PRIVACY POLICY

Website: https://invexa.fr/
Last updated: 07/08/2025
Version: 1.0

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Data Controller: JAYLO
Address: 12 LA RUE 50330 CARNEVILLE
Contact for personal data : sara@invexa.fr

In accordance with the General Data Protection Regulation (GDPR) and the amended French Data Protection Act, we transparently inform you about the processing of your personal data carried out in connection with the use of our website.

2. PERSONAL DATA COLLECTED AND PURPOSES OF PROCESSING

2.1 Navigation and Audience Data

Data Collected:

• IP Address

• Session Identifier

• Pages visited and duration of visit

• Referrer (source site)

• Browser and operating system

• Approximate geolocation data

Purposes:

• Audience analysis and site improvement

• Measuring the performance of advertising campaigns

• Optimizing the user experience

Legal Basis: Legitimate interest (art. 6.1.f GDPR)
Retention period: Maximum 25 months
Recipients: Google Analytics 4, Google Tag Manager

2.2 Contact Data and Information Requests

Data Collected:

• First and Last Name

• Email Address

• Phone Number

• Company (if applicable)

• Message/request

Purposes:

• Processing information requests

• Business relations

• Customer support

Legal Basis: Consent (art. 6.1.a GDPR) or execution of pre-contractual measures (art. 6.1.b GDPR)
Retention period: 3 years from the last contact
Recipients: JAYLO Team, Supabase (data hosting)

2.3 Advertising and Marketing Data

Data Collected:

• Advertising Identifiers

• Behavioral Data (clicks, conversions)

• Inferred Interests

• Browsing history on our content

Purposes:

• Targeted advertising distribution

• Remarketing

• Measuring campaign effectiveness

• Optimizing return on advertising investment

Legal Basis: Consent (art. 6.1.a GDPR) via our cookie banner
Retention period: 13 months for cookies, 2 years for conversion data
Recipients: Google Ads, Facebook Ads (Meta)

2.4 Internal Management Data

Data Collected:

• Email Correspondence Data

• Interaction History

• Professionally Shared Documents

Purposes:

• Administrative management

• Archiving and traceability

• Internal collaboration

Legal Basis: Legitimate interest (art. 6.1.f GDPR)
Retention period: 5 years after the end of the relationship
Recipients: Google Workspace

3. DATA TRANSFERS TO THIRD COUNTRIES

Some of our service providers are located outside the European Union:

3.1 Google (United States)

• Concerned Services: Google Analytics 4, Google Ads, Google Tag Manager, Google Workspace

• Guarantees: Standard contractual clauses approved by the European Commission and additional technical measures

• Certification: Data Privacy Framework (DPF)

3.2 Meta/Facebook (United States)

• Concerned Services: Facebook Ads, Facebook Pixel

• Guarantees: Standard contractual clauses and enhanced security measures

• Certification: Data Privacy Framework (DPF)

3.3 Supabase (United States/Europe)

• Concerned Services: Database hosting

• Guarantees: Priority hosting in Europe, standard contractual clauses for eventual transfers

4. YOUR RIGHTS OVER YOUR PERSONAL DATA

According to articles 15 to 22 of the GDPR, you have the following rights:

4.1 Right of access (art. 15 GDPR)

You can request confirmation that your data is being processed and obtain a copy thereof.

4.2 Right to rectification (art. 16 GDPR)

You can request the correction of inaccurate or incomplete data.

4.3 Right to erasure (art. 17 GDPR)

You can request the deletion of your data in certain cases (withdrawal of consent, data no longer necessary, etc.).

4.4 Right to restriction of processing (art. 18 GDPR)

You can request the limitation of processing in certain circumstances.

4.5 Right to data portability (art. 20 GDPR)

You can retrieve your data in a structured format to transfer it to another controller.

4.6 Right to object (art. 21 GDPR)

You can object to the processing of your data for reasons relating to your particular situation.

