Privacy Policy

Last updated: December 13, 2025 | Version 1.0

Introduction

Honoris Causa Communication (hereinafter "HCC", "we", "our") is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store and protect your personal information when you use our website or our services.

This policy complies with the General Data Protection Regulation (GDPR) and French Data Protection Act.

Commitment: We will never sell your personal data to third parties. Your information is only used to provide our services and improve your experience.

Data Controller

The data controller, within the meaning of Article 4 of the GDPR, is:

  • Company Name: Honoris Causa Communication
  • SIRET: 49963066300015
  • Postal Address: 74 Avenue Paul Doumer, 75016 Paris
  • Country: France
  • Email: [email protected]

Data Protection Officer (DPO): We are not legally required to appoint a Data Protection Officer under Article 37 of the GDPR. For any data protection inquiries, please contact us at the email above.

International Data Transfers

Your personal data may be stored and processed in various locations depending on our service providers. The processing location may vary depending on service configuration and routing.

Some of our service providers may process data outside the European Union. When this occurs, we ensure that:

  • Transfers rely on an adequacy decision from the European Commission where applicable, or
  • Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary measures where necessary
  • All service providers are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance

Some providers (e.g., Cloudflare) may process technical data outside the EU/EEA. Where required, transfers are covered by appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures.

All transfers are subject to appropriate safeguards to protect your personal data in accordance with GDPR requirements.

Data We Collect

1. Data you provide to us directly

Contact form:

  • First and last name
  • Email address
  • Company name (optional)
  • Desired service
  • Estimated budget
  • Desired timeframe
  • Subject and message
  • Newsletter consent

Anti-spam / captcha: When you submit a form, technical signals may be processed to detect automated submissions and protect the website.

Newsletter: Email address and communication preferences

Member account:

  • Login credentials (email or username)
  • Hashed password (never stored in plain text)
  • Profile information (first name, last name, company, phone number if provided)
  • Account preferences and settings
  • Connection history (date, time, IP address, user agent)

2. Data collected automatically

Technical data:

  • IP address
  • Browser type and version
  • Operating system
  • Pages accessed and timestamps (via server and security logs)
  • Connection date and time
  • Referrer (site you come from)
  • Technical identifiers related to security and fraud prevention (such as IP address, request metadata and browser characteristics used to detect automated or abusive behavior)

3. Cookies and similar technologies

We use technical cookies necessary for the operation of the site:

  • Session cookie: Essential for authentication and maintaining your logged-in state (expires when you close your browser)
  • "Remember me" cookie: Optional persistent cookie to keep you logged in (stores an authentication token, not your password; duration: 30 days; can be removed by logout or browser clearing, and disabled by not checking "Remember me" at login)
  • Security cookie (CSRF token): Helps protect forms against cross-site request forgery (expires at end of session)

Analytics and tracking: We do not use Google Analytics, Google Tag Manager, or advertising trackers on this website. We do not deploy optional analytics cookies. We use Cloudflare as an infrastructure and security provider (CDN, DDoS protection).

Anti-bot protection: We use Cloudflare Turnstile for anti-bot protection on forms and authentication pages. If Turnstile is blocked, some forms or account access features may not work.

Why We Collect Your Data

- Processing contact requests

  • Legal basis: Legitimate interest
  • Purpose: Respond to your questions and quote requests

- Sending newsletters

  • Legal basis: Consent (double opt-in)
  • Purpose: Keep you informed of our news and services
  • Note: We use a double opt-in process for newsletter subscriptions. We retain proof of consent (email address, date, time, and IP address) for compliance purposes.

- Account creation and management

  • Legal basis: Contract / Pre-contractual measures
  • Purpose: Provide access to member services and manage your account

- Authentication and security

  • Legal basis: Legitimate interest
  • Purpose: Prevent fraud, detect abuse, and ensure platform security

- Customer support

  • Legal basis: Contract / Legitimate interest
  • Purpose: Provide technical assistance and respond to account-related inquiries

- Security and anti-bot protection (Cloudflare Turnstile)

  • Where we use it: Newsletter subscription, contact forms, member area registration, login, and password reset (forgot password).
  • Purpose: Protect our forms and authentication endpoints against automated submissions, spam, credential stuffing, fraud and abuse.
  • Legal basis: Legitimate interest (security of the website and services).
  • Data processed: Technical data necessary to assess the risk of automated activity (e.g., IP address, approximate location derived from IP, device/browser characteristics, request metadata, and interaction signals). We do not use this data for advertising purposes.
  • Recipient: Cloudflare, Inc. (Turnstile) acting as a data processor.
  • Retention: We do not store Turnstile challenge data ourselves. Cloudflare processes and retains related technical data only for as long as necessary for security and abuse prevention, in accordance with its documentation and contractual terms.
  • Note: Blocking Turnstile may prevent the submission of certain forms or access to account-related features.

