Legal information

Credits

Website production: shanaya.com
Graphic design : Chloé Lozano

1 - Publisher Identification

STELLIANE
5 Allée Jean-Louis Thébault, 77600 Bussy Saint Georges, France
Email: contact@stelliane.com

SASU company with share capital of €100, registered with the Meaux Trade and Companies Register under number 933 153 629
VAT ID: FR62933153629
Business activity: IT systems and software consulting firm

Publication Director: Yann Ortodoro

2 - Hosting Provider

OVH SAS, a French company with a share capital of €10,069,020.00, located at 2 rue Kellermann, 59100 Roubaix, and registered with the Lille Trade and Companies Register under number 424 761 419.
Contact: 1007 (free service and call)

3 - Data Collection

Stelliane is committed to ensuring that the collection and processing of your personal data through the website www.stelliane.com fully complies with the General Data Protection Regulation (GDPR) and Law No. 78-87 of January 6, 1978.

All personal data collected is processed securely, transparently, and in accordance with applicable legal obligations.

Stelliane guarantees users the right to access, rectify, and delete their personal data in accordance with applicable regulations.

4 - Content Quality and Purpose on Stelliane.com

This website aims, among other things, to raise awareness among the public and professionals about compliance issues, as well as the importance of having high-quality, reliable, and well-governed data to ensure lawful, relevant, and responsible processing.

Stelliane strives to provide accurate and verified information. However, if any content appears to be inaccurate or contains a typographical error, you may report it by email to: contact@stelliane.com.

Stelliane’s publications and communications are for informational purposes only.
Only formal decisions from EU supervisory authorities—such as the CNIL, AEPD, GPDP, etc.—are binding and constitute official positions.

5 - Intellectual Property Rights

Stelliane holds all intellectual property rights over its content, including text, images, logos, and all other visual or editorial elements.

Any reproduction, distribution, or unauthorized use of any content, in any form, is strictly prohibited.

In accordance with Article L.335-2 of the French Intellectual Property Code, any violation constitutes counterfeiting and is subject to civil and criminal penalties.

Stelliane reserves the right to take any legal action necessary to protect its rights.

6 - Limitation of Liability

Stelliane shall not be held liable for any direct or indirect damages to the user’s equipment resulting from access to the site www.stelliane.com. This includes, but is not limited to, the use of unsuitable equipment, technical malfunctions, software incompatibility, or the presence of anomalies.

Furthermore, Stelliane disclaims any liability for indirect damages arising from the use of the site, such as business interruption, data loss, loss of revenue, or any financial loss resulting from access to or inability to access www.stelliane.com.

7 - Governing Law and Jurisdiction

Any dispute relating to the use of the www.stelliane.com website is governed by French law.
In the event of a dispute, exclusive jurisdiction is granted to the competent courts of Meaux.

8 - Applicable Laws

Law No. 78-87 of January 6, 1978, as amended by Law No. 2004-801 of August 6, 2004, on data processing, files, and freedoms.
Law No. 2004-575 of June 21, 2004, on confidence in the digital economy.

Privacy Policy

Last updated: 6 April 2026

Introduction

This personal data protection policy — together with any document it refers to — sets out the conditions under which Stelliane carries out the processing activities described below regarding the personal data of any user of the website www.stelliane.com (hereinafter referred to as “you”).

We process your personal data in compliance with the principles laid down by the applicable personal data protection regulations, in particular:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (“GDPR”), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
French Act No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as amended.

Pursuant to the GDPR, the term “personal data” refers to any information relating to an identified or identifiable natural person.

1. Data controller

The data controller is:

Stelliane
5 Allée Jean-Louis Thébault, 77600 Bussy Saint Georges, France
Contact: contact@stelliane.com

2. Our commitments

When collecting and processing your personal data, we are committed to upholding the following principles:

Lawfulness — Your data is collected and used only for specified, explicit and legitimate purposes, based on an appropriate legal basis.
Transparency — You are informed of every processing activity carried out and its characteristics; no processing is performed without your knowledge.
Minimisation — We collect only data that is adequate, relevant and necessary for the intended purpose, and we ensure it is regularly kept up to date.
Protection “by design” and “by default” — From the design phase onwards, and throughout the configuration and operation of our applications, services or products that use personal data, we embed data protection requirements.
Security — Technical and organisational measures appropriate to the sensitivity of the data are implemented to ensure its integrity, confidentiality and availability.

