Privacy Policy

1. Data Controller

1. The website https://e-sensia.com/fr/
(“Site”) is operated by E.C.H.O. (hereinafter, “E-SENSIA”), whose registered office is located at 5 rue de Latran, 75005 Paris.

2. When accessing, browsing, and using the Site, you may provide E-SENSIA with personal data concerning you.

3. In this regard, E-SENSIA, as the data controller, is committed to ensuring that the collection and processing of these personal data comply with the General Data Protection Regulation 2016/679 (“GDPR”) and the amended French Data Protection Act of January 6, 1978 (“LIL”).

4. We kindly ask you to read this policy, which aims to gather clear, simple, and precise information about E-SENSIA’s data processing activities in a single document, so you can understand what personal data is collected, how it is used, and your rights regarding this data.

5. This policy applies to all users of the Site.

2. Data Protection Officer

6. We inform you that we have appointed a Data Protection Officer (“DPO”), whose contact details are as follows:

Email: dpo@e-sensia.com

7. The DPO is responsible, in particular, for advising, informing, and monitoring compliance with data protection regulations.

3. Guiding Principles of Data Processing

3.1 Transparency

8. In the interest of transparency, we make sure to inform you about the data processing activities that concern you.

3.2 Purpose and Lawfulness

9. When we process data, we do so for specific purposes: each data processing activity serves a legitimate, determined, and explicit purpose, and is based on a legal ground (see table below).

3.3 Proportionality and Minimization

10. For each data processing activity, we commit to collecting and using only data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

3.4 Accuracy

11. We ensure that data is kept up to date when necessary and implement procedures to delete or rectify inaccurate data.

4. Processing of Personal Data

12. For the processing activities listed below, the purposes, types of data, legal bases, and retention periods are as follows:

No.	WHY IS YOUR PERSONAL DATA USED?	WHAT PERSONAL DATA IS USED?	LEGAL BASIS	YOUR RIGHTS	RETENTION PERIOD
1	Contact Form	Last name, first name, job title, company name, email, phone number.	User consent	Access, Rectification, Restriction, Erasure, Portability, Withdrawal of consent	Active database: 3 years after the last contact. Intermediate archiving: 5 years.
2	Technical Cookies (non-consent based)	Connection data	Legitimate interest of E-SENSIA	Access, Rectification, Erasure, Restriction, Objection	Active database: 1 year. Intermediate archiving: none.
3	Marketing Cookies (consent-based)	Browsing data, IP address	User consent	Access, Rectification, Restriction, Erasure, Portability, Withdrawal of consent	Active database: 1 year. Intermediate archiving: none.
4	Management of data subject requests	Last name, first name, email	Legal obligation of E-SENSIA	Access, Rectification, Restriction	3 years from the response to the request.
5	Pre-litigation or litigation management	Data related to the dispute or litigation	Legitimate interest of E-SENSIA	Access, Rectification, Erasure, Restriction, Objection	Until amicable settlement or, failing that, until the statute of limitations for legal action.
6	Security and fraud prevention	Identification data (gender, name, DOB), contact info (email, phone), connection data (IP).	Legitimate interest of E-SENSIA	Access, Rectification, Erasure, Restriction, Objection	1 year from the last entry, then deleted.

13. Some of this data is mandatory, while other data is optional. Whether personal data is required or optional is indicated at the time of collection. For example, when contacting E-SENSIA via the Site, if you refuse to provide the required data, E-SENSIA will not be able to respond to your contact request.

5. Recipients of Data

14. To achieve the purposes described above and within the limits necessary for those purposes, the data collected by E-SENSIA may be shared with all or some of the following recipients:

Internal	External
Authorized E-SENSIA personnel: Management Employees Data Protection Officer (“DPO”) Administrative or technical staff Subject to a confidentiality obligation, and only within the scope of their duties.	E-SENSIA’s technical service providers subject to confidentiality (hosting providers, maintenance, etc.). Administrative or judicial authorities, where applicable (only in the event of an express and reasoned request on their part in case of a proven breach of legal or regulatory provisions).

Internal

External

Authorized E-SENSIA personnel:

Management
Employees
Data Protection Officer (“DPO”)
Administrative or technical staff

Subject to a confidentiality obligation, and only within the scope of their duties.

E-SENSIA’s technical service providers subject to confidentiality (hosting providers, maintenance, etc.).
Administrative or judicial authorities, where applicable (only in the event of an express and reasoned request on their part in case of a proven breach of legal or regulatory provisions).

