data is processed for several reasons, depending on the case:

To respond to your requests submitted through site forms, on the basis of your consent.
To manage our client relationships and ensure proper delivery of our services, on a contractual basis or our legitimate interest.
To send you relevant professional communications in a B2B context, on the basis of our legitimate interest.
To measure and improve site performance, on the basis of your consent.

We do not sell, rent or share your data with third parties for commercial purposes.

4. Retention period

Data from contact forms is kept for three years from the last exchange.

Client data is kept for the duration of the contractual relationship, then archived for three years for administrative purposes.

Browsing data (cookies and logs) is kept for a maximum of thirteen months. Beyond that, it is deleted or anonymized.

5. Data recipients

Access to your data is strictly limited:

to Nexoris's internal team;
to our technical providers (Clever Cloud SAS, CRM, automation tool) operating under our control and within the European Union;
to our commercial partners when necessary to manage a project, always under contractual terms compliant with the GDPR.

No data is transferred outside the European Union without adequate safeguards.

6. Your rights

Under the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:

right to access your data,
right to rectification or deletion,
right to object to certain processing,
right to portability,
right to withdraw your consent at any time.

To exercise your rights, simply write to privacy@nexoris.com indicating your first name, last name and the subject of your request. We commit to respond within 30 days.

7. Security and confidentiality

Nexoris takes every measure to protect your data against loss, misuse, unauthorized access or disclosure. We use servers hosted in Europe, restricted access, encrypted backups and regularly updated security protocols. All our providers are selected for their GDPR compliance.

8. Policy changes

This policy may be amended at any time to reflect legal or technical changes. The last update date appears at the top of this page.

9. Right to lodge a complaint

If you believe your rights are not being respected, you may file a complaint with the CNIL (the French data protection authority): 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, or at www.cnil.fr.