Retention Period

  • Contact data: 3 years after last contact
  • Newsletter: Until unsubscription
  • Account data: Duration of the account + 3 years after account closure (for limitation periods, legal claims, and potential disputes)
  • Authentication and security logs: 12 months maximum
  • Support tickets and correspondence: Duration necessary for follow-up + legal retention obligations
  • Session cookies: Session duration (deleted when browser closed)
  • "Remember me" cookie: 30 days or until logout

Sharing Your Data

We never sell, rent or share your personal data for commercial purposes.

Your data may only be shared in the following cases:

Service providers and subprocessors:

  • Hosting and infrastructure providers: Services required to host, operate and maintain the website and member platform (including database hosting, backups and system maintenance). Processing location may vary depending on service configuration.
  • Email communication providers: Transactional emails related to account management (such as password resets and account notifications).
  • CDN / security / anti-DDoS protection: Cloudflare (processor) - Content delivery, DDoS protection, Web Application Firewall, and bot protection services (including Turnstile).

Other cases:

  • Legal obligations: Upon request by judicial or administrative authorities
  • Your consent: With your explicit agreement for other purposes

All our service providers are selected according to strict security criteria and are bound by confidentiality agreements and data processing agreements (DPA) compliant with GDPR.

Your Rights

In accordance with GDPR, you have the following rights:

- Right of access

Obtain a copy of your personal data

- Right of rectification

Correct inaccurate or incomplete data

- Right to erasure

Request the deletion of your data

- Right to restriction

Limit the processing of your data

- Right to portability

Retrieve your data in a structured format

- Right to object

Object to the processing of your data

- Right to withdraw consent

For data processing based on your consent (newsletter), you can withdraw your consent at any time:

  • Newsletter: Click the unsubscribe link in any newsletter email

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise your rights?

To exercise your rights, contact us:

  • Email: [email protected]
  • Subject: "Exercise of my GDPR rights"
  • Attachment: Copy of an identity document (only if necessary to verify your identity; you may redact non-essential information)

We will respond to your request within a maximum of 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption

Secure transmission via HTTPS/SSL

Secure hosting

Protected servers with strict security standards and DDoS protection

Limited access

Authorized personnel only

Backups

Regular and encrypted backups

Password security

Passwords are hashed and salted using industry-standard algorithms (never stored in plain text)

Two-factor authentication (2FA)

Optional 2FA available for enhanced account security

Security monitoring

Logging of authentication attempts and suspicious activities for fraud detection

Access control

Strict access controls and authorization checks to protect your account data

Account Closure and Data Deletion

How to request account closure

You can request the closure of your account at any time:

  • Send an email with the subject "Account Closure Request" to: [email protected]
  • Include your account email address
  • A copy of an identity document may be requested only if necessary to verify your identity
  • We will process your request within 30 days

What happens to your data

Data that will be deleted:

  • Profile information (name, contact details, preferences)
  • Account credentials and authentication data
  • Personal content and user-generated data

Data that may be retained:

  • Transaction records and invoices (required by tax and accounting laws for up to 10 years)
  • Communications related to legal disputes or investigations
  • Anonymized data for statistical purposes (no longer identifiable)
  • Data necessary to comply with legal obligations or establish, exercise, or defend legal claims

Retained data is kept to the strict minimum required by law and is stored securely with restricted access.

Cookies and Similar Technologies

Types of cookies used:

Technical cookies (mandatory)

Necessary for site operation:

  • User session
  • Browsing preferences
  • Security (CSRF protection)
  • Security and anti-bot protection (Cloudflare Turnstile): strictly necessary technical storage for security purposes

Note: Cloudflare Turnstile may use strictly necessary technical storage (not cookies in the traditional sense) to verify that you are not a bot. This storage is essential for website security and does not require consent as it falls under the "strictly necessary" exemption under ePrivacy Directive and GDPR.

Manage your cookies

You can configure your browser to:

  • Refuse all cookies (note: this may impact site functionality)
  • Be informed before installing a cookie
  • Delete existing cookies

Note: We only use strictly necessary technical cookies and storage for security. We do not use optional analytics or advertising cookies.

Minors

Our services are not intended for minors under 16 years of age.

We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without parental consent verification, we will take steps to delete that information.

Changes to This Policy

We reserve the right to modify this privacy policy at any time. Any modification will be published on this page with a new update date.

In case of substantial modification, we will inform you by email if you are subscribed to our newsletter.

Contact and Complaints

For any questions regarding this privacy policy or the processing of your data:

Email

[email protected]

Form

Contact page

Right to complain

You have the right to file a complaint with the French Data Protection Authority (CNIL):

  • Website: www.cnil.fr
  • Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
  • Phone: 01 53 73 22 22
Back to Home