Skip to content
KOLOSALTech
FR

Privacy policy

Data controller

The data controller is KOLOSALTech, a French SASU registered with the Trade and Companies Register of Rennes under number 106 103 047 (RCS Rennes 106 103 047), with its registered office at 3 Rue de Robien, 35000 Rennes, France, for the personal data collected on this site as part of the commercial relationship and quote requests.

Contact for any question regarding personal data: contact@kolosaltech.com. (No Data Protection Officer is required given the size and activity of the company.)

Data collected

Via the contact form: name, organization, country, email, phone, type of need and message. Data collected solely to respond to your request.

Purpose and legal basis

Response to your commercial requests, qualification of the need, issuing of quotes, order tracking and post-delivery support.

Legal bases for processing (art. 6 GDPR):

  • Pre-contractual measures and performance of the contract (art. 6.1.b): handling quote requests, orders and support.
  • Legitimate interest (art. 6.1.f): commercial relationship, measured B2B prospecting and site security.
  • Legal obligation (art. 6.1.c): retention of accounting and invoicing records.
  • Consent (art. 6.1.a): newsletter subscription and audience measurement subject to the cookie banner.

Retention period

Prospect data is kept for 3 years after the last contact. Client data is kept for the duration of the commercial relationship and then 5 years for accounting and legal purposes.

Your rights

In accordance with the GDPR: right of access, rectification, erasure, objection and portability. To exercise these rights:

contact@kolosaltech.com

Cookies & trackers

This site uses a limited number of cookies/trackers, in accordance with the CNIL guidelines:

  • Functional cookies (no consent required):
    • kolosal-quote-cart (localStorage): multi-product quote cart — duration 30 days
  • Subject to your consent:
    • Audience measurement (Vercel Analytics): anonymized, no personal data collected, no profiling — enabled only after acceptance.
    • kolosal-ab-hero-cta (cookie): A/B variant for CTA display, anonymous, duration 30 days — set only after acceptance.
  • No third-party advertising tracking cookies (Google Ads, Facebook Pixel, etc.)

If Plausible Analytics is enabled in the future, it is a GDPR-friendly tool with no tracking cookie, exempt from the consent banner.

You can block all cookies via your browser settings (with no major impact on the site).

Hosting and processors

List of processors with access to your data:

  • Vercel Inc. (web hosting) — USA + EU CDN — DPA signed
  • Resend, Inc. (transactional email sending) — EU + USA
  • Airtable, Inc. (lightweight CRM) — USA — DPA available
  • Stripe Payments Europe Ltd. (online payments) — Ireland/EU — PCI-DSS
  • Hostinger International Ltd. (DNS and professional email management) — EU

International transfers

Some data may transit through servers located outside the EU (mainly the United States). All our processors have contractual safeguards (Standard Contractual Clauses of the European Commission) or adequate certifications (Data Privacy Framework).

Security

Technical measures implemented:

  • HTTPS (TLS 1.3) across the entire site
  • Rate limiting on API endpoints (anti-spam, anti-abuse)
  • HTTP security headers (X-Frame-Options, CSP, etc.)
  • Anti-bot honeypot on all forms
  • No user password stored on the site side (delegated auth)
  • Encryption of secrets via Vercel Secrets

CNIL complaint

If you believe your rights are not being respected, you can lodge a complaint with the CNIL.