Pelorus

Mentions juridiques

Privacy policy

Dernière mise à jour : May 16, 2026

This policy describes how Pelorus ("we") collects, uses and protects your personal data when you use our site and services.

1. Data controller

The data controller is Pelorus SAS (registration with the Paris Trade and Companies Registry in progress), with its registered office in Paris, France (full address to be published upon registration).
Contact: Alexis Boisard, President — contact@pelorus.fr.

1 ter. Pelorus as a processor

In the context of consulting engagements, Pelorus may process personal data for which the Client is the controller (employee data, prospect contacts, expert interview data, etc.). For such processing, Pelorus acts as a processor within the meaning of Article 28 GDPR and follows the Client's documented instructions. Applicable safeguards (security measures, retention, return or destruction of data at the end of the engagement, prior authorisation for sub-processing) are set out in the engagement letter or a dedicated data processing agreement.

1 bis. GDPR contact

Pelorus is not required to appoint a Data Protection Officer (Art. 37 GDPR). To exercise your rights or for any data protection question:

Alexis Boisard, data controller
Email: contact@pelorus.fr
Postal address: to be published upon registration

You may also lodge a complaint with the CNIL (3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr).

2. Data collected

Through the contact form

  • First and last name
  • Professional email address
  • Phone number (optional)
  • Request type (business / investment fund / other)
  • Message content

Through the booking module (Cal.com)

  • Name, email, chosen slot
  • Calendar data necessary for scheduling

Through navigation

The site uses a minimal number of technical cookies necessary for proper functioning. No third-party advertising or analytics cookie is set without your consent. If we activate a privacy-friendly analytics solution, it does not require a consent banner and sets no identifying cookie.

3. Purposes

  • Respond to your contact or booking request
  • Issue a quote and organise a potential engagement
  • Manage the contractual relationship if a mission begins
  • Comply with our legal obligations (invoicing, accounting)

4. Legal basis

Processing is based, in accordance with Article 6 GDPR, on:

  • Performance of pre-contractual measures taken at your request (art. 6.1.b GDPR) — contact form, booking, quote request. Your data is necessary to respond to your enquiry.
  • Performance of a contract (art. 6.1.b GDPR) — signed quote, engagement letter, ongoing engagement.
  • Compliance with legal obligations (art. 6.1.c GDPR) — accounting, taxation, invoice retention.
  • Your freely given, specific, informed and unambiguous consent (art. 6.1.a GDPR) — only for third-party cookies (Cal.com) via the cookie banner. Withdrawable at any time via the "Manage cookies" link in the footer.

5. Retention

  • Unmaterialised requests: 6 months max from last exchange
  • Contractual data: 5 years after the end of the engagement (accounting requirement)
  • Invoicing data: 10 years (legal obligation)

6. Recipients

Your data is intended exclusively for Pelorus. No data is sold or shared with third parties for commercial purposes. The only technical sub-processors used are:

  • Cloudflare, Inc. — hosting, CDN and DDoS protection (USA, transfers framed by Standard Contractual Clauses and the EU-US Data Privacy Framework)
  • Resend — transactional email delivery (contact form notifications, client communications)
  • Cal.com — appointment scheduling
  • Zoho Mail — professional mailboxes *@pelorus.fr
  • Supabase — operational database of the Pelorus CRM (EU / Ireland)

Pelorus does not sell or transfer personal data to third parties for commercial or advertising purposes.

6 bis. Transfers outside the European Union

Some sub-processors may process your data from countries outside the European Union. For each transfer, the legal basis is set out by the Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914) and, where applicable, the EU-US Data Privacy Framework (DPF):

  • Cloudflare, Inc. (USA) — hosting and CDN. Legal basis: SCCs + DPF.
  • Resend Inc. (USA) — transactional emails. Legal basis: SCCs + DPF.
  • Cal.com (USA / Germany depending on plan) — scheduling. Legal basis: SCCs.
  • Zoho Corporation (India / Ireland) — professional emails. Legal basis: SCCs and partial adequacy decision for India.

7. Your rights

Under Regulation (EU) 2016/679 (GDPR), you have the following rights:

  • Right of access, rectification, erasure
  • Right to restriction and objection
  • Right to data portability
  • Right to define directives regarding your data after death
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the CNIL (www.cnil.fr)

To exercise your rights, write to contact@pelorus.fr. A response will be provided within one month.

8. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction. The site is served exclusively over HTTPS. Sensitive document exchanges during engagements use an encrypted platform.

9. Cookies

The site uses:

  • Strictly necessary technical cookies (language preferences, security) — set without prior consent.
  • Cloudflare Web Analytics — a privacy-first analytics service that sets no cookie or tracker on your device.
  • Cal.com third-party cookies — set only after your explicit consent via the cookie banner, when you interact with the booking module.

10. Changes

This policy may evolve. Any change will be published on this page with the corresponding update date.