3. Collection of personal data

We collect personal data about you directly from you when you interact with us, browse our site, or as part of our professional activities:

Contact form: last name, first name, e-mail, phone number, country, company name, subject and free-form content of the message.
Accounting: data required to issue contracts, invoices, orders and quotations.
Commercial follow-up: professional contact details (last name, first name, role, e-mail and phone) and company information (name, sector).
Recruitment: data related to applications (CV, cover letter, professional information).
Exercising your rights: we collect only the information strictly necessary to record and follow up on your request (contact details, nature and scope of the request, date of the request, related exchanges, and proof of identity where required).
Browsing data: IP address, connection data, technical identifiers (User-Agent), pages viewed, connection timestamps, technical logs, and information related to your navigation on the Site.
Erna, AI-assisted diagnostic (analysis of your web page): the URL you submit on request, its content and its direct links, as well as the technical information needed for the analysis (cookie banner, trackers, links to policies and legal notices). When the targeted site cannot be analysed due to anti-bot protection, you may leave us your e-mail address to receive the report by message later; this e-mail is then processed under the “Erna – diagnostic” purpose.

4. Purposes of processing, legal bases and retention periods

The legal bases and retention periods associated with each purpose of processing your personal data are described below:

Purpose	Description of processing	GDPR legal basis	Retention period
Contact form	Receiving, processing and following up on your requests (questions, complaints, information).	Consent (Art. 6-1-a)	3 years after your last exchange
Commercial follow-up	Sending personalised information by electronic means at the request of professionals.	Pre-contractual measures (Art. 6-1-b)	3 years from the last interaction
Recruitment (application)	Reviewing your application (CV, cover letter, exchanges).	Pre-contractual measures (Art. 6-1-b)	1 year after the last contact with the applicant
Exercising of rights	Recording and following up on your requests (access, rectification, objection, erasure, etc.).	Legal obligation (Art. 12-23 GDPR)	5 years after the last exchange; any proof of identity is destroyed immediately after verification
Accounting & tax	Retention of invoices and mandatory documents.	Legal obligation (Art. 6-1-c)	10 years from the date the document is issued
Proof of cookie consent	Storage of the Cookiebot “stamp” (date, choice, truncated IP, banner version).	Legitimate interest / obligation to demonstrate compliance	3 years, then anonymisation
Strictly necessary cookie	`CookieConsent` cookie: storage of your choice.	Legitimate interest / obligation to demonstrate the user’s choice	6 months
Necessary pixel tracker	1×1 pixel `imgsct.cookiebot.com/1.gif`: technical logging of the banner status.	Legitimate interest / technical operation of the CMP	Session duration (no persistent storage on the browser side)
Security	Server logs and technical traces used to prevent or detect incidents and secure data.	Legitimate interest + security obligation (Art. 32)	6 months
Erna – AI-assisted diagnostic (analysis of a web page)	Automated test based on the URL submitted by the user on request, its direct links and their content: detection of a cookie banner, trackers (cookies / web beacons) and links to the privacy policy, cookie policy and legal notices. Evaluation provided through colour codes.	Contractual measures (Art. 6-1-b)	6 months for the analysis result, then deletion
Public / judicial authorities	Handling of official requests and communications with the relevant authorities.	Legal obligation (Art. 6-1-c)	Retained for the entire duration of the proceedings before the relevant authority

5. Conditions of use of Erna, AI-assisted diagnostic (analysis of your web page)

By using Erna, you declare that you are authorised to test the submitted URL (a website you edit or for which you hold a mandate) and you undertake not to use the service for abusive, malicious or nuisance purposes against any third party. Any misuse may result in the suspension or termination of access to the service. The score and results provided may not be resold or commercially exploited without Stelliane’s prior written consent.

The user remains solely responsible for the URL submitted and for the use made of the service and its results. Stelliane cannot be held liable for any misuse or illegal use of the service by the user.

The user must not submit URLs giving access to private areas, sensitive data, administration interfaces, intranets or confidential content, except with express authorisation.

The results provided by Erna are indicative and do not constitute a full GDPR compliance audit, legal advice, or any guarantee of compliance. The Erna service is an analysis aid and does not rely on automated decision-making producing legal effects on the user.

6. Rights of data subjects

In accordance with the General Data Protection Regulation, when Stelliane acts as Data Controller, you have the following rights:

Right of access to your personal data and to information related to its processing;
Rectification of any inaccurate or incomplete personal data;
Erasure of your personal data, except where processing is required by a legal or regulatory obligation;
Objection, at any time, to the processing of your personal data, except where processing is required by a legal obligation;
Restriction of the processing of your personal data;
Withdrawal of consent to the processing of your personal data;
Portability of your personal data, when processing is based on your consent or on the performance of a contract and is carried out by automated means;
Right to define directives regarding the fate of your personal data after your death, in accordance with the French Data Protection Act;
Right to lodge a complaint with the CNIL, via its website (https://www.cnil.fr) or by post at the following address: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.

