Privacy policy

This policy describes how Agence 402 collects and processes the personal data of visitors and users of the www.agence402.com website, in compliance with the General Data Protection Regulation (GDPR) and the French Data Protection Act. The French version of this policy (Politique de confidentialité) is the legally binding reference.

Data controller

The controller of the personal data collected on the website is:

Agence 402, a French SAS with a share capital of €1,000, RCS Paris 104 526 389, head office at 10 rue de la Paix, 75002 Paris, France.

GDPR officer

For any question concerning the processing of your personal data or the exercise of your rights, you may contact the GDPR officer:

Louis Moreaulouis.moreau@agence402.com

Data collected and purposes

Agence 402 collects and processes your personal data in the following cases:

1. Contact request by email

  • Data collected: name, email address, content of the message, and any information you choose to share with us.
  • Purpose: respond to your commercial or information request.
  • Legal basis: performance of pre-contractual measures at your request (art. 6.1.b GDPR) and Agence 402's legitimate interest in responding to inbound requests (art. 6.1.f GDPR).
  • Retention period: 3 years from the last contact.

2. Audience measurement (if enabled)

  • Data collected: pages viewed, visit duration, device type, referrer, anonymized IP address.
  • Purpose: understand how the website is used and improve its content.
  • Legal basis: prior consent (art. 6.1.a GDPR and art. 82 of the French Data Protection Act). You may accept, refuse or withdraw your consent at any time via the banner displayed on your first visit.
  • Retention period: 13 months maximum for audience-measurement cookies, in line with CNIL recommendations.

3. Technical logging (server logs)

  • Data collected: IP address, user-agent, timestamp, requested URL, HTTP response code.
  • Purpose: site security, incident detection, legal traceability.
  • Legal basis: Agence 402's legitimate interest in protecting its information system (art. 6.1.f GDPR) and legal obligation (art. L. 34-1 of the French Postal and Electronic Communications Code).
  • Retention period: 12 months maximum.

Cookies and trackers

The website may set two types of cookies:

  • Strictly necessary cookies required for the site to function (language preferences, security). These cookies are exempt from prior consent under article 82 of the French Data Protection Act.
  • Audience measurement and interactive feature cookies. These cookies are only set after your explicit consent has been collected through the banner displayed on your first visit.

You may withdraw your consent or change your preferences at any time by clicking the dedicated link in the website footer, or by deleting cookies via your browser settings.

Data recipients

Your personal data is intended exclusively for:

  • The Agence 402 team, within the scope of their duties.
  • Our hosting provider OVH SAS (2 rue Kellermann, 59100 Roubaix, France), acting as a technical processor under article 28 GDPR, for hosting and logging purposes only.

No data is sold, rented or transferred to third parties for commercial purposes.

Transfers outside the European Union

No personal data is transferred outside the European Union. Hosting is provided in France by OVH.

Your rights

In accordance with articles 15 to 22 of the GDPR, you have the following rights over your personal data:

  • Right of access: obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): have your data deleted under the conditions provided by law.
  • Right to restriction of processing.
  • Right to object to the processing of your data.
  • Right to data portability.
  • Right to withdraw your consent at any time, where processing is based on consent.
  • Right to define directives regarding the handling of your data after your death.

To exercise these rights, contact the GDPR officer: louis.moreau@agence402.com. A response will be provided within one month maximum.

Complaint to the CNIL

If, after contacting us, you consider that your rights over your data are not respected, you may lodge a complaint with the French data protection authority (CNIL):

3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr

Security

Agence 402 implements appropriate technical and organizational measures to ensure a level of security suited to the risk, including: encryption of communications (HTTPS), restricted access to data, logging and monitoring, sovereign hosting in France.

Changes to this policy

This policy may be updated to reflect legal, regulatory or technical changes. The date of the last update appears below.

Last updated: May 2026.