Privacy Policy

Last updated: 23 April 2026

This Privacy Policy explains how Nimzo Data SARL ("Nimzo Data", "we", "us", or "our") collects, uses, and protects personal data in connection with our website nimzodata.com and our consulting services. It is written to comply with the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

1. Data controller

The data controller responsible for your personal data is:

Nimzo Data SARL
36 Rue de la Convention, 93230 Romainville, France
SIRET: 994 080 497 00013
Email: hello@nimzodata.com

2. Personal data we collect

We collect personal data in three ways:

2.1 Data you provide directly

  • Contact form / email: name, email address, company, and any information you share in the message.
  • Calendar booking: when you book a call via the embedded Google Calendar Appointment Scheduling widget, Google collects your name, email address, and the booking details on our behalf.

2.2 Data collected automatically

  • Analytics (only with your consent): when you accept cookies, Google Analytics 4 sets cookies and collects data about your visit (pages viewed, referrer, approximate location derived from IP, device type, browser). Google Analytics 4 does not store raw IP addresses; IPs are used only transiently for geo lookup.
  • Server logs: our hosting provider Vercel logs standard technical data (timestamp, request URL, response status, user-agent) for security and reliability purposes.

2.3 Data from our consulting engagements

If we work together on a consulting project, we will process additional personal data as part of the engagement (e.g., your employees' names and work emails, business data you share with us). That processing is governed by our signed services agreement, not this Privacy Policy.

3. Purposes and legal bases

PurposeLegal basis (GDPR Art. 6)
Responding to your inquiries and booking calls Legitimate interest (Art. 6(1)(f)) — answering prospects
Analytics (Google Analytics 4) Your explicit consent (Art. 6(1)(a))
Server logs and site security Legitimate interest (Art. 6(1)(f)) — securing the site
Complying with legal obligations (e.g., tax records) Legal obligation (Art. 6(1)(c))

4. Cookies and similar technologies

We do not set any cookies before you accept. When you click "Accept" on the cookie banner, we load Google Analytics 4, which sets the following cookies:

NamePurposeProviderDuration
_ga Distinguishes unique visitors Google Analytics 2 years
_ga_<container-id> Persists session state Google Analytics 2 years

We also use a localStorage entry called nimzo-consent to remember your cookie choice (not a cookie, not shared with any server).

You can withdraw consent at any time by clicking "Cookie preferences" in the footer of any page, or by clearing site data in your browser.

5. How long we keep data

  • Email correspondence: up to 3 years from the last exchange, unless a consulting engagement starts — then retained for the duration of the engagement plus 10 years (legal accounting retention).
  • Calendar bookings: retained in Google Calendar until manually deleted or until the booking is more than 12 months old.
  • Analytics data: up to 14 months in Google Analytics 4.
  • Server logs: 30 days at Vercel.

6. Recipients and subprocessors

We share personal data only with service providers acting as subprocessors under our instructions:

  • Vercel Inc. — website hosting and edge delivery. Vercel operates globally; static content is served from Vercel's edge network (including EU regions).
  • Google LLC / Google Ireland Ltd. — Google Analytics 4 (analytics), Google Calendar Appointment Scheduling (booking).

We do not sell personal data. We do not share data with third parties for advertising purposes.

7. International transfers

Google and Vercel may process data outside the European Economic Area (EEA), including in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.

8. Your rights

Under the GDPR and French law, you have the following rights regarding your personal data:

  • Right of access — to know what personal data we hold about you.
  • Right of rectification — to correct inaccurate data.
  • Right of erasure — to have your data deleted, subject to legal retention obligations.
  • Right to restrict processing — to limit how we use your data.
  • Right to data portability — to receive your data in a portable format.
  • Right to object — to object to processing based on legitimate interest.
  • Right to withdraw consent — at any time, without affecting past lawful processing.

To exercise any of these rights, email us at hello@nimzodata.com. We respond within one month.

If you believe we have mishandled your data, you have the right to lodge a complaint with the French Data Protection Authority:
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr

9. Security

We apply reasonable technical and organisational measures to protect personal data, including encrypted transport (HTTPS), access controls on internal tools, and vendor selection based on GDPR compliance.

10. Children

Our services are not intended for children under 16, and we do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Material changes will be flagged at the top of this page with a new "Last updated" date.

12. Contact

For any privacy-related question, contact us at hello@nimzodata.com.