Data & Transparency

Our Commitment to Your Digital Privacy

Name: Formaro
Address: 59 Boulevard du Montparnasse, 75006 Paris, France
Telephone: +33 1 43 20 48 48

We build structures meant to last. The same principle applies to your trust. This document outlines our strict protocols for handling personal data, from initial inquiry to project completion and beyond.

"Transparency is not a compliance checkbox. It's the foundation of a reliable partnership."

— Formaro Data Stewardship Principle

View Data Collection Practices Read Cookie Policy

Blueprint and digital device showing privacy controls

FIG. 1.0 // Physical & Digital Data Streams

Section 2

What We Collect, and Why

Formaro engages with clients, partners, and visitors through defined digital pathways. Each pathway has a specific purpose, and the data we collect is directly tied to that purpose. We do not collect data for its own sake.

Primary Contact & Project Inquiries

When you use our contact form or email us directly, we collect your name, email address, phone number, and any project details you provide. This data is processed to prepare a bid, schedule a site visit, or provide a consultation. The legal basis is your explicit consent when initiating contact.

Website Analytics & Security

We use anonymized analytics (via Matomo or similar, self-hosted) to understand visitor behavior and improve site performance. This includes IP addresses (anonymized), browser type, and page visit durations. We also log security events to protect our infrastructure. The legal basis is our legitimate interest in site security and operation.

We never sell your data. We never share it for marketing purposes. We never use it for purposes incompatible with the original reason for collection.

Key Definitions

Data Controller

Formaro determines the purpose and means of processing your data.

Lawful Basis

The legal reason for processing (consent, contract, legitimate interest).

Anonymized

Data stripped of identifiers, preventing re-identification of an individual.

Critical Constraint

For site security logs, IP retention is capped at 30 days unless required for an incident investigation. All analytics data is stored on servers in the European Union.

Your Rights

Control Over Your Information

Under the GDPR and French data protection law, you have specific rights regarding your personal data. We provide the tools to exercise them.

✓

Right of Access

Request a copy of all personal data we hold about you. We'll provide it in a structured, commonly used format within 30 days.

Right to Erasure

Request deletion of your data. Note: We may retain limited data to comply with legal obligations (e.g., invoicing records for 10 years).

↔

Right to Rectification

Correct inaccurate personal data. This is crucial for project documentation and communication accuracy.

🚫

Right to Object

Object to processing based on legitimate interests (e.g., direct marketing). We will honor this immediately.

⏸

Right to Restriction

Pause processing of your data (e.g., while verifying a correction). Data remains stored but is not actively used.

⚖️

Right to Portability

Receive your data in a machine-readable format (JSON) to transfer to another service provider.

Section 4

How to Exercise Your Rights

Prepare Your Request

Specify which right you wish to exercise. For verification, please provide details linked to your past interactions with Formaro (e.g., project address, correspondence dates).

Submit via Designated Channel

Send your request to our Data Protection Officer (DPO) using the secure contact details below. Avoid sending sensitive personal data in plain email.

Receive Acknowledgment

We will confirm receipt within 5 business days and provide a resolution timeline (typically 30 days for access requests).

Data Protection Officer

For privacy-specific inquiries, contact our designated officer.

Formaro DPO 59 Boulevard du Montparnasse 75006 Paris, France [email protected] Hours: Mon-Fri 9:00-18:00 CET

Alternatively, you may lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr

Technical Safeguards

Security & Third-Party Processors

🔒 Our Security Protocols

• Encryption: All data in transit is protected by TLS 1.3 (HTTPS). Data at rest for active projects is encrypted using AES-256.
• Access Control: Strict role-based access. Only project-specific personnel can view client data. All access is logged.
• Incident Response: We have a defined protocol for data breach notification, including informing the CNIL within 72 hours of discovery, as required by law.

🤝 Essential Service Providers

We share data with trusted processors under strict Data Processing Agreements (DPAs) compliant with EU standards.

Infrastructure

Servers (EU-based)

Email & Productivity

Secure cloud office suite

Analytics

Self-hosted, anonymized

Legal & Financial

Accounting, invoicing, legal counsel

Summary Contact Points

General Inquiries

[email protected]

Privacy & DPO

[email protected]

Phone

+33 1 43 20 48 48

Postal

59 Boulevard du Montparnasse
75006 Paris, France

Last Updated: 28 May 2026
Effective: 28 May 2026

This policy is a living document. We may update it to reflect changes in our practices or legal requirements. Continued use of our services constitutes acceptance of the latest version.