6. Subcontractors

15. E-SENSIA selects subcontractors or service providers that offer guarantees in terms of quality, security, reliability, and resources to implement technical and organizational measures, including data security measures. Subcontractors and service providers undertake to maintain confidentiality standards at least equivalent to those of E-SENSIA.

16. Contracts between E-SENSIA and its personal data subcontractors are implemented in accordance with the company’s subcontracting policy, as defined in agreement with its DPO.

17. Personal data entrusted to our subcontractors is processed in accordance with the European Commission’s Standard Contractual Clauses (“SCCs”) included in the subcontracting agreements, and in compliance with Article 28 of the GDPR.

18. E-SENSIA has the right to audit the compliance of its subcontractors, in accordance with its subcontractor audit procedure.

7. Your Rights Regarding Your Data

7.1 Overview of Your Rights

19. We are particularly committed to respecting the rights granted to you under the personal data processing activities we carry out, to ensure fair and transparent processing given the specific circumstances and context in which your personal data is processed.

20. Depending on the legal basis for processing, you have the following rights regarding the protection of your personal data: the right to be informed, access, rectify, erase, restrict, object, data portability, withdraw consent, lodge a complaint, and define post-mortem instructions. The conditions for exercising these rights are detailed below.

7.1.1 Right of Access

21. You have the right to obtain confirmation of whether your personal data is being processed and, if so, to request a copy of your data and certain information about how it is processed.

7.1.2 Right to Rectification

22. You have the right to request that your personal data be corrected or completed if it is inaccurate, incomplete, ambiguous, or outdated.

7.1.3 Right to Erasure

23. You can request the erasure of your personal data in the cases provided for by law and regulation, unless it is necessary to comply with E-SENSIA’s legal obligations, or to establish or exercise your rights.

7.1.4 Right to Restrict Processing

24. You may request the deletion of your personal data in cases provided by law and regulations, unless the data is necessary to comply with E-SENSIA’s legal obligations, or to assert or exercise your rights.

7.1.5 Right to Object

25. You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on the legitimate interests pursued by the data controller.

26. If you exercise this right to object, we will stop processing your personal data for the concerned processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

7.1.6 Right to Data Portability

27. You have the right to data portability. Please note that this is not a general right; not all data from all processing activities are portable. This right only applies to automated processing and excludes manual or paper-based processing.

28. This right is also limited to processing activities whose legal basis is your consent or the performance of pre-contractual or contractual measures.

7.1.7 Right to Lodge a Complaint

29. You have the right to lodge a complaint with the French Data Protection Authority (CNIL, 3 place de Fontenoy, 75007 Paris) on French territory, without prejudice to any other administrative or judicial remedies.

7.1.8 Right to Define Post-Mortem Instructions

30. You may provide specific instructions regarding the retention, deletion, and disclosure of your personal data after your death, to be managed by our services according to the modalities defined below.

31. These instructions will only apply to the processing activities we carry out and will be limited to that scope.

7.2 How to Exercise Your Rights

32. All of the above rights can be exercised by contacting us at:

Email: contact@e-sensia.fr

8. Data Security

33. E-SENSIA takes into account the nature of personal data and the risks associated with processing to implement appropriate technical, physical, and organizational measures to ensure the security and confidentiality of personal data, and to prevent unauthorized access, alteration, or damage.

34. E-SENSIA also ensures that its staff and any other persons involved in processing your personal data comply with internal rules and procedures, including technical and organizational security measures implemented to protect personal data.

35. In accordance with applicable regulations, your health data is hosted by a certified Health Data Hosting (HDS) provider, ensuring a high level of protection and security.

36. In the event of a personal data breach, E-SENSIA will inform you and the competent data protection authority if the conditions required by data protection regulations are met.

9. Cross-Border Data Transfers

37. The different categories of data collected and processed on this Site cannot be transferred to providers located outside the European Union.

10. Third-Party Websites

38. Links on the Site may direct you to external websites. Please note that the privacy policies of these sites may differ from this policy. It is recommended to review the privacy policy of each external site. In any case, E-SENSIA cannot be held responsible if content on one of these sites violates applicable laws and regulations.

11. Updates to This Policy

39. This policy may evolve depending on legal and regulatory changes and CNIL guidelines. Therefore, we recommend consulting this policy each time you access the Site.

12. Effective Date

40. This policy comes into effect on the date it is published online. The same applies to any modifications made to it.

No.	VERSION	FULL NAME	DESCRIPTION	DATE
1	1.1	Cédric Thoma	Initial revision	12 Feb. 2026