Privacy policy

1. Data controller

Canto-Conseil, [address], [email: contact@cdnis.fr], is the data controller for the processing of your personal data in the context of using the CDNIS platform.

2. Data collected and purposes

2.1 Client space (CMS)

In the context of using the client space accessible at cdnis.fr, we process the following data:

Data	Purpose	Legal basis	Retention
Email address	Login, password recovery	Contract performance	Duration of contract + 3 years
First and last name	Identification in the interface	Contract performance	Duration of contract + 3 years
Password (hashed)	Secure authentication	Contract performance	Duration of contract
TOTP secret (2FA)	Two-factor authentication	Legal obligation (security)	Duration of contract
Connection logs	Security, intrusion detection	Legitimate interest	90 days

2.2 Showcase site (www.cdnis.fr)

The showcase site does not directly collect any personal data. Anonymous audience measurement is carried out via our proprietary analytics tool (see section Cookies).

3. Data recipients

Your data is not sold, rented or transferred to third parties. It may be shared with the following sub-processors, solely for the purposes described above:

• Infomaniak Network SA (hosting provider) — Switzerland, data subject to GDPR via processing agreement

4. Cookies and trackers

No consent banner required

The site www.cdnis.fr uses an in-house analytics tool, with no dependency on any third-party service. This means:

• No cookie is placed on your browser
• No persistent identifier is stored
• No personal data is collected or cross-referenced
• Only aggregated and anonymous statistics are produced (pages visited, duration, approximate geographic origin)

In accordance with Regulation (EU) 2016/679 (GDPR), strictly anonymous audience measurement without cookies does not require prior consent.

Type	Tool	Purpose	Cookie placed?	Consent required
Analytics	CDNIS Analytics (proprietary)	Anonymous audience measurement	No	No
Session	PHP Session (client space only)	Authentication	Yes (session, expires on browser close)	No (functional)

5. Your rights

Under the GDPR (Regulation EU 2016/679), you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of your data
• Right to rectification (Art. 16): correct inaccurate data
• Right to erasure (Art. 17): request the deletion of your data
• Right to data portability (Art. 20): receive your data in a structured format
• Right to object (Art. 21): object to certain processing activities
• Right to restriction (Art. 18): request the suspension of a processing activity

To exercise these rights, contact us at: contact@cdnis.fr
We commit to responding within one month.

In case of disagreement, you may lodge a complaint with your national data protection authority (e.g. the ICO in the UK, the CNIL in France, or another EU supervisory authority).

6. Data security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss or destruction:

• Encrypted communications (HTTPS/TLS)
• Two-factor authentication (TOTP) for all admin access
• Passwords stored as bcrypt hash
• Role-based access control
• Regular encrypted backups
• Access logs retained for 90 days

7. International transfers

Your data is hosted on servers located in Europe (Infomaniak, Switzerland). Switzerland holds an adequacy decision from the European Commission under Article 45 of the GDPR. No transfer to non-adequate third countries is carried out.

8. Changes to this policy

We reserve the right to modify this privacy policy at any time. Changes take effect upon publication on this page. The date of the last update is indicated at the top of this document.

9. Data protection contact

For any question relating to the protection of your data:
contact@cdnis.fr
Subject: "Data protection — CDNIS"