Privacy policy

1. Identity of the Data Controller

The Data Controller responsible for the processing of your personal data is:

Indigen Solutions SAS
29 rue Pastorelli
06000 Nice, France
Registration No.: 450 228 143 (RCS Nice)
Email: contact@indigen.com

Our Data Protection Officer (DPO) can be reached at:
Email: dp@indigen.com

2. Categories of Personal Data Collected

• Identification Data: first name, last name, title, company, role.
• Contact Data: email address, postal address.
• Professional Data: employer, contractual and billing information.
• Account Data: login details, preferences, account settings.
• Technical Data: IP address, browser type, device identifiers, cookies.
• Usage Data: activity on our website/platform, log files.
• Financial Data: invoices, payment details (where applicable).

We do not intentionally collect sensitive data (Article 9 GDPR) unless strictly necessary and with explicit consent.

3. Purposes and Legal Bases of Processing

Purpose	Legal Basis
Provision of services, account management	Performance of a contract (Art. 6(1)(b) GDPR)
Customer support and communication	Contract or legitimate interest (Art. 6(1)(b), (f))
Marketing and newsletters	Consent (Art. 6(1)(a))
Analytics and website improvements	Legitimate interest (Art. 6(1)(f))
Legal, tax, and compliance obligations	Legal obligation (Art. 6(1)(c))
Security and fraud prevention	Legitimate interest (Art. 6(1)(f))

4. Recipients of Personal Data

• Internal staff duly authorized to process data.
• Service providers and subcontractors (IT hosting, email service, payment processors).
• Legal or regulatory authorities when required by law.
• Business partners (with your prior consent, if applicable).

We never sell your personal data.

5. International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards in accordance with Articles 44–49 GDPR, such as:

• Adequacy decisions by the European Commission,
• Standard Contractual Clauses (SCCs),
• Binding Corporate Rules (BCRs).

6. Retention Periods

• Client data: duration of the contract plus 5 years.
• Marketing data: until consent withdrawal or after 3 years of inactivity.
• Technical logs: typically up to 12 months.

After these periods, data is securely deleted or anonymized.

7. Your Rights under GDPR

You have the following rights regarding your personal data:

• Right of Access – obtain a copy of your personal data.
• Right to Rectification – request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”).
• Right to Restrict Processing.
• Right to Data Portability.
• Right to Object – including direct marketing.
• Right to Withdraw Consent.
• Right to Lodge a Complaint with the CNIL.

To exercise your rights, please contact us at: dp@indigen.com

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

• Essential cookies – necessary for the functioning of the site.
• Analytics cookies – to improve performance and user experience.
• Marketing cookies – subject to your consent.

You can manage cookie preferences via your browser settings or our cookie banner. See our Cookie Policy for details.

9. Security of Your Data

We implement appropriate technical and organizational measures, including encryption, access control, monitoring, and incident response procedures.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with the updated date. If changes are material, we will notify you by email or through our platform.

11. Contact

Indigen Solutions SAS – Data Protection
29 rue Pastorelli, 06000 Nice, France
Email: dp@indigen.com

If you are unsatisfied with our response, you may lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés): www.cnil.fr