SYLink
Free diagnostic
GDPR · French Data Protection Act

Privacy policy

Dernière mise à jour : April 2026

Preamble

SYLink Technologie SAS places the highest importance on respecting the privacy and protecting the personal data of its visitors, customers, partners and applicants. This privacy policy aims to inform you, transparently, about the personal data processing we carry out as part of operating the sylink.fr site and associated platforms.

This policy strictly complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and with the French Law no. 78-17 of 6 January 1978, as amended (the French Data Protection Act).

Sovereignty commitment & no third-party tracking

In line with our 100% sovereign cybersecurity positioning, the sylink.fr site and all SYLink platforms (partenaires.sylink.fr, sylinktransfer.fr, sylink-sign.fr) integrate no third-party tracking, analytics or advertising service. Concretely:

  • ❌ No Google Analytics, no Google Tag Manager, no gtag.js
  • ❌ No Facebook Pixel (Meta), no LinkedIn Insight Tag, no TikTok Pixel
  • ❌ No Google reCAPTCHA — we use an internal SYLink image captcha
  • ❌ No Google Fonts loaded via CDN — our fonts (Lexend, Source Sans 3) are self-hosted on our French datacenter
  • ❌ No Hotjar, Matomo Cloud, Mixpanel, Segment, Amplitude or any other SaaS analytics tool
  • ❌ No third-party advertising cookie, no cross-site identifier, no fingerprinting
  • ❌ No outbound calls to *.google.com, *.facebook.com, *.doubleclick.net or any other non-European actor

Our exposure to search engines goes solely through open standards: robots.txt, sitemap.xml, Schema.org structured data in JSON-LD, and IndexNow notifications (pushed to Bing, Yandex and compatible engines). All bots that visit (Googlebot, Bingbot, Qwantbot, Ecosia, DuckDuckBot, Naverbot…) receive the same content without any data being sent to them on SYLink's initiative.

Traffic observation, when needed, is done from server logs (Caddy) hosted on our own servers, without cookies, and purged within 6 months in line with our retention policy.

1. Data controller

The data controller is:
SYLink Technologie SAS
35 rue Blatin, 63000 Clermont-Ferrand, France
Clermont-Ferrand Commercial Registry no. 829 104 595
Data Protection Officer (DPO): [email protected]
Phone: +33 (0)4 15 54 00 00

2. Personal data collected

We only collect data strictly necessary for the purposes described below. Depending on site usage, the following categories of data may be processed:

  • Identification data — last name, first name, role, company, work email, phone (contact, partner, emergency forms).
  • Navigation data — IP address, pages visited, acquisition source, device, browser, timestamps.
  • Commercial relationship data — exchange history, demo requests, quotes, contracts.
  • Newsletter — email address, source of subscription, subscription status, subscription / unsubscription dates.

3. Purposes and legal bases

Your data is processed for the following purposes:

  • Responding to your contact requests (sales, technical, press, cyber emergency) — legal basis: pre-contractual measures or legitimate interest.
  • Managing the commercial relationship with our customers and partners — legal basis: contract performance.
  • Sending you the SYLink cyber watch (newsletter) — legal basis: explicit consent (opt-in checkbox).
  • Measuring site audience and improving its operation — legal basis: consent (marketing cookies) or legitimate interest (anonymized technical cookies).
  • Complying with our legal and regulatory obligations (accounting, tax, contractual) — legal basis: legal obligation.

4. Retention period

Data is retained for the following periods:

  • Contact requests not converted into a customer: 2 years from the last contact.
  • Customer data: throughout the contractual relationship, then archived 5 years for evidentiary and accounting purposes.
  • Newsletter: until you unsubscribe, then immediate deletion.
  • Navigation data: 13 months maximum (consented analytics cookies), 6 months for technical logs.

5. Data recipients

Your data is intended exclusively for SYLink Technologie's internal departments authorized to process it (sales, support, marketing, management).

