Synapses Privacy Policy
Last updated: 27/04/2026
Synapses ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect the information collected through our website https://www.synapses-consulting.com (the "Site").
This policy complies with EU Regulation 2016/679 of 27 April 2016 ("GDPR") and the French "Informatique et Libertés" Act of 6 January 1978, as amended.
1. Data controller
The data controller is:
Company name: Synapses
Legal form: SAS
SIRET no.: 10012497300015
Email: contact@synapses-consulting.com
For any question relating to the protection of your data: contact@synapses-consulting.com.
2. Personal data we collect
2.1 Data collected via the contact form
When you fill out the contact form on our Site, we collect:
Last name
First name
Company / Organisation
Job title (role)
Professional email address
Phone number
Free-text message
Required fields must be completed for us to process your request. Other fields are optional.
2.2 Data collected automatically
When you browse the Site, we may collect:
IP address
Browser type and version
Operating system
Pages visited and duration
Referring website
Approximate location data (country, city)
This data is collected via cookies and similar technologies (see our Cookie Policy).
3. Purposes and legal bases of processing
Purpose Legal basis Responding to your requests via the contact form Pre-contractual measures taken at your request (Art. 6.1.b GDPR) Sending you commercial information about our Pigment services Legitimate interest (Art. 6.1.f GDPR) or consent Measuring Site audience and improving its operation Consent (Art. 6.1.a GDPR) Delivering targeted advertising (LinkedIn, Meta) Consent (Art. 6.1.a GDPR) Complying with our legal and regulatory obligations Legal obligation (Art. 6.1.c GDPR)
4. Recipients of the data
Your personal data is intended for:
Synapses's authorised internal teams (sales, consultants, management);
our technical processors acting on our instructions.
Each processor provides guarantees compliant with the GDPR, and a data processing agreement compliant with Article 28 GDPR has been concluded.
Main processors:
Site hosting and publishing: Framer B.V. (Netherlands)
Audience measurement: Google Analytics — Google Ireland Limited
Advertising and retargeting: Meta Platforms Ireland Limited (Facebook / Instagram), LinkedIn Ireland Unlimited Company
5. International data transfers
Some of our processors (notably Google, Meta, LinkedIn) may transfer data outside the European Union, in particular to the United States.
These transfers are governed by:
the EU–US Data Privacy Framework where the processor is certified;
Standard Contractual Clauses adopted by the European Commission, supplemented where necessary by additional technical and organisational measures.
A copy of these guarantees is available on request.
6. Retention periods
Category of data Retention period Contact form data (prospects) 3 years from the last contact Customer data Duration of the contractual relationship + 5 years Accounting and tax data 10 years (legal obligation) Connection logs / server logs 12 months maximum Audience and advertising cookies 13 months maximum (CNIL guidelines)
Beyond these periods, your data is deleted or anonymised.
7. Your rights
Under the GDPR and French data protection law, you have the following rights:
Right of access to your personal data;
Right to rectification of inaccurate or incomplete data;
Right to erasure ("right to be forgotten");
Right to restriction of processing;
Right to object to processing, in particular for direct marketing;
Right to data portability;
Right to withdraw your consent at any time, where processing is based on consent;
Right to give instructions regarding the use of your data after death.
To exercise these rights, write to [contact@synapses-consulting.com]. Proof of identity may be requested in case of reasonable doubt about your identity. We undertake to respond within one month.
If you believe your rights are not respected, you may lodge a complaint with the French Data Protection Authority (CNIL):
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
www.cnil.fr
8. Data security
We implement technical and organisational measures appropriate to the risk:
HTTPS/TLS encryption of communications;
access control via authentication;
regular backups;
staff awareness and training;
regular updates of systems and software.
9. Changes to this policy
We reserve the right to modify this policy at any time to reflect legal, judicial or technical developments. The last update date appears at the top of the document.
10. Contact
For any question regarding this Privacy Policy or the processing of your data: