Privacy Policy

1) Identity of the data controller

The data controller is DEVFORMA, a simplified joint stock company with capital of €27,000, registered with the Paris Trade and Companies Register under number 902 247 378, intra-community VAT number FR20 902247378, whose registered office is located at 9 rue des Colonnes, 75002 Paris, France.

Contact : dpo@devforma.com – +33 1 81 69 35 70.

DPO : Heithem ATAOUI, who can be contacted at contact@devforma.com (subject line : “DPO / Personal data”) or by mail at the head office.

2) Data we process

Depending on your usage, we may process :

 

  • Identity & contact details : surname, first name, company, email address, telephone number (form, request for information, registration).
  • Content of exchanges : messages, requests, any attachments.
  • Browsing data : IP address, technical identifiers, logs, pages viewed, timestamp, browser/device type.
  • Service-related data : registrations, follow-ups, certificates, administrative exchanges.
  • Billing data (if applicable) : information necessary for the preparation and follow-up of invoices/contracts.
  • Cookies/trackers : information related to your device and your consent choices (see §9).
3) Purposes and legal bases (by processing)
A. Responding to your requests (contact, information, quotes)
  • Legal basis : legitimate interest (responding to requests) and/or pre-contractual measures if the request concerns a service.
  • Data : identity/contact details, message content, communication history.
B. Manage services (training/consulting), registrations, and administrative follow-up
  • Legal basis : performance of the contract/pre-contractual measures.
  • Data : identity/contact details, information necessary for performance, administrative exchanges.
C. Accounting management and legal obligations (invoicing, supporting documents)
  • Legal basis : legal obligation.
  • Data : identity, contact details, billing/contractual data.
D. Newsletter and marketing communications
  • Legal basis :

 

    • consent (voluntary registration), and/or
    • legitimate interest in informing customers about similar services, with the option to opt out at any time.

  • Data : email address, preferences, and sending statistics if used (opens/clicks).
E. Audience measurement, site improvement, and personalization
  • Legal basis : consent when non-essential trackers are used.
  • Data : browsing, cookie identifiers, technical information.
F. Security, fraud prevention, incident management

Legal basis : legitimate interest (securing the site and systems).
Data : logs, IP addresses, technical identifiers, security elements.

4) Mandatory/optional nature of data

Fields marked with an asterisk (*) in the forms are mandatory : without them, we will not be able to process your request, finalize a registration, or perform the service. The other fields are optional.

5) Recipients of the data

Your data is accessible :

 

  • Internally : only to authorized persons (administrative, sales, trainers/consultants if necessary, support).
  • To our subcontractors : hosting, maintenance, messaging, cookie consent management, and possibly the tools necessary to provide the service (e.g., newsletter, CRM, audience measurement, video conferencing, payment) according to your actual use.

 

Summary list of subcontractors


Hosting : OVHcloud — France — technical data + storage.
Technical service provider : Google (reCAPTCHA).

6) Transfers outside the European Union (EEA)
In principle, we do not seek to transfer your data outside the European Economic Area.


PECB exam assistance/organization (exceptional cases)


When, at a candidate’s request, assistance is required or an exam needs to be rescheduled/organized, we may only transmit the email address associated with their PECB account in order to process the request.

 

  • Data : email only
  • Purpose : candidate support / organization or resolution of an exam incident
  • Legal basis : performance of the contract (assistance related to the organization and follow-up of the service/exam)


If, in this context, the email has to be processed from a country outside the EEA by the recipient (or its service providers), where applicable, the transfer will be governed by the safeguards required by the GDPR (contractual clauses).
You can request information on the countries and safeguards applicable from the DPO : Heithem ATAOUI.

7) Retention periods

We only keep your data for as long as necessary for the purposes for which it was collected, after which it is deleted/anonymized, unless there is a legal obligation to archive it.

 

  • Requests via form / email (prospects) : 3 years after the last contact from you.
  • Customers / service files : duration of the relationship + archiving (evidence/litigation: 5 years according to applicable regulations).
  • Invoices & accounting documents : 10 years.
  • Technical / security logs : 12 months (except in the event of an incident requiring probative retention).
  • Newsletter : until consent is withdrawn or 3 years of inactivity.
  • Cookies : see §9.
8) Your rights

You have the following rights : access, rectification, erasure, objection, restriction, portability.
When processing is based on consent, you may withdraw your consent at any time.

 

To exercise your rights : dpo@devforma.com (subject line : “Personal data”) or send a letter to our head office.
We may ask for proof of identity in cases of reasonable doubt.

 

Complaints : you may contact the CNIL.

9) Cookies and trackers
9.1. Definition

A cookie/tracker is a file that may be stored and/or read on your device when you visit a website.

9.2. Consent management

We use a consent management tool (CMP) via the Complianz plugin. The banner allows you to accept, refuse, or configure cookies by purpose.

9.3. Categories used on the website
  • Functional (always active) : strictly necessary for the functioning of the site and the provision of an explicitly requested service.
  • Marketing (subject to consent) : activated only if you consent; allows, depending on configuration, marketing purposes (e.g., profile creation, campaign measurement, tracking).
9.4. Legal basis
  • Functional : technical necessity/legitimate interest (website operation).
  • Marketing : consent.
9.5. Change or withdraw your choice

You can modify or withdraw your consent at any time via the “Manage consent” link/button accessible on the website (footer/widget). Withdrawal does not affect the lawfulness of operations carried out prior to withdrawal.

9.6. List of cookies / durations / partners

The detailed list (name, purpose, duration, publisher/partner) is accessible from the “Manage consent” interface and/or a “Cookie declaration” page generated by the CMP (if published). This list must be kept up to date.

10) Data source

Data is collected directly from you (forms, emails, registrations, browsing). If third-party data needs to be processed (e.g., transmission of a contact by a customer), it will be limited to what is strictly necessary and used only for the purpose concerned.

11) Automated decisions/profiling
We do not make fully automated decisions that produce legal effects concerning you, nor do we engage in profiling within the meaning of the GDPR, unless expressly stated in a particular service.
12) Security

We implement appropriate technical and organizational measures (access control, backups, logging, updates, etc.).

 

  • Anti-spam/security : we use reCAPTCHA to prevent automated submissions and secure forms.
13) Policy update
The policy may change. Any updates will be posted on this page with the date of the last update.