For any request concerning your rights, please send an e-mail to: contact@stelliane.com.

Response time

Stelliane endeavours to respond to your request as soon as possible, and within one month at the latest. For complex requests, this period may be extended by two additional months.

For any request for information, or if you consider that Stelliane does not respect your rights under personal data protection regulations, you may contact the data protection authority: the CNIL.

Phone: +33 1 53 73 22 22
Address: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.

7. Recipients of the data

Your personal data is never sold or transferred to third parties for commercial purposes. It may only be shared with the following recipients, within the limits of their duties and solely for the purposes described in this policy. These recipients access the data only to the extent strictly necessary to perform their tasks:

Authorised Stelliane staff, acting within the scope of their duties and subject to a confidentiality obligation;
Our processors within the meaning of Article 28 of the GDPR, in particular for hosting, maintenance, security, operation of the Site or the provision of related services;
The competent authorities, when required by law or in the context of administrative or judicial proceedings;
Mistral AI (technical provider — processor): in the context of the Erna service, the data strictly necessary for the requested analysis (in particular the submitted URL and related technical elements) is processed via the Mistral AI API, with processing carried out within the European Union. Data is not used to train models;
Technical providers involved in cookie management and audience measurement, such as Cookiebot (consent management) and Matomo (audience analytics), acting as processors;
Third-party partners, such as LinkedIn, which act as separate controllers for the processing they implement via their cookies, in accordance with their own privacy policies.

8. Data security

We implement appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of your data, including access control mechanisms, authorisation management and protective measures appropriate to the sensitivity of the data.

Data hosting is provided by our supplier OVH SAS (OVHcloud), which implements security measures aligned with market standards, including infrastructure protection and detection of security incidents.

9. Hosting

Your data is kept and stored throughout the applicable retention period, mainly on the servers of OVH SAS (OVHcloud) located within the European Union. OVH SAS (OVHcloud) is registered with the Lille Trade and Companies Register under number 537 407 926, with its registered office at 2, rue Kellermann, 59100 Roubaix, France.

In the context of the Erna service, certain data (in particular the submitted URL and the technical elements required for the analysis) is sent to our technical provider Mistral AI for processing via its API, with processing carried out within the European Union.

However, some processing activities involving third-party partners (in particular those linked to marketing cookies) may result in data transfers outside the European Union, under the conditions set out in Article 11.

10. Cookies

This site uses cookies to optimise your browsing experience. Detailed terms for cookie management, including their purpose, retention period and third parties involved, are set out in our cookie management policy.

Processing activities related to non-essential cookies (audience measurement and marketing) are based on your prior consent.

You can withdraw your consent at any time for non-essential cookies via the “Manage my cookies” link available on our Site.

11. Possible transfer of data abroad

Some processing of personal data carried out via our Site may involve transfers of data outside the European Union.

This is in particular the case for marketing cookies placed by third-party partners, such as LinkedIn, for which the data collected is processed directly by those partners in accordance with their own terms and privacy policies. This data may be transferred to countries outside the European Union, in particular to the United States. These processing activities and transfers are based on your prior consent (Article 6.1.a of the GDPR).

Stelliane does not control the subsequent processing carried out by these partners, but ensures that such cookies are only placed after your consent has been obtained. These partners state that they frame such transfers with appropriate safeguards, such as the standard contractual clauses (SCC) adopted by the European Commission.

Furthermore, in the context of the Erna service, processing carried out via our technical provider Mistral AI is performed within the European Union. As such, no transfer of data outside the European Union takes place in that context to our knowledge.

You can obtain further information about the safeguards governing these transfers, or request a copy thereof, by consulting the privacy policy of the relevant partners or by contacting us at the address mentioned in this policy: contact@stelliane.com.

12. Changes to the policy

We reserve the right to modify this privacy policy. Any update will be published on this page with the revision date.

Cookie Management Policy

Last updated: 17 May 2026

We use cookies to provide you with a quality user experience and to measure audience on our website. Non-essential cookies are only placed after obtaining your prior consent, except for cookies that are strictly necessary for the site to function. Audience measurement via Matomo is only deployed after you consent to the “Statistics” category in our Cookiebot banner.

1. What is a cookie?

A cookie is a small text file placed on your device (computer, smartphone, tablet) when you visit our website https://stelliane.com (hereinafter the “Site”). Cookies collect information about your browsing in order to improve your user experience.