4.7 Rights related to automated decision-making (art. 22 GDPR)

You have the right not to be subjected to a decision based solely on automated processing.

4.8 Exercising your rights

To exercise your rights, contact us:

• Email: sara@invexa.fr

• Mail: JAYLO - 12 LA RUE 50330 CARNEVILLE

• Response time: Maximum 1 month

An identity document may be requested to verify your identity.

5. COOKIE MANAGEMENT AND SIMILAR TECHNOLOGIES

5.1 Strictly Necessary Cookies

These cookies are essential for the functioning of the site and cannot be disabled.

5.2 Analysis and Performance Cookies

• Google Analytics 4: Audience measurement

• Duration: Maximum 25 months

• Consent: Required

5.3 Advertising Cookies

• Google Ads: Remarketing and targeting

• Facebook Pixel: Conversion tracking

• Duration: Maximum 13 months

• Consent: Required

5.4 Managing your preferences

You can change your choices at any time via:

• Our cookie management banner

• Your browser settings

• The unsubscribe links in our communications

6. DATA SECURITY

6.1 Technical Measures

• Encryption of data in transit (HTTPS/TLS)

• Encryption of sensitive data at rest

• Regular and secure backups

• Secured access to systems (strong authentication)

• Intrusion monitoring and detection

6.2 Organizational Measures

• Training staff on data protection

• Procedures for data breach processing

• Access control based on need-to-know principle

• Regular processing audits

• Internal privacy policy

6.3 Notification of Breaches

In the event of a data breach likely to result in a high risk to your rights and freedoms, we will inform you within 72 hours.

7. RETENTION PERIODS

Type of DataRetention PeriodJustificationNavigation Data25 monthsCNIL RecommendationsProspect Contact Data3 yearsBusiness prescriptionClient Data5 years after end of relationshipAccounting obligationsAdvertising Cookies13 monthsCNIL RecommendationsSecurity Logs1 yearSystem security

8. LEGAL BASES OF PROCESSING

8.1 Consent (art. 6.1.a GDPR)

• Non-essential cookies

• Direct marketing

• Commercial prospecting

8.2 Legitimate Interest (art. 6.1.f GDPR)

• Audience analysis

• Site security

• Administrative management

8.3 Contract Execution (art. 6.1.b GDPR)

• Service provision

• Business relationship

9. DATA RECIPIENTS

9.1 Internal Recipients

• JAYLO Team (authorized personnel)

• IT Services

• Customer Service

9.2 External Providers

• Supabase: Database hosting

• Google: Analytics and advertising services

• Meta: Advertising services

• Technical Providers: Maintenance, security

9.3 Public Authorities

In case of legal obligation or judicial requisition.

10. SPECIFIC RIGHTS FOR MINORS

According to article 8 of the GDPR, for children under 16, consent must be given by the holders of parental authority. We implement measures to verify age and obtain parental consent when necessary.

11. COMPLAINTS AND APPEALS

11.1 Internal Complaint

In case of difficulty, first contact our data officer: sara@invexa.fr

11.2 Supervisory Authority

You can file a complaint with the CNIL:

• Website: https://www.cnil.fr/

• Address: Commission Nationale de l'Informatique et des Libertés - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

• Phone: 01 53 73 22 22

12. POLICY CHANGES

This policy may be changed to reflect legal, technical, or organizational developments. Any substantial modifications will be notified to you by email or via a message on the website.

13. FINAL PROVISIONS

13.1 Governing Law

This policy is governed by French law and the GDPR.

13.2 Language

In case of translation, the French version prevails.

13.3 Validity

If a provision is found to be invalid, the other provisions remain applicable.

Contact DPO/Personal Data: sara@invexa.fr
Data Controller: JAYLO - 12 LA RUE 50330 CARNEVILLE

This privacy policy has been established in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended French Data Protection Act No. 78-17 of January 6, 1978 relating to data processing, files, and freedoms.