Privacy Policy
This Privacy Policy describes how SoleAudit handles personal data in accordance with Regulation (EU) 2016/679 (GDPR), the French Data Protection Act, and applicable EU ePrivacy rules.
Data Controller
Legal Name: BUSEEDO SAS
Address: 140bis rue de rennes, 75006 PARIS, France
Privacy Contact: daily@buseedo.com
Scope
This policy applies to data collected through the SoleAudit marketing website, lead forms, and related pre-contract communications.
Categories of Personal Data
- Identity and business contact data: first name, last name, work email, company name, role.
- Operational context data: inventory volume and details voluntarily submitted in request forms.
- Communication data: messages and exchanges with our team.
- Technical data: pseudonymized IP hash, device/browser information, timestamps, and security logs.
- Consent and preference data: records of consent choices where required.
Lead Form Processing Details
- Lead requests are stored in a controlled database with access restricted to authorized personnel.
- Form submissions include consent metadata (timestamp and consent version) for accountability.
- We collect UTM/source metadata only to evaluate campaign performance and channel quality.
- We implement anti-abuse controls such as rate limiting and bot-trap fields to protect systems and data quality.
Purposes and Legal Bases (GDPR Article 6)
| Purpose | Legal Basis | Typical Data Used |
|---|---|---|
| Respond to audit/demo requests and pre-contractual steps | Article 6(1)(b) GDPR | Identity and business contact data, request details |
| Operate, monitor, and secure the website and services | Article 6(1)(f) GDPR (legitimate interests) | Technical and security log data |
| Comply with accounting, tax, and regulatory duties | Article 6(1)(c) GDPR (legal obligation) | Records required by law |
| Send relevant product and compliance updates | Article 6(1)(a) and/or 6(1)(f) GDPR, depending on context | Business contact and preference data |
Recipients and Processors
- Data is accessible to authorized BUSEEDO SAS personnel on a need-to-know basis.
- Lead request data may be stored in Google Workspace tools (Google Sheets) operated under our account.
- We may use vetted processors (for hosting, infrastructure, analytics, CRM, and communication tools).
- Processors act under written data processing agreements and documented instructions.
- We do not sell personal data.
International Data Transfers
Where data is transferred outside the EEA, BUSEEDO SAS applies appropriate safeguards such as the European Commission Standard Contractual Clauses and supplementary protection measures where required.
Retention Periods
- Lead and contact records: up to 24 months after the last meaningful interaction, unless a longer period is required by law.
- Contractual and billing records: for statutory retention periods under applicable law.
- Security and access logs: generally up to 12 months, unless needed for incident investigation.
- Consent records: retained for as long as needed to demonstrate compliance with consent requirements.
Your Rights
Subject to applicable law, you may request:
- Access to your personal data.
- Rectification of inaccurate or incomplete data.
- Erasure of data ("right to be forgotten").
- Restriction of processing.
- Data portability for data processed by automated means on eligible legal bases.
- Objection to processing based on legitimate interests, including direct marketing.
- Withdrawal of consent at any time where processing relies on consent.
To exercise your rights, contact daily@buseedo.com. You may also lodge a complaint with CNIL (France) or your local EEA supervisory authority.
Cookies and Similar Technologies
SoleAudit uses technically necessary cookies and similar technologies required for core site operation, security, and fraud prevention. Non-essential analytics or marketing technologies are deployed only where legally permitted and, when required, only after obtaining valid consent. You can update or withdraw optional cookie consent at any time through the cookie settings control on the website.
Security Measures
We implement technical and organizational measures designed to protect personal data, including access control, least-privilege permissions, transport encryption, and monitoring of security events.
Children
SoleAudit is a business-focused service and is not directed to children. We do not knowingly collect personal data from children.
Policy Updates
We may update this policy from time to time to reflect legal, technical, or operational changes. The "Last updated" date indicates the latest revision.