Privacy Policy

Last updated: 16/09/2025

Controller: Piko

Registered address: CHEMIN de Castaniere 84400 Apt FRANCE

Contact (privacy): piko.agence@gmail.com

Website: [https://your-domain.com]

Piko is the data controller of personal data processed via this Website. This Policy explains what we collect, why, on which lawful basis, how long we keep it, with whom we share it, and your rights under the EU/EEA GDPR.

If we process personal data on behalf of our clients (e.g., managing their pages or tools), we act as processor and a separate Data Processing Addendum (DPA) applies to that relationship.

1) Data we collect

1.1 Data you provide

• Contact / lead forms: name, business name, email, phone, message, project details.

• Account / client onboarding (if applicable): invoicing data (billing address, VAT), authorized user details.

• Support / communications: content of emails/chats, files you upload.

• Marketing preferences: newsletter opt-in status.

1.2 Data collected automatically

• Device & usage data: IP address, approximate location (by IP), browser/OS, pages viewed, referral source, timestamps, event logs.

• Cookies & similar technologies: see Cookie & Tracking below.

We do not knowingly collect special categories of data (e.g., health, beliefs) via this Website, and our services are not directed to children under 16.

2) Purposes & lawful bases (Art. 6 GDPR)

• Respond to inquiries / pre-contract steps: to answer your requests, provide quotes, schedule calls.

  Basis: performance of a contract or pre-contractual steps (Art. 6(1)(b)).

• Provide & administer services for clients: set up sites, manage content, invoicing.

  Basis: contract (Art. 6(1)(b)).

• Website operation, security, fraud prevention, diagnostics: ensure availability, protect against abuse.

  Basis: legitimate interests (Art. 6(1)(f)).

• Analytics & performance measurement (optional cookies): understand traffic and improve UX.

  Basis: consent (Art. 6(1)(a)).

• Direct B2B marketing (email) to your business contact details: share relevant service info; always with easy opt-out.

  Basis: legitimate interests (Art. 6(1)(f)), respecting e-privacy rules.

• Legal obligations: tax, accounting, compliance requests.

  Basis: legal obligation (Art. 6(1)(c)).

We do not sell personal data.

3) Cookie & tracking

• Essential cookies (strictly necessary for the site) run without consent.

• Non-essential cookies (analytics, marketing, embedded media) load only with your consent given through our banner.

• You can withdraw or change your consent at any time via the “Cookie settings” link in the footer/banner.

• Third-party embeds (e.g., maps, videos, social pixels) may set their own cookies; consent will be requested before they load.

  For details (names, purposes, lifetimes), see our Cookie Policy.

4) Sharing & recipients

We share personal data only as needed with:

• Service providers / processors (hosting, CDN, email & CRM tools, analytics, payment and invoicing tools, IT/security).

• Professional advisers (accountants, auditors, lawyers).

• Authorities when legally required.

All processors are bound by data processing agreements and act on our instructions.

5) International transfers

Where data is transferred outside the EEA/UK, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, or participation in an adequacy framework where applicable). Copies of relevant safeguards can be provided upon request, subject to redactions.

6) Retention

We keep data only as long as necessary for the purposes described or as required by law:

• Leads / inquiries: up to 24 months after last contact.

• Client & billing records: generally 10 years (accounting rules).

• Support tickets / comms: 3 years after closure.

• Consent records & cookie logs: per legal requirements (typically 6–13 months).

When retention ends, data is deleted or anonymized.

7) Security

We implement reasonable technical and organizational measures to protect personal data (access controls, encryption in transit, backups, least-privilege, vendor due diligence). No method of transmission or storage is 100% secure; residual risk remains.

8) Your rights (EEA/UK)

You can request:

• Access to your data, and copy;

• Rectification of inaccurate data;

• Erasure (“right to be forgotten”) where applicable;

• Restriction of processing;

• Portability (data you provided, in a structured, machine-readable format);

• Objection to processing based on legitimate interests or to B2B marketing;

• Withdraw consent at any time (for consent-based processing).

  We do not use solely automated decisions producing legal or similarly significant effects.

How to exercise your rights

Email piko.agence@gmail.com with “Privacy Request” in the subject. We may need to verify your identity. We aim to respond within one month (extendable for complexity).

You also have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France or your EEA authority).

9) Links to other sites

Our Website may link to third-party sites. We are not responsible for their privacy practices. Please review their policies.

10) Changes to this Policy

We may update this Policy from time to time. The “Last updated” date shows the current version. Material changes will be highlighted on this page and/or via notice on the Website.

11) Contact

Questions or requests?

Email: piko.agence@gmail.com

Postal: Piko, CHEMIN de Castaniere 84400 Apt FRANC