Where applicable, certain data may be passed to our technical sub-processors (hosting with OVH SAS in France, transactional emailing) strictly for their services, governed by a contract compliant with Article 28 of the GDPR.

No personal data is transferred outside the European Union. No data is sold, leased or marketed to third parties.

6. Hosting and location

The servers hosting the site and databases are located in France (OVH SAS datacenter). Backups are also stored in France. No transfer takes place to the United States or any other third country.

7. Data security

As a cybersecurity vendor, SYLink Technologie applies to its own systems the same requirements we recommend to our customers:

  • TLS 1.3 encryption on all communications;
  • AES-256 encryption at rest for sensitive data;
  • role-based access control (RBAC);
  • multi-factor authentication for administrator accounts;
  • full access logging, kept for 6 months;
  • regular intrusion tests, PASSI-format audits.

Visitor IP addresses are kept in clear text for the defined retention period (13 months for consented sessions, 6 months for technical logs). They are used for: (1) fraud prevention and site security (suspicious-IP correlation, abuse banning, incident investigation), (2) commercial qualification of identified leads, (3) matching an anonymous session with a contact who filled out a form from the same connection. IPs are never sold to a third party and remain hosted exclusively in France.

8. Your rights

Under the GDPR and the French Data Protection Act, you have the following rights over your data:

  • Right of access — confirmation that your data is being processed and the right to obtain a copy.
  • Right to rectification — correct inaccurate or incomplete information.
  • Right to erasure ("right to be forgotten") — request deletion of your data under the conditions provided by the GDPR.
  • Right to object — object to processing based on legitimate interest.
  • Right to restriction — request temporary suspension of processing.
  • Right to portability — retrieve your data in a structured format.
  • Right to withdraw your consent at any time, without affecting the lawfulness of prior processing.
  • Right to issue post-mortem directives regarding the fate of your data after your death.

To exercise your rights, write to our Data Protection Officer: [email protected] or by post at our registered office. We will respond within a maximum of one month.

You also have the right to lodge a complaint with the French data protection authority CNIL, 3 place de Fontenoy, 75007 Paris — www.cnil.fr.

9. Cookies

The SYLink site uses no third-party cookies, no advertising cookies, no tracking cookies. Only a few first-party technical cookies are needed for the site to work:

  • Session & security (always active, essential) — anti-CSRF session ID, memorizing your consent choice, captcha protection. No data sent to a third party.
  • Display preferences (consent) — memorizing your language, dark/light mode if enabled. Stored only in your browser.

Reminder (see "Sovereignty & no third-party tracking" above): there is no Google Analytics, no Facebook Pixel, no Hotjar, no third-party analytics tool. The audience statistics we consult are computed solely from Caddy server logs hosted in France, with no cookies or individual identification.

You can change your choices at any time via the "Cookie preferences" link in the footer, or by clearing cookies in your browser settings.

10. Forms and specific purposes

General contact form

The data submitted (last name, first name, company, role, email, phone, message) is used solely to respond to your request. It is kept for 2 years from the last exchange.

Cyber emergency form

The data submitted (including any screenshot) is processed with absolute priority by our incident response team. It may be shared with your insurer or your CERT under your explicit instruction. It is kept for 5 years for evidentiary purposes.

Partner form

The data submitted is used to review your application to the SYLink partner program. Upon agreement, it becomes customer data and is kept for the duration of the contractual relationship.

Newsletter

Newsletter signup is strictly opt-in (unchecked checkbox by default). Each email includes a one-click unsubscribe link. No data is resold or shared with third parties.

11. Changes to the policy

SYLink Technologie reserves the right to modify this privacy policy at any time, in particular to adapt to legislative, case-law or technical changes. The applicable version is the one in effect at the time you consult it. The last update date is shown at the top of this page.

12. Contact

For any question about this policy or the processing of your data:
SYLink Technologie SAS — Data Protection Officer
35 rue Blatin, 63000 Clermont-Ferrand, France
GDPR / DPO email: [email protected]
Legal department: [email protected]