Privacy Policy

Last updated: 09/02/2026

1) Who we are

The data controller is Oletros, a company registered in France, with its registered office at 149 Avenue du Maine, 75014 PARIS (“we”, “us”, “our”).
Website: https://oletros.io/

Contact:

• Email: privacy@oletros.io
• Address: 149 Avenue du Maine, 75014 PARIS

2) Personal data we collect

Depending on how you interact with us, we may collect:

• Identification and contact data: first name, last name, email, phone number, company, job title.
• Communications data: content of messages sent via forms, email, chat, support requests.
• Technical data: IP address, logs, technical identifiers, browser, operating system, pages viewed, referrer, timestamps.
• Recruitment data (if applicable): CV/resume, cover letter, professional information.
• Business relationship data: exchanges, proposals, contracts, invoicing (where applicable).

We do not request “special category” data (as defined by the GDPR) unless exceptionally necessary and subject to specific safeguards.

3) Purposes of processing

We process your personal data in particular to:

1. Respond to your requests (contact, demo, information, quotes).
2. Manage the business relationship (B2B outreach, meetings, proposals, contracts).
3. Operate and secure the website (fraud prevention, incident handling, logging).
4. Measure and improve website usage (audience analytics, performance, UX) — subject to your consent choices where required.
5. Recruitment (if applicable).
6. Comply with legal obligations (accounting, tax, handling GDPR requests).

4) Legal bases (GDPR)

Depending on the situation, processing is based on:

• Your consent (e.g., non-essential cookies, newsletter where applicable),
• Our legitimate interests (e.g., responding to requests, securing the website, reasonable B2B prospecting),
• Performance of a contract or pre-contractual measures (e.g., quotes, customer relationship),
• A legal obligation (e.g., statutory retention requirements).

5) Cookies and trackers

We may use cookies/trackers:

• Strictly necessary (operation, security): exempt from consent requirements.
• Analytics / personalization / marketing (if used): subject to consent where required.

6) Recipients and processors

Your data may be accessible:

• To our authorized teams,
• To our service providers (hosting, email, CRM, analytics, support, security) acting as processors,
• To public authorities where required by law.

Service provider: OVH

7) Retention periods

We retain data only for as long as necessary:

• Contact requests: generally 12 to 24 months after the last exchange,
• B2B prospects: up to 3 years after the last active contact,
• Customers/contracts: contract term + statutory retention (e.g., accounting records 6 to 10 years depending on document type),
• Technical logs: 6 to 12 months (unless security needs require more),
• Recruitment applications: 2 years maximum after the last contact (unless otherwise agreed).

8) Security

We implement appropriate technical and organizational measures (access controls, encryption where relevant, logging, backups, segmentation, internal policies). No measure is infallible; zero risk does not exist.

9) Your rights

Under the GDPR, you have the following rights:

• Access, rectification, erasure,
• Restriction and objection (in particular to direct marketing),
• Data portability (in certain cases),
• Withdrawal of consent at any time where processing is based on consent,
• Post-mortem instructions (French law, subject to conditions).

To exercise your rights: privacy@oletros.io.
We may request proof of identity in case of reasonable doubt.

10) Complaints to the CNIL

You may lodge a complaint with the CNIL (French Data Protection Authority).

11) Changes

We may update this policy from time to time. The “Last updated” date reflects the current version.