Personal Data Protection Policy.

This Policy describes how personal data collected through the website www.sealison.com (hereinafter the “Site”) is processed, in accordance with Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and French Act No. 78-17 of 6 January 1978, as amended (the “French Data Protection Act”).

The Site is currently in a pre-launch phase. Its sole purpose is to present the technical solution under development and to allow interested persons to register their interest with a view to a future commercial launch. No service is being marketed at this stage.

This Policy may be updated when the solution is made commercially available. Any substantial change will be brought to the attention of data subjects.

The data controller is:

Mr Jean Deschodt, acting in his capacity as founder of Sealison (in the process of being incorporated), with elected domicile at the address of his legal counsel Darkanian & Pfirsch Avocats: 85 boulevard Malesherbes, 75008 Paris, France.

Contact: [email protected]

Upon registration of Sealison, the data controller will become Sealison [legal form], and this Policy will be updated accordingly.

No Data Protection Officer (DPO) has been appointed at this stage, as the appointment is not mandatory under Article 37 of the GDPR given the current scope of processing activities. Any question relating to data protection may be sent to the contact address above.

The processing activities carried out in connection with the Site are as follows:

3.1. Management of contact requests and the interest list for the commercial launch

• Data collected: first name, last name, professional email address, organisation name, job title, and the content of any free-text message.
• Purpose: to respond to enquiries from persons interested in the solution and to keep them informed of the progress of the project and of the commercial launch.
• Legal basis: the legitimate interest of the data controller in developing its business and responding to inbound enquiries (Article 6.1.f of the GDPR), in the context of strictly B2B communications proportionate to the expectations expressed by the data subject.
• Retention period: three (3) years from the last active contact with the data subject, in line with the recommendation of the French Data Protection Authority (CNIL) regarding B2B prospecting.

3.2. Site audience measurement

No audience measurement tool is currently deployed during the pre-launch phase. This Policy will be updated if such a tool is added.

3.3. Technical hosting logs

• Data collected: IP address, timestamp, server requests.
• Purpose: Site security, incident detection and abuse prevention.
• Legal basis: legitimate interest (Article 6.1.f of the GDPR) and legal obligation of security (Article 32 of the GDPR).
• Retention period: six (6) months.

The data collected is intended exclusively for the data controller. It is not sold, leased or transferred to third parties for commercial purposes.

The data may be processed by the following processors, acting on the documented instructions of the data controller and providing the safeguards set out in Article 28 of the GDPR:

• Hetzner Online GmbH — Industriestr. 25, 91710 Gunzenhausen, Germany — Server hosting — Data processed within the EU.
• Cloudflare, Inc. — 101 Townsend Street, San Francisco, CA 94107, USA — Content delivery network, DNS, and email routing — Transfers outside the EU governed by Standard Contractual Clauses (European Commission Decision 2021/914).

Data processed by Hetzner Online GmbH remains within the European Economic Area (Germany).

Data processed by Cloudflare, Inc. may transit through edge servers located outside the European Union. Such transfers are governed by the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and by appropriate safeguard mechanisms within the meaning of Chapter V of the GDPR.

Should any additional transfer outside the EU become necessary in the future, this Policy will be updated accordingly.

The data controller implements appropriate technical and organisational measures to ensure a level of security commensurate with the risk, in accordance with Article 32 of the GDPR, including: encryption of communications (TLS), segregation of environments, strict management of access rights, access logging, regular encrypted backups, and hosting in an ISO 27001-certified data centre.

In accordance with Articles 15 to 22 of the GDPR, every data subject has the following rights: right of access, right to rectification, right to erasure, right to restriction of processing, right to object, right to data portability, and the right to give instructions regarding the fate of their data after their death.

These rights may be exercised at any time by writing to [email protected], providing proof of identity in case of reasonable doubt.

A response will be provided within the one-month period set out in Article 12.3 of the GDPR, which may be extended by two months for complex requests.

Every data subject also has the right to lodge a complaint with the French Data Protection Authority (Commission nationale de l’informatique et des libertés — CNIL), 3 place de Fontenoy, 75007 Paris, France, www.cnil.fr.

The Site does not use advertising cookies, analytics cookies, or third-party trackers for profiling purposes.

Only essential localStorage is used to remember the visitor’s theme preference (dark or light mode). This information is stored locally in the visitor’s browser, does not contain personal data, and is not transmitted to any server.

This Policy may be updated, in particular upon the commercial launch of the solution. The date of the last update appears at the top of this document. Persons registered on the interest list will be informed by email of any substantial change.

This Privacy Policy is provided in English for convenience. As the controller is currently established in France, the French version is the reference version in case of discrepancy. Data subjects may contact us in English or French at [email protected].