Types of cookies used

Strictly necessary cookies: required for the Site to work (or to provide a service you have expressly requested); they cannot be disabled in our systems.
Performance cookies (audience measurement): measure audience and Site performance (traffic statistics, detection of navigation issues, optimisation of technical performance and/or ergonomics, analysis of content viewed). They are only placed after your consent.
Marketing cookies: used in particular for targeted advertising and/or cross-site tracking. These cookies are only placed if you consent.

2. Cookie governance

Party	Role
Stelliane	Places cookies essential for the site to function and stores your consent choices.
Cookiebot (Usercentrics A/S)	Provides the consent banner and retains proof of your preferences.
Matomo	Site audience measurement (statistics), self-hosted, after consent to the Statistics category.
LinkedIn	LinkedIn features (link/button/widget); linkedin.com cookies after “Marketing” consent.

3. Cookie categories used

Category	Status on site / Legal basis	Purpose	Cookies / Trackers	Max. duration	Consent
Strictly necessary	Active on arrival / Legitimate interest (Art. 6-1-f), necessary for the Site to function, in accordance with Article 82 of the French Data Protection Act	Ensure proper operation (HTTPS navigation, display of the banner, storage of your choice).	`CookieConsent` (preference token), pixel `imgsct.cookiebot.com/1.gif`, Cookiebot scripts	6 months*	Not required
Performance & audience measurement	After agreement / Consent (Art. 6-1-a) via Cookiebot (Statistics category)	Analyse traffic to improve ergonomics (page views, journeys, errors).	Matomo: `_pk_id.`, `_pk_ses.`, `_pk_ref.*`	13 months max. / 30 min / 6 months	Yes
Functional	Not deployed at this time	Remember your interface settings (language, display…)	—	—	Not deployed
Marketing	After agreement / Consent (Art. 6-1-a)	Offer targeted advertising or track cross-site navigation.	LinkedIn: `bcookie`, `li_gc`, `lidc` (linkedin.com)	1 year / 6 months / 1 day	Yes

* The consent cookie is set to expire within 6 months in line with CNIL recommendations (182 days in Cookiebot).

Matomo audience measurement

We use Matomo (self-hosted) to measure audience on our Site (pages viewed, navigation paths, technical errors) and improve its content. Matomo cookies (_pk_id.*, _pk_ses.*, _pk_ref.*) are only placed after you consent to the “Statistics” category via our Cookiebot banner. Their lifetime is limited (13 months maximum for the visitor identifier, 30 minutes for the session, approximately 6 months for the referrer).

The data collected is used exclusively for audience measurement purposes and is not combined with other processing, nor transferred to third parties for advertising purposes. You can withdraw your consent at any time via the “Cookie settings” link at the bottom of the page, by refusing the Statistics category in the banner, or by configuring your browser.

4. Managing your preferences

Initial banner – On your first visit, you can Accept, Refuse or Customise non-essential cookies.
Permanent “Cookie settings” link – Available at the bottom of every page to change your choice at any time.
Browser – You can delete or block any cookie via your browser settings; however, some essential features may be affected.
Proof of consent – Cookiebot records an encrypted “stamp” (date, accepted categories, truncated IP address, banner version) retained for 3 years, then anonymised.

5. Security and confidentiality of necessary trackers

Trackers placed before consent are limited to:

Name	Type	Data collected	Hosting
CookieConsent	HTTP cookie (sameSite “Strict”)	User choice, language, timestamp	European Union
imgsct.cookiebot.com/1.gif	1×1 pixel	IP address, User-Agent, banner ID, click status	European Union

These trackers are used only to display the CMP and demonstrate compliance; they are not used for advertising retargeting.

6. Possible changes

If we were to integrate new tools or change the trackers used (e.g. add a personalisation service or new marketing trackers), we would:

inform you by showing the banner again;
update this policy;
only activate these cookies after your explicit agreement.

7. Your rights

In accordance with Regulation (EU) 2016/679 and the French Data Protection Act, you have in particular:

the right of access, rectification or erasure of your data;
the right to object or restrict processing based on our legitimate interest (Art. 6-1-f);
the right to withdraw your consent at any time for cookies subject to consent;
the right to lodge a complaint with the CNIL via its website (https://www.cnil.fr) or by post at: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.

To exercise your rights or ask a question, write to us at contact@stelliane.com or by post to: Stelliane, 5 allée Jean-Louis Thébault, 77600 Bussy-Saint-Georges, as stated in our Privacy Policy.

Summary: before your consent, only CookieConsent and the strictly necessary Cookiebot pixel are placed. You can accept or refuse Matomo (statistics) and LinkedIn (marketing) cookies according to your choices in the banner or via the “Cookie settings” link.